From 31fe89060efc23bc4534736845299f96584dbe1d Mon Sep 17 00:00:00 2001 From: Jason Del Ponte Date: Tue, 4 Aug 2020 16:39:54 -0700 Subject: [PATCH] Update web_identity_provider.go Remove const default duration, fallback to API operation's default behavior if unset. --- aws/credentials/stscreds/web_identity_provider.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/aws/credentials/stscreds/web_identity_provider.go b/aws/credentials/stscreds/web_identity_provider.go index d8470c2c165..0ec378ab33a 100644 --- a/aws/credentials/stscreds/web_identity_provider.go +++ b/aws/credentials/stscreds/web_identity_provider.go @@ -15,8 +15,6 @@ import ( ) const ( - defaultWebIdentityDuration = time.Hour - // ErrCodeWebIdentity will be used as an error code when constructing // a new error to be returned during session creation or retrieval. ErrCodeWebIdentity = "WebIdentityErr" @@ -54,7 +52,9 @@ type WebIdentityRoleProvider struct { credentials.Expiry PolicyArns []*sts.PolicyDescriptorType - // Expiry duration of the STS credentials. Defaults to 1hour if not set. + // Expiry duration of the STS credentials. Will be truncated to seconds when used to assume the role. + // If unset, the assumed role will use AssumeRoleWithWebIdentity's default expiry duration. See + // https://docs.aws.amazon.com/sdk-for-go/api/service/sts/#STS.AssumeRoleWithWebIdentity for more information. Duration time.Duration client stsiface.STSAPI @@ -113,8 +113,9 @@ func (p *WebIdentityRoleProvider) RetrieveWithContext(ctx credentials.Context) ( sessionName = strconv.FormatInt(now().UnixNano(), 10) } - if p.Duration == 0 { - p.Duration = defaultWebIdentityDuration + var duration *int64 + if p.Duration != 0 { + duration = aws.Int64(int64(p.Duration / time.Second)) } req, resp := p.client.AssumeRoleWithWebIdentityRequest(&sts.AssumeRoleWithWebIdentityInput{ @@ -122,7 +123,7 @@ func (p *WebIdentityRoleProvider) RetrieveWithContext(ctx credentials.Context) ( RoleArn: &p.roleARN, RoleSessionName: &sessionName, WebIdentityToken: aws.String(string(b)), - DurationSeconds: aws.Int64(int64(p.Duration / time.Second)), + DurationSeconds: duration, }) req.SetContext(ctx)