credentials.*RAMRoleArnCredential.GetSecurityToken - Code Metrics - Inspection of "Support sts for RAMRoleARNCredentialsProvider" - aliyun/credentials-go - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( aa5909...058f06 )

unknown

created 2024-07-26 08:22 UTC

credentials.*RAMRoleArnCredential.GetSecurityToken A

↳ Parent: credentials/sts_role_arn_credential.go

Complexity

Conditions

Size

Total Lines	8
Code Lines	6

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	4
eloc	6
dl	0
loc	8
rs	10
c	0
b	0
f	0
nop	0

package credentials

import (
	"encoding/json"
	"errors"
	"fmt"
	"strconv"
	"time"

	"github.com/alibabacloud-go/tea/tea"
	"github.com/aliyun/credentials-go/credentials/request"
	"github.com/aliyun/credentials-go/credentials/utils"
)

const defaultDurationSeconds = 3600

// RAMRoleArnCredential is a kind of credentials
type RAMRoleArnCredential struct {
	*credentialUpdater
	AccessKeyId           string
	AccessKeySecret       string
	SecurityToken         string
	RoleArn               string
	RoleSessionName       string
	RoleSessionExpiration int
	Policy                string
	ExternalId            string
	sessionCredential     *sessionCredential
	runtime               *utils.Runtime
}

type ramRoleArnResponse struct {
	Credentials *credentialsInResponse `json:"Credentials" xml:"Credentials"`
}

type credentialsInResponse struct {
	AccessKeyId     string `json:"AccessKeyId" xml:"AccessKeyId"`
	AccessKeySecret string `json:"AccessKeySecret" xml:"AccessKeySecret"`
	SecurityToken   string `json:"SecurityToken" xml:"SecurityToken"`
	Expiration      string `json:"Expiration" xml:"Expiration"`
}

func newRAMRoleArnl(accessKeyId, accessKeySecret, securityToken, roleArn, roleSessionName, policy string, roleSessionExpiration int, externalId string, runtime *utils.Runtime) *RAMRoleArnCredential {
	return &RAMRoleArnCredential{
		AccessKeyId:           accessKeyId,
		AccessKeySecret:       accessKeySecret,
		SecurityToken:         securityToken,
		RoleArn:               roleArn,
		RoleSessionName:       roleSessionName,
		RoleSessionExpiration: roleSessionExpiration,
		Policy:                policy,
		ExternalId:            externalId,
		credentialUpdater:     new(credentialUpdater),
		runtime:               runtime,
	}
}

func newRAMRoleArnCredential(accessKeyId, accessKeySecret, roleArn, roleSessionName, policy string, roleSessionExpiration int, runtime *utils.Runtime) *RAMRoleArnCredential {
	return &RAMRoleArnCredential{
		AccessKeyId:           accessKeyId,
		AccessKeySecret:       accessKeySecret,
		RoleArn:               roleArn,
		RoleSessionName:       roleSessionName,
		RoleSessionExpiration: roleSessionExpiration,
		Policy:                policy,
		credentialUpdater:     new(credentialUpdater),
		runtime:               runtime,
	}
}

func newRAMRoleArnWithExternalIdCredential(accessKeyId, accessKeySecret, roleArn, roleSessionName, policy string, roleSessionExpiration int, externalId string, runtime *utils.Runtime) *RAMRoleArnCredential {
	return &RAMRoleArnCredential{
		AccessKeyId:           accessKeyId,
		AccessKeySecret:       accessKeySecret,
		RoleArn:               roleArn,
		RoleSessionName:       roleSessionName,
		RoleSessionExpiration: roleSessionExpiration,
		Policy:                policy,
		ExternalId:            externalId,
		credentialUpdater:     new(credentialUpdater),
		runtime:               runtime,
	}
}

func (e *RAMRoleArnCredential) GetCredential() (*CredentialModel, error) {
	if e.sessionCredential == nil || e.needUpdateCredential() {
		err := e.updateCredential()
		if err != nil {
			return nil, err
		}
	}
	credential := &CredentialModel{
		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
		Type:            tea.String("ram_role_arn"),
	}
	return credential, nil
}

