STS: add support for signing requests with assume_role tokens (#117)

* Aws_gen: add additional_libraries field to dune gen
* Sts_test: add assume_role and token authentication tests

Co-authored-by: Adam Ringwood <[email protected]>
Co-authored-by: Leon Chou <[email protected]>

CHANGES.md

@@ -2,6 +2,7 @@
 ----------
 - Increase lower bound on OCaml to 4.08. https://github.com/inhabitedtype/ocaml-aws/pull/104
 - Migrate CI to github actions https://github.com/inhabitedtype/ocaml-aws/pull/104
+- Add STS `assume_role` token support https://github.com/inhabitedtype/ocaml-aws/pull/117
 
 1.2: (24-01-2020)
 ----------

Makefile

@@ -16,7 +16,7 @@ clean:
 	rm -rf _build *.install
 
 fmt:
-	dune build @fmt --auto-promote
+	dune build @fmt --auto-promote || echo "format has errors, ignoring"
 
 .PHONY: endpoints
 
@@ -26,9 +26,11 @@ endpoints:
 aws-ec2:
 	dune exec aws-gen -- --is-ec2 -i input/ec2/latest/service-2.json -r input/ec2/overrides.json -e input/errors.json -o libraries
 
+aws-autoscaling:
+	dune exec aws-gen -- -i input/autoscaling/latest/service-2.json -r input/autoscaling/overrides.json -e input/errors.json -o libraries --optional-libs=aws-ec2
+
 # NOTE: This does not include aws-ec2, which is special-cased.
 LIBRARIES := \
-	aws-autoscaling \
 	aws-cloudformation \
 	aws-cloudtrail \
 	aws-cloudwatch \
@@ -45,7 +47,7 @@ LIBRARIES := \
 $(LIBRARIES): aws-%:
 	dune exec aws-gen -- -i input/$*/latest/service-2.json -r input/$*/overrides.json -e input/errors.json -o libraries
 
-gen: build aws-ec2 $(LIBRARIES)
+gen: build aws-ec2 aws-autoscaling $(LIBRARIES) fmt
 
 update-version: VERSION=$(shell cat CHANGES.md | grep -E '^[0-9]' | head -n 1 | cut -f1 -d':' )
 update-version:

async/runtime.ml

@@ -44,6 +44,7 @@ let run_request
     ~region
     ~access_key
     ~secret_key
+    ?token
     (module M : Aws.Call
       with type input = input
        and type output = output
@@ -55,13 +56,15 @@ let run_request
         Aws.Signing.sign_request
           ~access_key
           ~secret_key
+          ?token
           ~service:M.service
           ~region
           (M.to_http M.service region inp)
     | V2 ->
         Aws.Signing.sign_v2_request
           ~access_key
           ~secret_key
+          ?token
           ~service:M.service
           ~region
           (M.to_http M.service region inp)

async/runtime.mli

@@ -35,7 +35,9 @@ val run_request :
      region:string
   -> access_key:string
   -> secret_key:string
+  -> ?token:string
   -> ('input, 'output, 'error) Aws.call
   -> 'input
   -> [ `Ok of 'output | `Error of 'error Aws.Error.t ] Async.Deferred.t
-(** Run an AWS request, in the [region] with [access_key] and [secret_key]. *)
+(** Run an AWS request, in the [region] with [access_key] and [secret_key].
+ * An STS assume_role [token] can be optionally used to sign the request. *)

aws-autoscaling.opam

@@ -3,15 +3,16 @@ version: "1.2"
 synopsis: "Amazon Web Services SDK bindings to Auto Scaling"
 description: "Amazon Web Services SDK bindings to Auto Scaling"
 maintainer: "Tim McGilchrist <[email protected]>"
-authors: [ "Spiros Eliopoulos <[email protected]>"
-           "Daniel Patterson <[email protected]>"
-           "Tim McGilchrist <[email protected]>"
-         ]
+authors: [ 
+  "Spiros Eliopoulos <[email protected]>"
+  "Daniel Patterson <[email protected]>"
+  "Tim McGilchrist <[email protected]>"
+]
 license: "BSD-3-clause"
 homepage: "https://github.com/inhabitedtype/ocaml-aws"
-dev-repo: "git+https://github.com/inhabitedtype/ocaml-aws.git"
 bug-reports: "https://github.com/inhabitedtype/ocaml-aws/issues"
 doc: "https://github.com/inhabitedtype/ocaml-aws"
+dev-repo: "git+https://github.com/inhabitedtype/ocaml-aws.git"
 depends: [
   "ocaml" {>= "4.08"}
   "aws" {= version}

