providers.*RAMRoleARNCredentialsProviderBuilder.WithDurationSeconds - Code Metrics - Inspection of "feat: expose internal providers && support init cl..." - aliyun/credentials-go - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 47c2ea...25ec51 )

unknown

created 2024-11-04 03:15 UTC

derBuilder.WithDurationSeconds A

↳ Parent: credentials/providers/ram_role_arn.go

Complexity

Conditions

Size

Total Lines	3
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	3
nop	1
dl	0
loc	3
rs	10
c	0
b	0
f	0

package providers

import (
	"encoding/json"
	"errors"
	"fmt"
	"net/http"
	"net/url"
	"os"
	"strconv"
	"strings"
	"time"

	httputil "github.com/aliyun/credentials-go/credentials/internal/http"
	"github.com/aliyun/credentials-go/credentials/internal/utils"
)

type assumedRoleUser struct {
}

type credentials struct {
	SecurityToken   *string `json:"SecurityToken"`
	Expiration      *string `json:"Expiration"`
	AccessKeySecret *string `json:"AccessKeySecret"`
	AccessKeyId     *string `json:"AccessKeyId"`
}

type assumeRoleResponse struct {
	RequestID       *string          `json:"RequestId"`
	AssumedRoleUser *assumedRoleUser `json:"AssumedRoleUser"`
	Credentials     *credentials     `json:"Credentials"`
}

type sessionCredentials struct {
	AccessKeyId     string
	AccessKeySecret string
	SecurityToken   string
	Expiration      string
}

type HttpOptions struct {
	Proxy          string
	ConnectTimeout int
	ReadTimeout    int
}

type RAMRoleARNCredentialsProvider struct {
	// for previous credentials
	accessKeyId         string
	accessKeySecret     string
	securityToken       string
	credentialsProvider CredentialsProvider

	roleArn         string
	roleSessionName string
	durationSeconds int
	policy          string
	externalId      string
	// for sts endpoint
	stsRegionId string
	enableVpc   bool
	stsEndpoint string
	// for http options
	httpOptions *HttpOptions
	// inner
	expirationTimestamp int64
	lastUpdateTimestamp int64
	sessionCredentials  *sessionCredentials
}

type RAMRoleARNCredentialsProviderBuilder struct {
	provider *RAMRoleARNCredentialsProvider
}

func NewRAMRoleARNCredentialsProviderBuilder() *RAMRoleARNCredentialsProviderBuilder {
	return &RAMRoleARNCredentialsProviderBuilder{
		provider: &RAMRoleARNCredentialsProvider{},
	}
}

func (builder *RAMRoleARNCredentialsProviderBuilder) WithAccessKeyId(accessKeyId string) *RAMRoleARNCredentialsProviderBuilder {
	builder.provider.accessKeyId = accessKeyId
	return builder
}

func (builder *RAMRoleARNCredentialsProviderBuilder) WithAccessKeySecret(accessKeySecret string) *RAMRoleARNCredentialsProviderBuilder {
	builder.provider.accessKeySecret = accessKeySecret
	return builder
}

func (builder *RAMRoleARNCredentialsProviderBuilder) WithSecurityToken(securityToken string) *RAMRoleARNCredentialsProviderBuilder {
	builder.provider.securityToken = securityToken
	return builder
}

func (builder *RAMRoleARNCredentialsProviderBuilder) WithCredentialsProvider(credentialsProvider CredentialsProvider) *RAMRoleARNCredentialsProviderBuilder {
	builder.provider.credentialsProvider = credentialsProvider
	return builder
}

func (builder *RAMRoleARNCredentialsProviderBuilder) WithRoleArn(roleArn string) *RAMRoleARNCredentialsProviderBuilder {
	builder.provider.roleArn = roleArn
	return builder
}

func (builder *RAMRoleARNCredentialsProviderBuilder) WithStsRegionId(regionId string) *RAMRoleARNCredentialsProviderBuilder {
	builder.provider.stsRegionId = regionId
	return builder
}

