1 // Code generated by smithy-go-codegen DO NOT EDIT.
2 3 package sts
4 5 import (
6 "context"
7 "fmt"
8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
9 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
10 "github.com/aws/aws-sdk-go-v2/service/sts/types"
11 "github.com/aws/smithy-go/middleware"
12 smithyhttp "github.com/aws/smithy-go/transport/http"
13 )
14 15 // Returns a set of temporary security credentials that you can use to access
16 // Amazon Web Services resources. These temporary credentials consist of an access
17 // key ID, a secret access key, and a security token. Typically, you use AssumeRole
18 // within your account or for cross-account access. For a comparison of AssumeRole
19 // with other API operations that produce temporary credentials, see [Requesting Temporary Security Credentials]and [Compare STS credentials] in the
20 // IAM User Guide.
21 //
22 // # Permissions
23 //
24 // The temporary security credentials created by AssumeRole can be used to make
25 // API calls to any Amazon Web Services service with the following exception: You
26 // cannot call the Amazon Web Services STS GetFederationToken or GetSessionToken
27 // API operations.
28 //
29 // (Optional) You can pass inline or managed session policies to this operation.
30 // You can pass a single JSON policy document to use as an inline session policy.
31 // You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use
32 // as managed session policies. The plaintext that you use for both inline and
33 // managed session policies can't exceed 2,048 characters. Passing policies to this
34 // operation returns new temporary credentials. The resulting session's permissions
35 // are the intersection of the role's identity-based policy and the session
36 // policies. You can use the role's temporary credentials in subsequent Amazon Web
37 // Services API calls to access resources in the account that owns the role. You
38 // cannot use session policies to grant more permissions than those allowed by the
39 // identity-based policy of the role that is being assumed. For more information,
40 // see [Session Policies]in the IAM User Guide.
41 //
42 // When you create a role, you create two policies: a role trust policy that
43 // specifies who can assume the role, and a permissions policy that specifies what
44 // can be done with the role. You specify the trusted principal that is allowed to
45 // assume the role in the role trust policy.
46 //
47 // To assume a role from a different account, your Amazon Web Services account
48 // must be trusted by the role. The trust relationship is defined in the role's
49 // trust policy when the role is created. That trust policy states which accounts
50 // are allowed to delegate that access to users in the account.
51 //
52 // A user who wants to access a role in a different account must also have
53 // permissions that are delegated from the account administrator. The administrator
54 // must attach a policy that allows the user to call AssumeRole for the ARN of the
55 // role in the other account.
56 //
57 // To allow a user to assume a role in the same account, you can do either of the
58 // following:
59 //
60 // - Attach a policy to the user that allows the user to call AssumeRole (as long
61 // as the role's trust policy trusts the account).
62 //
63 // - Add the user as a principal directly in the role's trust policy.
64 //
65 // You can do either because the role’s trust policy acts as an IAM resource-based
66 // policy. When a resource-based policy grants access to a principal in the same
67 // account, no additional identity-based policy is required. For more information
68 // about trust policies and resource-based policies, see [IAM Policies]in the IAM User Guide.
69 //
70 // # Tags
71 //
72 // (Optional) You can pass tag key-value pairs to your session. These tags are
73 // called session tags. For more information about session tags, see [Passing Session Tags in STS]in the IAM
74 // User Guide.
75 //
76 // An administrator must grant you the permissions necessary to pass session tags.
77 // The administrator can also create granular permissions to allow you to pass only
78 // specific session tags. For more information, see [Tutorial: Using Tags for Attribute-Based Access Control]in the IAM User Guide.
79 //
80 // You can set the session tags as transitive. Transitive tags persist during role
81 // chaining. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide.
82 //
83 // # Using MFA with AssumeRole
84 //
85 // (Optional) You can include multi-factor authentication (MFA) information when
86 // you call AssumeRole . This is useful for cross-account scenarios to ensure that
87 // the user that assumes the role has been authenticated with an Amazon Web
88 // Services MFA device. In that scenario, the trust policy of the role being
89 // assumed includes a condition that tests for MFA authentication. If the caller
90 // does not include valid MFA information, the request to assume the role is
91 // denied. The condition in a trust policy that tests for MFA authentication might
92 // look like the following example.
93 //
94 // "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}}
95 //
96 // For more information, see [Configuring MFA-Protected API Access] in the IAM User Guide guide.
97 //
98 // To use MFA with AssumeRole , you pass values for the SerialNumber and TokenCode
99 // parameters. The SerialNumber value identifies the user's hardware or virtual
100 // MFA device. The TokenCode is the time-based one-time password (TOTP) that the
101 // MFA device produces.
