From 6cec324a966c33ded3957723df1f5d5aee2c4e8a Mon Sep 17 00:00:00 2001
From: Kim Tao <kim.tao@mongodb.com>
Date: Wed, 24 Jan 2024 16:29:06 -0500
Subject: [PATCH] DEVPROD-774: allow temporary session tokens for signing and
 GetHeadObject

---
 s3_bucket.go | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/s3_bucket.go b/s3_bucket.go
index d2be83dc..4bec5f16 100644
--- a/s3_bucket.go
+++ b/s3_bucket.go
@@ -1353,11 +1353,12 @@ const PresignExpireTime = 24 * time.Hour
 
 // PreSignRequestParams holds all the parameters needed to sign a URL or fetch S3 object metadata.
 type PreSignRequestParams struct {
-	Bucket    string `json:"bucket"`
-	FileKey   string `json:"fileKey"`
-	AwsKey    string `json:"awsKey"`
-	AwsSecret string `json:"awsSecret"`
-	Region    string `json:"region"`
+	Bucket          string
+	FileKey         string
+	AwsKey          string
+	AwsSecret       string
+	AwsSessionToken string
+	Region          string
 }
 
 // PreSign returns a presigned URL that expires in 24 hours.
@@ -1367,6 +1368,7 @@ func PreSign(r PreSignRequestParams) (string, error) {
 		Credentials: credentials.NewStaticCredentialsFromCreds(credentials.Value{
 			AccessKeyID:     r.AwsKey,
 			SecretAccessKey: r.AwsSecret,
+			SessionToken:    r.AwsSessionToken,
 		}),
 	})
 	if err != nil {
@@ -1390,6 +1392,7 @@ func GetHeadObject(r PreSignRequestParams) (*s3.HeadObjectOutput, error) {
 		Credentials: credentials.NewStaticCredentialsFromCreds(credentials.Value{
 			AccessKeyID:     r.AwsKey,
 			SecretAccessKey: r.AwsSecret,
+			SessionToken:    r.AwsSessionToken,
 		}),
 	})
 	if err != nil {