func (builder *RAMRoleARNCredentialsProviderBuilder) WithEnableVpc(enableVpc bool) *RAMRoleARNCredentialsProviderBuilder {
	builder.provider.enableVpc = enableVpc
	return builder
}

func (builder *RAMRoleARNCredentialsProviderBuilder) WithStsEndpoint(endpoint string) *RAMRoleARNCredentialsProviderBuilder {
	builder.provider.stsEndpoint = endpoint
	return builder
}

func (builder *RAMRoleARNCredentialsProviderBuilder) WithRoleSessionName(roleSessionName string) *RAMRoleARNCredentialsProviderBuilder {
	builder.provider.roleSessionName = roleSessionName
	return builder
}

func (builder *RAMRoleARNCredentialsProviderBuilder) WithPolicy(policy string) *RAMRoleARNCredentialsProviderBuilder {
	builder.provider.policy = policy
	return builder
}

func (builder *RAMRoleARNCredentialsProviderBuilder) WithExternalId(externalId string) *RAMRoleARNCredentialsProviderBuilder {
	builder.provider.externalId = externalId
	return builder
}

func (builder *RAMRoleARNCredentialsProviderBuilder) WithDurationSeconds(durationSeconds int) *RAMRoleARNCredentialsProviderBuilder {
	builder.provider.durationSeconds = durationSeconds
	return builder
}

func (builder *RAMRoleARNCredentialsProviderBuilder) WithHttpOptions(httpOptions *HttpOptions) *RAMRoleARNCredentialsProviderBuilder {
	builder.provider.httpOptions = httpOptions
	return builder
}

func (builder *RAMRoleARNCredentialsProviderBuilder) Build() (provider *RAMRoleARNCredentialsProvider, err error) {
	if builder.provider.credentialsProvider == nil {
		if builder.provider.accessKeyId != "" && builder.provider.accessKeySecret != "" && builder.provider.securityToken != "" {
			builder.provider.credentialsProvider, err = NewStaticSTSCredentialsProviderBuilder().
				WithAccessKeyId(builder.provider.accessKeyId).
				WithAccessKeySecret(builder.provider.accessKeySecret).
				WithSecurityToken(builder.provider.securityToken).
				Build()
			if err != nil {
				return
			}
		} else if builder.provider.accessKeyId != "" && builder.provider.accessKeySecret != "" {
			builder.provider.credentialsProvider, err = NewStaticAKCredentialsProviderBuilder().
				WithAccessKeyId(builder.provider.accessKeyId).
				WithAccessKeySecret(builder.provider.accessKeySecret).
				Build()
			if err != nil {
				return
			}
		} else {
			err = errors.New("must specify a previous credentials provider to assume role")
		}
		return
	}

	if builder.provider.roleArn == "" {
		if roleArn := os.Getenv("ALIBABA_CLOUD_ROLE_ARN"); roleArn != "" {
			builder.provider.roleArn = roleArn
		} else {
			err = errors.New("the RoleArn is empty")
			return
		}
	}

	if builder.provider.roleSessionName == "" {
		if roleSessionName := os.Getenv("ALIBABA_CLOUD_ROLE_SESSION_NAME"); roleSessionName != "" {
			builder.provider.roleSessionName = roleSessionName
		} else {
			builder.provider.roleSessionName = "credentials-go-" + strconv.FormatInt(time.Now().UnixNano()/1000, 10)
		}
	}

	// duration seconds
	if builder.provider.durationSeconds == 0 {
		// default to 3600
		builder.provider.durationSeconds = 3600
	}

	if builder.provider.durationSeconds < 900 {
		err = errors.New("session duration should be in the range of 900s - max session duration")
		return
	}

