credentials/sts_role_arn_credential.go - Code Metrics - Inspection of "modify GetAccessSecret to GetAccessKeySecret" - aliyun/credentials-go - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( ecef9a...1c7b65 )

by Jackson

created 2020-01-16 03:25 UTC

credentials/sts_role_arn_credential.go A

↳ Parent: Project

Size/Duplication

Total Lines	161
Duplicated Lines	0 %

Importance

Changes

Metric	Value
cc	29
eloc	111
dl	0
loc	161
rs	10
c	0
b	0
f	0

7 Methods

Rating	Name	Size	Complexity
A	credentials.*RAMRoleArnCredential.GetType	2	1
A	credentials.newRAMRoleArnCredential	10	1
A	credentials.*RAMRoleArnCredential.GetBearerToken	2	1
A	credentials.*RAMRoleArnCredential.GetSecurityToken	8	4
F	credentials.*RAMRoleArnCredential.updateCredential	63	14
A	credentials.*RAMRoleArnCredential.GetAccessKeySecret	8	4
A	credentials.*RAMRoleArnCredential.GetAccessKeyId	8	4

package credentials

import (
	"encoding/json"
	"errors"
	"fmt"
	"strconv"
	"time"

	"github.com/aliyun/credentials-go/credentials/request"
	"github.com/aliyun/credentials-go/credentials/utils"
)

const defaultDurationSeconds = 3600

// RAMRoleArnCredential is a kind of credentials
type RAMRoleArnCredential struct {
	*credentialUpdater
	AccessKeyID           string
	AccessKeySecret       string
	RoleArn               string
	RoleSessionName       string
	RoleSessionExpiration int
	Policy                string
	sessionCredential     *sessionCredential
	runtime               *utils.Runtime
}

type ramRoleArnResponse struct {
	Credentials *credentialsInResponse `json:"Credentials" xml:"Credentials"`
}

type credentialsInResponse struct {
	AccessKeyID     string `json:"AccessKeyID" xml:"AccessKeyID"`
	AccessKeySecret string `json:"AccessKeySecret" xml:"AccessKeySecret"`
	SecurityToken   string `json:"SecurityToken" xml:"SecurityToken"`
	Expiration      string `json:"Expiration" xml:"Expiration"`
}

func newRAMRoleArnCredential(accessKeyID, accessKeySecret, roleArn, roleSessionName, policy string, roleSessionExpiration int, runtime *utils.Runtime) *RAMRoleArnCredential {
	return &RAMRoleArnCredential{
		AccessKeyID:           accessKeyID,
		AccessKeySecret:       accessKeySecret,
		RoleArn:               roleArn,
		RoleSessionName:       roleSessionName,
		RoleSessionExpiration: roleSessionExpiration,
		Policy:                policy,
		credentialUpdater:     new(credentialUpdater),
		runtime:               runtime,
	}
}

// GetAccessKeyID reutrns RamRoleArnCredential's AccessKeyID
// if AccessKeyID is not exist or out of date, the function will update it.
func (r *RAMRoleArnCredential) GetAccessKeyId() (string, error) {
	if r.sessionCredential == nil || r.needUpdateCredential() {
		err := r.updateCredential()
		if err != nil {
			return "", err
		}
	}
	return r.sessionCredential.AccessKeyID, nil
}

// GetAccessSecret reutrns RamRoleArnCredential's AccessKeySecret
// if AccessKeySecret is not exist or out of date, the function will update it.
func (r *RAMRoleArnCredential) GetAccessKeySecret() (string, error) {
	if r.sessionCredential == nil || r.needUpdateCredential() {
		err := r.updateCredential()
		if err != nil {
			return "", err
		}
	}
	return r.sessionCredential.AccessKeySecret, nil
}

// GetSecurityToken reutrns RamRoleArnCredential's SecurityToken
// if SecurityToken is not exist or out of date, the function will update it.
func (r *RAMRoleArnCredential) GetSecurityToken() (string, error) {
	if r.sessionCredential == nil || r.needUpdateCredential() {
		err := r.updateCredential()
		if err != nil {
			return "", err
		}
	}
	return r.sessionCredential.SecurityToken, nil
}

// GetBearerToken is useless RamRoleArnCredential
func (r *RAMRoleArnCredential) GetBearerToken() string {
	return ""
}

// GetType reutrns RamRoleArnCredential's type
func (r *RAMRoleArnCredential) GetType() string {
	return "ram_role_arn"
}

