credentials.checkRAMRoleArn - Code Metrics - Inspection of "Merge pull request #10 from aliyun/improveReport" - aliyun/credentials-go - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( b48a48...6b468f )

by zuochao

created 2019-09-06 09:43 UTC

credentials.checkRAMRoleArn A

↳ Parent: credentials/credential.go

Complexity

Conditions

Size

Total Lines	18
Code Lines	14

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	5
eloc	14
dl	0
loc	18
rs	9.2333
c	0
b	0
f	0
nop	1

package credentials

import (
	"bufio"
	"errors"
	"fmt"
	"net/http"
	"net/url"
	"os"
	"strings"
	"time"

	"github.com/alibabacloud-go/debug/debug"
	"github.com/aliyun/credentials-go/credentials/request"
	"github.com/aliyun/credentials-go/credentials/response"
	"github.com/aliyun/credentials-go/credentials/utils"
)

var debuglog = debug.Init("credential")

var hookParse = func(err error) error {
	return err
}

// Credential is an interface for getting actual credential
type Credential interface {
	GetAccessKeyID() (string, error)
	GetAccessSecret() (string, error)
	GetSecurityToken() (string, error)
	GetBearerToken() string
	GetType() string
}

// Configuration is important when call NewCredential
type Configuration struct {
	Type                  string `json:"type"`
	AccessKeyID           string `json:"access_key_id"`
	AccessKeySecret       string `json:"access_key_secret"`
	RoleArn               string `json:"role_arn"`
	RoleSessionName       string `json:"role_session_name"`
	PublicKeyID           string `json:"public_key_id"`
	RoleName              string `json:"role_name"`
	SessionExpiration     int    `json:"session_expiration"`
	PrivateKeyFile        string `json:"private_key_file"`
	BearerToken           string `json:"bearer_token"`
	SecurityToken         string `json:"security_token"`
	RoleSessionExpiration int    `json:"role_session_expiratioon"`
	Policy                string `json:"policy"`
	Host                  string `json:"host"`
	Timeout               int    `json:"timeout"`
	ConnectTimeout        int    `json:"connect_timeout"`
	Proxy                 string `json:"proxy"`
}

// NewCredential return a credential according to the type in config.
// if config is nil, the function will use default provider chain to get credential.
// please see README.md for detail.
func NewCredential(config *Configuration) (credential Credential, err error) {
	if config == nil {
		config, err = defaultChain.resolve()
		if err != nil {
			return
		}
		return NewCredential(config)
	}
	switch config.Type {
	case "access_key":
		err = checkAccessKey(config)
		if err != nil {
			return
		}
		credential = newAccessKeyCredential(config.AccessKeyID, config.AccessKeySecret)
	case "sts":
		err = checkSTS(config)
		if err != nil {
			return
		}
		credential = newStsTokenCredential(config.AccessKeyID, config.AccessKeySecret, config.SecurityToken)
	case "ecs_ram_role":
		err = checkEcsRAMRole(config)
		if err != nil {
			return
		}
		runtime := &utils.Runtime{
			Host:           config.Host,
			Proxy:          config.Proxy,
			ReadTimeout:    config.Timeout,
			ConnectTimeout: config.ConnectTimeout,
		}
		credential = newEcsRAMRoleCredential(config.RoleName, runtime)
	case "ram_role_arn":
		err = checkRAMRoleArn(config)
		if err != nil {
			return
		}
		runtime := &utils.Runtime{
			Host:           config.Host,
			Proxy:          config.Proxy,
			ReadTimeout:    config.Timeout,
			ConnectTimeout: config.ConnectTimeout,
		}
		credential = newRAMRoleArnCredential(config.AccessKeyID, config.AccessKeySecret, config.RoleArn, config.RoleSessionName, config.Policy, config.RoleSessionExpiration, runtime)
	case "rsa_key_pair":
		err = checkRSAKeyPair(config)
		if err != nil {
			return
		}
		file, err1 := os.Open(config.PrivateKeyFile)
		if err1 != nil {
			err = fmt.Errorf("InvalidPath: Can not open PrivateKeyFile, err is %s", err1.Error())
			return
		}
		defer file.Close()
		var privateKey string
		scan := bufio.NewScanner(file)
		for scan.Scan() {
			if strings.HasPrefix(scan.Text(), "----") {
				continue
			}
			privateKey += scan.Text() + "\n"
		}
		runtime := &utils.Runtime{
			Host:           config.Host,
			Proxy:          config.Proxy,
			ReadTimeout:    config.Timeout,
			ConnectTimeout: config.ConnectTimeout,
		}
		credential = newRsaKeyPairCredential(privateKey, config.PublicKeyID, config.SessionExpiration, runtime)
	case "bearer":
		if config.BearerToken == "" {
			err = errors.New("BearerToken cannot be empty")
			return
		}
		credential = newBearerTokenCredential(config.BearerToken)
	default:
		err = errors.New("Invalid type option, support: access_key, sts, ecs_ram_role, ram_role_arn, rsa_key_pair")
		return
	}
	return credential, nil
}