102 //
103 // [Configuring MFA-Protected API Access]: https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html
104 // [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
105 // [Passing Session Tags in STS]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
106 // [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
107 // [IAM Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
108 // [Requesting Temporary Security Credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
109 // [Compare STS credentials]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html
110 // [Tutorial: Using Tags for Attribute-Based Access Control]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
111 func (c *Client) AssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*Options)) (*AssumeRoleOutput, error) {
112 if params == nil {
113 params = &AssumeRoleInput{}
114 }
115 116 result, metadata, err := c.invokeOperation(ctx, "AssumeRole", params, optFns, c.addOperationAssumeRoleMiddlewares)
117 if err != nil {
118 return nil, err
119 }
120 121 out := result.(*AssumeRoleOutput)
122 out.ResultMetadata = metadata
123 return out, nil
124 }
125 126 type AssumeRoleInput struct {
127 128 // The Amazon Resource Name (ARN) of the role to assume.
129 //
130 // This member is required.
131 RoleArn *string
132 133 // An identifier for the assumed role session.
134 //
135 // Use the role session name to uniquely identify a session when the same role is
136 // assumed by different principals or for different reasons. In cross-account
137 // scenarios, the role session name is visible to, and can be logged by the account
138 // that owns the role. The role session name is also used in the ARN of the assumed
139 // role principal. This means that subsequent cross-account API requests that use
140 // the temporary security credentials will expose the role session name to the
141 // external account in their CloudTrail logs.
142 //
143 // For security purposes, administrators can view this field in [CloudTrail logs] to help identify
144 // who performed an action in Amazon Web Services. Your administrator might require
145 // that you specify your user name as the session name when you assume the role.
146 // For more information, see [sts:RoleSessionName]sts:RoleSessionName .
147 //
148 // The regex used to validate this parameter is a string of characters consisting
149 // of upper- and lower-case alphanumeric characters with no spaces. You can also
150 // include underscores or any of the following characters: +=,.@-
151 //
152 // [CloudTrail logs]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#cloudtrail-integration_signin-tempcreds
153 // [sts:RoleSessionName]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname
154 //
155 // This member is required.
156 RoleSessionName *string
157 158 // The duration, in seconds, of the role session. The value specified can range
159 // from 900 seconds (15 minutes) up to the maximum session duration set for the
160 // role. The maximum session duration setting can have a value from 1 hour to 12
161 // hours. If you specify a value higher than this setting or the administrator
162 // setting (whichever is lower), the operation fails. For example, if you specify a
163 // session duration of 12 hours, but your administrator set the maximum session
164 // duration to 6 hours, your operation fails.
165 //
166 // Role chaining limits your Amazon Web Services CLI or Amazon Web Services API
167 // role session to a maximum of one hour. When you use the AssumeRole API
168 // operation to assume a role, you can specify the duration of your role session
169 // with the DurationSeconds parameter. You can specify a parameter value of up to
170 // 43200 seconds (12 hours), depending on the maximum session duration setting for
171 // your role. However, if you assume a role using role chaining and provide a
172 // DurationSeconds parameter value greater than one hour, the operation fails. To
173 // learn how to view the maximum value for your role, see [Update the maximum session duration for a role].
174 //
175 // By default, the value is set to 3600 seconds.
176 //
177 // The DurationSeconds parameter is separate from the duration of a console
178 // session that you might request using the returned credentials. The request to
179 // the federation endpoint for a console sign-in token takes a SessionDuration
180 // parameter that specifies the maximum length of the console session. For more
181 // information, see [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]in the IAM User Guide.
182 //
183 // [Update the maximum session duration for a role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration
184 // [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
185 DurationSeconds *int32
186 187 // A unique identifier that might be required when you assume a role in another
188 // account. If the administrator of the account to which the role belongs provided
189 // you with an external ID, then provide that value in the ExternalId parameter.
190 // This value can be any string, such as a passphrase or account number. A
191 // cross-account role is usually set up to trust everyone in an account. Therefore,
192 // the administrator of the trusting account might send an external ID to the
193 // administrator of the trusted account. That way, only someone with the ID can
194 // assume the role, rather than everyone in the account. For more information about
195 // the external ID, see [How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party]in the IAM User Guide.
196 //
197 // The regex used to validate this parameter is a string of characters consisting
198 // of upper- and lower-case alphanumeric characters with no spaces. You can also
199 // include underscores or any of the following characters: +=,.@:\/-
200 //
201 // [How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
202 ExternalId *string
203 204 // An IAM policy in JSON format that you want to use as an inline session policy.
