credentials.*RamRoleArnCredential.GetAccessSecret - Code Metrics - Inspection of "improve quality" - aliyun/credentials-go - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#5)

unknown

created 2019-09-05 06:28 UTC

credentials.*RamRoleArnCredential.GetAccessSecret A

↳ Parent: credentials/sts_role_arn_credential.go

Complexity

Conditions

Size

Total Lines	8
Code Lines	6

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	4
eloc	6
dl	0
loc	8
rs	10
c	0
b	0
f	0
nop	0

package credentials

import (
	"encoding/json"
	"errors"
	"fmt"
	"strconv"
	"time"

	"github.com/aliyun/credentials-go/credentials/request"
	"github.com/aliyun/credentials-go/credentials/utils"
)

const defaultDurationSeconds = 3600

type RamRoleArnCredential struct {

	*credentialUpdater
	AccessKeyID           string
	AccessKeySecret       string
	RoleArn               string
	RoleSessionName       string
	RoleSessionExpiration int
	Policy                string
	sessionCredential     *sessionCredential
	runtime               *utils.Runtime
}

type RamRoleArnResponse struct {

	Credentials *CredentialsInResponse `json:"Credentials" xml:"Credentials"`
}

type CredentialsInResponse struct {

	AccessKeyID     string `json:"AccessKeyID" xml:"AccessKeyID"`
	AccessKeySecret string `json:"AccessKeySecret" xml:"AccessKeySecret"`
	SecurityToken   string `json:"SecurityToken" xml:"SecurityToken"`
	Expiration      string `json:"Expiration" xml:"Expiration"`
}

func newRamRoleArnCredential(accessKeyID, accessKeySecret, roleArn, roleSessionName, policy string, roleSessionExpiration int, runtime *utils.Runtime) *RamRoleArnCredential {

	return &RamRoleArnCredential{
		AccessKeyID:           accessKeyID,
		AccessKeySecret:       accessKeySecret,
		RoleArn:               roleArn,
		RoleSessionName:       roleSessionName,
		RoleSessionExpiration: roleSessionExpiration,
		Policy:                policy,
		credentialUpdater:     new(credentialUpdater),
		runtime:               runtime,
	}
}

// GetAccessKeyID reutrns RamRoleArnCredential's AccessKeyID
// if AccessKeyID is not exist or out of date, the function will update it.
func (r *RamRoleArnCredential) GetAccessKeyID() (string, error) {
	if r.sessionCredential == nil || r.needUpdateCredential() {
		err := r.updateCredential()
		if err != nil {
			return "", err
		}
	}
	return r.sessionCredential.AccessKeyID, nil
}

// GetAccessSecret reutrns RamRoleArnCredential's AccessKeySecret
// if AccessKeySecret is not exist or out of date, the function will update it.
func (r *RamRoleArnCredential) GetAccessSecret() (string, error) {
	if r.sessionCredential == nil || r.needUpdateCredential() {
		err := r.updateCredential()
		if err != nil {
			return "", err
		}
	}
	return r.sessionCredential.AccessKeySecret, nil
}

// GetSecurityToken reutrns RamRoleArnCredential's SecurityToken
// if SecurityToken is not exist or out of date, the function will update it.
func (r *RamRoleArnCredential) GetSecurityToken() (string, error) {
	if r.sessionCredential == nil || r.needUpdateCredential() {
		err := r.updateCredential()
		if err != nil {
			return "", err
		}
	}
	return r.sessionCredential.SecurityToken, nil
}

// GetBearerToken is useless RamRoleArnCredential
func (r *RamRoleArnCredential) GetBearerToken() string {
	return ""
}

