credentials.NewCredential - Code Metrics - aliyun/credentials-go - Measure and Improve Code Quality continuously with Scrutinizer

credentials.NewCredential F
last analyzed 2025-10-29 01:32 UTC

↳ Parent: credentials/credential.go

Complexity

Conditions

Size

Total Lines	153
Code Lines	125

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	25
eloc	125
nop	1
dl	0
loc	153
rs	0
c	0
b	0
f	0

How to fix Long Method Complexity

package credentials

import (
	"bufio"
	"errors"
	"fmt"
	"net/http"
	"net/url"
	"os"
	"strings"
	"time"

	"github.com/alibabacloud-go/debug/debug"
	"github.com/alibabacloud-go/tea/tea"
	"github.com/aliyun/credentials-go/credentials/internal/utils"
	"github.com/aliyun/credentials-go/credentials/providers"
	"github.com/aliyun/credentials-go/credentials/request"
	"github.com/aliyun/credentials-go/credentials/response"
)

var debuglog = debug.Init("credential")

var hookParse = func(err error) error {
	return err
}

// Credential is an interface for getting actual credential
type Credential interface {
	// Deprecated: GetAccessKeyId is deprecated, use GetCredential instead of.
	GetAccessKeyId() (*string, error)
	// Deprecated: GetAccessKeySecret is deprecated, use GetCredential instead of.
	GetAccessKeySecret() (*string, error)
	// Deprecated: GetSecurityToken is deprecated, use GetCredential instead of.
	GetSecurityToken() (*string, error)
	GetBearerToken() *string
	GetType() *string
	GetCredential() (*CredentialModel, error)
}

// Config is important when call NewCredential
type Config struct {
	// Credential type, including access_key, sts, bearer, ecs_ram_role, ram_role_arn, rsa_key_pair, oidc_role_arn, credentials_uri
	Type            *string `json:"type"`
	AccessKeyId     *string `json:"access_key_id"`
	AccessKeySecret *string `json:"access_key_secret"`
	SecurityToken   *string `json:"security_token"`
	BearerToken     *string `json:"bearer_token"`

	// Used when the type is ram_role_arn or oidc_role_arn
	OIDCProviderArn       *string `json:"oidc_provider_arn"`
	OIDCTokenFilePath     *string `json:"oidc_token"`
	RoleArn               *string `json:"role_arn"`
	RoleSessionName       *string `json:"role_session_name"`
	RoleSessionExpiration *int    `json:"role_session_expiration"`
	Policy                *string `json:"policy"`
	ExternalId            *string `json:"external_id"`
	STSEndpoint           *string `json:"sts_endpoint"`

	// Used when the type is ecs_ram_role
	RoleName *string `json:"role_name"`
	// Deprecated
	EnableIMDSv2  *bool `json:"enable_imds_v2"`
	DisableIMDSv1 *bool `json:"disable_imds_v1"`
	// Deprecated
	MetadataTokenDuration *int `json:"metadata_token_duration"`

	// Used when the type is credentials_uri
	Url *string `json:"url"`

	// Deprecated
	// Used when the type is rsa_key_pair
	SessionExpiration *int    `json:"session_expiration"`
	PublicKeyId       *string `json:"public_key_id"`
	PrivateKeyFile    *string `json:"private_key_file"`
	Host              *string `json:"host"`

	// Read timeout, in milliseconds.
	// The default value for ecs_ram_role is 1000ms, the default value for ram_role_arn is 5000ms, and the default value for oidc_role_arn is 5000ms.
	Timeout *int `json:"timeout"`
	// Connection timeout, in milliseconds.
	// The default value for ecs_ram_role is 1000ms, the default value for ram_role_arn is 10000ms, and the default value for oidc_role_arn is 10000ms.
	ConnectTimeout *int `json:"connect_timeout"`

	Proxy          *string  `json:"proxy"`
	InAdvanceScale *float64 `json:"inAdvanceScale"`
}

func (s Config) String() string {
	return tea.Prettify(s)
}

func (s Config) GoString() string {
	return s.String()
}

func (s *Config) SetAccessKeyId(v string) *Config {
	s.AccessKeyId = &v
	return s
}

func (s *Config) SetAccessKeySecret(v string) *Config {
	s.AccessKeySecret = &v
	return s
}

func (s *Config) SetSecurityToken(v string) *Config {
	s.SecurityToken = &v
	return s
}

