support optional parameters in LdapIdentityProvider (#1528)

jkandasa · web-flow · commit a929d3a86cb8 · 2025-11-13T17:44:30.000+05:30
Signed-off-by: Jeeva Kandasamy &lt;jkandasa@gmail.com&gt;
diff --git a/minio/credentials/providers.py b/minio/credentials/providers.py
@@ -556,19 +556,29 @@ class LdapIdentityProvider(Provider):
 
     def __init__(
             self,
+            *,
             sts_endpoint: str,
             ldap_username: str,
             ldap_password: str,
+            duration_seconds: Optional[int] = None,
+            policy: Optional[str] = None,
+            token_revoke_type: Optional[str] = None,
             http_client: Optional[PoolManager] = None,
     ):
-        self._sts_endpoint = sts_endpoint + "?" + urlencode(
-            {
-                "Action": "AssumeRoleWithLDAPIdentity",
-                "Version": "2011-06-15",
-                "LDAPUsername": ldap_username,
-                "LDAPPassword": ldap_password,
-            },
-        )
+        query_params = {
+            "Action": "AssumeRoleWithLDAPIdentity",
+            "Version": "2011-06-15",
+            "LDAPUsername": ldap_username,
+            "LDAPPassword": ldap_password,
+        }
+        if duration_seconds:
+            query_params["DurationSeconds"] = str(duration_seconds)
+        if policy:
+            query_params["Policy"] = policy
+        if token_revoke_type:
+            query_params["TokenRevokeType"] = token_revoke_type
+
+        self._sts_endpoint = sts_endpoint + "?" + urlencode(query_params)
         self._http_client = http_client or PoolManager(
             retries=Retry(
                 total=5,
