Assume role with SAML?

[corynissen]

Hey, is there a way to assume role with SAML via this package?

So, given RoleArn, PrincipalArn, SAMLAssertion, and duration: R code w/ botor package would be like this, but I'm trying to avoid the python requirement:

stsclient <- botor::botor()$client("sts")
token <- stsclient$assume_role_with_saml(RoleArn=role_arn,
                                         PrincipalArn=principal_arn,
                                         SAMLAssertion=assertion,
                                         DurationSeconds=43200L)

Thank you for your effort.

Cory

Please specify whether your issue is about:

• [ ] a possible bug
• [x] a question about package functionality
• [x] a suggested code or documentation change, improvement to the code, or feature request

[Crghilardi]

I needed this as well recently and ended up writing my own truncated version outside the package. I don't think I covered all the edge cases with the API call but it may be useful for someone else as a starting point. Unsure what would be needed to make it suitable for a PR.

assume_role_with_saml <- function(duration, principal_arn, role_arn, saml_assertion, use = FALSE, ...){
    query <- list(Action = "AssumeRoleWithSAML")
    if (duration < 900 || duration > 129600)
           stop("'duration' must be a value in seconds between 900 and 129600")
    query[["DurationSeconds"]] <- duration
    query[["PrincipalARN"]] <- principal_arn
    query[["RoleARN"]] <- role_arn
    query[["SAMLAssertion"]] <- saml_assertion

    out <- stsHTTP(query = query, ...)

    if (!inherits(out, "aws_error")) {
        out <- out[["AssumeRoleWithSAMLResponse"]][["AssumeRoleWithSAMLResult"]]
    }
    if (isTRUE(use)) {
        set_credentials(out)
    }
   out
}