storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/cmd/sts-datatypes.go (about) 1 /* 2 * MinIO Cloud Storage, (C) 2018 MinIO, Inc. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package cmd 18 19 import ( 20 "encoding/xml" 21 22 "storj.io/minio/pkg/auth" 23 ) 24 25 // AssumedRoleUser - The identifiers for the temporary security credentials that 26 // the operation returns. Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumedRoleUser 27 type AssumedRoleUser struct { 28 // The ARN of the temporary security credentials that are returned from the 29 // AssumeRole action. For more information about ARNs and how to use them in 30 // policies, see IAM Identifiers (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) 31 // in Using IAM. 32 // 33 // Arn is a required field 34 Arn string 35 36 // A unique identifier that contains the role ID and the role session name of 37 // the role that is being assumed. The role ID is generated by AWS when the 38 // role is created. 39 // 40 // AssumedRoleId is a required field 41 AssumedRoleID string `xml:"AssumeRoleId"` 42 // contains filtered or unexported fields 43 } 44 45 // AssumeRoleResponse contains the result of successful AssumeRole request. 46 type AssumeRoleResponse struct { 47 XMLName xml.Name `xml:"https://sts.amazonaws.com/doc/2011-06-15/ AssumeRoleResponse" json:"-"` 48 49 Result AssumeRoleResult `xml:"AssumeRoleResult"` 50 ResponseMetadata struct { 51 RequestID string `xml:"RequestId,omitempty"` 52 } `xml:"ResponseMetadata,omitempty"` 53 } 54 55 // AssumeRoleResult - Contains the response to a successful AssumeRole 56 // request, including temporary credentials that can be used to make 57 // MinIO API requests. 58 type AssumeRoleResult struct { 59 // The identifiers for the temporary security credentials that the operation 60 // returns. 61 AssumedRoleUser AssumedRoleUser `xml:",omitempty"` 62 63 // The temporary security credentials, which include an access key ID, a secret 64 // access key, and a security (or session) token. 65 // 66 // Note: The size of the security token that STS APIs return is not fixed. We 67 // strongly recommend that you make no assumptions about the maximum size. As 68 // of this writing, the typical size is less than 4096 bytes, but that can vary. 69 // Also, future updates to AWS might require larger sizes. 70 Credentials auth.Credentials `xml:",omitempty"` 71 72 // A percentage value that indicates the size of the policy in packed form. 73 // The service rejects any policy with a packed size greater than 100 percent, 74 // which means the policy exceeded the allowed space. 75 PackedPolicySize int `xml:",omitempty"` 76 } 77 78 // AssumeRoleWithWebIdentityResponse contains the result of successful AssumeRoleWithWebIdentity request. 79 type AssumeRoleWithWebIdentityResponse struct { 80 XMLName xml.Name `xml:"https://sts.amazonaws.com/doc/2011-06-15/ AssumeRoleWithWebIdentityResponse" json:"-"` 81 Result WebIdentityResult `xml:"AssumeRoleWithWebIdentityResult"` 82 ResponseMetadata struct { 83 RequestID string `xml:"RequestId,omitempty"` 84 } `xml:"ResponseMetadata,omitempty"` 85 } 86 87 // WebIdentityResult - Contains the response to a successful AssumeRoleWithWebIdentity 88 // request, including temporary credentials that can be used to make MinIO API requests. 89 type WebIdentityResult struct { 90 // The identifiers for the temporary security credentials that the operation 91 // returns. 92 AssumedRoleUser AssumedRoleUser `xml:",omitempty"` 93 94 // The intended audience (also known as client ID) of the web identity token. 95 // This is traditionally the client identifier issued to the application that 96 // requested the client grants. 97 Audience string `xml:",omitempty"` 98 99 // The temporary security credentials, which include an access key ID, a secret 100 // access key, and a security (or session) token. 101 // 102 // Note: The size of the security token that STS APIs return is not fixed. We 103 // strongly recommend that you make no assumptions about the maximum size. As 104 // of this writing, the typical size is less than 4096 bytes, but that can vary. 105 // Also, future updates to AWS might require larger sizes. 106 Credentials auth.Credentials `xml:",omitempty"` 107 108 // A percentage value that indicates the size of the policy in packed form. 109 // The service rejects any policy with a packed size greater than 100 percent, 110 // which means the policy exceeded the allowed space. 