func checkRSAKeyPair(config *Configuration) (err error) {
	if config.PrivateKeyFile == "" {
		err = errors.New("PrivateKeyFile cannot be empty")
		return
	}
	if config.PublicKeyID == "" {
		err = errors.New("PublicKeyID cannot be empty")
		return
	}
	return
}

func checkRAMRoleArn(config *Configuration) (err error) {
	if config.AccessKeySecret == "" {
		err = errors.New("AccessKeySecret cannot be empty")
		return
	}
	if config.RoleArn == "" {
		err = errors.New("RoleArn cannot be empty")
		return
	}
	if config.RoleSessionName == "" {
		err = errors.New("RoleSessionName cannot be empty")
		return
	}
	if config.AccessKeyID == "" {
		err = errors.New("AccessKeyID cannot be empty")
		return
	}
	return
}

func checkEcsRAMRole(config *Configuration) (err error) {
	if config.RoleName == "" {
		err = errors.New("RoleName cannot be empty")
		return
	}
	return
}

func checkSTS(config *Configuration) (err error) {
	if config.AccessKeyID == "" {
		err = errors.New("AccessKeyID cannot be empty")
		return
	}
	if config.AccessKeySecret == "" {
		err = errors.New("AccessKeySecret cannot be empty")
		return
	}
	if config.SecurityToken == "" {
		err = errors.New("SecurityToken cannot be empty")
		return
	}
	return
}

func checkAccessKey(config *Configuration) (err error) {
	if config.AccessKeyID == "" {
		err = errors.New("AccessKeyID cannot be empty")
		return
	}
	if config.AccessKeySecret == "" {
		err = errors.New("AccessKeySecret cannot be empty")
		return
	}
	return
}

func doAction(request *request.CommonRequest, runtime *utils.Runtime) (content []byte, err error) {
	httpRequest, err := http.NewRequest(request.Method, request.URL, strings.NewReader(""))
	if err != nil {
		return
	}
	httpRequest.Proto = "HTTP/1.1"
	httpRequest.Host = request.Domain
	debuglog("> %s %s %s", httpRequest.Method, httpRequest.URL.RequestURI(), httpRequest.Proto)
	debuglog("> Host: %s", httpRequest.Host)
	for key, value := range request.Headers {
		if value != "" {
			debuglog("> %s: %s", key, value)
			httpRequest.Header[key] = []string{value}
		}
	}
	debuglog(">")
	httpClient := &http.Client{}
	httpClient.Timeout = time.Duration(runtime.ReadTimeout) * time.Second
	proxy := &url.URL{}
	if runtime.Proxy != "" {
		proxy, err = url.Parse(runtime.Proxy)
		if err != nil {
			return
		}
	}
	trans := &http.Transport{}
	if proxy != nil && runtime.Proxy != "" {
		trans.Proxy = http.ProxyURL(proxy)
	}
	trans.DialContext = utils.Timeout(time.Duration(runtime.ConnectTimeout) * time.Second)
	httpClient.Transport = trans
	httpResponse, err := hookDo(httpClient.Do)(httpRequest)
	if err != nil {
		return
	}
	debuglog("< %s %s", httpResponse.Proto, httpResponse.Status)
	for key, value := range httpResponse.Header {
		debuglog("< %s: %v", key, strings.Join(value, ""))
	}
	debuglog("<")

	resp := &response.CommonResponse{}
	err = hookParse(resp.ParseFromHTTPResponse(httpResponse))
	if err != nil {
		return
	}
	debuglog("%s", resp.GetHTTPContentString())
	if resp.GetHTTPStatus() != http.StatusOK {
		err = fmt.Errorf("httpStatus: %d, message = %s", resp.GetHTTPStatus(), resp.GetHTTPContentString())
		return
	}
	return resp.GetHTTPContentBytes(), nil
}