aws-cloudformation.opam

@@ -3,15 +3,15 @@ version: "1.2"
 synopsis: "Amazon Web Services SDK bindings to AWS CloudFormation"
 description: "Amazon Web Services SDK bindings to AWS CloudFormation"
 maintainer: "Tim McGilchrist <[email protected]>"
-authors: [
+authors: [ 
   "Spiros Eliopoulos <[email protected]>"
   "Daniel Patterson <[email protected]>"
   "Tim McGilchrist <[email protected]>"
 ]
 license: "BSD-3-clause"
 homepage: "https://github.com/inhabitedtype/ocaml-aws"
-doc: "https://github.com/inhabitedtype/ocaml-aws"
 bug-reports: "https://github.com/inhabitedtype/ocaml-aws/issues"
+doc: "https://github.com/inhabitedtype/ocaml-aws"
 dev-repo: "git+https://github.com/inhabitedtype/ocaml-aws.git"
 depends: [
   "ocaml" {>= "4.08"}
@@ -28,4 +28,4 @@ depends: [
 build: [
   ["dune" "subst"] {pinned}
   ["dune" "build" "-p" name "-j" jobs]
-]
+]

aws-cloudtrail.opam

@@ -3,15 +3,15 @@ version: "1.2"
 synopsis: "Amazon Web Services SDK bindings to AWS CloudTrail"
 description: "Amazon Web Services SDK bindings to AWS CloudTrail"
 maintainer: "Tim McGilchrist <[email protected]>"
-authors: [
+authors: [ 
   "Spiros Eliopoulos <[email protected]>"
   "Daniel Patterson <[email protected]>"
   "Tim McGilchrist <[email protected]>"
 ]
 license: "BSD-3-clause"
 homepage: "https://github.com/inhabitedtype/ocaml-aws"
-doc: "https://github.com/inhabitedtype/ocaml-aws"
 bug-reports: "https://github.com/inhabitedtype/ocaml-aws/issues"
+doc: "https://github.com/inhabitedtype/ocaml-aws"
 dev-repo: "git+https://github.com/inhabitedtype/ocaml-aws.git"
 depends: [
   "ocaml" {>= "4.08"}
@@ -28,4 +28,4 @@ depends: [
 build: [
   ["dune" "subst"] {pinned}
   ["dune" "build" "-p" name "-j" jobs]
-]
+]

aws-cloudwatch.opam

@@ -3,15 +3,15 @@ version: "1.2"
 synopsis: "Amazon Web Services SDK bindings to Amazon CloudWatch"
 description: "Amazon Web Services SDK bindings to Amazon CloudWatch"
 maintainer: "Tim McGilchrist <[email protected]>"
-authors: [
+authors: [ 
   "Spiros Eliopoulos <[email protected]>"
   "Daniel Patterson <[email protected]>"
   "Tim McGilchrist <[email protected]>"
 ]
 license: "BSD-3-clause"
 homepage: "https://github.com/inhabitedtype/ocaml-aws"
-doc: "https://github.com/inhabitedtype/ocaml-aws"
 bug-reports: "https://github.com/inhabitedtype/ocaml-aws/issues"
+doc: "https://github.com/inhabitedtype/ocaml-aws"
 dev-repo: "git+https://github.com/inhabitedtype/ocaml-aws.git"
 depends: [
   "ocaml" {>= "4.08"}
@@ -28,4 +28,4 @@ depends: [
 build: [
   ["dune" "subst"] {pinned}
   ["dune" "build" "-p" name "-j" jobs]
-]
+]

aws-ec2.opam

@@ -3,15 +3,15 @@ version: "1.2"
 synopsis: "Amazon Web Services SDK bindings to Amazon Elastic Compute Cloud"
 description: "Amazon Web Services SDK bindings to Amazon Elastic Compute Cloud"
 maintainer: "Tim McGilchrist <[email protected]>"
-authors: [
+authors: [ 
   "Spiros Eliopoulos <[email protected]>"
   "Daniel Patterson <[email protected]>"
   "Tim McGilchrist <[email protected]>"
 ]
 license: "BSD-3-clause"
 homepage: "https://github.com/inhabitedtype/ocaml-aws"
-doc: "https://github.com/inhabitedtype/ocaml-aws"
 bug-reports: "https://github.com/inhabitedtype/ocaml-aws/issues"
+doc: "https://github.com/inhabitedtype/ocaml-aws"
 dev-repo: "git+https://github.com/inhabitedtype/ocaml-aws.git"
 depends: [
   "ocaml" {>= "4.08"}
@@ -28,4 +28,4 @@ depends: [
 build: [
   ["dune" "subst"] {pinned}
   ["dune" "build" "-p" name "-j" jobs]
-]
+]