// GetAccessKeyId reutrns RamRoleArnCredential's AccessKeyId
// if AccessKeyId is not exist or out of date, the function will update it.
func (r *RAMRoleArnCredential) GetAccessKeyId() (*string, error) {
	if r.sessionCredential == nil || r.needUpdateCredential() {
		err := r.updateCredential()
		if err != nil {
			return tea.String(""), err
		}
	}
	return tea.String(r.sessionCredential.AccessKeyId), nil
}

// GetAccessSecret reutrns RamRoleArnCredential's AccessKeySecret
// if AccessKeySecret is not exist or out of date, the function will update it.
func (r *RAMRoleArnCredential) GetAccessKeySecret() (*string, error) {
	if r.sessionCredential == nil || r.needUpdateCredential() {
		err := r.updateCredential()
		if err != nil {
			return tea.String(""), err
		}
	}
	return tea.String(r.sessionCredential.AccessKeySecret), nil
}

// GetSecurityToken reutrns RamRoleArnCredential's SecurityToken
// if SecurityToken is not exist or out of date, the function will update it.
func (r *RAMRoleArnCredential) GetSecurityToken() (*string, error) {
	if r.sessionCredential == nil || r.needUpdateCredential() {
		err := r.updateCredential()
		if err != nil {
			return tea.String(""), err
		}
	}
	return tea.String(r.sessionCredential.SecurityToken), nil
}

// GetBearerToken is useless RamRoleArnCredential
func (r *RAMRoleArnCredential) GetBearerToken() *string {
	return tea.String("")
}

// GetType reutrns RamRoleArnCredential's type
func (r *RAMRoleArnCredential) GetType() *string {
	return tea.String("ram_role_arn")
}

func (r *RAMRoleArnCredential) updateCredential() (err error) {
	if r.runtime == nil {
		r.runtime = new(utils.Runtime)
	}
	request := request.NewCommonRequest()
	request.Domain = "sts.aliyuncs.com"
	if r.runtime.STSEndpoint != "" {
		request.Domain = r.runtime.STSEndpoint
	}
	request.Scheme = "HTTPS"
	request.Method = "GET"
	request.QueryParams["AccessKeyId"] = r.AccessKeyId
	if r.SecurityToken != "" {
		request.QueryParams["SecurityToken"] = r.SecurityToken
	}
	request.QueryParams["Action"] = "AssumeRole"
	request.QueryParams["Format"] = "JSON"
	if r.RoleSessionExpiration > 0 {
		if r.RoleSessionExpiration >= 900 && r.RoleSessionExpiration <= 3600 {
			request.QueryParams["DurationSeconds"] = strconv.Itoa(r.RoleSessionExpiration)
		} else {
			err = errors.New("[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr")
			return
		}
	} else {
		request.QueryParams["DurationSeconds"] = strconv.Itoa(defaultDurationSeconds)
	}
	request.QueryParams["RoleArn"] = r.RoleArn
	if r.Policy != "" {
		request.QueryParams["Policy"] = r.Policy
	}
	if r.ExternalId != "" {
		request.QueryParams["ExternalId"] = r.ExternalId
	}
	request.QueryParams["RoleSessionName"] = r.RoleSessionName
	request.QueryParams["SignatureMethod"] = "HMAC-SHA1"
	request.QueryParams["SignatureVersion"] = "1.0"
	request.QueryParams["Version"] = "2015-04-01"
	request.QueryParams["Timestamp"] = utils.GetTimeInFormatISO8601()
	request.QueryParams["SignatureNonce"] = utils.GetUUID()
	signature := utils.ShaHmac1(request.BuildStringToSign(), r.AccessKeySecret+"&")
	request.QueryParams["Signature"] = signature
	request.Headers["Host"] = request.Domain
	request.Headers["Accept-Encoding"] = "identity"
	request.URL = request.BuildURL()
	content, err := doAction(request, r.runtime)
	if err != nil {
		return fmt.Errorf("refresh RoleArn sts token err: %s", err.Error())
	}
	var resp *ramRoleArnResponse
	err = json.Unmarshal(content, &resp)
	if err != nil {
		return fmt.Errorf("refresh RoleArn sts token err: Json.Unmarshal fail: %s", err.Error())
	}
	if resp == nil || resp.Credentials == nil {
		return fmt.Errorf("refresh RoleArn sts token err: Credentials is empty")
	}
	respCredentials := resp.Credentials
	if respCredentials.AccessKeyId == "" || respCredentials.AccessKeySecret == "" || respCredentials.SecurityToken == "" || respCredentials.Expiration == "" {
		return fmt.Errorf("refresh RoleArn sts token err: AccessKeyId: %s, AccessKeySecret: %s, SecurityToken: %s, Expiration: %s", respCredentials.AccessKeyId, respCredentials.AccessKeySecret, respCredentials.SecurityToken, respCredentials.Expiration)
	}