	// sts endpoint
	if builder.provider.stsEndpoint == "" {
		if !builder.provider.enableVpc {
			builder.provider.enableVpc = strings.ToLower(os.Getenv("ALIBABA_CLOUD_VPC_ENDPOINT_ENABLED")) == "true"
		}
		prefix := "sts"
		if builder.provider.enableVpc {
			prefix = "sts-vpc"
		}
		if builder.provider.stsRegionId != "" {
			builder.provider.stsEndpoint = fmt.Sprintf("%s.%s.aliyuncs.com", prefix, builder.provider.stsRegionId)
		} else if region := os.Getenv("ALIBABA_CLOUD_STS_REGION"); region != "" {
			builder.provider.stsEndpoint = fmt.Sprintf("%s.%s.aliyuncs.com", prefix, region)
		} else {
			builder.provider.stsEndpoint = "sts.aliyuncs.com"
		}
	}

	provider = builder.provider
	return
}

func (provider *RAMRoleARNCredentialsProvider) getCredentials(cc *Credentials) (session *sessionCredentials, err error) {
	method := "POST"
	req := &httputil.Request{
		Method:   method,
		Protocol: "https",
		Host:     provider.stsEndpoint,
		Headers:  map[string]string{},
	}

	queries := make(map[string]string)
	queries["Version"] = "2015-04-01"
	queries["Action"] = "AssumeRole"
	queries["Format"] = "JSON"
	queries["Timestamp"] = utils.GetTimeInFormatISO8601()
	queries["SignatureMethod"] = "HMAC-SHA1"
	queries["SignatureVersion"] = "1.0"
	queries["SignatureNonce"] = utils.GetNonce()
	queries["AccessKeyId"] = cc.AccessKeyId

	if cc.SecurityToken != "" {
		queries["SecurityToken"] = cc.SecurityToken
	}

	bodyForm := make(map[string]string)
	bodyForm["RoleArn"] = provider.roleArn
	if provider.policy != "" {
		bodyForm["Policy"] = provider.policy
	}
	if provider.externalId != "" {
		bodyForm["ExternalId"] = provider.externalId
	}
	bodyForm["RoleSessionName"] = provider.roleSessionName
	bodyForm["DurationSeconds"] = strconv.Itoa(provider.durationSeconds)
	req.Form = bodyForm

	// caculate signature
	signParams := make(map[string]string)
	for key, value := range queries {
		signParams[key] = value
	}
	for key, value := range bodyForm {
		signParams[key] = value
	}

	stringToSign := utils.GetURLFormedMap(signParams)
	stringToSign = strings.Replace(stringToSign, "+", "%20", -1)
	stringToSign = strings.Replace(stringToSign, "*", "%2A", -1)
	stringToSign = strings.Replace(stringToSign, "%7E", "~", -1)
	stringToSign = url.QueryEscape(stringToSign)
	stringToSign = method + "&%2F&" + stringToSign
	secret := cc.AccessKeySecret + "&"
	queries["Signature"] = utils.ShaHmac1(stringToSign, secret)

	req.Queries = queries

	// set headers
	req.Headers["Accept-Encoding"] = "identity"
	req.Headers["Content-Type"] = "application/x-www-form-urlencoded"
	req.Headers["x-acs-credentials-provider"] = cc.ProviderName

	if provider.httpOptions != nil {
		req.ConnectTimeout = time.Duration(provider.httpOptions.ConnectTimeout) * time.Second
		req.ReadTimeout = time.Duration(provider.httpOptions.ReadTimeout) * time.Second
		req.Proxy = provider.httpOptions.Proxy
	}

	res, err := httpDo(req)
	if err != nil {
		return
	}

	if res.StatusCode != http.StatusOK {
		err = errors.New("refresh session token failed: " + string(res.Body))
		return
	}
	var data assumeRoleResponse
	err = json.Unmarshal(res.Body, &data)
	if err != nil {
		err = fmt.Errorf("refresh RoleArn sts token err, json.Unmarshal fail: %s", err.Error())
		return
	}
	if data.Credentials == nil {
		err = fmt.Errorf("refresh RoleArn sts token err, fail to get credentials")
		return
	}

	if data.Credentials.AccessKeyId == nil || data.Credentials.AccessKeySecret == nil || data.Credentials.SecurityToken == nil {
		err = fmt.Errorf("refresh RoleArn sts token err, fail to get credentials")
		return
	}

	session = &sessionCredentials{
		AccessKeyId:     *data.Credentials.AccessKeyId,
		AccessKeySecret: *data.Credentials.AccessKeySecret,
		SecurityToken:   *data.Credentials.SecurityToken,
		Expiration:      *data.Credentials.Expiration,
	}
	return
}