func (r *RAMRoleArnCredential) updateCredential() (err error) {
	if r.runtime == nil {
		r.runtime = new(utils.Runtime)
	}
	request := request.NewCommonRequest()
	request.Domain = "sts.aliyuncs.com"
	request.Scheme = "HTTPS"
	request.Method = "GET"
	request.QueryParams["AccessKeyId"] = r.AccessKeyID
	request.QueryParams["Action"] = "AssumeRole"
	request.QueryParams["Format"] = "JSON"
	if r.RoleSessionExpiration > 0 {
		if r.RoleSessionExpiration >= 900 && r.RoleSessionExpiration <= 3600 {
			request.QueryParams["DurationSeconds"] = strconv.Itoa(r.RoleSessionExpiration)
		} else {
			err = errors.New("[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr")
			return
		}
	} else {
		request.QueryParams["DurationSeconds"] = strconv.Itoa(defaultDurationSeconds)
	}
	request.QueryParams["RoleArn"] = r.RoleArn
	if r.Policy != "" {
		request.QueryParams["Policy"] = r.Policy
	}
	request.QueryParams["RoleSessionName"] = r.RoleSessionName
	request.QueryParams["SignatureMethod"] = "HMAC-SHA1"
	request.QueryParams["SignatureVersion"] = "1.0"
	request.QueryParams["Version"] = "2015-04-01"
	request.QueryParams["Timestamp"] = utils.GetTimeInFormatISO8601()
	request.QueryParams["SignatureNonce"] = utils.GetUUID()
	signature := utils.ShaHmac1(request.BuildStringToSign(), r.AccessKeySecret+"&")
	request.QueryParams["Signature"] = signature
	request.Headers["Host"] = request.Domain
	request.Headers["Accept-Encoding"] = "identity"
	request.URL = request.BuildURL()
	content, err := doAction(request, r.runtime)
	if err != nil {
		return fmt.Errorf("refresh RoleArn sts token err: %s", err.Error())
	}
	var resp *ramRoleArnResponse
	err = json.Unmarshal(content, &resp)
	if err != nil {
		return fmt.Errorf("refresh RoleArn sts token err: Json.Unmarshal fail: %s", err.Error())
	}
	if resp == nil || resp.Credentials == nil {
		return fmt.Errorf("refresh RoleArn sts token err: Credentials is empty")
	}
	respCredentials := resp.Credentials
	if respCredentials.AccessKeyID == "" || respCredentials.AccessKeySecret == "" || respCredentials.SecurityToken == "" || respCredentials.Expiration == "" {
		return fmt.Errorf("refresh RoleArn sts token err: AccessKeyID: %s, AccessKeySecret: %s, SecurityToken: %s, Expiration: %s", respCredentials.AccessKeyID, respCredentials.AccessKeySecret, respCredentials.SecurityToken, respCredentials.Expiration)
	}

	expirationTime, err := time.Parse("2006-01-02T15:04:05Z", respCredentials.Expiration)
	r.lastUpdateTimestamp = time.Now().Unix()
	r.credentialExpiration = int(expirationTime.Unix() - time.Now().Unix())
	r.sessionCredential = &sessionCredential{
		AccessKeyID:     respCredentials.AccessKeyID,
		AccessKeySecret: respCredentials.AccessKeySecret,
		SecurityToken:   respCredentials.SecurityToken,
	}