func (s *Config) SetRoleArn(v string) *Config {
	s.RoleArn = &v
	return s
}

func (s *Config) SetRoleSessionName(v string) *Config {
	s.RoleSessionName = &v
	return s
}

func (s *Config) SetPublicKeyId(v string) *Config {
	s.PublicKeyId = &v
	return s
}

func (s *Config) SetRoleName(v string) *Config {
	s.RoleName = &v
	return s
}

func (s *Config) SetEnableIMDSv2(v bool) *Config {
	s.EnableIMDSv2 = &v
	return s
}

func (s *Config) SetDisableIMDSv1(v bool) *Config {
	s.DisableIMDSv1 = &v
	return s
}

func (s *Config) SetMetadataTokenDuration(v int) *Config {
	s.MetadataTokenDuration = &v
	return s
}

func (s *Config) SetSessionExpiration(v int) *Config {
	s.SessionExpiration = &v
	return s
}

func (s *Config) SetPrivateKeyFile(v string) *Config {
	s.PrivateKeyFile = &v
	return s
}

func (s *Config) SetBearerToken(v string) *Config {
	s.BearerToken = &v
	return s
}

func (s *Config) SetRoleSessionExpiration(v int) *Config {
	s.RoleSessionExpiration = &v
	return s
}

func (s *Config) SetPolicy(v string) *Config {
	s.Policy = &v
	return s
}

func (s *Config) SetHost(v string) *Config {
	s.Host = &v
	return s
}

func (s *Config) SetTimeout(v int) *Config {
	s.Timeout = &v
	return s
}

func (s *Config) SetConnectTimeout(v int) *Config {
	s.ConnectTimeout = &v
	return s
}

func (s *Config) SetProxy(v string) *Config {
	s.Proxy = &v
	return s
}

func (s *Config) SetType(v string) *Config {
	s.Type = &v
	return s
}

func (s *Config) SetOIDCTokenFilePath(v string) *Config {
	s.OIDCTokenFilePath = &v
	return s
}

func (s *Config) SetOIDCProviderArn(v string) *Config {
	s.OIDCProviderArn = &v
	return s
}

func (s *Config) SetURLCredential(v string) *Config {
	if v == "" {
		v = os.Getenv("ALIBABA_CLOUD_CREDENTIALS_URI")
	}
	s.Url = &v
	return s
}

func (s *Config) SetSTSEndpoint(v string) *Config {
	s.STSEndpoint = &v
	return s
}

func (s *Config) SetExternalId(v string) *Config {
	s.ExternalId = &v
	return s
}

// NewCredential return a credential according to the type in config.
// if config is nil, the function will use default provider chain to get credentials.
// please see README.md for detail.
func NewCredential(config *Config) (credential Credential, err error) {
	if config == nil {
		provider := providers.NewDefaultCredentialsProvider()
		credential = FromCredentialsProvider("default", provider)
		return
	}
	switch tea.StringValue(config.Type) {
	case "credentials_uri":
		provider, err := providers.NewURLCredentialsProviderBuilder().
			WithUrl(tea.StringValue(config.Url)).
			WithHttpOptions(&providers.HttpOptions{
				Proxy:          tea.StringValue(config.Proxy),
				ReadTimeout:    tea.IntValue(config.Timeout),
				ConnectTimeout: tea.IntValue(config.ConnectTimeout),
			}).
			Build()

		if err != nil {
			return nil, err
		}
		credential = FromCredentialsProvider("credentials_uri", provider)
	case "oidc_role_arn":
		provider, err := providers.NewOIDCCredentialsProviderBuilder().
			WithRoleArn(tea.StringValue(config.RoleArn)).
			WithOIDCTokenFilePath(tea.StringValue(config.OIDCTokenFilePath)).
			WithOIDCProviderARN(tea.StringValue(config.OIDCProviderArn)).
			WithDurationSeconds(tea.IntValue(config.RoleSessionExpiration)).
			WithPolicy(tea.StringValue(config.Policy)).
			WithRoleSessionName(tea.StringValue(config.RoleSessionName)).
			WithSTSEndpoint(tea.StringValue(config.STSEndpoint)).
			WithHttpOptions(&providers.HttpOptions{
				Proxy:          tea.StringValue(config.Proxy),
				ReadTimeout:    tea.IntValue(config.Timeout),
				ConnectTimeout: tea.IntValue(config.ConnectTimeout),
			}).
			Build()

		if err != nil {
			return nil, err
		}
		credential = FromCredentialsProvider("oidc_role_arn", provider)
	case "access_key":
		provider, err := providers.NewStaticAKCredentialsProviderBuilder().
			WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
			WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
			Build()
		if err != nil {
			return nil, err
		}