	expirationTime, err := time.Parse("2006-01-02T15:04:05Z", respCredentials.Expiration)
	r.lastUpdateTimestamp = time.Now().Unix()
	r.credentialExpiration = int(expirationTime.Unix() - time.Now().Unix())
	r.sessionCredential = &sessionCredential{
		AccessKeyId:     respCredentials.AccessKeyId,
		AccessKeySecret: respCredentials.AccessKeySecret,
		SecurityToken:   respCredentials.SecurityToken,
	}

	return
}


1			package credentials
2
3			import (
4			"encoding/json"
5			"errors"
6			"fmt"
7			"strconv"
8			"time"
9
10			"github.com/alibabacloud-go/tea/tea"
11			"github.com/aliyun/credentials-go/credentials/request"
12			"github.com/aliyun/credentials-go/credentials/utils"
13			)
14
15			const defaultDurationSeconds = 3600
16
17			// RAMRoleArnCredential is a kind of credentials
18			type RAMRoleArnCredential struct {
19			*credentialUpdater
20			AccessKeyId string
21			AccessKeySecret string
22			SecurityToken string
23			RoleArn string
24			RoleSessionName string
25			RoleSessionExpiration int
26			Policy string
27			ExternalId string
28			sessionCredential *sessionCredential
29			runtime *utils.Runtime
30			}
31
32			type ramRoleArnResponse struct {
33			Credentials *credentialsInResponse `json:"Credentials" xml:"Credentials"`
34			}
35
36			type credentialsInResponse struct {
37			AccessKeyId string `json:"AccessKeyId" xml:"AccessKeyId"`
38			AccessKeySecret string `json:"AccessKeySecret" xml:"AccessKeySecret"`
39			SecurityToken string `json:"SecurityToken" xml:"SecurityToken"`
40			Expiration string `json:"Expiration" xml:"Expiration"`
41			}
42
43			func newRAMRoleArnl(accessKeyId, accessKeySecret, securityToken, roleArn, roleSessionName, policy string, roleSessionExpiration int, externalId string, runtime utils.Runtime) RAMRoleArnCredential {
44			return &RAMRoleArnCredential{
45			AccessKeyId: accessKeyId,
46			AccessKeySecret: accessKeySecret,
47			SecurityToken: securityToken,
48			RoleArn: roleArn,
49			RoleSessionName: roleSessionName,
50			RoleSessionExpiration: roleSessionExpiration,
51			Policy: policy,
52			ExternalId: externalId,
53			credentialUpdater: new(credentialUpdater),
54			runtime: runtime,
55			}
56			}
57
58			func newRAMRoleArnCredential(accessKeyId, accessKeySecret, roleArn, roleSessionName, policy string, roleSessionExpiration int, runtime utils.Runtime) RAMRoleArnCredential {
59			return &RAMRoleArnCredential{
60			AccessKeyId: accessKeyId,
61			AccessKeySecret: accessKeySecret,
62			RoleArn: roleArn,
63			RoleSessionName: roleSessionName,
64			RoleSessionExpiration: roleSessionExpiration,
65			Policy: policy,
66			credentialUpdater: new(credentialUpdater),
67			runtime: runtime,
68			}
69			}
70
71			func newRAMRoleArnWithExternalIdCredential(accessKeyId, accessKeySecret, roleArn, roleSessionName, policy string, roleSessionExpiration int, externalId string, runtime utils.Runtime) RAMRoleArnCredential {
72			return &RAMRoleArnCredential{
73			AccessKeyId: accessKeyId,
74			AccessKeySecret: accessKeySecret,
75			RoleArn: roleArn,