111 PackedPolicySize int `xml:",omitempty"` 112 113 // The issuing authority of the web identity token presented. For OpenID Connect 114 // ID tokens, this contains the value of the iss field. For OAuth 2.0 access tokens, 115 // this contains the value of the ProviderId parameter that was passed in the 116 // AssumeRoleWithWebIdentity request. 117 Provider string `xml:",omitempty"` 118 119 // The unique user identifier that is returned by the identity provider. 120 // This identifier is associated with the Token that was submitted 121 // with the AssumeRoleWithWebIdentity call. The identifier is typically unique to 122 // the user and the application that acquired the WebIdentityToken (pairwise identifier). 123 // For OpenID Connect ID tokens, this field contains the value returned by the identity 124 // provider as the token's sub (Subject) claim. 125 SubjectFromWebIdentityToken string `xml:",omitempty"` 126 } 127 128 // AssumeRoleWithClientGrantsResponse contains the result of successful AssumeRoleWithClientGrants request. 129 type AssumeRoleWithClientGrantsResponse struct { 130 XMLName xml.Name `xml:"https://sts.amazonaws.com/doc/2011-06-15/ AssumeRoleWithClientGrantsResponse" json:"-"` 131 Result ClientGrantsResult `xml:"AssumeRoleWithClientGrantsResult"` 132 ResponseMetadata struct { 133 RequestID string `xml:"RequestId,omitempty"` 134 } `xml:"ResponseMetadata,omitempty"` 135 } 136 137 // ClientGrantsResult - Contains the response to a successful AssumeRoleWithClientGrants 138 // request, including temporary credentials that can be used to make MinIO API requests. 139 type ClientGrantsResult struct { 140 // The identifiers for the temporary security credentials that the operation 141 // returns. 142 AssumedRoleUser AssumedRoleUser `xml:",omitempty"` 143 144 // The intended audience (also known as client ID) of the web identity token. 145 // This is traditionally the client identifier issued to the application that 146 // requested the client grants. 147 Audience string `xml:",omitempty"` 148 149 // The temporary security credentials, which include an access key ID, a secret 150 // access key, and a security (or session) token. 151 // 152 // Note: The size of the security token that STS APIs return is not fixed. We 153 // strongly recommend that you make no assumptions about the maximum size. As 154 // of this writing, the typical size is less than 4096 bytes, but that can vary. 155 // Also, future updates to AWS might require larger sizes. 156 Credentials auth.Credentials `xml:",omitempty"` 157 158 // A percentage value that indicates the size of the policy in packed form. 159 // The service rejects any policy with a packed size greater than 100 percent, 160 // which means the policy exceeded the allowed space. 161 PackedPolicySize int `xml:",omitempty"` 162 163 // The issuing authority of the web identity token presented. For OpenID Connect 164 // ID tokens, this contains the value of the iss field. For OAuth 2.0 access tokens, 165 // this contains the value of the ProviderId parameter that was passed in the 166 // AssumeRoleWithClientGrants request. 167 Provider string `xml:",omitempty"` 168 169 // The unique user identifier that is returned by the identity provider. 170 // This identifier is associated with the Token that was submitted 171 // with the AssumeRoleWithClientGrants call. The identifier is typically unique to 172 // the user and the application that acquired the ClientGrantsToken (pairwise identifier). 173 // For OpenID Connect ID tokens, this field contains the value returned by the identity 174 // provider as the token's sub (Subject) claim. 175 SubjectFromToken string `xml:",omitempty"` 176 } 177 178 // AssumeRoleWithLDAPResponse contains the result of successful 179 // AssumeRoleWithLDAPIdentity request 180 type AssumeRoleWithLDAPResponse struct { 181 XMLName xml.Name `xml:"https://sts.amazonaws.com/doc/2011-06-15/ AssumeRoleWithLDAPIdentityResponse" json:"-"` 182 Result LDAPIdentityResult `xml:"AssumeRoleWithLDAPIdentityResult"` 183 ResponseMetadata struct { 184 RequestID string `xml:"RequestId,omitempty"` 185 } `xml:"ResponseMetadata,omitempty"` 186 } 187 188 // LDAPIdentityResult - contains credentials for a successful 189 // AssumeRoleWithLDAPIdentity request. 190 type LDAPIdentityResult struct { 191 Credentials auth.Credentials `xml:",omitempty"` 192 }