		credential = FromCredentialsProvider("access_key", provider)
	case "sts":
		provider, err := providers.NewStaticSTSCredentialsProviderBuilder().
			WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
			WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
			WithSecurityToken(tea.StringValue(config.SecurityToken)).
			Build()
		if err != nil {
			return nil, err
		}

		credential = FromCredentialsProvider("sts", provider)
	case "ecs_ram_role":
		provider, err := providers.NewECSRAMRoleCredentialsProviderBuilder().
			WithRoleName(tea.StringValue(config.RoleName)).
			WithDisableIMDSv1(tea.BoolValue(config.DisableIMDSv1)).
			Build()

		if err != nil {
			return nil, err
		}

		credential = FromCredentialsProvider("ecs_ram_role", provider)
	case "ram_role_arn":
		var credentialsProvider providers.CredentialsProvider
		if config.SecurityToken != nil && *config.SecurityToken != "" {
			credentialsProvider, err = providers.NewStaticSTSCredentialsProviderBuilder().
				WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
				WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
				WithSecurityToken(tea.StringValue(config.SecurityToken)).
				Build()
		} else {
			credentialsProvider, err = providers.NewStaticAKCredentialsProviderBuilder().
				WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
				WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
				Build()
		}

		if err != nil {
			return nil, err
		}

		provider, err := providers.NewRAMRoleARNCredentialsProviderBuilder().
			WithCredentialsProvider(credentialsProvider).
			WithRoleArn(tea.StringValue(config.RoleArn)).
			WithRoleSessionName(tea.StringValue(config.RoleSessionName)).
			WithPolicy(tea.StringValue(config.Policy)).
			WithDurationSeconds(tea.IntValue(config.RoleSessionExpiration)).
			WithExternalId(tea.StringValue(config.ExternalId)).
			WithStsEndpoint(tea.StringValue(config.STSEndpoint)).
			WithHttpOptions(&providers.HttpOptions{
				Proxy:          tea.StringValue(config.Proxy),
				ReadTimeout:    tea.IntValue(config.Timeout),
				ConnectTimeout: tea.IntValue(config.ConnectTimeout),
			}).
			Build()
		if err != nil {
			return nil, err
		}

		credential = FromCredentialsProvider("ram_role_arn", provider)
	case "rsa_key_pair":
		err = checkRSAKeyPair(config)
		if err != nil {
			return
		}
		file, err1 := os.Open(tea.StringValue(config.PrivateKeyFile))
		if err1 != nil {
			err = fmt.Errorf("InvalidPath: Can not open PrivateKeyFile, err is %s", err1.Error())
			return
		}
		defer file.Close()
		var privateKey string
		scan := bufio.NewScanner(file)
		for scan.Scan() {
			if strings.HasPrefix(scan.Text(), "----") {
				continue
			}
			privateKey += scan.Text() + "\n"
		}
		runtime := &utils.Runtime{
			Host:           tea.StringValue(config.Host),
			Proxy:          tea.StringValue(config.Proxy),
			ReadTimeout:    tea.IntValue(config.Timeout),
			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
			STSEndpoint:    tea.StringValue(config.STSEndpoint),
		}
		credential = newRsaKeyPairCredential(
			privateKey,
			tea.StringValue(config.PublicKeyId),
			tea.IntValue(config.SessionExpiration),
			runtime)
	case "bearer":
		if tea.StringValue(config.BearerToken) == "" {
			err = errors.New("BearerToken cannot be empty")
			return
		}
		credential = newBearerTokenCredential(tea.StringValue(config.BearerToken))
	default:
		err = errors.New("invalid type option, support: access_key, sts, bearer, ecs_ram_role, ram_role_arn, rsa_key_pair, oidc_role_arn, credentials_uri")
		return
	}
	return credential, nil
}

func checkRSAKeyPair(config *Config) (err error) {
	if tea.StringValue(config.PrivateKeyFile) == "" {
		err = errors.New("PrivateKeyFile cannot be empty")
		return
	}
	if tea.StringValue(config.PublicKeyId) == "" {
		err = errors.New("PublicKeyId cannot be empty")
		return
	}
	return
}