func (provider *RAMRoleARNCredentialsProvider) needUpdateCredential() (result bool) {
	if provider.expirationTimestamp == 0 {
		return true
	}

	return provider.expirationTimestamp-time.Now().Unix() <= 180
}

func (provider *RAMRoleARNCredentialsProvider) GetCredentials() (cc *Credentials, err error) {
	if provider.sessionCredentials == nil || provider.needUpdateCredential() {
		// 获取前置凭证
		previousCredentials, err1 := provider.credentialsProvider.GetCredentials()
		if err1 != nil {
			return nil, err1
		}
		sessionCredentials, err2 := provider.getCredentials(previousCredentials)
		if err2 != nil {
			return nil, err2
		}

		expirationTime, err := time.Parse("2006-01-02T15:04:05Z", sessionCredentials.Expiration)
		if err != nil {
			return nil, err
		}

		provider.expirationTimestamp = expirationTime.Unix()
		provider.lastUpdateTimestamp = time.Now().Unix()
		provider.sessionCredentials = sessionCredentials
	}

	cc = &Credentials{
		AccessKeyId:     provider.sessionCredentials.AccessKeyId,
		AccessKeySecret: provider.sessionCredentials.AccessKeySecret,
		SecurityToken:   provider.sessionCredentials.SecurityToken,
		ProviderName:    fmt.Sprintf("%s/%s", provider.GetProviderName(), provider.credentialsProvider.GetProviderName()),
	}
	return
}

func (provider *RAMRoleARNCredentialsProvider) GetProviderName() string {
	return "ram_role_arn"
}


