credentials.*credentialsProviderWrap.GetSecurityToken - Code Metrics - Inspection of "use internal static_ak/static_sts credentials prov..." - aliyun/credentials-go - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 3589f7...cd6b32 )

by Jackson

created 2024-08-19 06:59 UTC

roviderWrap.GetSecurityToken A

↳ Parent: credentials/credential.go

Complexity

Conditions

Size

Total Lines	7
Code Lines	6

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	2
eloc	6
nop	0
dl	0
loc	7
rs	10
c	0
b	0
f	0

package credentials

import (
	"bufio"
	"errors"
	"fmt"
	"net/http"
	"net/url"
	"os"
	"strings"
	"time"

	"github.com/alibabacloud-go/debug/debug"
	"github.com/alibabacloud-go/tea/tea"
	"github.com/aliyun/credentials-go/credentials/internal/providers"
	"github.com/aliyun/credentials-go/credentials/internal/utils"
	"github.com/aliyun/credentials-go/credentials/request"
	"github.com/aliyun/credentials-go/credentials/response"
)

var debuglog = debug.Init("credential")

var hookParse = func(err error) error {
	return err
}

// Credential is an interface for getting actual credential
type Credential interface {
	// Deprecated: GetAccessKeyId is deprecated, use GetCredential instead of.
	GetAccessKeyId() (*string, error)
	// Deprecated: GetAccessKeySecret is deprecated, use GetCredential instead of.
	GetAccessKeySecret() (*string, error)
	// Deprecated: GetSecurityToken is deprecated, use GetCredential instead of.
	GetSecurityToken() (*string, error)
	GetBearerToken() *string
	GetType() *string
	GetCredential() (*CredentialModel, error)
}

// Config is important when call NewCredential
type Config struct {
	Type                  *string  `json:"type"`
	AccessKeyId           *string  `json:"access_key_id"`
	AccessKeySecret       *string  `json:"access_key_secret"`
	OIDCProviderArn       *string  `json:"oidc_provider_arn"`
	OIDCTokenFilePath     *string  `json:"oidc_token"`
	RoleArn               *string  `json:"role_arn"`
	RoleSessionName       *string  `json:"role_session_name"`
	PublicKeyId           *string  `json:"public_key_id"`
	RoleName              *string  `json:"role_name"`
	EnableIMDSv2          *bool    `json:"enable_imds_v2"`
	MetadataTokenDuration *int     `json:"metadata_token_duration"`
	SessionExpiration     *int     `json:"session_expiration"`
	PrivateKeyFile        *string  `json:"private_key_file"`
	BearerToken           *string  `json:"bearer_token"`
	SecurityToken         *string  `json:"security_token"`
	RoleSessionExpiration *int     `json:"role_session_expiratioon"`
	Policy                *string  `json:"policy"`
	Host                  *string  `json:"host"`
	Timeout               *int     `json:"timeout"`
	ConnectTimeout        *int     `json:"connect_timeout"`
	Proxy                 *string  `json:"proxy"`
	InAdvanceScale        *float64 `json:"inAdvanceScale"`
	Url                   *string  `json:"url"`
	STSEndpoint           *string  `json:"sts_endpoint"`
	ExternalId            *string  `json:"external_id"`
}

func (s Config) String() string {
	return tea.Prettify(s)
}

func (s Config) GoString() string {
	return s.String()
}

func (s *Config) SetAccessKeyId(v string) *Config {
	s.AccessKeyId = &v
	return s
}

func (s *Config) SetAccessKeySecret(v string) *Config {
	s.AccessKeySecret = &v
	return s
}

func (s *Config) SetSecurityToken(v string) *Config {
	s.SecurityToken = &v
	return s
}

func (s *Config) SetRoleArn(v string) *Config {
	s.RoleArn = &v
	return s
}

func (s *Config) SetRoleSessionName(v string) *Config {
	s.RoleSessionName = &v
	return s
}

func (s *Config) SetPublicKeyId(v string) *Config {
	s.PublicKeyId = &v
	return s
}