func doAction(request *request.CommonRequest, runtime *utils.Runtime) (content []byte, err error) {
	var urlEncoded string
	if request.BodyParams != nil {
		urlEncoded = utils.GetURLFormedMap(request.BodyParams)
	}
	httpRequest, err := http.NewRequest(request.Method, request.URL, strings.NewReader(urlEncoded))
	if err != nil {
		return
	}
	httpRequest.Proto = "HTTP/1.1"
	httpRequest.Host = request.Domain
	debuglog("> %s %s %s", httpRequest.Method, httpRequest.URL.RequestURI(), httpRequest.Proto)
	debuglog("> Host: %s", httpRequest.Host)
	for key, value := range request.Headers {
		if value != "" {
			debuglog("> %s: %s", key, value)
			httpRequest.Header[key] = []string{value}
		}
	}
	debuglog(">")
	httpClient := &http.Client{}
	httpClient.Timeout = time.Duration(runtime.ReadTimeout) * time.Second
	proxy := &url.URL{}
	if runtime.Proxy != "" {
		proxy, err = url.Parse(runtime.Proxy)
		if err != nil {
			return
		}
	}
	transport := &http.Transport{}
	if proxy != nil && runtime.Proxy != "" {
		transport.Proxy = http.ProxyURL(proxy)
	}
	transport.DialContext = utils.Timeout(time.Duration(runtime.ConnectTimeout) * time.Second)
	httpClient.Transport = transport
	httpResponse, err := hookDo(httpClient.Do)(httpRequest)
	if err != nil {
		return
	}
	debuglog("< %s %s", httpResponse.Proto, httpResponse.Status)
	for key, value := range httpResponse.Header {
		debuglog("< %s: %v", key, strings.Join(value, ""))
	}
	debuglog("<")

	resp := &response.CommonResponse{}
	err = hookParse(resp.ParseFromHTTPResponse(httpResponse))
	if err != nil {
		return
	}
	debuglog("%s", resp.GetHTTPContentString())
	if resp.GetHTTPStatus() != http.StatusOK {
		err = fmt.Errorf("httpStatus: %d, message = %s", resp.GetHTTPStatus(), resp.GetHTTPContentString())
		return
	}
	return resp.GetHTTPContentBytes(), nil
}

type credentialsProviderWrap struct {
	typeName string
	provider providers.CredentialsProvider
}

// Deprecated: use GetCredential() instead of
func (cp *credentialsProviderWrap) GetAccessKeyId() (accessKeyId *string, err error) {
	cc, err := cp.provider.GetCredentials()
	if err != nil {
		return
	}
	accessKeyId = &cc.AccessKeyId
	return
}

// Deprecated: use GetCredential() instead of
func (cp *credentialsProviderWrap) GetAccessKeySecret() (accessKeySecret *string, err error) {
	cc, err := cp.provider.GetCredentials()
	if err != nil {
		return
	}
	accessKeySecret = &cc.AccessKeySecret
	return
}

// Deprecated: use GetCredential() instead of
func (cp *credentialsProviderWrap) GetSecurityToken() (securityToken *string, err error) {
	cc, err := cp.provider.GetCredentials()
	if err != nil {
		return
	}
	securityToken = &cc.SecurityToken
	return
}

// Deprecated: don't use it
func (cp *credentialsProviderWrap) GetBearerToken() (bearerToken *string) {
	return tea.String("")
}

// Get credentials
func (cp *credentialsProviderWrap) GetCredential() (cm *CredentialModel, err error) {
	c, err := cp.provider.GetCredentials()
	if err != nil {
		return
	}

	cm = &CredentialModel{
		AccessKeyId:     &c.AccessKeyId,
		AccessKeySecret: &c.AccessKeySecret,
		SecurityToken:   &c.SecurityToken,
		Type:            &cp.typeName,
		ProviderName:    &c.ProviderName,
	}
	return
}

func (cp *credentialsProviderWrap) GetType() *string {
	return &cp.typeName
}

func FromCredentialsProvider(typeName string, cp providers.CredentialsProvider) Credential {
	return &credentialsProviderWrap{
		typeName: typeName,
		provider: cp,
	}
}


