1 package credentials
2
3 import (
4 "os"
5
6 "github.com/alibabacloud-go/tea/tea"
7 )
8
9 type oidcCredentialsProvider struct{}
10
11 var providerOIDC = new(oidcCredentialsProvider)
12
13 func newOidcCredentialsProvider() Provider {
14 return &oidcCredentialsProvider{}
15 }
16
17 func (p *oidcCredentialsProvider) resolve() (*Config, error) {
18 roleArn, ok1 := os.LookupEnv(ENVRoleArn)
19 oidcProviderArn, ok2 := os.LookupEnv(ENVOIDCProviderArn)
20 oidcTokenFilePath, ok3 := os.LookupEnv(ENVOIDCTokenFile)
21 if !ok1 || !ok2 || !ok3 {
22 return nil, nil
23 }
24
25 config := &Config{
26 Type: tea.String("oidc_role_arn"),
27 RoleArn: tea.String(roleArn),
28 OIDCProviderArn: tea.String(oidcProviderArn),
29 OIDCTokenFilePath: tea.String(oidcTokenFilePath),
30 RoleSessionName: tea.String("defaultSessionName"),
31 }
32 roleSessionName, ok := os.LookupEnv(ENVRoleSessionName)
33 if ok {
34 config.RoleSessionName = tea.String(roleSessionName)
35 }
36 return config, nil
37 }
38
View as plain text