func (s *Config) SetRoleName(v string) *Config {
	s.RoleName = &v
	return s
}

func (s *Config) SetEnableIMDSv2(v bool) *Config {
	s.EnableIMDSv2 = &v
	return s
}

func (s *Config) SetMetadataTokenDuration(v int) *Config {
	s.MetadataTokenDuration = &v
	return s
}

func (s *Config) SetSessionExpiration(v int) *Config {
	s.SessionExpiration = &v
	return s
}

func (s *Config) SetPrivateKeyFile(v string) *Config {
	s.PrivateKeyFile = &v
	return s
}

func (s *Config) SetBearerToken(v string) *Config {
	s.BearerToken = &v
	return s
}

func (s *Config) SetRoleSessionExpiration(v int) *Config {
	s.RoleSessionExpiration = &v
	return s
}

func (s *Config) SetPolicy(v string) *Config {
	s.Policy = &v
	return s
}

func (s *Config) SetHost(v string) *Config {
	s.Host = &v
	return s
}

func (s *Config) SetTimeout(v int) *Config {
	s.Timeout = &v
	return s
}

func (s *Config) SetConnectTimeout(v int) *Config {
	s.ConnectTimeout = &v
	return s
}

func (s *Config) SetProxy(v string) *Config {
	s.Proxy = &v
	return s
}

func (s *Config) SetType(v string) *Config {
	s.Type = &v
	return s
}

func (s *Config) SetOIDCTokenFilePath(v string) *Config {
	s.OIDCTokenFilePath = &v
	return s
}

func (s *Config) SetOIDCProviderArn(v string) *Config {
	s.OIDCProviderArn = &v
	return s
}

func (s *Config) SetURLCredential(v string) *Config {
	if v == "" {
		v = os.Getenv("ALIBABA_CLOUD_CREDENTIALS_URI")
	}
	s.Url = &v
	return s
}

func (s *Config) SetSTSEndpoint(v string) *Config {
	s.STSEndpoint = &v
	return s
}

// NewCredential return a credential according to the type in config.
// if config is nil, the function will use default provider chain to get credential.
// please see README.md for detail.
func NewCredential(config *Config) (credential Credential, err error) {
	if config == nil {
		config, err = defaultChain.resolve()
		if err != nil {
			return
		}
		return NewCredential(config)
	}
	switch tea.StringValue(config.Type) {
	case "credentials_uri":
		credential = newURLCredential(tea.StringValue(config.Url))
	case "oidc_role_arn":
		err = checkoutAssumeRamoidc(config)
		if err != nil {
			return
		}
		runtime := &utils.Runtime{
			Host:           tea.StringValue(config.Host),
			Proxy:          tea.StringValue(config.Proxy),
			ReadTimeout:    tea.IntValue(config.Timeout),
			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
			STSEndpoint:    tea.StringValue(config.STSEndpoint),
		}
		credential, err = newOIDCRoleArnCredential(
			tea.StringValue(config.AccessKeyId),
			tea.StringValue(config.AccessKeySecret),
			tea.StringValue(config.RoleArn),
			tea.StringValue(config.OIDCProviderArn),
			tea.StringValue(config.OIDCTokenFilePath),
			tea.StringValue(config.RoleSessionName),
			tea.StringValue(config.Policy),
			tea.IntValue(config.RoleSessionExpiration),
			runtime)
		if err != nil {
			return
		}
	case "access_key":
		provider, err := providers.NewStaticAKCredentialsProviderBuilder().
			WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
			WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
			Build()
		if err != nil {
			return nil, err
		}

		credential = fromCredentialsProvider("access_key", provider)
	case "sts":
		provider, err := providers.NewStaticSTSCredentialsProviderBuilder().
			WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
			WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
			WithSecurityToken(tea.StringValue(config.SecurityToken)).
			Build()
		if err != nil {
			return nil, err
		}

