From 75e50fe8483aa3b47db6b75c3152873c1e805c51 Mon Sep 17 00:00:00 2001
From: George Costea <rgcostea@gmail.com>
Date: Tue, 7 Jun 2022 18:10:36 -0400
Subject: [PATCH] Add Policy to STSAssumeRoleOptions (#1657)

---
 pkg/credentials/assume_role.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/credentials/assume_role.go b/pkg/credentials/assume_role.go
index 107a11b14..12ed08427 100644
--- a/pkg/credentials/assume_role.go
+++ b/pkg/credentials/assume_role.go
@@ -94,6 +94,8 @@ type STSAssumeRoleOptions struct {
 	AccessKey string
 	SecretKey string
 
+	Policy string // Optional to assign a policy to the assumed role
+
 	Location        string // Optional commonly needed with AWS STS.
 	DurationSeconds int    // Optional defaults to 1 hour.
 
@@ -157,6 +159,9 @@ func getAssumeRoleCredentials(clnt *http.Client, endpoint string, opts STSAssume
 	} else {
 		v.Set("DurationSeconds", strconv.Itoa(defaultDurationSeconds))
 	}
+	if opts.Policy != "" {
+		v.Set("Policy", opts.Policy)
+	}
 
 	u, err := url.Parse(endpoint)
 	if err != nil {