1			package credentials
2
3			import (
4			"bufio"
5			"errors"
6			"fmt"
7			"net/http"
8			"net/url"
9			"os"
10			"strings"
11			"time"
12
13			"github.com/alibabacloud-go/debug/debug"
14			"github.com/alibabacloud-go/tea/tea"
15			"github.com/aliyun/credentials-go/credentials/internal/utils"
16			"github.com/aliyun/credentials-go/credentials/providers"
17			"github.com/aliyun/credentials-go/credentials/request"
18			"github.com/aliyun/credentials-go/credentials/response"
19			)
20
21			var debuglog = debug.Init("credential")
22
23			var hookParse = func(err error) error {
24			return err
25			}
26
27			// Credential is an interface for getting actual credential
28			type Credential interface {
29			// Deprecated: GetAccessKeyId is deprecated, use GetCredential instead of.
30			GetAccessKeyId() (*string, error)
31			// Deprecated: GetAccessKeySecret is deprecated, use GetCredential instead of.
32			GetAccessKeySecret() (*string, error)
33			// Deprecated: GetSecurityToken is deprecated, use GetCredential instead of.
34			GetSecurityToken() (*string, error)
35			GetBearerToken() *string
36			GetType() *string
37			GetCredential() (*CredentialModel, error)
38			}
39
40			// Config is important when call NewCredential
41			type Config struct {
42			// Credential type, including access_key, sts, bearer, ecs_ram_role, ram_role_arn, rsa_key_pair, oidc_role_arn, credentials_uri
43			Type *string `json:"type"`
44			AccessKeyId *string `json:"access_key_id"`
45			AccessKeySecret *string `json:"access_key_secret"`
46			SecurityToken *string `json:"security_token"`
47			BearerToken *string `json:"bearer_token"`
48
49			// Used when the type is ram_role_arn or oidc_role_arn
50			OIDCProviderArn *string `json:"oidc_provider_arn"`
51			OIDCTokenFilePath *string `json:"oidc_token"`
52			RoleArn *string `json:"role_arn"`
53			RoleSessionName *string `json:"role_session_name"`
54			RoleSessionExpiration *int `json:"role_session_expiration"`
55			Policy *string `json:"policy"`
56			ExternalId *string `json:"external_id"`
57			STSEndpoint *string `json:"sts_endpoint"`
58
59			// Used when the type is ecs_ram_role
60			RoleName *string `json:"role_name"`
61			// Deprecated
62			EnableIMDSv2 *bool `json:"enable_imds_v2"`
63			DisableIMDSv1 *bool `json:"disable_imds_v1"`
64			// Deprecated
65			MetadataTokenDuration *int `json:"metadata_token_duration"`
66
67			// Used when the type is credentials_uri
68			Url *string `json:"url"`
69
70			// Deprecated
71			// Used when the type is rsa_key_pair
72			SessionExpiration *int `json:"session_expiration"`
73			PublicKeyId *string `json:"public_key_id"`
74			PrivateKeyFile *string `json:"private_key_file"`
75			Host *string `json:"host"`
76
77			// Read timeout, in milliseconds.
78			// The default value for ecs_ram_role is 1000ms, the default value for ram_role_arn is 5000ms, and the default value for oidc_role_arn is 5000ms.
79			Timeout *int `json:"timeout"`
80			// Connection timeout, in milliseconds.
81			// The default value for ecs_ram_role is 1000ms, the default value for ram_role_arn is 10000ms, and the default value for oidc_role_arn is 10000ms.
82			ConnectTimeout *int `json:"connect_timeout"`
83
84			Proxy *string `json:"proxy"`
85			InAdvanceScale *float64 `json:"inAdvanceScale"`
86			}
87
88			func (s Config) String() string {
89			return tea.Prettify(s)
90			}
91
92			func (s Config) GoString() string {
93			return s.String()
94			}
95
96			func (s Config) SetAccessKeyId(v string) Config {
97			s.AccessKeyId = &v
98			return s
99			}
100
101			func (s Config) SetAccessKeySecret(v string) Config {
102			s.AccessKeySecret = &v
103			return s
104			}
105
106			func (s Config) SetSecurityToken(v string) Config {
107			s.SecurityToken = &v
108			return s
109			}
110
111			func (s Config) SetRoleArn(v string) Config {
112			s.RoleArn = &v
113			return s
114			}
115
116			func (s Config) SetRoleSessionName(v string) Config {
117			s.RoleSessionName = &v
118			return s
119			}
120
121			func (s Config) SetPublicKeyId(v string) Config {
122			s.PublicKeyId = &v
123			return s
124			}
125
126			func (s Config) SetRoleName(v string) Config {
127			s.RoleName = &v
128			return s
129			}
130
131			func (s Config) SetEnableIMDSv2(v bool) Config {
