Skip to content

Commit

Permalink
refine ecs ram role credentials provider
Browse files Browse the repository at this point in the history
  • Loading branch information
@JacksonTian
JacksonTian committed Jul 29, 2024
1 parent 4705e5d commit 8f9f1e2
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 51 deletions.
67 changes: 32 additions & 35 deletions credentials/ecs_ram_role_credentials_provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,65 +50,62 @@ func newEcsRAMRoleCredentialWithEnableIMDSv2(roleName string, enableIMDSv2 bool,
}
}

func (e *ECSRAMRoleCredentialsProvider) GetCredential() (*CredentialModel, error) {
func (e *ECSRAMRoleCredentialsProvider) GetCredential() (credentials *CredentialModel, err error) {
if e.sessionCredential == nil || e.needUpdateCredential() {
err := e.updateCredential()
err = e.updateCredential()
if err != nil {
return nil, err
if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) {
// 虽然有错误,但是已有的 credentials 还有效
} else {
return
}
}
}
credential := &CredentialModel{

credentials = &CredentialModel{
AccessKeyId: tea.String(e.sessionCredential.AccessKeyId),
AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
SecurityToken: tea.String(e.sessionCredential.SecurityToken),
Type: tea.String("ecs_ram_role"),
}
return credential, nil

return
}

// GetAccessKeyId reutrns EcsRAMRoleCredential's AccessKeyId
// if AccessKeyId is not exist or out of date, the function will update it.
func (e *ECSRAMRoleCredentialsProvider) GetAccessKeyId() (*string, error) {
if e.sessionCredential == nil || e.needUpdateCredential() {
err := e.updateCredential()
if err != nil {
if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) {
return &e.sessionCredential.AccessKeyId, nil
}
return tea.String(""), err
}
func (e *ECSRAMRoleCredentialsProvider) GetAccessKeyId() (accessKeyId *string, err error) {
c, err := e.GetCredential()
if err != nil {
return
}
return tea.String(e.sessionCredential.AccessKeyId), nil

accessKeyId = c.AccessKeyId
return
}

// GetAccessSecret reutrns EcsRAMRoleCredential's AccessKeySecret
// if AccessKeySecret is not exist or out of date, the function will update it.
func (e *ECSRAMRoleCredentialsProvider) GetAccessKeySecret() (*string, error) {
if e.sessionCredential == nil || e.needUpdateCredential() {
err := e.updateCredential()
if err != nil {
if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) {
return &e.sessionCredential.AccessKeySecret, nil
}
return tea.String(""), err
}
func (e *ECSRAMRoleCredentialsProvider) GetAccessKeySecret() (accessKeySecret *string, err error) {
c, err := e.GetCredential()
if err != nil {
return
}
return tea.String(e.sessionCredential.AccessKeySecret), nil

accessKeySecret = c.AccessKeySecret
return
}

// GetSecurityToken reutrns EcsRAMRoleCredential's SecurityToken
// if SecurityToken is not exist or out of date, the function will update it.
func (e *ECSRAMRoleCredentialsProvider) GetSecurityToken() (*string, error) {
if e.sessionCredential == nil || e.needUpdateCredential() {
err := e.updateCredential()
if err != nil {
if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) {
return &e.sessionCredential.SecurityToken, nil
}
return tea.String(""), err
}
func (e *ECSRAMRoleCredentialsProvider) GetSecurityToken() (securityToken *string, err error) {
c, err := e.GetCredential()
if err != nil {
return
}
return tea.String(e.sessionCredential.SecurityToken), nil

securityToken = c.SecurityToken
return
}

// GetBearerToken is useless for EcsRAMRoleCredential
Expand Down
32 changes: 16 additions & 16 deletions credentials/ecs_ram_role_credentials_provider_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) {
accesskeyId, err := auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh Ecs sts token err: sdk test", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
Expand All @@ -37,17 +37,17 @@ func Test_EcsRAmRoleCredential(t *testing.T) {
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

accesskeySecret, err := auth.GetAccessKeySecret()
assert.NotNil(t, err)
assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error())
assert.Equal(t, "", *accesskeySecret)
assert.Nil(t, accesskeySecret)

ststoken, err := auth.GetSecurityToken()
assert.NotNil(t, err)
assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error())
assert.Equal(t, "", *ststoken)
assert.Nil(t, ststoken)

assert.Equal(t, "", *auth.GetBearerToken())

Expand Down Expand Up @@ -80,7 +80,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) {
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh Ecs sts token err: Json Unmarshal fail: invalid character ':' after top-level value", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
Expand All @@ -90,7 +90,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) {
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh Ecs sts token err: Code is not Success", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
Expand All @@ -100,7 +100,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) {
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh Ecs sts token err: AccessKeyId: , AccessKeySecret: accessKeySecret, SecurityToken: securitytoken, Expiration: expiration", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
Expand Down Expand Up @@ -140,7 +140,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) {
}()
accesskeyId, err = auth.GetAccessKeyId()
assert.Equal(t, "refresh Ecs sts token err: error parse", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)
}

func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
Expand All @@ -156,19 +156,19 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
accesskeyId, err := auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh Ecs sts token err: sdk test", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

auth = newEcsRAMRoleCredentialWithEnableIMDSv2("go sdk", true, 0, 0.5, nil)
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "failed to get token from ECS Metadata Service: sdk test", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

auth = newEcsRAMRoleCredentialWithEnableIMDSv2("go sdk", true, 180, 0.5, nil)
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "failed to get token from ECS Metadata Service: sdk test", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
Expand All @@ -178,7 +178,7 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "failed to get token from ECS Metadata Service: httpStatus: 300, message = ", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
Expand Down Expand Up @@ -207,7 +207,7 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh Ecs sts token err: Json Unmarshal fail: invalid character ':' after top-level value", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
Expand All @@ -217,7 +217,7 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh Ecs sts token err: Code is not Success", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
Expand All @@ -227,7 +227,7 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
accesskeyId, err = auth.GetAccessKeyId()
assert.NotNil(t, err)
assert.Equal(t, "refresh Ecs sts token err: AccessKeyId: , AccessKeySecret: accessKeySecret, SecurityToken: securitytoken, Expiration: expiration", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)

hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
Expand Down Expand Up @@ -267,5 +267,5 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
}()
accesskeyId, err = auth.GetAccessKeyId()
assert.Equal(t, "refresh Ecs sts token err: error parse", err.Error())
assert.Equal(t, "", *accesskeyId)
assert.Nil(t, accesskeyId)
}

0 comments on commit 8f9f1e2

Please sign in to comment.