// GetType reutrns RamRoleArnCredential's type
func (r *RamRoleArnCredential) GetType() string {
	return "ram_role_arn"
}

func (r *RamRoleArnCredential) updateCredential() (err error) {
	if r.runtime == nil {
		r.runtime = new(utils.Runtime)
	}
	request := request.NewCommonRequest()
	request.Domain = "sts.aliyuncs.com"
	request.Scheme = "HTTPS"
	request.Method = "GET"
	request.QueryParams["AccessKeyId"] = r.AccessKeyID
	request.QueryParams["Action"] = "AssumeRole"
	request.QueryParams["Format"] = "JSON"
	if r.RoleSessionExpiration > 0 {
		if r.RoleSessionExpiration >= 900 && r.RoleSessionExpiration <= 3600 {
			request.QueryParams["DurationSeconds"] = strconv.Itoa(r.RoleSessionExpiration)
		} else {
			err = errors.New("[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr")
			return
		}
	} else {
		request.QueryParams["DurationSeconds"] = strconv.Itoa(defaultDurationSeconds)
	}
	request.QueryParams["RoleArn"] = r.RoleArn
	if r.Policy != "" {
		request.QueryParams["Policy"] = r.Policy
	}
	request.QueryParams["RoleSessionName"] = r.RoleSessionName
	request.QueryParams["SignatureMethod"] = "HMAC-SHA1"
	request.QueryParams["SignatureVersion"] = "1.0"
	request.QueryParams["Version"] = "2015-04-01"
	request.QueryParams["Timestamp"] = utils.GetTimeInFormatISO8601()
	request.QueryParams["SignatureNonce"] = utils.GetUUID()
	signature := utils.ShaHmac1(request.BuildStringToSign(), r.AccessKeySecret+"&")
	request.QueryParams["Signature"] = signature
	request.Headers["Host"] = request.Domain
	request.Headers["Accept-Encoding"] = "identity"
	request.Url = request.BuildUrl()
	content, err := doAction(request, r.runtime)
	if err != nil {
		return fmt.Errorf("refresh RoleArn sts token err: %s", err.Error())
	}
	var resp *RamRoleArnResponse
	err = json.Unmarshal(content, &resp)
	if err != nil {
		return fmt.Errorf("refresh RoleArn sts token err: Json.Unmarshal fail: %s", err.Error())
	}
	if resp == nil || resp.Credentials == nil {
		return fmt.Errorf("refresh RoleArn sts token err: Credentials is empty")
	}
	respCredentials := resp.Credentials
	if respCredentials.AccessKeyID == "" || respCredentials.AccessKeySecret == "" || respCredentials.SecurityToken == "" || respCredentials.Expiration == "" {
		return fmt.Errorf("refresh RoleArn sts token err: AccessKeyID: %s, AccessKeySecret: %s, SecurityToken: %s, Expiration: %s", respCredentials.AccessKeyID, respCredentials.AccessKeySecret, respCredentials.SecurityToken, respCredentials.Expiration)
	}

	expirationTime, err := time.Parse("2006-01-02T15:04:05Z", respCredentials.Expiration)
	r.lastUpdateTimestamp = time.Now().Unix()
	r.credentialExpiration = int(expirationTime.Unix() - time.Now().Unix())
	r.sessionCredential = &sessionCredential{
		AccessKeyID:     respCredentials.AccessKeyID,
		AccessKeySecret: respCredentials.AccessKeySecret,
		SecurityToken:   respCredentials.SecurityToken,
	}