76			RoleSessionName: roleSessionName,
77			RoleSessionExpiration: roleSessionExpiration,
78			Policy: policy,
79			ExternalId: externalId,
80			credentialUpdater: new(credentialUpdater),
81			runtime: runtime,
82			}
83			}
84
85			func (e RAMRoleArnCredential) GetCredential() (CredentialModel, error) {
86			if e.sessionCredential == nil \|\| e.needUpdateCredential() {
87			err := e.updateCredential()
88			if err != nil {
89			return nil, err
90			}
91			}
92			credential := &CredentialModel{
93			AccessKeyId: tea.String(e.sessionCredential.AccessKeyId),
94			AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
95			SecurityToken: tea.String(e.sessionCredential.SecurityToken),
96			Type: tea.String("ram_role_arn"),
97			}
98			return credential, nil
99			}
100
101			// GetAccessKeyId reutrns RamRoleArnCredential's AccessKeyId
102			// if AccessKeyId is not exist or out of date, the function will update it.
103			func (r RAMRoleArnCredential) GetAccessKeyId() (string, error) {
104			if r.sessionCredential == nil \|\| r.needUpdateCredential() {
105			err := r.updateCredential()
106			if err != nil {
107			return tea.String(""), err
108			}
109			}
110			return tea.String(r.sessionCredential.AccessKeyId), nil
111			}
112
113			// GetAccessSecret reutrns RamRoleArnCredential's AccessKeySecret
114			// if AccessKeySecret is not exist or out of date, the function will update it.
115			func (r RAMRoleArnCredential) GetAccessKeySecret() (string, error) {
116			if r.sessionCredential == nil \|\| r.needUpdateCredential() {
117			err := r.updateCredential()
118			if err != nil {
119			return tea.String(""), err
120			}
121			}
122			return tea.String(r.sessionCredential.AccessKeySecret), nil
123			}
124
125			// GetSecurityToken reutrns RamRoleArnCredential's SecurityToken
126			// if SecurityToken is not exist or out of date, the function will update it.
127			func (r RAMRoleArnCredential) GetSecurityToken() (string, error) {
128			if r.sessionCredential == nil \|\| r.needUpdateCredential() {
129			err := r.updateCredential()
130			if err != nil {
131			return tea.String(""), err
132			}
133			}
134			return tea.String(r.sessionCredential.SecurityToken), nil
135			}
136
137			// GetBearerToken is useless RamRoleArnCredential
138			func (r RAMRoleArnCredential) GetBearerToken() string {
139			return tea.String("")
140			}
141
142			// GetType reutrns RamRoleArnCredential's type
143			func (r RAMRoleArnCredential) GetType() string {
144			return tea.String("ram_role_arn")
145			}
146
147			func (r *RAMRoleArnCredential) updateCredential() (err error) {
148			if r.runtime == nil {
149			r.runtime = new(utils.Runtime)
150			}
151			request := request.NewCommonRequest()
152			request.Domain = "sts.aliyuncs.com"
153			if r.runtime.STSEndpoint != "" {
154			request.Domain = r.runtime.STSEndpoint
155			}
156			request.Scheme = "HTTPS"
157			request.Method = "GET"
158			request.QueryParams["AccessKeyId"] = r.AccessKeyId
159			if r.SecurityToken != "" {
160			request.QueryParams["SecurityToken"] = r.SecurityToken
