DEVPROD-774: allow temporary session tokens for signing and GetHeadOb…

…ject (#108)
evergreen-ci · Jan 25, 2024 · e60f20d · e60f20d
1 parent 5e294ad
commit e60f20d
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/s3_bucket.go b/s3_bucket.go
@@ -1339,11 +1339,12 @@ const PresignExpireTime = 24 * time.Hour
 
 // PreSignRequestParams holds all the parameters needed to sign a URL or fetch S3 object metadata.
 type PreSignRequestParams struct {
-	Bucket    string `json:"bucket"`
-	FileKey   string `json:"fileKey"`
-	AwsKey    string `json:"awsKey"`
-	AwsSecret string `json:"awsSecret"`
-	Region    string `json:"region"`
+	Bucket          string
+	FileKey         string
+	AwsKey          string
+	AwsSecret       string
+	AwsSessionToken string
+	Region          string
 }
 
 // PreSign returns a presigned URL that expires in 24 hours.
@@ -1353,6 +1354,7 @@ func PreSign(r PreSignRequestParams) (string, error) {
 		Credentials: credentials.NewStaticCredentialsFromCreds(credentials.Value{
 			AccessKeyID:     r.AwsKey,
 			SecretAccessKey: r.AwsSecret,
+			SessionToken:    r.AwsSessionToken,
 		}),
 	})
 	if err != nil {
@@ -1376,6 +1378,7 @@ func GetHeadObject(r PreSignRequestParams) (*s3.HeadObjectOutput, error) {
 		Credentials: credentials.NewStaticCredentialsFromCreds(credentials.Value{
 			AccessKeyID:     r.AwsKey,
 			SecretAccessKey: r.AwsSecret,
+			SessionToken:    r.AwsSessionToken,
 		}),
 	})
 	if err != nil {