		credential = fromCredentialsProvider("sts", provider)
	case "ecs_ram_role":
		runtime := &utils.Runtime{
			Host:           tea.StringValue(config.Host),
			ReadTimeout:    tea.IntValue(config.Timeout),
			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
		}
		credential = newEcsRAMRoleCredentialWithEnableIMDSv2(
			tea.StringValue(config.RoleName),
			tea.BoolValue(config.EnableIMDSv2),
			tea.IntValue(config.MetadataTokenDuration),
			tea.Float64Value(config.InAdvanceScale),
			runtime)
	case "ram_role_arn":
		err = checkRAMRoleArn(config)
		if err != nil {
			return
		}
		runtime := &utils.Runtime{
			Host:           tea.StringValue(config.Host),
			Proxy:          tea.StringValue(config.Proxy),
			ReadTimeout:    tea.IntValue(config.Timeout),
			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
			STSEndpoint:    tea.StringValue(config.STSEndpoint),
		}
		credential = newRAMRoleArnl(
			tea.StringValue(config.AccessKeyId),
			tea.StringValue(config.AccessKeySecret),
			tea.StringValue(config.SecurityToken),
			tea.StringValue(config.RoleArn),
			tea.StringValue(config.RoleSessionName),
			tea.StringValue(config.Policy),
			tea.IntValue(config.RoleSessionExpiration),
			tea.StringValue(config.ExternalId),
			runtime)
	case "rsa_key_pair":
		err = checkRSAKeyPair(config)
		if err != nil {
			return
		}
		file, err1 := os.Open(tea.StringValue(config.PrivateKeyFile))
		if err1 != nil {
			err = fmt.Errorf("InvalidPath: Can not open PrivateKeyFile, err is %s", err1.Error())
			return
		}
		defer file.Close()
		var privateKey string
		scan := bufio.NewScanner(file)
		for scan.Scan() {
			if strings.HasPrefix(scan.Text(), "----") {
				continue
			}
			privateKey += scan.Text() + "\n"
		}
		runtime := &utils.Runtime{
			Host:           tea.StringValue(config.Host),
			Proxy:          tea.StringValue(config.Proxy),
			ReadTimeout:    tea.IntValue(config.Timeout),
			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
			STSEndpoint:    tea.StringValue(config.STSEndpoint),
		}
		credential = newRsaKeyPairCredential(
			privateKey,
			tea.StringValue(config.PublicKeyId),
			tea.IntValue(config.SessionExpiration),
			runtime)
	case "bearer":
		if tea.StringValue(config.BearerToken) == "" {
			err = errors.New("BearerToken cannot be empty")
			return
		}
		credential = newBearerTokenCredential(tea.StringValue(config.BearerToken))
	default:
		err = errors.New("invalid type option, support: access_key, sts, ecs_ram_role, ram_role_arn, rsa_key_pair")
		return
	}
	return credential, nil
}

func checkRSAKeyPair(config *Config) (err error) {
	if tea.StringValue(config.PrivateKeyFile) == "" {
		err = errors.New("PrivateKeyFile cannot be empty")
		return
	}
	if tea.StringValue(config.PublicKeyId) == "" {
		err = errors.New("PublicKeyId cannot be empty")
		return
	}
	return
}

func checkoutAssumeRamoidc(config *Config) (err error) {
	if tea.StringValue(config.RoleArn) == "" {
		err = errors.New("RoleArn cannot be empty")
		return
	}
	if tea.StringValue(config.OIDCProviderArn) == "" {
		err = errors.New("OIDCProviderArn cannot be empty")
		return
	}
	return
}

func checkRAMRoleArn(config *Config) (err error) {
	if tea.StringValue(config.AccessKeyId) == "" {
		err = errors.New("AccessKeyId cannot be empty")
		return
	}

	if tea.StringValue(config.AccessKeySecret) == "" {
		err = errors.New("AccessKeySecret cannot be empty")
		return
	}

	if tea.StringValue(config.RoleArn) == "" {
		err = errors.New("RoleArn cannot be empty")
		return
	}

	if tea.StringValue(config.RoleSessionName) == "" {
		err = errors.New("RoleSessionName cannot be empty")
		return
	}