1			package providers
2
3			import (
4			"encoding/json"
5			"errors"
6			"fmt"
7			"net/http"
8			"net/url"
9			"os"
10			"strconv"
11			"strings"
12			"time"
13
14			httputil "github.com/aliyun/credentials-go/credentials/internal/http"
15			"github.com/aliyun/credentials-go/credentials/internal/utils"
16			)
17
18			type assumedRoleUser struct {
19			}
20
21			type credentials struct {
22			SecurityToken *string `json:"SecurityToken"`
23			Expiration *string `json:"Expiration"`
24			AccessKeySecret *string `json:"AccessKeySecret"`
25			AccessKeyId *string `json:"AccessKeyId"`
26			}
27
28			type assumeRoleResponse struct {
29			RequestID *string `json:"RequestId"`
30			AssumedRoleUser *assumedRoleUser `json:"AssumedRoleUser"`
31			Credentials *credentials `json:"Credentials"`
32			}
33
34			type sessionCredentials struct {
35			AccessKeyId string
36			AccessKeySecret string
37			SecurityToken string
38			Expiration string
39			}
40
41			type HttpOptions struct {
42			Proxy string
43			ConnectTimeout int
44			ReadTimeout int
45			}
46
47			type RAMRoleARNCredentialsProvider struct {
48			// for previous credentials
49			accessKeyId string
50			accessKeySecret string
51			securityToken string
52			credentialsProvider CredentialsProvider
53
54			roleArn string
55			roleSessionName string
56			durationSeconds int
57			policy string
58			externalId string
59			// for sts endpoint
60			stsRegionId string
61			enableVpc bool
62			stsEndpoint string
63			// for http options
64			httpOptions *HttpOptions
65			// inner
66			expirationTimestamp int64
67			lastUpdateTimestamp int64
68			sessionCredentials *sessionCredentials
69			}
70
71			type RAMRoleARNCredentialsProviderBuilder struct {
72			provider *RAMRoleARNCredentialsProvider
73			}
74
75			func NewRAMRoleARNCredentialsProviderBuilder() *RAMRoleARNCredentialsProviderBuilder {
76			return &RAMRoleARNCredentialsProviderBuilder{
77			provider: &RAMRoleARNCredentialsProvider{},
78			}
79			}
80
81			func (builder RAMRoleARNCredentialsProviderBuilder) WithAccessKeyId(accessKeyId string) RAMRoleARNCredentialsProviderBuilder {
82			builder.provider.accessKeyId = accessKeyId
83			return builder
84			}
85
86			func (builder RAMRoleARNCredentialsProviderBuilder) WithAccessKeySecret(accessKeySecret string) RAMRoleARNCredentialsProviderBuilder {
87			builder.provider.accessKeySecret = accessKeySecret
88			return builder
89			}
90
91			func (builder RAMRoleARNCredentialsProviderBuilder) WithSecurityToken(securityToken string) RAMRoleARNCredentialsProviderBuilder {
92			builder.provider.securityToken = securityToken
93			return builder
94			}
95
96			func (builder RAMRoleARNCredentialsProviderBuilder) WithCredentialsProvider(credentialsProvider CredentialsProvider) RAMRoleARNCredentialsProviderBuilder {
97			builder.provider.credentialsProvider = credentialsProvider
98			return builder
99			}
100
101			func (builder RAMRoleARNCredentialsProviderBuilder) WithRoleArn(roleArn string) RAMRoleARNCredentialsProviderBuilder {
102			builder.provider.roleArn = roleArn
103			return builder
104			}
105
106			func (builder RAMRoleARNCredentialsProviderBuilder) WithStsRegionId(regionId string) RAMRoleARNCredentialsProviderBuilder {
107			builder.provider.stsRegionId = regionId
108			return builder
109			}
110
111			func (builder RAMRoleARNCredentialsProviderBuilder) WithEnableVpc(enableVpc bool) RAMRoleARNCredentialsProviderBuilder {
112			builder.provider.enableVpc = enableVpc
113			return builder
114			}
115
116			func (builder RAMRoleARNCredentialsProviderBuilder) WithStsEndpoint(endpoint string) RAMRoleARNCredentialsProviderBuilder {
117			builder.provider.stsEndpoint = endpoint
118			return builder
119			}
120
121			func (builder RAMRoleARNCredentialsProviderBuilder) WithRoleSessionName(roleSessionName string) RAMRoleARNCredentialsProviderBuilder {
122			builder.provider.roleSessionName = roleSessionName
123			return builder
124			}
125
126			func (builder RAMRoleARNCredentialsProviderBuilder) WithPolicy(policy string) RAMRoleARNCredentialsProviderBuilder {
127			builder.provider.policy = policy
128			return builder
129			}
130
131			func (builder RAMRoleARNCredentialsProviderBuilder) WithExternalId(externalId string) RAMRoleARNCredentialsProviderBuilder {
132			builder.provider.externalId = externalId