205 //
206 // This parameter is optional. Passing policies to this operation returns new
207 // temporary credentials. The resulting session's permissions are the intersection
208 // of the role's identity-based policy and the session policies. You can use the
209 // role's temporary credentials in subsequent Amazon Web Services API calls to
210 // access resources in the account that owns the role. You cannot use session
211 // policies to grant more permissions than those allowed by the identity-based
212 // policy of the role that is being assumed. For more information, see [Session Policies]in the IAM
213 // User Guide.
214 //
215 // The plaintext that you use for both inline and managed session policies can't
216 // exceed 2,048 characters. The JSON policy characters can be any ASCII character
217 // from the space character to the end of the valid character list (\u0020 through
218 // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage
219 // return (\u000D) characters.
220 //
221 // An Amazon Web Services conversion compresses the passed inline session policy,
222 // managed policy ARNs, and session tags into a packed binary format that has a
223 // separate limit. Your request can fail for this limit even if your plaintext
224 // meets the other requirements. The PackedPolicySize response element indicates
225 // by percentage how close the policies and tags for your request are to the upper
226 // size limit.
227 //
228 // For more information about role session permissions, see [Session policies].
229 //
230 // [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
231 // [Session policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
232 Policy *string
233 234 // The Amazon Resource Names (ARNs) of the IAM managed policies that you want to
235 // use as managed session policies. The policies must exist in the same account as
236 // the role.
237 //
238 // This parameter is optional. You can provide up to 10 managed policy ARNs.
239 // However, the plaintext that you use for both inline and managed session policies
240 // can't exceed 2,048 characters. For more information about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]in the
241 // Amazon Web Services General Reference.
242 //
243 // An Amazon Web Services conversion compresses the passed inline session policy,
244 // managed policy ARNs, and session tags into a packed binary format that has a
245 // separate limit. Your request can fail for this limit even if your plaintext
246 // meets the other requirements. The PackedPolicySize response element indicates
247 // by percentage how close the policies and tags for your request are to the upper
248 // size limit.
249 //
250 // Passing policies to this operation returns new temporary credentials. The
251 // resulting session's permissions are the intersection of the role's
252 // identity-based policy and the session policies. You can use the role's temporary
253 // credentials in subsequent Amazon Web Services API calls to access resources in
254 // the account that owns the role. You cannot use session policies to grant more
255 // permissions than those allowed by the identity-based policy of the role that is
256 // being assumed. For more information, see [Session Policies]in the IAM User Guide.
257 //
258 // [Session Policies]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
259 // [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
260 PolicyArns []types.PolicyDescriptorType
261 262 // A list of previously acquired trusted context assertions in the format of a
263 // JSON array. The trusted context assertion is signed and encrypted by Amazon Web
264 // Services STS.
265 //
266 // The following is an example of a ProvidedContext value that includes a single
267 // trusted context assertion and the ARN of the context provider from which the
268 // trusted context assertion was generated.
269 //
270 // [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
271 ProvidedContexts []types.ProvidedContext
272 273 // The identification number of the MFA device that is associated with the user
274 // who is making the AssumeRole call. Specify this value if the trust policy of
275 // the role being assumed includes a condition that requires MFA authentication.
276 // The value is either the serial number for a hardware device (such as
277 // GAHT12345678 ) or an Amazon Resource Name (ARN) for a virtual device (such as
278 // arn:aws:iam::123456789012:mfa/user ).
279 //
280 // The regex used to validate this parameter is a string of characters consisting
281 // of upper- and lower-case alphanumeric characters with no spaces. You can also
282 // include underscores or any of the following characters: +=/:,.@-
283 SerialNumber *string
284 285 // The source identity specified by the principal that is calling the AssumeRole
286 // operation. The source identity value persists across [chained role]sessions.
287 //
288 // You can require users to specify a source identity when they assume a role. You
289 // do this by using the [sts:SourceIdentity]sts:SourceIdentity condition key in a role trust policy.
290 // You can use source identity information in CloudTrail logs to determine who took
291 // actions with a role. You can use the aws:SourceIdentity condition key to
292 // further control access to Amazon Web Services resources based on the value of
293 // source identity. For more information about using source identity, see [Monitor and control actions taken with assumed roles]in the
294 // IAM User Guide.
295 //
296 // The regex used to validate this parameter is a string of characters consisting
297 // of upper- and lower-case alphanumeric characters with no spaces. You can also
298 // include underscores or any of the following characters: +=,.@-. You cannot use a
299 // value that begins with the text aws: . This prefix is reserved for Amazon Web
300 // Services internal use.