	return
}

func doAction(request *request.CommonRequest, runtime *utils.Runtime) (content []byte, err error) {
	var urlEncoded string
	if request.BodyParams != nil {
		urlEncoded = utils.GetURLFormedMap(request.BodyParams)
	}
	httpRequest, err := http.NewRequest(request.Method, request.URL, strings.NewReader(urlEncoded))
	if err != nil {
		return
	}
	httpRequest.Proto = "HTTP/1.1"
	httpRequest.Host = request.Domain
	debuglog("> %s %s %s", httpRequest.Method, httpRequest.URL.RequestURI(), httpRequest.Proto)
	debuglog("> Host: %s", httpRequest.Host)
	for key, value := range request.Headers {
		if value != "" {
			debuglog("> %s: %s", key, value)
			httpRequest.Header[key] = []string{value}
		}
	}
	debuglog(">")
	httpClient := &http.Client{}
	httpClient.Timeout = time.Duration(runtime.ReadTimeout) * time.Second
	proxy := &url.URL{}
	if runtime.Proxy != "" {
		proxy, err = url.Parse(runtime.Proxy)
		if err != nil {
			return
		}
	}
	trans := &http.Transport{}
	if proxy != nil && runtime.Proxy != "" {
		trans.Proxy = http.ProxyURL(proxy)
	}
	trans.DialContext = utils.Timeout(time.Duration(runtime.ConnectTimeout) * time.Second)
	httpClient.Transport = trans
	httpResponse, err := hookDo(httpClient.Do)(httpRequest)
	if err != nil {
		return
	}
	debuglog("< %s %s", httpResponse.Proto, httpResponse.Status)
	for key, value := range httpResponse.Header {
		debuglog("< %s: %v", key, strings.Join(value, ""))
	}
	debuglog("<")

	resp := &response.CommonResponse{}
	err = hookParse(resp.ParseFromHTTPResponse(httpResponse))
	if err != nil {
		return
	}
	debuglog("%s", resp.GetHTTPContentString())
	if resp.GetHTTPStatus() != http.StatusOK {
		err = fmt.Errorf("httpStatus: %d, message = %s", resp.GetHTTPStatus(), resp.GetHTTPContentString())
		return
	}
	return resp.GetHTTPContentBytes(), nil
}

type credentialsProviderWrap struct {
	typeName string
	provider providers.CredentialsProvider
}

func (cp *credentialsProviderWrap) GetAccessKeyId() (accessKeyId *string, err error) {
	cc, err := cp.provider.GetCredentials()
	if err != nil {
		return
	}
	accessKeyId = &cc.AccessKeyId
	return
}

func (cp *credentialsProviderWrap) GetAccessKeySecret() (accessKeySecret *string, err error) {
	cc, err := cp.provider.GetCredentials()
	if err != nil {
		return
	}
	accessKeySecret = &cc.AccessKeySecret
	return
}

func (cp *credentialsProviderWrap) GetSecurityToken() (securityToken *string, err error) {
	cc, err := cp.provider.GetCredentials()
	if err != nil {
		return
	}
	securityToken = &cc.SecurityToken
	return
}

func (cp *credentialsProviderWrap) GetBearerToken() (bearerToken *string) {
	return tea.String("")
}

func (cp *credentialsProviderWrap) GetCredential() (cm *CredentialModel, err error) {
	c, err := cp.provider.GetCredentials()
	if err != nil {
		return
	}

	cm = &CredentialModel{
		AccessKeyId:     &c.AccessKeyId,
		AccessKeySecret: &c.AccessKeySecret,
		SecurityToken:   &c.SecurityToken,
		Type:            &c.ProviderName,
	}
	return
}

func (cp *credentialsProviderWrap) GetType() *string {
	return &cp.typeName
}

func fromCredentialsProvider(typeName string, cp providers.CredentialsProvider) Credential {
	return &credentialsProviderWrap{
		typeName: typeName,
		provider: cp,
	}
}