aws-elasticache.opam

@@ -3,15 +3,15 @@ version: "1.2"
 synopsis: "Amazon Web Services SDK bindings to Amazon ElastiCache"
 description: "Amazon Web Services SDK bindings to Amazon ElastiCache"
 maintainer: "Tim McGilchrist <[email protected]>"
-authors: [
+authors: [ 
   "Spiros Eliopoulos <[email protected]>"
   "Daniel Patterson <[email protected]>"
   "Tim McGilchrist <[email protected]>"
 ]
 license: "BSD-3-clause"
 homepage: "https://github.com/inhabitedtype/ocaml-aws"
-doc: "https://github.com/inhabitedtype/ocaml-aws"
 bug-reports: "https://github.com/inhabitedtype/ocaml-aws/issues"
+doc: "https://github.com/inhabitedtype/ocaml-aws"
 dev-repo: "git+https://github.com/inhabitedtype/ocaml-aws.git"
 depends: [
   "ocaml" {>= "4.08"}
@@ -28,4 +28,4 @@ depends: [
 build: [
   ["dune" "subst"] {pinned}
   ["dune" "build" "-p" name "-j" jobs]
-]
+]

aws-elasticloadbalancing.opam

@@ -3,15 +3,15 @@ version: "1.2"
 synopsis: "Amazon Web Services SDK bindings to Elastic Load Balancing"
 description: "Amazon Web Services SDK bindings to Elastic Load Balancing"
 maintainer: "Tim McGilchrist <[email protected]>"
-authors: [
+authors: [ 
   "Spiros Eliopoulos <[email protected]>"
   "Daniel Patterson <[email protected]>"
   "Tim McGilchrist <[email protected]>"
 ]
 license: "BSD-3-clause"
 homepage: "https://github.com/inhabitedtype/ocaml-aws"
-doc: "https://github.com/inhabitedtype/ocaml-aws"
 bug-reports: "https://github.com/inhabitedtype/ocaml-aws/issues"
+doc: "https://github.com/inhabitedtype/ocaml-aws"
 dev-repo: "git+https://github.com/inhabitedtype/ocaml-aws.git"
 depends: [
   "ocaml" {>= "4.08"}
@@ -28,4 +28,4 @@ depends: [
 build: [
   ["dune" "subst"] {pinned}
   ["dune" "build" "-p" name "-j" jobs]
-]
+]

aws-gen.opam

@@ -18,6 +18,7 @@ depends: [
   "yojson"
   "base-unix"
   "cmdliner"
+  "fmt"
   "ppx_tools_versioned"
   "yojson" {>= "1.6.0"}
   "ocaml-migrate-parsetree"

aws-rds.opam

@@ -1,19 +1,17 @@
 opam-version: "2.0"
 version: "1.2"
-synopsis:
-  "Amazon Web Services SDK bindings to Amazon Relational Database Service"
-description:
-  "Amazon Web Services SDK bindings to Amazon Relational Database Service"
+synopsis: "Amazon Web Services SDK bindings to Amazon Relational Database Service"
+description: "Amazon Web Services SDK bindings to Amazon Relational Database Service"
 maintainer: "Tim McGilchrist <[email protected]>"
-authors: [
+authors: [ 
   "Spiros Eliopoulos <[email protected]>"
   "Daniel Patterson <[email protected]>"
   "Tim McGilchrist <[email protected]>"
 ]
 license: "BSD-3-clause"
 homepage: "https://github.com/inhabitedtype/ocaml-aws"
-doc: "https://github.com/inhabitedtype/ocaml-aws"
 bug-reports: "https://github.com/inhabitedtype/ocaml-aws/issues"
+doc: "https://github.com/inhabitedtype/ocaml-aws"
 dev-repo: "git+https://github.com/inhabitedtype/ocaml-aws.git"
 depends: [
   "ocaml" {>= "4.08"}
@@ -30,4 +28,4 @@ depends: [
 build: [
   ["dune" "subst"] {pinned}
   ["dune" "build" "-p" name "-j" jobs]
-]
+]