133			return builder
134			}
135
136			func (builder RAMRoleARNCredentialsProviderBuilder) WithDurationSeconds(durationSeconds int) RAMRoleARNCredentialsProviderBuilder {
137			builder.provider.durationSeconds = durationSeconds
138			return builder
139			}
140
141			func (builder RAMRoleARNCredentialsProviderBuilder) WithHttpOptions(httpOptions HttpOptions) *RAMRoleARNCredentialsProviderBuilder {
142			builder.provider.httpOptions = httpOptions
143			return builder
144			}
145
146			func (builder RAMRoleARNCredentialsProviderBuilder) Build() (provider RAMRoleARNCredentialsProvider, err error) {
147			if builder.provider.credentialsProvider == nil {
148			if builder.provider.accessKeyId != "" && builder.provider.accessKeySecret != "" && builder.provider.securityToken != "" {
149			builder.provider.credentialsProvider, err = NewStaticSTSCredentialsProviderBuilder().
150			WithAccessKeyId(builder.provider.accessKeyId).
151			WithAccessKeySecret(builder.provider.accessKeySecret).
152			WithSecurityToken(builder.provider.securityToken).
153			Build()
154			if err != nil {
155			return
156			}
157			} else if builder.provider.accessKeyId != "" && builder.provider.accessKeySecret != "" {
158			builder.provider.credentialsProvider, err = NewStaticAKCredentialsProviderBuilder().
159			WithAccessKeyId(builder.provider.accessKeyId).
160			WithAccessKeySecret(builder.provider.accessKeySecret).
161			Build()
162			if err != nil {
163			return
164			}
165			} else {
166			err = errors.New("must specify a previous credentials provider to assume role")
167			}
168			return
169			}
170
171			if builder.provider.roleArn == "" {
172			if roleArn := os.Getenv("ALIBABA_CLOUD_ROLE_ARN"); roleArn != "" {
173			builder.provider.roleArn = roleArn
174			} else {
175			err = errors.New("the RoleArn is empty")
176			return
177			}
178			}
179
180			if builder.provider.roleSessionName == "" {
181			if roleSessionName := os.Getenv("ALIBABA_CLOUD_ROLE_SESSION_NAME"); roleSessionName != "" {
182			builder.provider.roleSessionName = roleSessionName
183			} else {
184			builder.provider.roleSessionName = "credentials-go-" + strconv.FormatInt(time.Now().UnixNano()/1000, 10)
185			}
186			}
187
188			// duration seconds
189			if builder.provider.durationSeconds == 0 {
190			// default to 3600
191			builder.provider.durationSeconds = 3600
192			}
193
194			if builder.provider.durationSeconds < 900 {
195			err = errors.New("session duration should be in the range of 900s - max session duration")
196			return
197			}
198
199			// sts endpoint
200			if builder.provider.stsEndpoint == "" {
201			if !builder.provider.enableVpc {
202			builder.provider.enableVpc = strings.ToLower(os.Getenv("ALIBABA_CLOUD_VPC_ENDPOINT_ENABLED")) == "true"
203			}
204			prefix := "sts"
205			if builder.provider.enableVpc {
206			prefix = "sts-vpc"
207			}
208			if builder.provider.stsRegionId != "" {
209			builder.provider.stsEndpoint = fmt.Sprintf("%s.%s.aliyuncs.com", prefix, builder.provider.stsRegionId)
210			} else if region := os.Getenv("ALIBABA_CLOUD_STS_REGION"); region != "" {
211			builder.provider.stsEndpoint = fmt.Sprintf("%s.%s.aliyuncs.com", prefix, region)
212			} else {
213			builder.provider.stsEndpoint = "sts.aliyuncs.com"
214			}
215			}
216
217			provider = builder.provider
218			return
219			}
220
221			func (provider RAMRoleARNCredentialsProvider) getCredentials(cc Credentials) (session *sessionCredentials, err error) {
222			method := "POST"
223			req := &httputil.Request{
224			Method: method,
225			Protocol: "https",
226			Host: provider.stsEndpoint,
227			Headers: map[string]string{},
228			}
229
230			queries := make(map[string]string)
231			queries["Version"] = "2015-04-01"
232			queries["Action"] = "AssumeRole"
233			queries["Format"] = "JSON"
234			queries["Timestamp"] = utils.GetTimeInFormatISO8601()
235			queries["SignatureMethod"] = "HMAC-SHA1"
236			queries["SignatureVersion"] = "1.0"
237			queries["SignatureNonce"] = utils.GetNonce()
238			queries["AccessKeyId"] = cc.AccessKeyId
239
240			if cc.SecurityToken != "" {
241			queries["SecurityToken"] = cc.SecurityToken
242			}
243
244			bodyForm := make(map[string]string)
245			bodyForm["RoleArn"] = provider.roleArn
246			if provider.policy != "" {
247			bodyForm["Policy"] = provider.policy
248			}