1			package credentials
2
3			import (
4			"bufio"
5			"errors"
6			"fmt"
7			"net/http"
8			"net/url"
9			"os"
10			"strings"
11			"time"
12
13			"github.com/alibabacloud-go/debug/debug"
14			"github.com/alibabacloud-go/tea/tea"
15			"github.com/aliyun/credentials-go/credentials/internal/providers"
16			"github.com/aliyun/credentials-go/credentials/internal/utils"
17			"github.com/aliyun/credentials-go/credentials/request"
18			"github.com/aliyun/credentials-go/credentials/response"
19			)
20
21			var debuglog = debug.Init("credential")
22
23			var hookParse = func(err error) error {
24			return err
25			}
26
27			// Credential is an interface for getting actual credential
28			type Credential interface {
29			// Deprecated: GetAccessKeyId is deprecated, use GetCredential instead of.
30			GetAccessKeyId() (*string, error)
31			// Deprecated: GetAccessKeySecret is deprecated, use GetCredential instead of.
32			GetAccessKeySecret() (*string, error)
33			// Deprecated: GetSecurityToken is deprecated, use GetCredential instead of.
34			GetSecurityToken() (*string, error)
35			GetBearerToken() *string
36			GetType() *string
37			GetCredential() (*CredentialModel, error)
38			}
39
40			// Config is important when call NewCredential
41			type Config struct {
42			Type *string `json:"type"`
43			AccessKeyId *string `json:"access_key_id"`
44			AccessKeySecret *string `json:"access_key_secret"`
45			OIDCProviderArn *string `json:"oidc_provider_arn"`
46			OIDCTokenFilePath *string `json:"oidc_token"`
47			RoleArn *string `json:"role_arn"`
48			RoleSessionName *string `json:"role_session_name"`
49			PublicKeyId *string `json:"public_key_id"`
50			RoleName *string `json:"role_name"`
51			EnableIMDSv2 *bool `json:"enable_imds_v2"`
52			MetadataTokenDuration *int `json:"metadata_token_duration"`
53			SessionExpiration *int `json:"session_expiration"`
54			PrivateKeyFile *string `json:"private_key_file"`
55			BearerToken *string `json:"bearer_token"`
56			SecurityToken *string `json:"security_token"`
57			RoleSessionExpiration *int `json:"role_session_expiratioon"`
58			Policy *string `json:"policy"`
59			Host *string `json:"host"`
60			Timeout *int `json:"timeout"`
61			ConnectTimeout *int `json:"connect_timeout"`
62			Proxy *string `json:"proxy"`
63			InAdvanceScale *float64 `json:"inAdvanceScale"`
64			Url *string `json:"url"`
65			STSEndpoint *string `json:"sts_endpoint"`
66			ExternalId *string `json:"external_id"`
67			}
68
69			func (s Config) String() string {
70			return tea.Prettify(s)
71			}
72
73			func (s Config) GoString() string {
74			return s.String()
75			}
76
77			func (s Config) SetAccessKeyId(v string) Config {
78			s.AccessKeyId = &v
79			return s
80			}
81
82			func (s Config) SetAccessKeySecret(v string) Config {
83			s.AccessKeySecret = &v
84			return s
85			}
86
87			func (s Config) SetSecurityToken(v string) Config {
88			s.SecurityToken = &v
89			return s
90			}
91
92			func (s Config) SetRoleArn(v string) Config {
93			s.RoleArn = &v
94			return s
95			}
96
97			func (s Config) SetRoleSessionName(v string) Config {
98			s.RoleSessionName = &v
99			return s
100			}
101
102			func (s Config) SetPublicKeyId(v string) Config {
103			s.PublicKeyId = &v
104			return s
105			}
106
107			func (s Config) SetRoleName(v string) Config {
108			s.RoleName = &v
109			return s
110			}
111
112			func (s Config) SetEnableIMDSv2(v bool) Config {
113			s.EnableIMDSv2 = &v
114			return s
115			}
116
117			func (s Config) SetMetadataTokenDuration(v int) Config {
118			s.MetadataTokenDuration = &v
119			return s
120			}
121
122			func (s Config) SetSessionExpiration(v int) Config {
123			s.SessionExpiration = &v
124			return s
125			}
126
127			func (s Config) SetPrivateKeyFile(v string) Config {
128			s.PrivateKeyFile = &v
129			return s
130			}
131