	return
}


1			package credentials
2
3			import (
4			"encoding/json"
5			"errors"
6			"fmt"
7			"strconv"
8			"time"
9
10			"github.com/aliyun/credentials-go/credentials/request"
11			"github.com/aliyun/credentials-go/credentials/utils"
12			)
13
14			const defaultDurationSeconds = 3600
15
16			// RAMRoleArnCredential is a kind of credentials
17			type RAMRoleArnCredential struct {
18			*credentialUpdater
19			AccessKeyID string
20			AccessKeySecret string
21			RoleArn string
22			RoleSessionName string
23			RoleSessionExpiration int
24			Policy string
25			sessionCredential *sessionCredential
26			runtime *utils.Runtime
27			}
28
29			type ramRoleArnResponse struct {
30			Credentials *credentialsInResponse `json:"Credentials" xml:"Credentials"`
31			}
32
33			type credentialsInResponse struct {
34			AccessKeyID string `json:"AccessKeyID" xml:"AccessKeyID"`
35			AccessKeySecret string `json:"AccessKeySecret" xml:"AccessKeySecret"`
36			SecurityToken string `json:"SecurityToken" xml:"SecurityToken"`
37			Expiration string `json:"Expiration" xml:"Expiration"`
38			}
39
40			func newRAMRoleArnCredential(accessKeyID, accessKeySecret, roleArn, roleSessionName, policy string, roleSessionExpiration int, runtime utils.Runtime) RAMRoleArnCredential {
41			return &RAMRoleArnCredential{
42			AccessKeyID: accessKeyID,
43			AccessKeySecret: accessKeySecret,
44			RoleArn: roleArn,
45			RoleSessionName: roleSessionName,
46			RoleSessionExpiration: roleSessionExpiration,
47			Policy: policy,
48			credentialUpdater: new(credentialUpdater),
49			runtime: runtime,
50			}
51			}
52
53			// GetAccessKeyID reutrns RamRoleArnCredential's AccessKeyID
54			// if AccessKeyID is not exist or out of date, the function will update it.
55			func (r *RAMRoleArnCredential) GetAccessKeyId() (string, error) {
56			if r.sessionCredential == nil \|\| r.needUpdateCredential() {
57			err := r.updateCredential()
58			if err != nil {
59			return "", err
60			}
61			}
62			return r.sessionCredential.AccessKeyID, nil
63			}
64
65			// GetAccessSecret reutrns RamRoleArnCredential's AccessKeySecret
66			// if AccessKeySecret is not exist or out of date, the function will update it.
67			func (r *RAMRoleArnCredential) GetAccessKeySecret() (string, error) {
68			if r.sessionCredential == nil \|\| r.needUpdateCredential() {
69			err := r.updateCredential()
70			if err != nil {
71			return "", err
72			}
73			}
74			return r.sessionCredential.AccessKeySecret, nil
75			}
76
77			// GetSecurityToken reutrns RamRoleArnCredential's SecurityToken
78			// if SecurityToken is not exist or out of date, the function will update it.
79			func (r *RAMRoleArnCredential) GetSecurityToken() (string, error) {
80			if r.sessionCredential == nil \|\| r.needUpdateCredential() {
81			err := r.updateCredential()
82			if err != nil {
83			return "", err
84			}
85			}
86			return r.sessionCredential.SecurityToken, nil
87			}
88
89			// GetBearerToken is useless RamRoleArnCredential
90			func (r *RAMRoleArnCredential) GetBearerToken() string {
91			return ""
92			}
93
94			// GetType reutrns RamRoleArnCredential's type
95			func (r *RAMRoleArnCredential) GetType() string {
96			return "ram_role_arn"
97			}
98
99			func (r *RAMRoleArnCredential) updateCredential() (err error) {
100			if r.runtime == nil {
101			r.runtime = new(utils.Runtime)
102			}
103			request := request.NewCommonRequest()
104			request.Domain = "sts.aliyuncs.com"
105			request.Scheme = "HTTPS"
106			request.Method = "GET"
107			request.QueryParams["AccessKeyId"] = r.AccessKeyID
108			request.QueryParams["Action"] = "AssumeRole"
109			request.QueryParams["Format"] = "JSON"
110			if r.RoleSessionExpiration > 0 {
111			if r.RoleSessionExpiration >= 900 && r.RoleSessionExpiration <= 3600 {
112			request.QueryParams["DurationSeconds"] = strconv.Itoa(r.RoleSessionExpiration)
113			} else {
114			err = errors.New("[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr")
115			return
116			}
117			} else {
118			request.QueryParams["DurationSeconds"] = strconv.Itoa(defaultDurationSeconds)
119			}
120			request.QueryParams["RoleArn"] = r.RoleArn
121			if r.Policy != "" {
122			request.QueryParams["Policy"] = r.Policy
123			}
124			request.QueryParams["RoleSessionName"] = r.RoleSessionName
125			request.QueryParams["SignatureMethod"] = "HMAC-SHA1"
126			request.QueryParams["SignatureVersion"] = "1.0"
127			request.QueryParams["Version"] = "2015-04-01"
128			request.QueryParams["Timestamp"] = utils.GetTimeInFormatISO8601()
129			request.QueryParams["SignatureNonce"] = utils.GetUUID()
130			signature := utils.ShaHmac1(request.BuildStringToSign(), r.AccessKeySecret+"&")
131			request.QueryParams["Signature"] = signature
132			request.Headers["Host"] = request.Domain
133			request.Headers["Accept-Encoding"] = "identity"
134			request.URL = request.BuildURL()
135			content, err := doAction(request, r.runtime)
136			if err != nil {
137			return fmt.Errorf("refresh RoleArn sts token err: %s", err.Error())
138			}
139			var resp *ramRoleArnResponse
140			err = json.Unmarshal(content, &resp)
141			if err != nil {
142			return fmt.Errorf("refresh RoleArn sts token err: Json.Unmarshal fail: %s", err.Error())
143			}
144			if resp == nil \|\| resp.Credentials == nil {
145			return fmt.Errorf("refresh RoleArn sts token err: Credentials is empty")
146			}
147			respCredentials := resp.Credentials
148			if respCredentials.AccessKeyID == "" \|\| respCredentials.AccessKeySecret == "" \|\| respCredentials.SecurityToken == "" \|\| respCredentials.Expiration == "" {
149			return fmt.Errorf("refresh RoleArn sts token err: AccessKeyID: %s, AccessKeySecret: %s, SecurityToken: %s, Expiration: %s", respCredentials.AccessKeyID, respCredentials.AccessKeySecret, respCredentials.SecurityToken, respCredentials.Expiration)
150			}
151
152			expirationTime, err := time.Parse("2006-01-02T15:04:05Z", respCredentials.Expiration)
153			r.lastUpdateTimestamp = time.Now().Unix()
154			r.credentialExpiration = int(expirationTime.Unix() - time.Now().Unix())
155			r.sessionCredential = &sessionCredential{
156			AccessKeyID: respCredentials.AccessKeyID,
157			AccessKeySecret: respCredentials.AccessKeySecret,
158			SecurityToken: respCredentials.SecurityToken,
159			}
160
161			return
162			}
163

aliyun / credentials-go

GitHub Access Token became invalid

Push — master ( ecef9a...1c7b65 )

credentials/sts_role_arn_credential.go A

Size/Duplication

Importance

7 Methods

Duplication Side-by-Side

Filter issues like