249			if provider.externalId != "" {
250			bodyForm["ExternalId"] = provider.externalId
251			}
252			bodyForm["RoleSessionName"] = provider.roleSessionName
253			bodyForm["DurationSeconds"] = strconv.Itoa(provider.durationSeconds)
254			req.Form = bodyForm
255
256			// caculate signature
257			signParams := make(map[string]string)
258			for key, value := range queries {
259			signParams[key] = value
260			}
261			for key, value := range bodyForm {
262			signParams[key] = value
263			}
264
265			stringToSign := utils.GetURLFormedMap(signParams)
266			stringToSign = strings.Replace(stringToSign, "+", "%20", -1)
267			stringToSign = strings.Replace(stringToSign, "*", "%2A", -1)
268			stringToSign = strings.Replace(stringToSign, "%7E", "~", -1)
269			stringToSign = url.QueryEscape(stringToSign)
270			stringToSign = method + "&%2F&" + stringToSign
271			secret := cc.AccessKeySecret + "&"
272			queries["Signature"] = utils.ShaHmac1(stringToSign, secret)
273
274			req.Queries = queries
275
276			// set headers
277			req.Headers["Accept-Encoding"] = "identity"
278			req.Headers["Content-Type"] = "application/x-www-form-urlencoded"
279			req.Headers["x-acs-credentials-provider"] = cc.ProviderName
280
281			if provider.httpOptions != nil {
282			req.ConnectTimeout = time.Duration(provider.httpOptions.ConnectTimeout) * time.Second
283			req.ReadTimeout = time.Duration(provider.httpOptions.ReadTimeout) * time.Second
284			req.Proxy = provider.httpOptions.Proxy
285			}
286
287			res, err := httpDo(req)
288			if err != nil {
289			return
290			}
291
292			if res.StatusCode != http.StatusOK {
293			err = errors.New("refresh session token failed: " + string(res.Body))
294			return
295			}
296			var data assumeRoleResponse
297			err = json.Unmarshal(res.Body, &data)
298			if err != nil {
299			err = fmt.Errorf("refresh RoleArn sts token err, json.Unmarshal fail: %s", err.Error())
300			return
301			}
302			if data.Credentials == nil {
303			err = fmt.Errorf("refresh RoleArn sts token err, fail to get credentials")
304			return
305			}
306
307			if data.Credentials.AccessKeyId == nil \|\| data.Credentials.AccessKeySecret == nil \|\| data.Credentials.SecurityToken == nil {
308			err = fmt.Errorf("refresh RoleArn sts token err, fail to get credentials")
309			return
310			}
311
312			session = &sessionCredentials{
313			AccessKeyId: *data.Credentials.AccessKeyId,
314			AccessKeySecret: *data.Credentials.AccessKeySecret,
315			SecurityToken: *data.Credentials.SecurityToken,
316			Expiration: *data.Credentials.Expiration,
317			}
318			return
319			}
320
321			func (provider *RAMRoleARNCredentialsProvider) needUpdateCredential() (result bool) {
322			if provider.expirationTimestamp == 0 {
323			return true
324			}
325
326			return provider.expirationTimestamp-time.Now().Unix() <= 180
327			}
328
329			func (provider RAMRoleARNCredentialsProvider) GetCredentials() (cc Credentials, err error) {
330			if provider.sessionCredentials == nil \|\| provider.needUpdateCredential() {
331			// 获取前置凭证
332			previousCredentials, err1 := provider.credentialsProvider.GetCredentials()
333			if err1 != nil {
334			return nil, err1
335			}
336			sessionCredentials, err2 := provider.getCredentials(previousCredentials)
337			if err2 != nil {
338			return nil, err2
339			}
340
341			expirationTime, err := time.Parse("2006-01-02T15:04:05Z", sessionCredentials.Expiration)
342			if err != nil {
343			return nil, err
344			}
345
346			provider.expirationTimestamp = expirationTime.Unix()
347			provider.lastUpdateTimestamp = time.Now().Unix()
348			provider.sessionCredentials = sessionCredentials
349			}
350
351			cc = &Credentials{
352			AccessKeyId: provider.sessionCredentials.AccessKeyId,
353			AccessKeySecret: provider.sessionCredentials.AccessKeySecret,
354			SecurityToken: provider.sessionCredentials.SecurityToken,
355			ProviderName: fmt.Sprintf("%s/%s", provider.GetProviderName(), provider.credentialsProvider.GetProviderName()),
356			}
357			return
358			}
359
360			func (provider *RAMRoleARNCredentialsProvider) GetProviderName() string {
361			return "ram_role_arn"
362			}
363

aliyun / credentials-go

GitHub Access Token became invalid

Push — master ( 47c2ea...25ec51 )

derBuilder.WithDurationSeconds A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like