...

Source file src/github.com/aliyun/credentials-go/credentials/uri_credential.go

Documentation: github.com/aliyun/credentials-go/credentials 

     1  package credentials
     2  
     3  import (
     4  	"encoding/json"
     5  	"fmt"
     6  	"os"
     7  	"time"
     8  
     9  	"github.com/alibabacloud-go/tea/tea"
    10  	"github.com/aliyun/credentials-go/credentials/request"
    11  	"github.com/aliyun/credentials-go/credentials/utils"
    12  )
    13  
    14  // URLCredential is a kind of credential
    15  type URLCredential struct {
    16  	URL string
    17  	*credentialUpdater
    18  	*sessionCredential
    19  	runtime *utils.Runtime
    20  }
    21  
    22  type URLResponse struct {
    23  	AccessKeyId     string `json:"AccessKeyId" xml:"AccessKeyId"`
    24  	AccessKeySecret string `json:"AccessKeySecret" xml:"AccessKeySecret"`
    25  	SecurityToken   string `json:"SecurityToken" xml:"SecurityToken"`
    26  	Expiration      string `json:"Expiration" xml:"Expiration"`
    27  }
    28  
    29  func newURLCredential(URL string) *URLCredential {
    30  	credentialUpdater := new(credentialUpdater)
    31  	if URL == "" {
    32  		URL = os.Getenv("ALIBABA_CLOUD_CREDENTIALS_URI")
    33  	}
    34  	return &URLCredential{
    35  		URL:               URL,
    36  		credentialUpdater: credentialUpdater,
    37  	}
    38  }
    39  
    40  func (e *URLCredential) GetCredential() (*CredentialModel, error) {
    41  	if e.sessionCredential == nil || e.needUpdateCredential() {
    42  		err := e.updateCredential()
    43  		if err != nil {
    44  			return nil, err
    45  		}
    46  	}
    47  	credential := &CredentialModel{
    48  		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
    49  		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
    50  		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
    51  		Type:            tea.String("credential_uri"),
    52  	}
    53  	return credential, nil
    54  }
    55  
    56  // GetAccessKeyId reutrns  URLCredential's AccessKeyId
    57  // if AccessKeyId is not exist or out of date, the function will update it.
    58  func (e *URLCredential) GetAccessKeyId() (*string, error) {
    59  	if e.sessionCredential == nil || e.needUpdateCredential() {
    60  		err := e.updateCredential()
    61  		if err != nil {
    62  			if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) {
    63  				return &e.sessionCredential.AccessKeyId, nil
    64  			}
    65  			return tea.String(""), err
    66  		}
    67  	}
    68  	return tea.String(e.sessionCredential.AccessKeyId), nil
    69  }
    70  
    71  // GetAccessSecret reutrns  URLCredential's AccessKeySecret
    72  // if AccessKeySecret is not exist or out of date, the function will update it.
    73  func (e *URLCredential) GetAccessKeySecret() (*string, error) {
    74  	if e.sessionCredential == nil || e.needUpdateCredential() {
    75  		err := e.updateCredential()
    76  		if err != nil {
    77  			if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) {
    78  				return &e.sessionCredential.AccessKeySecret, nil
    79  			}
    80  			return tea.String(""), err
    81  		}
    82  	}
    83  	return tea.String(e.sessionCredential.AccessKeySecret), nil
    84  }
    85  
    86  // GetSecurityToken reutrns  URLCredential's SecurityToken
    87  // if SecurityToken is not exist or out of date, the function will update it.
    88  func (e *URLCredential) GetSecurityToken() (*string, error) {
    89  	if e.sessionCredential == nil || e.needUpdateCredential() {
    90  		err := e.updateCredential()
    91  		if err != nil {
    92  			if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) {
    93  				return &e.sessionCredential.SecurityToken, nil
    94  			}
    95  			return tea.String(""), err
    96  		}
    97  	}
    98  	return tea.String(e.sessionCredential.SecurityToken), nil
    99  }
   100  
   101  // GetBearerToken is useless for URLCredential
   102  func (e *URLCredential) GetBearerToken() *string {
   103  	return tea.String("")
   104  }
   105  
   106  // GetType reutrns  URLCredential's type
   107  func (e *URLCredential) GetType() *string {
   108  	return tea.String("credential_uri")
   109  }
   110  
   111  func (e *URLCredential) updateCredential() (err error) {
   112  	if e.runtime == nil {
   113  		e.runtime = new(utils.Runtime)
   114  	}
   115  	request := request.NewCommonRequest()
   116  	request.URL = e.URL
   117  	request.Method = "GET"
   118  	content, err := doAction(request, e.runtime)
   119  	if err != nil {
   120  		return fmt.Errorf("refresh Ecs sts token err: %s", err.Error())
   121  	}
   122  	var resp *URLResponse
   123  	err = json.Unmarshal(content, &resp)
   124  	if err != nil {
   125  		return fmt.Errorf("refresh Ecs sts token err: Json Unmarshal fail: %s", err.Error())
   126  	}
   127  	if resp.AccessKeyId == "" || resp.AccessKeySecret == "" || resp.SecurityToken == "" || resp.Expiration == "" {
   128  		return fmt.Errorf("refresh Ecs sts token err: AccessKeyId: %s, AccessKeySecret: %s, SecurityToken: %s, Expiration: %s", resp.AccessKeyId, resp.AccessKeySecret, resp.SecurityToken, resp.Expiration)
   129  	}
   130  
   131  	expirationTime, err := time.Parse("2006-01-02T15:04:05Z", resp.Expiration)
   132  	e.lastUpdateTimestamp = time.Now().Unix()
   133  	e.credentialExpiration = int(expirationTime.Unix() - time.Now().Unix())
   134  	e.sessionCredential = &sessionCredential{
   135  		AccessKeyId:     resp.AccessKeyId,
   136  		AccessKeySecret: resp.AccessKeySecret,
   137  		SecurityToken:   resp.SecurityToken,
   138  	}
   139  
   140  	return
   141  }
   142  

View as plain text