132			func (s Config) SetBearerToken(v string) Config {
133			s.BearerToken = &v
134			return s
135			}
136
137			func (s Config) SetRoleSessionExpiration(v int) Config {
138			s.RoleSessionExpiration = &v
139			return s
140			}
141
142			func (s Config) SetPolicy(v string) Config {
143			s.Policy = &v
144			return s
145			}
146
147			func (s Config) SetHost(v string) Config {
148			s.Host = &v
149			return s
150			}
151
152			func (s Config) SetTimeout(v int) Config {
153			s.Timeout = &v
154			return s
155			}
156
157			func (s Config) SetConnectTimeout(v int) Config {
158			s.ConnectTimeout = &v
159			return s
160			}
161
162			func (s Config) SetProxy(v string) Config {
163			s.Proxy = &v
164			return s
165			}
166
167			func (s Config) SetType(v string) Config {
168			s.Type = &v
169			return s
170			}
171
172			func (s Config) SetOIDCTokenFilePath(v string) Config {
173			s.OIDCTokenFilePath = &v
174			return s
175			}
176
177			func (s Config) SetOIDCProviderArn(v string) Config {
178			s.OIDCProviderArn = &v
179			return s
180			}
181
182			func (s Config) SetURLCredential(v string) Config {
183			if v == "" {
184			v = os.Getenv("ALIBABA_CLOUD_CREDENTIALS_URI")
185			}
186			s.Url = &v
187			return s
188			}
189
190			func (s Config) SetSTSEndpoint(v string) Config {
191			s.STSEndpoint = &v
192			return s
193			}
194
195			// NewCredential return a credential according to the type in config.
196			// if config is nil, the function will use default provider chain to get credential.
197			// please see README.md for detail.
198			func NewCredential(config *Config) (credential Credential, err error) {
199			if config == nil {
200			config, err = defaultChain.resolve()
201			if err != nil {
202			return
203			}
204			return NewCredential(config)
205			}
206			switch tea.StringValue(config.Type) {
207			case "credentials_uri":
208			credential = newURLCredential(tea.StringValue(config.Url))
209			case "oidc_role_arn":
210			err = checkoutAssumeRamoidc(config)
211			if err != nil {
212			return
213			}
214			runtime := &utils.Runtime{
215			Host: tea.StringValue(config.Host),
216			Proxy: tea.StringValue(config.Proxy),
217			ReadTimeout: tea.IntValue(config.Timeout),
218			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
219			STSEndpoint: tea.StringValue(config.STSEndpoint),
220			}
221			credential, err = newOIDCRoleArnCredential(
222			tea.StringValue(config.AccessKeyId),
223			tea.StringValue(config.AccessKeySecret),
224			tea.StringValue(config.RoleArn),
225			tea.StringValue(config.OIDCProviderArn),
226			tea.StringValue(config.OIDCTokenFilePath),
227			tea.StringValue(config.RoleSessionName),
228			tea.StringValue(config.Policy),
229			tea.IntValue(config.RoleSessionExpiration),
230			runtime)
231			if err != nil {
232			return
233			}
234			case "access_key":
235			provider, err := providers.NewStaticAKCredentialsProviderBuilder().
236			WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
237			WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
238			Build()
239			if err != nil {
240			return nil, err
241			}
242
243			credential = fromCredentialsProvider("access_key", provider)
244			case "sts":
245			provider, err := providers.NewStaticSTSCredentialsProviderBuilder().
246			WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
247			WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
248			WithSecurityToken(tea.StringValue(config.SecurityToken)).
249			Build()
250			if err != nil {
251			return nil, err
252			}
253
254			credential = fromCredentialsProvider("sts", provider)
255			case "ecs_ram_role":
256			runtime := &utils.Runtime{
257			Host: tea.StringValue(config.Host),
258			ReadTimeout: tea.IntValue(config.Timeout),
259			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
260			}
261			credential = newEcsRAMRoleCredentialWithEnableIMDSv2(