132			s.EnableIMDSv2 = &v
133			return s
134			}
135
136			func (s Config) SetDisableIMDSv1(v bool) Config {
137			s.DisableIMDSv1 = &v
138			return s
139			}
140
141			func (s Config) SetMetadataTokenDuration(v int) Config {
142			s.MetadataTokenDuration = &v
143			return s
144			}
145
146			func (s Config) SetSessionExpiration(v int) Config {
147			s.SessionExpiration = &v
148			return s
149			}
150
151			func (s Config) SetPrivateKeyFile(v string) Config {
152			s.PrivateKeyFile = &v
153			return s
154			}
155
156			func (s Config) SetBearerToken(v string) Config {
157			s.BearerToken = &v
158			return s
159			}
160
161			func (s Config) SetRoleSessionExpiration(v int) Config {
162			s.RoleSessionExpiration = &v
163			return s
164			}
165
166			func (s Config) SetPolicy(v string) Config {
167			s.Policy = &v
168			return s
169			}
170
171			func (s Config) SetHost(v string) Config {
172			s.Host = &v
173			return s
174			}
175
176			func (s Config) SetTimeout(v int) Config {
177			s.Timeout = &v
178			return s
179			}
180
181			func (s Config) SetConnectTimeout(v int) Config {
182			s.ConnectTimeout = &v
183			return s
184			}
185
186			func (s Config) SetProxy(v string) Config {
187			s.Proxy = &v
188			return s
189			}
190
191			func (s Config) SetType(v string) Config {
192			s.Type = &v
193			return s
194			}
195
196			func (s Config) SetOIDCTokenFilePath(v string) Config {
197			s.OIDCTokenFilePath = &v
198			return s
199			}
200
201			func (s Config) SetOIDCProviderArn(v string) Config {
202			s.OIDCProviderArn = &v
203			return s
204			}
205
206			func (s Config) SetURLCredential(v string) Config {
207			if v == "" {
208			v = os.Getenv("ALIBABA_CLOUD_CREDENTIALS_URI")
209			}
210			s.Url = &v
211			return s
212			}
213
214			func (s Config) SetSTSEndpoint(v string) Config {
215			s.STSEndpoint = &v
216			return s
217			}
218
219			func (s Config) SetExternalId(v string) Config {
220			s.ExternalId = &v
221			return s
222			}
223
224			// NewCredential return a credential according to the type in config.
225			// if config is nil, the function will use default provider chain to get credentials.
226			// please see README.md for detail.
227			func NewCredential(config *Config) (credential Credential, err error) {
228			if config == nil {
229			provider := providers.NewDefaultCredentialsProvider()
230			credential = FromCredentialsProvider("default", provider)
231			return
232			}
233			switch tea.StringValue(config.Type) {
234			case "credentials_uri":
235			provider, err := providers.NewURLCredentialsProviderBuilder().
236			WithUrl(tea.StringValue(config.Url)).
237			WithHttpOptions(&providers.HttpOptions{
238			Proxy: tea.StringValue(config.Proxy),
239			ReadTimeout: tea.IntValue(config.Timeout),
240			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
241			}).
242			Build()
243
244			if err != nil {
245			return nil, err
246			}
247			credential = FromCredentialsProvider("credentials_uri", provider)
248			case "oidc_role_arn":
249			provider, err := providers.NewOIDCCredentialsProviderBuilder().
250			WithRoleArn(tea.StringValue(config.RoleArn)).
251			WithOIDCTokenFilePath(tea.StringValue(config.OIDCTokenFilePath)).
252			WithOIDCProviderARN(tea.StringValue(config.OIDCProviderArn)).
253			WithDurationSeconds(tea.IntValue(config.RoleSessionExpiration)).
254			WithPolicy(tea.StringValue(config.Policy)).
255			WithRoleSessionName(tea.StringValue(config.RoleSessionName)).
256			WithSTSEndpoint(tea.StringValue(config.STSEndpoint)).
257			WithHttpOptions(&providers.HttpOptions{
258			Proxy: tea.StringValue(config.Proxy),
259			ReadTimeout: tea.IntValue(config.Timeout),
260			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
261			}).
262			Build()
263
264			if err != nil {
265			return nil, err
266			}
267			credential = FromCredentialsProvider("oidc_role_arn", provider)
268			case "access_key":
269			provider, err := providers.NewStaticAKCredentialsProviderBuilder().
270			WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
271			WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
272			Build()
273			if err != nil {
274			return nil, err
275			}
276
277			credential = FromCredentialsProvider("access_key", provider)
278			case "sts":