aws-route53.opam

@@ -3,15 +3,15 @@ version: "1.2"
 synopsis: "Amazon Web Services SDK bindings to Amazon Route 53"
 description: "Amazon Web Services SDK bindings to Amazon Route 53"
 maintainer: "Tim McGilchrist <[email protected]>"
-authors: [
+authors: [ 
   "Spiros Eliopoulos <[email protected]>"
   "Daniel Patterson <[email protected]>"
   "Tim McGilchrist <[email protected]>"
 ]
 license: "BSD-3-clause"
 homepage: "https://github.com/inhabitedtype/ocaml-aws"
-doc: "https://github.com/inhabitedtype/ocaml-aws"
 bug-reports: "https://github.com/inhabitedtype/ocaml-aws/issues"
+doc: "https://github.com/inhabitedtype/ocaml-aws"
 dev-repo: "git+https://github.com/inhabitedtype/ocaml-aws.git"
 depends: [
   "ocaml" {>= "4.08"}
@@ -28,4 +28,4 @@ depends: [
 build: [
   ["dune" "subst"] {pinned}
   ["dune" "build" "-p" name "-j" jobs]
-]
+]

aws-sdb.opam

@@ -3,15 +3,15 @@ version: "1.2"
 synopsis: "Amazon Web Services SDK bindings to Amazon SimpleDB"
 description: "Amazon Web Services SDK bindings to Amazon SimpleDB"
 maintainer: "Tim McGilchrist <[email protected]>"
-authors: [
+authors: [ 
   "Spiros Eliopoulos <[email protected]>"
   "Daniel Patterson <[email protected]>"
   "Tim McGilchrist <[email protected]>"
 ]
 license: "BSD-3-clause"
 homepage: "https://github.com/inhabitedtype/ocaml-aws"
-doc: "https://github.com/inhabitedtype/ocaml-aws"
 bug-reports: "https://github.com/inhabitedtype/ocaml-aws/issues"
+doc: "https://github.com/inhabitedtype/ocaml-aws"
 dev-repo: "git+https://github.com/inhabitedtype/ocaml-aws.git"
 depends: [
   "ocaml" {>= "4.08"}
@@ -28,4 +28,4 @@ depends: [
 build: [
   ["dune" "subst"] {pinned}
   ["dune" "build" "-p" name "-j" jobs]
-]
+]

aws-sqs.opam

@@ -1,18 +1,17 @@
 opam-version: "2.0"
 version: "1.2"
 synopsis: "Amazon Web Services SDK bindings to Amazon Simple Queue Service"
-description:
-  "Amazon Web Services SDK bindings to Amazon Simple Queue Service"
+description: "Amazon Web Services SDK bindings to Amazon Simple Queue Service"
 maintainer: "Tim McGilchrist <[email protected]>"
-authors: [
+authors: [ 
   "Spiros Eliopoulos <[email protected]>"
   "Daniel Patterson <[email protected]>"
   "Tim McGilchrist <[email protected]>"
 ]
 license: "BSD-3-clause"
 homepage: "https://github.com/inhabitedtype/ocaml-aws"
-doc: "https://github.com/inhabitedtype/ocaml-aws"
 bug-reports: "https://github.com/inhabitedtype/ocaml-aws/issues"
+doc: "https://github.com/inhabitedtype/ocaml-aws"
 dev-repo: "git+https://github.com/inhabitedtype/ocaml-aws.git"
 depends: [
   "ocaml" {>= "4.08"}
@@ -29,4 +28,4 @@ depends: [
 build: [
   ["dune" "subst"] {pinned}
   ["dune" "build" "-p" name "-j" jobs]
-]
+]

aws-ssm.opam

@@ -1,19 +1,17 @@
 opam-version: "2.0"
 version: "1.2"
-synopsis:
-  "Amazon Web Services SDK bindings to Amazon Simple Systems Management Service"
-description:
-  "Amazon Web Services SDK bindings to Amazon Simple Systems Management Service"
+synopsis: "Amazon Web Services SDK bindings to Amazon Simple Systems Management Service"
+description: "Amazon Web Services SDK bindings to Amazon Simple Systems Management Service"
 maintainer: "Tim McGilchrist <[email protected]>"
-authors: [
+authors: [ 
   "Spiros Eliopoulos <[email protected]>"
   "Daniel Patterson <[email protected]>"
   "Tim McGilchrist <[email protected]>"
 ]
 license: "BSD-3-clause"
 homepage: "https://github.com/inhabitedtype/ocaml-aws"
-doc: "https://github.com/inhabitedtype/ocaml-aws"
 bug-reports: "https://github.com/inhabitedtype/ocaml-aws/issues"
+doc: "https://github.com/inhabitedtype/ocaml-aws"
 dev-repo: "git+https://github.com/inhabitedtype/ocaml-aws.git"
 depends: [
   "ocaml" {>= "4.08"}
@@ -30,4 +28,4 @@ depends: [
 build: [
   ["dune" "subst"] {pinned}
   ["dune" "build" "-p" name "-j" jobs]
-]
+]