1			package credentials
2
3			import (
4			"bufio"
5			"errors"
6			"fmt"
7			"net/http"
8			"net/url"
9			"os"
10			"strings"
11			"time"
12
13			"github.com/alibabacloud-go/debug/debug"
14			"github.com/aliyun/credentials-go/credentials/request"
15			"github.com/aliyun/credentials-go/credentials/response"
16			"github.com/aliyun/credentials-go/credentials/utils"
17			)
18
19			var debuglog = debug.Init("credential")
20
21			var hookParse = func(err error) error {
22			return err
23			}
24
25			// Credential is an interface for getting actual credential
26			type Credential interface {
27			GetAccessKeyID() (string, error)
28			GetAccessSecret() (string, error)
29			GetSecurityToken() (string, error)
30			GetBearerToken() string
31			GetType() string
32			}
33
34			// Configuration is important when call NewCredential
35			type Configuration struct {
36			Type string `json:"type"`
37			AccessKeyID string `json:"access_key_id"`
38			AccessKeySecret string `json:"access_key_secret"`
39			RoleArn string `json:"role_arn"`
40			RoleSessionName string `json:"role_session_name"`
41			PublicKeyID string `json:"public_key_id"`
42			RoleName string `json:"role_name"`
43			SessionExpiration int `json:"session_expiration"`
44			PrivateKeyFile string `json:"private_key_file"`
45			BearerToken string `json:"bearer_token"`
46			SecurityToken string `json:"security_token"`
47			RoleSessionExpiration int `json:"role_session_expiratioon"`
48			Policy string `json:"policy"`
49			Host string `json:"host"`
50			Timeout int `json:"timeout"`
51			ConnectTimeout int `json:"connect_timeout"`
52			Proxy string `json:"proxy"`
53			}
54
55			// NewCredential return a credential according to the type in config.
56			// if config is nil, the function will use default provider chain to get credential.
57			// please see README.md for detail.
58			func NewCredential(config *Configuration) (credential Credential, err error) {
59			if config == nil {
60			config, err = defaultChain.resolve()
61			if err != nil {
62			return
63			}
64			return NewCredential(config)
65			}
66			switch config.Type {
67			case "access_key":
68			err = checkAccessKey(config)
69			if err != nil {
70			return
71			}
72			credential = newAccessKeyCredential(config.AccessKeyID, config.AccessKeySecret)
73			case "sts":
74			err = checkSTS(config)
75			if err != nil {
76			return
77			}
78			credential = newStsTokenCredential(config.AccessKeyID, config.AccessKeySecret, config.SecurityToken)
79			case "ecs_ram_role":
80			err = checkEcsRAMRole(config)
81			if err != nil {
82			return
83			}
84			runtime := &utils.Runtime{
85			Host: config.Host,
86			Proxy: config.Proxy,
87			ReadTimeout: config.Timeout,
88			ConnectTimeout: config.ConnectTimeout,
89			}
90			credential = newEcsRAMRoleCredential(config.RoleName, runtime)
91			case "ram_role_arn":
92			err = checkRAMRoleArn(config)
93			if err != nil {
94			return
95			}
96			runtime := &utils.Runtime{
97			Host: config.Host,
98			Proxy: config.Proxy,
99			ReadTimeout: config.Timeout,
100			ConnectTimeout: config.ConnectTimeout,
101			}
102			credential = newRAMRoleArnCredential(config.AccessKeyID, config.AccessKeySecret, config.RoleArn, config.RoleSessionName, config.Policy, config.RoleSessionExpiration, runtime)
103			case "rsa_key_pair":
104			err = checkRSAKeyPair(config)
105			if err != nil {
106			return
107			}
108			file, err1 := os.Open(config.PrivateKeyFile)
109			if err1 != nil {
110			err = fmt.Errorf("InvalidPath: Can not open PrivateKeyFile, err is %s", err1.Error())
111			return
112			}
113			defer file.Close()
114			var privateKey string
115			scan := bufio.NewScanner(file)
116			for scan.Scan() {
117			if strings.HasPrefix(scan.Text(), "----") {
118			continue
119			}
120			privateKey += scan.Text() + "\n"
121			}
122			runtime := &utils.Runtime{
123			Host: config.Host,
124			Proxy: config.Proxy,
125			ReadTimeout: config.Timeout,
126			ConnectTimeout: config.ConnectTimeout,
127			}
128			credential = newRsaKeyPairCredential(privateKey, config.PublicKeyID, config.SessionExpiration, runtime)
129			case "bearer":
130			if config.BearerToken == "" {
131			err = errors.New("BearerToken cannot be empty")