279			provider, err := providers.NewStaticSTSCredentialsProviderBuilder().
280			WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
281			WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
282			WithSecurityToken(tea.StringValue(config.SecurityToken)).
283			Build()
284			if err != nil {
285			return nil, err
286			}
287
288			credential = FromCredentialsProvider("sts", provider)
289			case "ecs_ram_role":
290			provider, err := providers.NewECSRAMRoleCredentialsProviderBuilder().
291			WithRoleName(tea.StringValue(config.RoleName)).
292			WithDisableIMDSv1(tea.BoolValue(config.DisableIMDSv1)).
293			Build()
294
295			if err != nil {
296			return nil, err
297			}
298
299			credential = FromCredentialsProvider("ecs_ram_role", provider)
300			case "ram_role_arn":
301			var credentialsProvider providers.CredentialsProvider
302			if config.SecurityToken != nil && *config.SecurityToken != "" {
303			credentialsProvider, err = providers.NewStaticSTSCredentialsProviderBuilder().
304			WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
305			WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
306			WithSecurityToken(tea.StringValue(config.SecurityToken)).
307			Build()
308			} else {
309			credentialsProvider, err = providers.NewStaticAKCredentialsProviderBuilder().
310			WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
311			WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
312			Build()
313			}
314
315			if err != nil {
316			return nil, err
317			}
318
319			provider, err := providers.NewRAMRoleARNCredentialsProviderBuilder().
320			WithCredentialsProvider(credentialsProvider).
321			WithRoleArn(tea.StringValue(config.RoleArn)).
322			WithRoleSessionName(tea.StringValue(config.RoleSessionName)).
323			WithPolicy(tea.StringValue(config.Policy)).
324			WithDurationSeconds(tea.IntValue(config.RoleSessionExpiration)).
325			WithExternalId(tea.StringValue(config.ExternalId)).
326			WithStsEndpoint(tea.StringValue(config.STSEndpoint)).
327			WithHttpOptions(&providers.HttpOptions{
328			Proxy: tea.StringValue(config.Proxy),
329			ReadTimeout: tea.IntValue(config.Timeout),
330			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
331			}).
332			Build()
333			if err != nil {
334			return nil, err
335			}
336
337			credential = FromCredentialsProvider("ram_role_arn", provider)
338			case "rsa_key_pair":
339			err = checkRSAKeyPair(config)
340			if err != nil {
341			return
342			}
343			file, err1 := os.Open(tea.StringValue(config.PrivateKeyFile))
344			if err1 != nil {
345			err = fmt.Errorf("InvalidPath: Can not open PrivateKeyFile, err is %s", err1.Error())
346			return
347			}
348			defer file.Close()
349			var privateKey string
350			scan := bufio.NewScanner(file)
351			for scan.Scan() {
352			if strings.HasPrefix(scan.Text(), "----") {
353			continue
354			}
355			privateKey += scan.Text() + "\n"
356			}
357			runtime := &utils.Runtime{
358			Host: tea.StringValue(config.Host),
359			Proxy: tea.StringValue(config.Proxy),
360			ReadTimeout: tea.IntValue(config.Timeout),
361			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
362			STSEndpoint: tea.StringValue(config.STSEndpoint),
363			}
364			credential = newRsaKeyPairCredential(
365			privateKey,
366			tea.StringValue(config.PublicKeyId),
367			tea.IntValue(config.SessionExpiration),
368			runtime)
369			case "bearer":
370			if tea.StringValue(config.BearerToken) == "" {
371			err = errors.New("BearerToken cannot be empty")
372			return
373			}
374			credential = newBearerTokenCredential(tea.StringValue(config.BearerToken))
375			default:
376			err = errors.New("invalid type option, support: access_key, sts, bearer, ecs_ram_role, ram_role_arn, rsa_key_pair, oidc_role_arn, credentials_uri")
377			return
378			}
379			return credential, nil
380			}
381
382			func checkRSAKeyPair(config *Config) (err error) {
383			if tea.StringValue(config.PrivateKeyFile) == "" {
384			err = errors.New("PrivateKeyFile cannot be empty")
385			return
386			}
387			if tea.StringValue(config.PublicKeyId) == "" {
388			err = errors.New("PublicKeyId cannot be empty")
389			return
390			}
391			return
392			}
393
394			func doAction(request request.CommonRequest, runtime utils.Runtime) (content []byte, err error) {