262			tea.StringValue(config.RoleName),
263			tea.BoolValue(config.EnableIMDSv2),
264			tea.IntValue(config.MetadataTokenDuration),
265			tea.Float64Value(config.InAdvanceScale),
266			runtime)
267			case "ram_role_arn":
268			err = checkRAMRoleArn(config)
269			if err != nil {
270			return
271			}
272			runtime := &utils.Runtime{
273			Host: tea.StringValue(config.Host),
274			Proxy: tea.StringValue(config.Proxy),
275			ReadTimeout: tea.IntValue(config.Timeout),
276			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
277			STSEndpoint: tea.StringValue(config.STSEndpoint),
278			}
279			credential = newRAMRoleArnl(
280			tea.StringValue(config.AccessKeyId),
281			tea.StringValue(config.AccessKeySecret),
282			tea.StringValue(config.SecurityToken),
283			tea.StringValue(config.RoleArn),
284			tea.StringValue(config.RoleSessionName),
285			tea.StringValue(config.Policy),
286			tea.IntValue(config.RoleSessionExpiration),
287			tea.StringValue(config.ExternalId),
288			runtime)
289			case "rsa_key_pair":
290			err = checkRSAKeyPair(config)
291			if err != nil {
292			return
293			}
294			file, err1 := os.Open(tea.StringValue(config.PrivateKeyFile))
295			if err1 != nil {
296			err = fmt.Errorf("InvalidPath: Can not open PrivateKeyFile, err is %s", err1.Error())
297			return
298			}
299			defer file.Close()
300			var privateKey string
301			scan := bufio.NewScanner(file)
302			for scan.Scan() {
303			if strings.HasPrefix(scan.Text(), "----") {
304			continue
305			}
306			privateKey += scan.Text() + "\n"
307			}
308			runtime := &utils.Runtime{
309			Host: tea.StringValue(config.Host),
310			Proxy: tea.StringValue(config.Proxy),
311			ReadTimeout: tea.IntValue(config.Timeout),
312			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
313			STSEndpoint: tea.StringValue(config.STSEndpoint),
314			}
315			credential = newRsaKeyPairCredential(
316			privateKey,
317			tea.StringValue(config.PublicKeyId),
318			tea.IntValue(config.SessionExpiration),
319			runtime)
320			case "bearer":
321			if tea.StringValue(config.BearerToken) == "" {
322			err = errors.New("BearerToken cannot be empty")
323			return
324			}
325			credential = newBearerTokenCredential(tea.StringValue(config.BearerToken))
326			default:
327			err = errors.New("invalid type option, support: access_key, sts, ecs_ram_role, ram_role_arn, rsa_key_pair")
328			return
329			}
330			return credential, nil
331			}
332
333			func checkRSAKeyPair(config *Config) (err error) {
334			if tea.StringValue(config.PrivateKeyFile) == "" {
335			err = errors.New("PrivateKeyFile cannot be empty")
336			return
337			}
338			if tea.StringValue(config.PublicKeyId) == "" {
339			err = errors.New("PublicKeyId cannot be empty")
340			return
341			}
342			return
343			}
344
345			func checkoutAssumeRamoidc(config *Config) (err error) {
346			if tea.StringValue(config.RoleArn) == "" {
347			err = errors.New("RoleArn cannot be empty")
348			return
349			}
350			if tea.StringValue(config.OIDCProviderArn) == "" {
351			err = errors.New("OIDCProviderArn cannot be empty")
352			return
353			}
354			return
355			}
356
357			func checkRAMRoleArn(config *Config) (err error) {
358			if tea.StringValue(config.AccessKeyId) == "" {
359			err = errors.New("AccessKeyId cannot be empty")
360			return
361			}
362
363			if tea.StringValue(config.AccessKeySecret) == "" {
364			err = errors.New("AccessKeySecret cannot be empty")
365			return
366			}
367
368			if tea.StringValue(config.RoleArn) == "" {
369			err = errors.New("RoleArn cannot be empty")
370			return
371			}
372
373			if tea.StringValue(config.RoleSessionName) == "" {
374			err = errors.New("RoleSessionName cannot be empty")
375			return
376			}
377
378			return
379			}
380
381			func doAction(request request.CommonRequest, runtime utils.Runtime) (content []byte, err error) {