	return
}


1			package credentials
2
3			import (
4			"encoding/json"
5			"errors"
6			"fmt"
7			"strconv"
8			"time"
9
10			"github.com/aliyun/credentials-go/credentials/request"
11			"github.com/aliyun/credentials-go/credentials/utils"
12			)
13
14			const defaultDurationSeconds = 3600
15
16			type RamRoleArnCredential struct {
			0 ignored issues – show introduced 2019-09-05 01:55 UTC by Report Bug Copy Issue Report exported type RamRoleArnCredential should have comment or be unexported Loading history... introduced 2019-09-05 01:55 UTC by Report Bug Copy Issue Report type RamRoleArnCredential should be RAMRoleArnCredential Loading history...
17			*credentialUpdater
18			AccessKeyID string
19			AccessKeySecret string
20			RoleArn string
21			RoleSessionName string
22			RoleSessionExpiration int
23			Policy string
24			sessionCredential *sessionCredential
25			runtime *utils.Runtime
26			}
27
28			type RamRoleArnResponse struct {
			0 ignored issues – show introduced 2019-09-05 01:55 UTC by Report Bug Copy Issue Report exported type RamRoleArnResponse should have comment or be unexported Loading history... introduced 2019-09-05 01:55 UTC by Report Bug Copy Issue Report type RamRoleArnResponse should be RAMRoleArnResponse Loading history...
29			Credentials *CredentialsInResponse `json:"Credentials" xml:"Credentials"`
30			}
31
32			type CredentialsInResponse struct {
			0 ignored issues – show introduced 2019-09-05 01:55 UTC by Report Bug Copy Issue Report exported type CredentialsInResponse should have comment or be unexported Loading history... introduced 2019-09-05 01:55 UTC by Report Bug Copy Issue Report type name will be used as credentials.CredentialsInResponse by other packages, and that stutters; consider calling this InResponse Loading history...
33			AccessKeyID string `json:"AccessKeyID" xml:"AccessKeyID"`
34			AccessKeySecret string `json:"AccessKeySecret" xml:"AccessKeySecret"`
35			SecurityToken string `json:"SecurityToken" xml:"SecurityToken"`
36			Expiration string `json:"Expiration" xml:"Expiration"`
37			}
38
39			func newRamRoleArnCredential(accessKeyID, accessKeySecret, roleArn, roleSessionName, policy string, roleSessionExpiration int, runtime utils.Runtime) RamRoleArnCredential {
			0 ignored issues – show introduced 2019-09-05 01:55 UTC by Report Bug Copy Issue Report func newRamRoleArnCredential should be newRAMRoleArnCredential Loading history...
40			return &RamRoleArnCredential{
41			AccessKeyID: accessKeyID,
42			AccessKeySecret: accessKeySecret,
43			RoleArn: roleArn,
44			RoleSessionName: roleSessionName,
45			RoleSessionExpiration: roleSessionExpiration,
46			Policy: policy,
47			credentialUpdater: new(credentialUpdater),
48			runtime: runtime,
49			}
50			}
51
52			// GetAccessKeyID reutrns RamRoleArnCredential's AccessKeyID
53			// if AccessKeyID is not exist or out of date, the function will update it.
54			func (r *RamRoleArnCredential) GetAccessKeyID() (string, error) {
55			if r.sessionCredential == nil \|\| r.needUpdateCredential() {
56			err := r.updateCredential()
57			if err != nil {
58			return "", err
59			}
60			}
61			return r.sessionCredential.AccessKeyID, nil
62			}
63
64			// GetAccessSecret reutrns RamRoleArnCredential's AccessKeySecret
65			// if AccessKeySecret is not exist or out of date, the function will update it.
66			func (r *RamRoleArnCredential) GetAccessSecret() (string, error) {
67			if r.sessionCredential == nil \|\| r.needUpdateCredential() {
68			err := r.updateCredential()
69			if err != nil {
70			return "", err
71			}
72			}
73			return r.sessionCredential.AccessKeySecret, nil
74			}
75
76			// GetSecurityToken reutrns RamRoleArnCredential's SecurityToken
77			// if SecurityToken is not exist or out of date, the function will update it.
