Merge branch 'uriprovider' into develop

AliyunContainerService · Sep 25, 2024 · b586fe5 · b586fe5
2 parents 77af5c8 + b1c8d26
commit b586fe5
Show file tree

Hide file tree

Showing 58 changed files with 3,484 additions and 270 deletions.
diff --git a/examples/rrsa/oss-nodejs-sdk/src/index.js b/examples/rrsa/oss-nodejs-sdk/src/index.js
@@ -26,7 +26,6 @@ function sleep(ms) {
 
 async function main() {
     console.log("test oss sdk using rrsa oidc token");
-    const durationSeconds = 3600; // 1 hour
     // 两种方法都可以
     const cred = newCredential();
     // or
@@ -37,7 +36,7 @@ async function main() {
       accessKeyId,
       accessKeySecret,
       stsToken: securityToken,
-      refreshSTSTokenInterval: durationSeconds * 0.02 * 1000,
+      refreshSTSTokenInterval: 30 * 1000, // 30 seconds
       refreshSTSToken: async () => {
         const { accessKeyId, accessKeySecret, securityToken } = await cred.getCredential();
         return {

diff --git a/examples/rrsa/terraform-demo/rrsa-config/README.md b/examples/rrsa/terraform-demo/rrsa-config/README.md
@@ -2,7 +2,7 @@
 
 
 ```
-aliyun/terraform-provider-alicloud > v1.171.0
+aliyun/terraform-provider-alicloud > v1.212.0
 ```
 
 https://registry.terraform.io/providers/aliyun/alicloud/latest

diff --git a/pkg/credentials/alibabacloudgo/env/env.go b/pkg/credentials/alibabacloudgo/env/env.go
@@ -1,14 +1,10 @@
 package env
 
 import (
-	"errors"
-	"fmt"
 	"os"
 
-	"github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudgo"
 	"github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider"
 	"github.com/AliyunContainerService/ack-ram-tool/pkg/log"
-	"github.com/aliyun/credentials-go/credentials"
 )
 
 var (
@@ -89,16 +85,6 @@ func NewCredentialsProvider(opts CredentialsProviderOptions) (provider.Credentia
 	oidcTokenFile := GetOIDCTokenFile()
 	sessionName := GetRoleSessionName()
 
-	config := &credentials.Config{
-		AccessKeyId:       stringPoint(keyId),
-		AccessKeySecret:   stringPoint(keySecret),
-		SecurityToken:     stringPoint(stsToken),
-		Url:               stringPoint(credURI),
-		RoleArn:           stringPoint(roleArn),
-		OIDCProviderArn:   stringPoint(oidcProviderArn),
-		OIDCTokenFilePath: stringPoint(oidcTokenFile),
-		RoleSessionName:   stringPoint(sessionName),
-	}
 	if keyId != "" && keySecret != "" && stsToken != "" {
 		return provider.NewSTSTokenProvider(keyId, keySecret, stsToken), nil
 	}
@@ -113,19 +99,25 @@ func NewCredentialsProvider(opts CredentialsProviderOptions) (provider.Credentia
 		}), nil
 	}
 	if keyId != "" && keySecret != "" {
+		if roleArn != "" {
+			cp := provider.NewAccessKeyProvider(keyId, keySecret)
+			return provider.NewRoleArnProvider(cp, roleArn, provider.RoleArnProviderOptions{
+				SessionName: sessionName,
+				Logger:      &log.ProviderLogWrapper{ZP: log.Logger},
+			}), nil
+		}
 		return provider.NewAccessKeyProvider(keyId, keySecret), nil
 	}
+
 	if credURI != "" {
-		config.Type = stringPoint("credentials_uri")
-	} else {
-		return nil, errors.New("not found credentials related environment variables")
+		return provider.NewURIProvider(credURI, provider.URIProviderOptions{
+			Logger: &log.ProviderLogWrapper{ZP: log.Logger},
+		}), nil
 	}
 
-	cred, err := credentials.NewCredential(config)
-	if err != nil {
-		return nil, fmt.Errorf("init credential failed: %w", err)
-	}
-	return alibabacloudgo.NewCredentialsProviderWrapper(cred), nil
+	return provider.NewEnvProvider(provider.EnvProviderOptions{
+		Logger: &log.ProviderLogWrapper{ZP: log.Logger},
+	}), nil
 }
 
 func GetAccessKeyId() string {

diff --git a/pkg/credentials/alibabacloudgo/wrapper.go b/pkg/credentials/alibabacloudgo/wrapper.go
@@ -21,23 +21,15 @@ func NewCredentialsProviderWrapper(cred credentials.Credential) *CredentialsProv
 }
 
 func (c CredentialsProviderWrapper) Credentials(ctx context.Context) (*provider.Credentials, error) {
-	ak, err := c.cred.GetAccessKeyId()
+	cred, err := c.cred.GetCredential()
 	if err != nil {
-		return nil, fmt.Errorf("get access key id failed: %w", err)
-	}
-	sk, err := c.cred.GetAccessKeySecret()
-	if err != nil {
-		return nil, fmt.Errorf("get access key secret failed: %w", err)
-	}
-	token, err := c.cred.GetSecurityToken()
-	if err != nil {
-		return nil, fmt.Errorf("get security token failed: %w", err)
+		return nil, fmt.Errorf("get credentails failed: %w", err)
 	}
 
 	return &provider.Credentials{
-		AccessKeyId:     tea.StringValue(ak),
-		AccessKeySecret: tea.StringValue(sk),
-		SecurityToken:   tea.StringValue(token),
+		AccessKeyId:     tea.StringValue(cred.AccessKeyId),
+		AccessKeySecret: tea.StringValue(cred.AccessKeySecret),
+		SecurityToken:   tea.StringValue(cred.SecurityToken),
 		Expiration:      time.Time{},
 	}, nil
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,7 +2,7 @@ @@
     ```
-    aliyun/terraform-provider-alicloud > v1.171.0
+    aliyun/terraform-provider-alicloud > v1.212.0
     ```
     https://registry.terraform.io/providers/aliyun/alicloud/latest
@@ Expand Down @@