161			}
162			request.QueryParams["Action"] = "AssumeRole"
163			request.QueryParams["Format"] = "JSON"
164			if r.RoleSessionExpiration > 0 {
165			if r.RoleSessionExpiration >= 900 && r.RoleSessionExpiration <= 3600 {
166			request.QueryParams["DurationSeconds"] = strconv.Itoa(r.RoleSessionExpiration)
167			} else {
168			err = errors.New("[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr")
169			return
170			}
171			} else {
172			request.QueryParams["DurationSeconds"] = strconv.Itoa(defaultDurationSeconds)
173			}
174			request.QueryParams["RoleArn"] = r.RoleArn
175			if r.Policy != "" {
176			request.QueryParams["Policy"] = r.Policy
177			}
178			if r.ExternalId != "" {
179			request.QueryParams["ExternalId"] = r.ExternalId
180			}
181			request.QueryParams["RoleSessionName"] = r.RoleSessionName
182			request.QueryParams["SignatureMethod"] = "HMAC-SHA1"
183			request.QueryParams["SignatureVersion"] = "1.0"
184			request.QueryParams["Version"] = "2015-04-01"
185			request.QueryParams["Timestamp"] = utils.GetTimeInFormatISO8601()
186			request.QueryParams["SignatureNonce"] = utils.GetUUID()
187			signature := utils.ShaHmac1(request.BuildStringToSign(), r.AccessKeySecret+"&")
188			request.QueryParams["Signature"] = signature
189			request.Headers["Host"] = request.Domain
190			request.Headers["Accept-Encoding"] = "identity"
191			request.URL = request.BuildURL()
192			content, err := doAction(request, r.runtime)
193			if err != nil {
194			return fmt.Errorf("refresh RoleArn sts token err: %s", err.Error())
195			}
196			var resp *ramRoleArnResponse
197			err = json.Unmarshal(content, &resp)
198			if err != nil {
199			return fmt.Errorf("refresh RoleArn sts token err: Json.Unmarshal fail: %s", err.Error())
200			}
201			if resp == nil \|\| resp.Credentials == nil {
202			return fmt.Errorf("refresh RoleArn sts token err: Credentials is empty")
203			}
204			respCredentials := resp.Credentials
205			if respCredentials.AccessKeyId == "" \|\| respCredentials.AccessKeySecret == "" \|\| respCredentials.SecurityToken == "" \|\| respCredentials.Expiration == "" {
206			return fmt.Errorf("refresh RoleArn sts token err: AccessKeyId: %s, AccessKeySecret: %s, SecurityToken: %s, Expiration: %s", respCredentials.AccessKeyId, respCredentials.AccessKeySecret, respCredentials.SecurityToken, respCredentials.Expiration)
207			}
208
209			expirationTime, err := time.Parse("2006-01-02T15:04:05Z", respCredentials.Expiration)
210			r.lastUpdateTimestamp = time.Now().Unix()
211			r.credentialExpiration = int(expirationTime.Unix() - time.Now().Unix())
212			r.sessionCredential = &sessionCredential{
213			AccessKeyId: respCredentials.AccessKeyId,
214			AccessKeySecret: respCredentials.AccessKeySecret,
215			SecurityToken: respCredentials.SecurityToken,
216			}
217
218			return
219			}
220

aliyun / credentials-go

GitHub Access Token became invalid

Push — master ( aa5909...058f06 )

credentials.*RAMRoleArnCredential.GetSecurityToken A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like