78			func (r *RamRoleArnCredential) GetSecurityToken() (string, error) {
79			if r.sessionCredential == nil \|\| r.needUpdateCredential() {
80			err := r.updateCredential()
81			if err != nil {
82			return "", err
83			}
84			}
85			return r.sessionCredential.SecurityToken, nil
86			}
87
88			// GetBearerToken is useless RamRoleArnCredential
89			func (r *RamRoleArnCredential) GetBearerToken() string {
90			return ""
91			}
92
93			// GetType reutrns RamRoleArnCredential's type
94			func (r *RamRoleArnCredential) GetType() string {
95			return "ram_role_arn"
96			}
97
98			func (r *RamRoleArnCredential) updateCredential() (err error) {
99			if r.runtime == nil {
100			r.runtime = new(utils.Runtime)
101			}
102			request := request.NewCommonRequest()
103			request.Domain = "sts.aliyuncs.com"
104			request.Scheme = "HTTPS"
105			request.Method = "GET"
106			request.QueryParams["AccessKeyId"] = r.AccessKeyID
107			request.QueryParams["Action"] = "AssumeRole"
108			request.QueryParams["Format"] = "JSON"
109			if r.RoleSessionExpiration > 0 {
110			if r.RoleSessionExpiration >= 900 && r.RoleSessionExpiration <= 3600 {
111			request.QueryParams["DurationSeconds"] = strconv.Itoa(r.RoleSessionExpiration)
112			} else {
113			err = errors.New("[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr")
114			return
115			}
116			} else {
117			request.QueryParams["DurationSeconds"] = strconv.Itoa(defaultDurationSeconds)
118			}
119			request.QueryParams["RoleArn"] = r.RoleArn
120			if r.Policy != "" {
121			request.QueryParams["Policy"] = r.Policy
122			}
123			request.QueryParams["RoleSessionName"] = r.RoleSessionName
124			request.QueryParams["SignatureMethod"] = "HMAC-SHA1"
125			request.QueryParams["SignatureVersion"] = "1.0"
126			request.QueryParams["Version"] = "2015-04-01"
127			request.QueryParams["Timestamp"] = utils.GetTimeInFormatISO8601()
128			request.QueryParams["SignatureNonce"] = utils.GetUUID()
129			signature := utils.ShaHmac1(request.BuildStringToSign(), r.AccessKeySecret+"&")
130			request.QueryParams["Signature"] = signature
131			request.Headers["Host"] = request.Domain
132			request.Headers["Accept-Encoding"] = "identity"
133			request.Url = request.BuildUrl()
134			content, err := doAction(request, r.runtime)
135			if err != nil {
136			return fmt.Errorf("refresh RoleArn sts token err: %s", err.Error())
137			}
138			var resp *RamRoleArnResponse
139			err = json.Unmarshal(content, &resp)
140			if err != nil {
141			return fmt.Errorf("refresh RoleArn sts token err: Json.Unmarshal fail: %s", err.Error())
142			}
143			if resp == nil \|\| resp.Credentials == nil {
144			return fmt.Errorf("refresh RoleArn sts token err: Credentials is empty")
145			}
146			respCredentials := resp.Credentials
147			if respCredentials.AccessKeyID == "" \|\| respCredentials.AccessKeySecret == "" \|\| respCredentials.SecurityToken == "" \|\| respCredentials.Expiration == "" {
148			return fmt.Errorf("refresh RoleArn sts token err: AccessKeyID: %s, AccessKeySecret: %s, SecurityToken: %s, Expiration: %s", respCredentials.AccessKeyID, respCredentials.AccessKeySecret, respCredentials.SecurityToken, respCredentials.Expiration)
149			}
150
151			expirationTime, err := time.Parse("2006-01-02T15:04:05Z", respCredentials.Expiration)
152			r.lastUpdateTimestamp = time.Now().Unix()
153			r.credentialExpiration = int(expirationTime.Unix() - time.Now().Unix())
154			r.sessionCredential = &sessionCredential{
155			AccessKeyID: respCredentials.AccessKeyID,
156			AccessKeySecret: respCredentials.AccessKeySecret,
157			SecurityToken: respCredentials.SecurityToken,
158			}
159
160			return
161			}
162

aliyun / credentials-go

GitHub Access Token became invalid

Pull Request — master (#5)

credentials.*RamRoleArnCredential.GetAccessSecret A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like