382			var urlEncoded string
383			if request.BodyParams != nil {
384			urlEncoded = utils.GetURLFormedMap(request.BodyParams)
385			}
386			httpRequest, err := http.NewRequest(request.Method, request.URL, strings.NewReader(urlEncoded))
387			if err != nil {
388			return
389			}
390			httpRequest.Proto = "HTTP/1.1"
391			httpRequest.Host = request.Domain
392			debuglog("> %s %s %s", httpRequest.Method, httpRequest.URL.RequestURI(), httpRequest.Proto)
393			debuglog("> Host: %s", httpRequest.Host)
394			for key, value := range request.Headers {
395			if value != "" {
396			debuglog("> %s: %s", key, value)
397			httpRequest.Header[key] = []string{value}
398			}
399			}
400			debuglog(">")
401			httpClient := &http.Client{}
402			httpClient.Timeout = time.Duration(runtime.ReadTimeout) * time.Second
403			proxy := &url.URL{}
404			if runtime.Proxy != "" {
405			proxy, err = url.Parse(runtime.Proxy)
406			if err != nil {
407			return
408			}
409			}
410			trans := &http.Transport{}
411			if proxy != nil && runtime.Proxy != "" {
412			trans.Proxy = http.ProxyURL(proxy)
413			}
414			trans.DialContext = utils.Timeout(time.Duration(runtime.ConnectTimeout) * time.Second)
415			httpClient.Transport = trans
416			httpResponse, err := hookDo(httpClient.Do)(httpRequest)
417			if err != nil {
418			return
419			}
420			debuglog("< %s %s", httpResponse.Proto, httpResponse.Status)
421			for key, value := range httpResponse.Header {
422			debuglog("< %s: %v", key, strings.Join(value, ""))
423			}
424			debuglog("<")
425
426			resp := &response.CommonResponse{}
427			err = hookParse(resp.ParseFromHTTPResponse(httpResponse))
428			if err != nil {
429			return
430			}
431			debuglog("%s", resp.GetHTTPContentString())
432			if resp.GetHTTPStatus() != http.StatusOK {
433			err = fmt.Errorf("httpStatus: %d, message = %s", resp.GetHTTPStatus(), resp.GetHTTPContentString())
434			return
435			}
436			return resp.GetHTTPContentBytes(), nil
437			}
438
439			type credentialsProviderWrap struct {
440			typeName string
441			provider providers.CredentialsProvider
442			}
443
444			func (cp credentialsProviderWrap) GetAccessKeyId() (accessKeyId string, err error) {
445			cc, err := cp.provider.GetCredentials()
446			if err != nil {
447			return
448			}
449			accessKeyId = &cc.AccessKeyId
450			return
451			}
452
453			func (cp credentialsProviderWrap) GetAccessKeySecret() (accessKeySecret string, err error) {
454			cc, err := cp.provider.GetCredentials()
455			if err != nil {
456			return
457			}
458			accessKeySecret = &cc.AccessKeySecret
459			return
460			}
461
462			func (cp credentialsProviderWrap) GetSecurityToken() (securityToken string, err error) {
463			cc, err := cp.provider.GetCredentials()
464			if err != nil {
465			return
466			}
467			securityToken = &cc.SecurityToken
468			return
469			}
470
471			func (cp credentialsProviderWrap) GetBearerToken() (bearerToken string) {
472			return tea.String("")
473			}
474
475			func (cp credentialsProviderWrap) GetCredential() (cm CredentialModel, err error) {
476			c, err := cp.provider.GetCredentials()
477			if err != nil {
478			return
479			}
480
481			cm = &CredentialModel{
482			AccessKeyId: &c.AccessKeyId,
483			AccessKeySecret: &c.AccessKeySecret,
484			SecurityToken: &c.SecurityToken,
485			Type: &c.ProviderName,
486			}
487			return
488			}
489
490			func (cp credentialsProviderWrap) GetType() string {
491			return &cp.typeName
492			}
493
494			func fromCredentialsProvider(typeName string, cp providers.CredentialsProvider) Credential {
495			return &credentialsProviderWrap{
496			typeName: typeName,
497			provider: cp,
498			}
499			}
500

aliyun / credentials-go

GitHub Access Token became invalid

Push — master ( 3589f7...cd6b32 )

roviderWrap.GetSecurityToken A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like