301 //
302 // [chained role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-role-chaining
303 // [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
304 // [sts:SourceIdentity]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceidentity
305 SourceIdentity *string
306 307 // A list of session tags that you want to pass. Each session tag consists of a
308 // key name and an associated value. For more information about session tags, see [Tagging Amazon Web Services STS Sessions]
309 // in the IAM User Guide.
310 //
311 // This parameter is optional. You can pass up to 50 session tags. The plaintext
312 // session tag keys can’t exceed 128 characters, and the values can’t exceed 256
313 // characters. For these and additional limits, see [IAM and STS Character Limits]in the IAM User Guide.
314 //
315 // An Amazon Web Services conversion compresses the passed inline session policy,
316 // managed policy ARNs, and session tags into a packed binary format that has a
317 // separate limit. Your request can fail for this limit even if your plaintext
318 // meets the other requirements. The PackedPolicySize response element indicates
319 // by percentage how close the policies and tags for your request are to the upper
320 // size limit.
321 //
322 // You can pass a session tag with the same key as a tag that is already attached
323 // to the role. When you do, session tags override a role tag with the same key.
324 //
325 // Tag key–value pairs are not case sensitive, but case is preserved. This means
326 // that you cannot have separate Department and department tag keys. Assume that
327 // the role has the Department = Marketing tag and you pass the department =
328 // engineering session tag. Department and department are not saved as separate
329 // tags, and the session tag passed in the request takes precedence over the role
330 // tag.
331 //
332 // Additionally, if you used temporary credentials to perform this operation, the
333 // new session inherits any transitive session tags from the calling session. If
334 // you pass a session tag with the same key as an inherited tag, the operation
335 // fails. To view the inherited tags for a session, see the CloudTrail logs. For
336 // more information, see [Viewing Session Tags in CloudTrail]in the IAM User Guide.
337 //
338 // [Tagging Amazon Web Services STS Sessions]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
339 // [IAM and STS Character Limits]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
340 // [Viewing Session Tags in CloudTrail]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs
341 Tags []types.Tag
342 343 // The value provided by the MFA device, if the trust policy of the role being
344 // assumed requires MFA. (In other words, if the policy includes a condition that
345 // tests for MFA). If the role being assumed requires MFA and if the TokenCode
346 // value is missing or expired, the AssumeRole call returns an "access denied"
347 // error.
348 //
349 // The format for this parameter, as described by its regex pattern, is a sequence
350 // of six numeric digits.
351 TokenCode *string
352 353 // A list of keys for session tags that you want to set as transitive. If you set
354 // a tag key as transitive, the corresponding key and value passes to subsequent
355 // sessions in a role chain. For more information, see [Chaining Roles with Session Tags]in the IAM User Guide.
356 //
357 // This parameter is optional. The transitive status of a session tag does not
358 // impact its packed binary size.
359 //
360 // If you choose not to specify a transitive tag key, then no tags are passed from
361 // this session to any subsequent sessions.
362 //
363 // [Chaining Roles with Session Tags]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
364 TransitiveTagKeys []string
365 366 noSmithyDocumentSerde
367 }
368 369 // Contains the response to a successful AssumeRole request, including temporary Amazon Web
370 // Services credentials that can be used to make Amazon Web Services requests.
371 type AssumeRoleOutput struct {
372 373 // The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers
374 // that you can use to refer to the resulting temporary security credentials. For
375 // example, you can reference these credentials as a principal in a resource-based
376 // policy by using the ARN or assumed role ID. The ARN and ID include the
377 // RoleSessionName that you specified when you called AssumeRole .
378 AssumedRoleUser *types.AssumedRoleUser
379 380 // The temporary security credentials, which include an access key ID, a secret
381 // access key, and a security (or session) token.
382 //
383 // The size of the security token that STS API operations return is not fixed. We
384 // strongly recommend that you make no assumptions about the maximum size.
385 Credentials *types.Credentials
386 387 // A percentage value that indicates the packed size of the session policies and
388 // session tags combined passed in the request. The request fails if the packed
389 // size is greater than 100 percent, which means the policies and tags exceeded the
390 // allowed space.
391 PackedPolicySize *int32
392 393 // The source identity specified by the principal that is calling the AssumeRole
394 // operation.
395 //
396 // You can require users to specify a source identity when they assume a role. You
397 // do this by using the sts:SourceIdentity condition key in a role trust policy.
398 // You can use source identity information in CloudTrail logs to determine who took
399 // actions with a role. You can use the aws:SourceIdentity condition key to
400 // further control access to Amazon Web Services resources based on the value of
401 // source identity. For more information about using source identity, see [Monitor and control actions taken with assumed roles]in the
402 // IAM User Guide.
