Merge pull request #1480 from awsdocs/doug-sts-gov2

Added STS examples in Go v2

Author: brmur

gov2/sts/AssumeRole/AssumeRolev2.go

@@ -0,0 +1,69 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX - License - Identifier: Apache - 2.0
+// snippet-start:[sts.go-v2.AssumeRole]
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
+)
+
+// STSAssumeRoleAPI defines the interface for the AssumeRole function.
+// We use this interface to test the function using a mocked service.
+type STSAssumeRoleAPI interface {
+	AssumeRole(ctx context.Context,
+		params *sts.AssumeRoleInput,
+		optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error)
+}
+
+// TakeRole gets temporary security credentials to access resources.
+// Inputs:
+//     c is the context of the method call, which includes the AWS Region.
+//     api is the interface that defines the method call.
+//     input defines the input arguments to the service call.
+// Output:
+//     If successful, an AssumeRoleOutput object containing the result of the service call and nil.
+//     Otherwise, nil and an error from the call to AssumeRole.
+func TakeRole(c context.Context, api STSAssumeRoleAPI, input *sts.AssumeRoleInput) (*sts.AssumeRoleOutput, error) {
+	result, err := api.AssumeRole(c, input)
+
+	return result, err
+}
+
+func main() {
+	roleARN := flag.String("r", "", "The Amazon Resource Name (ARN) of the role to assume")
+	sessionName := flag.String("s", "", "The name of the session")
+
+	if *roleARN == "" || *sessionName == "" {
+		fmt.Println("You must supply a role ARN and session name")
+		fmt.Println("-r ROLE-ARN -s SESSION-NAME")
+		return
+	}
+
+	cfg, err := config.LoadDefaultConfig()
+	if err != nil {
+		panic("configuration error, " + err.Error())
+	}
+
+	client := sts.NewFromConfig(cfg)
+
+	input := &sts.AssumeRoleInput{
+		RoleArn:         roleARN,
+		RoleSessionName: sessionName,
+	}
+
+	result, err := TakeRole(context.Background(), client, input)
+	if err != nil {
+		fmt.Println("Got an error assuming the role:")
+		fmt.Println(err)
+		return
+	}
+
+	fmt.Println(result.AssumedRoleUser)
+}
+
+// snippet-end:[sts.go-v2.AssumeRole]

gov2/sts/AssumeRole/AssumeRolev2_test.go

@@ -0,0 +1,91 @@
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"testing"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/service/sts"
+	"github.com/aws/aws-sdk-go-v2/service/sts/types"
+	"github.com/aws/aws-sdk-go/aws"
+)
+
+type STSAssumeRoleImpl struct{}
+
+func (dt STSAssumeRoleImpl) AssumeRole(ctx context.Context,
+	params *sts.AssumeRoleInput,
+	optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) {
+
+	user := types.AssumedRoleUser{
+		Arn:           aws.String("aws-docs-example-user-arn"),
+		AssumedRoleId: aws.String("aws-docs-example-userID"),
+	}
+
+	output := &sts.AssumeRoleOutput{
+		AssumedRoleUser: &user,
+	}
+
+	return output, nil
+}
+
+type Config struct {
+	RoleArn     string `json:"RoleArn"`
+	SessionName string `json:"SessionName"`
+}
+
+var configFileName = "config.json"
+
+var globalConfig Config
+
+func populateConfiguration(t *testing.T) error {
+	content, err := ioutil.ReadFile(configFileName)
+	if err != nil {
+		return err
+	}
+
+	text := string(content)
+
+	err = json.Unmarshal([]byte(text), &globalConfig)
+	if err != nil {
+		return err
+	}
+
+	if globalConfig.RoleArn == "" || globalConfig.SessionName == "" {
+		msg := "You must specify a value for RoleArn and SessionName in " + configFileName
+		return errors.New(msg)
+	}
+
+	return nil
+}
+
+func TestAssumeRole(t *testing.T) {
+	thisTime := time.Now()
+	nowString := thisTime.Format("2006-01-02 15:04:05 Monday")
+	t.Log("Starting unit test at " + nowString)
+
+	err := populateConfiguration(t)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	api := &STSAssumeRoleImpl{}
+
+	input := &sts.AssumeRoleInput{
+		RoleArn:         &globalConfig.RoleArn,
+		RoleSessionName: &globalConfig.SessionName,
+	}
+
+	resp, err := TakeRole(context.Background(), api, input)
+	if err != nil {
+		fmt.Println("Got an error assuming the role:")
+		fmt.Println(err)
+		return
+	}
+
+	t.Log("User ARN:      " + *resp.AssumedRoleUser.Arn)
+	t.Log("User role ID:  " + *resp.AssumedRoleUser.AssumedRoleId)
+}

gov2/sts/AssumeRole/README.md

@@ -0,0 +1,10 @@
+### AssumeRole/AssumeRolev2.go
+
+This example gets temporary security credentials to access resources.
+
+`go run AssumeRolev2.go -r ROLE-ARN -s SESSION-NAME`
+
+- _ROLE-ARN_ is the ARN of the role to assume.
+- _SESSION-NAME_ is the name of the assumed role session.
+
+The unit test accepts similar values in _config.json_.

gov2/sts/AssumeRole/config.json

@@ -0,0 +1,4 @@
+{
+  "RoleArn": "aws-docs-example-role-arn",
+  "SessionName": "aws-docs-example-session-name"
+}

gov2/sts/README.md

@@ -0,0 +1,65 @@
+# AWS SDK for Go V2 code examples for AWS STS.
+
+## Purpose
+
+These examples demonstrates how to perform several AWS Security Token Service (AWS STS) 
+operations using version 2 of the AWS SDK for Go.
+
+## Prerequisites
+
+You must have an AWS account, and have your default credentials and AWS Region
+configured as described in
+[Configuring the AWS SDK for Go](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html)
+in the AWS SDK for Go Developer Guide.
+
+## Running the code
+
+### AssumeRole/AssumeRolev2.go
+
+This example gets temporary security credentials to access resources.
+
+`go run AssumeRolev2.go -r ROLE-ARN -s SESSION-NAME`
+
+- _ROLE-ARN_ is the ARN of the role to assume.
+- _SESSION-NAME_ is the name of the assumed role session.
+
+The unit test accepts similar values in _config.json_.
+
+### Notes
+
+- We recommend that you grant this code least privilege,
+  or at most the minimum permissions required to perform the task.
+  For more information, see
+  [Grant Least Privilege](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege)
+  in the AWS Identity and Access Management User Guide.
+- This code has not been tested in all AWS Regions.
+  Some AWS services are available only in specific
+  [Regions](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services).
+- Running this code might result in charges to your AWS account.
+
+## Running the unit tests
+
+Unit tests should delete any resources they create.
+However, they might result in charges to your
+AWS account.
+
+To run a unit test, enter:
+
+`go test`
+
+You should see something like the following,
+where PATH is the path to the folder containing the Go files:
+
+```sh
+PASS
+ok      PATH 6.593s
+```
+
+If you want to see any log messages, enter:
+
+`go test -v`
+
+You should see some additional log messages.
+The last two lines should be similar to the previous output shown.
+
+Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: Apache-2.0

gov2/sts/metadata.yaml

@@ -0,0 +1,7 @@
+files:
+  - path: TakeRole/TakeRolev2.go
+    services:
+      - sts
+  - path: TakeRole/TakeRolev2_test.go
+    services:
+      - sts