395			var urlEncoded string
396			if request.BodyParams != nil {
397			urlEncoded = utils.GetURLFormedMap(request.BodyParams)
398			}
399			httpRequest, err := http.NewRequest(request.Method, request.URL, strings.NewReader(urlEncoded))
400			if err != nil {
401			return
402			}
403			httpRequest.Proto = "HTTP/1.1"
404			httpRequest.Host = request.Domain
405			debuglog("> %s %s %s", httpRequest.Method, httpRequest.URL.RequestURI(), httpRequest.Proto)
406			debuglog("> Host: %s", httpRequest.Host)
407			for key, value := range request.Headers {
408			if value != "" {
409			debuglog("> %s: %s", key, value)
410			httpRequest.Header[key] = []string{value}
411			}
412			}
413			debuglog(">")
414			httpClient := &http.Client{}
415			httpClient.Timeout = time.Duration(runtime.ReadTimeout) * time.Second
416			proxy := &url.URL{}
417			if runtime.Proxy != "" {
418			proxy, err = url.Parse(runtime.Proxy)
419			if err != nil {
420			return
421			}
422			}
423			transport := &http.Transport{}
424			if proxy != nil && runtime.Proxy != "" {
425			transport.Proxy = http.ProxyURL(proxy)
426			}
427			transport.DialContext = utils.Timeout(time.Duration(runtime.ConnectTimeout) * time.Second)
428			httpClient.Transport = transport
429			httpResponse, err := hookDo(httpClient.Do)(httpRequest)
430			if err != nil {
431			return
432			}
433			debuglog("< %s %s", httpResponse.Proto, httpResponse.Status)
434			for key, value := range httpResponse.Header {
435			debuglog("< %s: %v", key, strings.Join(value, ""))
436			}
437			debuglog("<")
438
439			resp := &response.CommonResponse{}
440			err = hookParse(resp.ParseFromHTTPResponse(httpResponse))
441			if err != nil {
442			return
443			}
444			debuglog("%s", resp.GetHTTPContentString())
445			if resp.GetHTTPStatus() != http.StatusOK {
446			err = fmt.Errorf("httpStatus: %d, message = %s", resp.GetHTTPStatus(), resp.GetHTTPContentString())
447			return
448			}
449			return resp.GetHTTPContentBytes(), nil
450			}
451
452			type credentialsProviderWrap struct {
453			typeName string
454			provider providers.CredentialsProvider
455			}
456
457			// Deprecated: use GetCredential() instead of
458			func (cp credentialsProviderWrap) GetAccessKeyId() (accessKeyId string, err error) {
459			cc, err := cp.provider.GetCredentials()
460			if err != nil {
461			return
462			}
463			accessKeyId = &cc.AccessKeyId
464			return
465			}
466
467			// Deprecated: use GetCredential() instead of
468			func (cp credentialsProviderWrap) GetAccessKeySecret() (accessKeySecret string, err error) {
469			cc, err := cp.provider.GetCredentials()
470			if err != nil {
471			return
472			}
473			accessKeySecret = &cc.AccessKeySecret
474			return
475			}
476
477			// Deprecated: use GetCredential() instead of
478			func (cp credentialsProviderWrap) GetSecurityToken() (securityToken string, err error) {
479			cc, err := cp.provider.GetCredentials()
480			if err != nil {
481			return
482			}
483			securityToken = &cc.SecurityToken
484			return
485			}
486
487			// Deprecated: don't use it
488			func (cp credentialsProviderWrap) GetBearerToken() (bearerToken string) {
489			return tea.String("")
490			}
491
492			// Get credentials
493			func (cp credentialsProviderWrap) GetCredential() (cm CredentialModel, err error) {
494			c, err := cp.provider.GetCredentials()
495			if err != nil {
496			return
497			}
498
499			cm = &CredentialModel{
500			AccessKeyId: &c.AccessKeyId,
501			AccessKeySecret: &c.AccessKeySecret,
502			SecurityToken: &c.SecurityToken,
503			Type: &cp.typeName,
504			ProviderName: &c.ProviderName,
505			}
506			return
507			}
508
509			func (cp credentialsProviderWrap) GetType() string {
510			return &cp.typeName
511			}
512
513			func FromCredentialsProvider(typeName string, cp providers.CredentialsProvider) Credential {
514			return &credentialsProviderWrap{
515			typeName: typeName,
516			provider: cp,
517			}
518			}
519

aliyun / credentials-go

GitHub Access Token became invalid

credentials.NewCredential F last analyzed 2025-10-29 01:32 UTC

Complexity

Size

Duplication

Importance

How to fix Long Method Complexity

Long Method

Complexity

Duplication Side-by-Side

Filter issues like

credentials.NewCredential F
last analyzed 2025-10-29 01:32 UTC