403 //
404 // The regex used to validate this parameter is a string of characters consisting
405 // of upper- and lower-case alphanumeric characters with no spaces. You can also
406 // include underscores or any of the following characters: =,.@-
407 //
408 // [Monitor and control actions taken with assumed roles]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
409 SourceIdentity *string
410 411 // Metadata pertaining to the operation's result.
412 ResultMetadata middleware.Metadata
413 414 noSmithyDocumentSerde
415 }
416 417 func (c *Client) addOperationAssumeRoleMiddlewares(stack *middleware.Stack, options Options) (err error) {
418 if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
419 return err
420 }
421 err = stack.Serialize.Add(&awsAwsquery_serializeOpAssumeRole{}, middleware.After)
422 if err != nil {
423 return err
424 }
425 err = stack.Deserialize.Add(&awsAwsquery_deserializeOpAssumeRole{}, middleware.After)
426 if err != nil {
427 return err
428 }
429 if err := addProtocolFinalizerMiddlewares(stack, options, "AssumeRole"); err != nil {
430 return fmt.Errorf("add protocol finalizers: %v", err)
431 }
432 433 if err = addlegacyEndpointContextSetter(stack, options); err != nil {
434 return err
435 }
436 if err = addSetLoggerMiddleware(stack, options); err != nil {
437 return err
438 }
439 if err = addClientRequestID(stack); err != nil {
440 return err
441 }
442 if err = addComputeContentLength(stack); err != nil {
443 return err
444 }
445 if err = addResolveEndpointMiddleware(stack, options); err != nil {
446 return err
447 }
448 if err = addComputePayloadSHA256(stack); err != nil {
449 return err
450 }
451 if err = addRetry(stack, options); err != nil {
452 return err
453 }
454 if err = addRawResponseToMetadata(stack); err != nil {
455 return err
456 }
457 if err = addRecordResponseTiming(stack); err != nil {
458 return err
459 }
460 if err = addSpanRetryLoop(stack, options); err != nil {
461 return err
462 }
463 if err = addClientUserAgent(stack, options); err != nil {
464 return err
465 }
466 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
467 return err
468 }
469 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
470 return err
471 }
472 if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
473 return err
474 }
475 if err = addTimeOffsetBuild(stack, c); err != nil {
476 return err
477 }
478 if err = addUserAgentRetryMode(stack, options); err != nil {
479 return err
480 }
481 if err = addCredentialSource(stack, options); err != nil {
482 return err
483 }
484 if err = addOpAssumeRoleValidationMiddleware(stack); err != nil {
485 return err
486 }
487 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssumeRole(options.Region), middleware.Before); err != nil {
488 return err
489 }
490 if err = addRecursionDetection(stack); err != nil {
491 return err
492 }
493 if err = addRequestIDRetrieverMiddleware(stack); err != nil {
494 return err
495 }
496 if err = addResponseErrorMiddleware(stack); err != nil {
497 return err
498 }
499 if err = addRequestResponseLogging(stack, options); err != nil {
500 return err
501 }
502 if err = addDisableHTTPSMiddleware(stack, options); err != nil {
503 return err
504 }
505 if err = addInterceptBeforeRetryLoop(stack, options); err != nil {
506 return err
507 }
508 if err = addInterceptAttempt(stack, options); err != nil {
509 return err
510 }
511 if err = addInterceptors(stack, options); err != nil {
512 return err
513 }
514 return nil
515 }
516 517 func newServiceMetadataMiddleware_opAssumeRole(region string) *awsmiddleware.RegisterServiceMetadata {
518 return &awsmiddleware.RegisterServiceMetadata{
519 Region: region,
520 ServiceID: ServiceID,
521 OperationName: "AssumeRole",
522 }
523 }
524 525 // PresignAssumeRole is used to generate a presigned HTTP Request which contains
526 // presigned URL, signed headers and HTTP method used.
527 func (c *PresignClient) PresignAssumeRole(ctx context.Context, params *AssumeRoleInput, optFns ...func(*PresignOptions)) (*v4.PresignedHTTPRequest, error) {
528 if params == nil {
529 params = &AssumeRoleInput{}
530 }
531 options := c.options.copy()
532 for _, fn := range optFns {
533 fn(&options)
534 }
535 clientOptFns := append(options.ClientOptions, withNopHTTPClientAPIOption)
536 537 result, _, err := c.client.invokeOperation(ctx, "AssumeRole", params, clientOptFns,
538 c.client.addOperationAssumeRoleMiddlewares,
539 presignConverter(options).convertToPresignMiddleware,
540 )
541 if err != nil {
542 return nil, err
543 }
544 545 out := result.(*v4.PresignedHTTPRequest)
546 return out, nil
547 }
548