132			return
133			}
134			credential = newBearerTokenCredential(config.BearerToken)
135			default:
136			err = errors.New("Invalid type option, support: access_key, sts, ecs_ram_role, ram_role_arn, rsa_key_pair")
137			return
138			}
139			return credential, nil
140			}
141
142			func checkRSAKeyPair(config *Configuration) (err error) {
143			if config.PrivateKeyFile == "" {
144			err = errors.New("PrivateKeyFile cannot be empty")
145			return
146			}
147			if config.PublicKeyID == "" {
148			err = errors.New("PublicKeyID cannot be empty")
149			return
150			}
151			return
152			}
153
154			func checkRAMRoleArn(config *Configuration) (err error) {
155			if config.AccessKeySecret == "" {
156			err = errors.New("AccessKeySecret cannot be empty")
157			return
158			}
159			if config.RoleArn == "" {
160			err = errors.New("RoleArn cannot be empty")
161			return
162			}
163			if config.RoleSessionName == "" {
164			err = errors.New("RoleSessionName cannot be empty")
165			return
166			}
167			if config.AccessKeyID == "" {
168			err = errors.New("AccessKeyID cannot be empty")
169			return
170			}
171			return
172			}
173
174			func checkEcsRAMRole(config *Configuration) (err error) {
175			if config.RoleName == "" {
176			err = errors.New("RoleName cannot be empty")
177			return
178			}
179			return
180			}
181
182			func checkSTS(config *Configuration) (err error) {
183			if config.AccessKeyID == "" {
184			err = errors.New("AccessKeyID cannot be empty")
185			return
186			}
187			if config.AccessKeySecret == "" {
188			err = errors.New("AccessKeySecret cannot be empty")
189			return
190			}
191			if config.SecurityToken == "" {
192			err = errors.New("SecurityToken cannot be empty")
193			return
194			}
195			return
196			}
197
198			func checkAccessKey(config *Configuration) (err error) {
199			if config.AccessKeyID == "" {
200			err = errors.New("AccessKeyID cannot be empty")
201			return
202			}
203			if config.AccessKeySecret == "" {
204			err = errors.New("AccessKeySecret cannot be empty")
205			return
206			}
207			return
208			}
209
210			func doAction(request request.CommonRequest, runtime utils.Runtime) (content []byte, err error) {
211			httpRequest, err := http.NewRequest(request.Method, request.URL, strings.NewReader(""))
212			if err != nil {
213			return
214			}
215			httpRequest.Proto = "HTTP/1.1"
216			httpRequest.Host = request.Domain
217			debuglog("> %s %s %s", httpRequest.Method, httpRequest.URL.RequestURI(), httpRequest.Proto)
218			debuglog("> Host: %s", httpRequest.Host)
219			for key, value := range request.Headers {
220			if value != "" {
221			debuglog("> %s: %s", key, value)
222			httpRequest.Header[key] = []string{value}
223			}
224			}
225			debuglog(">")
226			httpClient := &http.Client{}
227			httpClient.Timeout = time.Duration(runtime.ReadTimeout) * time.Second
228			proxy := &url.URL{}
229			if runtime.Proxy != "" {
230			proxy, err = url.Parse(runtime.Proxy)
231			if err != nil {
232			return
233			}
234			}
235			trans := &http.Transport{}
236			if proxy != nil && runtime.Proxy != "" {
237			trans.Proxy = http.ProxyURL(proxy)
238			}
239			trans.DialContext = utils.Timeout(time.Duration(runtime.ConnectTimeout) * time.Second)
240			httpClient.Transport = trans
241			httpResponse, err := hookDo(httpClient.Do)(httpRequest)
242			if err != nil {
243			return
244			}
245			debuglog("< %s %s", httpResponse.Proto, httpResponse.Status)
246			for key, value := range httpResponse.Header {
247			debuglog("< %s: %v", key, strings.Join(value, ""))
248			}
249			debuglog("<")
250
251			resp := &response.CommonResponse{}
252			err = hookParse(resp.ParseFromHTTPResponse(httpResponse))
253			if err != nil {
254			return
255			}
256			debuglog("%s", resp.GetHTTPContentString())
257			if resp.GetHTTPStatus() != http.StatusOK {
258			err = fmt.Errorf("httpStatus: %d, message = %s", resp.GetHTTPStatus(), resp.GetHTTPContentString())
259			return
260			}
261			return resp.GetHTTPContentBytes(), nil
262			}
263

aliyun / credentials-go

GitHub Access Token became invalid

Push — master ( b48a48...6b468f )

credentials.checkRAMRoleArn A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like