From 3ea85db72b304ae96c1a937a5fed137a24829a20 Mon Sep 17 00:00:00 2001 From: nanhe Date: Fri, 7 Mar 2025 10:39:00 +0800 Subject: [PATCH] feat: support provider name in CredentialModel && support env ALIBABA_CLOUD_CONFIG_FILE --- credentials/bearer_token_credential.go | 5 +++-- credentials/bearer_token_credential_test.go | 1 + credentials/credential.go | 17 +++++++++++++++-- credentials/credential_model.go | 15 +++++++++++++++ credentials/credential_model_test.go | 9 +++++++-- credentials/credential_test.go | 4 ++-- credentials/providers/cli_profile.go | 15 +++++++++------ credentials/providers/cli_profile_test.go | 10 ++++++++++ credentials/providers/default.go | 2 +- credentials/providers/uri.go | 2 +- credentials/providers/uri_test.go | 12 ++++++------ integration/auth_test.go | 4 +++- 12 files changed, 73 insertions(+), 23 deletions(-) diff --git a/credentials/bearer_token_credential.go b/credentials/bearer_token_credential.go index 9df4d32..fc253b9 100644 --- a/credentials/bearer_token_credential.go +++ b/credentials/bearer_token_credential.go @@ -16,8 +16,9 @@ func newBearerTokenCredential(token string) *BearerTokenCredential { func (s *BearerTokenCredential) GetCredential() (*CredentialModel, error) { credential := &CredentialModel{ - BearerToken: tea.String(s.BearerToken), - Type: tea.String("bearer"), + BearerToken: tea.String(s.BearerToken), + Type: tea.String("bearer"), + ProviderName: tea.String("bearer"), } return credential, nil } diff --git a/credentials/bearer_token_credential_test.go b/credentials/bearer_token_credential_test.go index 4c81855..76e4ee5 100644 --- a/credentials/bearer_token_credential_test.go +++ b/credentials/bearer_token_credential_test.go @@ -30,4 +30,5 @@ func Test_BearerTokenCredential(t *testing.T) { assert.Nil(t, cred.AccessKeySecret) assert.Nil(t, cred.SecurityToken) assert.Equal(t, "bearer", *cred.Type) + assert.Equal(t, "bearer", *cred.ProviderName) } diff --git a/credentials/credential.go b/credentials/credential.go index ad80fc5..908359e 100644 --- a/credentials/credential.go +++ b/credentials/credential.go @@ -232,7 +232,19 @@ func NewCredential(config *Config) (credential Credential, err error) { } switch tea.StringValue(config.Type) { case "credentials_uri": - credential = newURLCredential(tea.StringValue(config.Url)) + provider, err := providers.NewURLCredentialsProviderBuilder(). + WithUrl(tea.StringValue(config.Url)). + WithHttpOptions(&providers.HttpOptions{ + Proxy: tea.StringValue(config.Proxy), + ReadTimeout: tea.IntValue(config.Timeout), + ConnectTimeout: tea.IntValue(config.ConnectTimeout), + }). + Build() + + if err != nil { + return nil, err + } + credential = FromCredentialsProvider("credentials_uri", provider) case "oidc_role_arn": provider, err := providers.NewOIDCCredentialsProviderBuilder(). WithRoleArn(tea.StringValue(config.RoleArn)). @@ -488,7 +500,8 @@ func (cp *credentialsProviderWrap) GetCredential() (cm *CredentialModel, err err AccessKeyId: &c.AccessKeyId, AccessKeySecret: &c.AccessKeySecret, SecurityToken: &c.SecurityToken, - Type: &c.ProviderName, + Type: &cp.typeName, + ProviderName: &c.ProviderName, } return } diff --git a/credentials/credential_model.go b/credentials/credential_model.go index 7b46c30..b145fee 100644 --- a/credentials/credential_model.go +++ b/credentials/credential_model.go @@ -13,7 +13,17 @@ type CredentialModel struct { // bearer token BearerToken *string `json:"bearerToken,omitempty" xml:"bearerToken,omitempty"` // type + // + // example: + // + // access_key Type *string `json:"type,omitempty" xml:"type,omitempty"` + // provider name + // + // example: + // + // cli_profile/static_ak + ProviderName *string `json:"providerName,omitempty" xml:"providerName,omitempty"` } func (s CredentialModel) String() string { @@ -48,3 +58,8 @@ func (s *CredentialModel) SetType(v string) *CredentialModel { s.Type = &v return s } + +func (s *CredentialModel) SetProviderName(v string) *CredentialModel { + s.ProviderName = &v + return s +} diff --git a/credentials/credential_model_test.go b/credentials/credential_model_test.go index e8f8402..2f5e282 100644 --- a/credentials/credential_model_test.go +++ b/credentials/credential_model_test.go @@ -14,15 +14,17 @@ func Test_Credential(t *testing.T) { SecurityToken: tea.String("SecurityToken"), BearerToken: tea.String("BearerToken"), Type: tea.String("Type"), + ProviderName: tea.String("ProviderName"), } assert.Equal(t, "AccessKeyId", *cred.AccessKeyId) assert.Equal(t, "AccessKeySecret", *cred.AccessKeySecret) assert.Equal(t, "SecurityToken", *cred.SecurityToken) assert.Equal(t, "BearerToken", *cred.BearerToken) assert.Equal(t, "Type", *cred.Type) + assert.Equal(t, "ProviderName", *cred.ProviderName) - assert.Equal(t, "{\n \"accessKeyId\": \"AccessKeyId\",\n \"accessKeySecret\": \"AccessKeySecret\",\n \"securityToken\": \"SecurityToken\",\n \"bearerToken\": \"BearerToken\",\n \"type\": \"Type\"\n}", cred.String()) - assert.Equal(t, "{\n \"accessKeyId\": \"AccessKeyId\",\n \"accessKeySecret\": \"AccessKeySecret\",\n \"securityToken\": \"SecurityToken\",\n \"bearerToken\": \"BearerToken\",\n \"type\": \"Type\"\n}", cred.GoString()) + assert.Equal(t, "{\n \"accessKeyId\": \"AccessKeyId\",\n \"accessKeySecret\": \"AccessKeySecret\",\n \"securityToken\": \"SecurityToken\",\n \"bearerToken\": \"BearerToken\",\n \"type\": \"Type\",\n \"providerName\": \"ProviderName\"\n}", cred.String()) + assert.Equal(t, "{\n \"accessKeyId\": \"AccessKeyId\",\n \"accessKeySecret\": \"AccessKeySecret\",\n \"securityToken\": \"SecurityToken\",\n \"bearerToken\": \"BearerToken\",\n \"type\": \"Type\",\n \"providerName\": \"ProviderName\"\n}", cred.GoString()) cred = &CredentialModel{} cred.SetAccessKeyId("") @@ -33,6 +35,7 @@ func Test_Credential(t *testing.T) { assert.Equal(t, "", *cred.SecurityToken) assert.Nil(t, cred.BearerToken) assert.Nil(t, cred.Type) + assert.Nil(t, cred.ProviderName) } func Test_Credential2(t *testing.T) { @@ -40,5 +43,7 @@ func Test_Credential2(t *testing.T) { cred.SetBearerToken("bearertoken") assert.Equal(t, "bearertoken", *cred.BearerToken) cred.SetType("bearertoken") + cred.SetProviderName("bearertoken") assert.Equal(t, "bearertoken", *cred.Type) + assert.Equal(t, "bearertoken", *cred.ProviderName) } diff --git a/credentials/credential_test.go b/credentials/credential_test.go index 62c9faf..7d97e7d 100644 --- a/credentials/credential_test.go +++ b/credentials/credential_test.go @@ -299,8 +299,8 @@ func TestNewCredentialWithCredentialsURI(t *testing.T) { config.SetURLCredential("") cred, err = NewCredential(config) - assert.Nil(t, err) - assert.NotNil(t, cred) + assert.NotNil(t, err) + assert.Nil(t, cred) assert.Equal(t, "", tea.StringValue(config.Url)) } diff --git a/credentials/providers/cli_profile.go b/credentials/providers/cli_profile.go index 9189703..c58f6a9 100644 --- a/credentials/providers/cli_profile.go +++ b/credentials/providers/cli_profile.go @@ -181,14 +181,17 @@ var getHomePath = utils.GetHomePath func (provider *CLIProfileCredentialsProvider) GetCredentials() (cc *Credentials, err error) { if provider.innerProvider == nil { - homedir := getHomePath() - if homedir == "" { - err = fmt.Errorf("cannot found home dir") - return + cfgPath := os.Getenv("ALIBABA_CLOUD_CONFIG_FILE") + if cfgPath == "" { + homeDir := getHomePath() + if homeDir == "" { + err = fmt.Errorf("cannot found home dir") + return + } + + cfgPath = path.Join(homeDir, ".aliyun/config.json") } - cfgPath := path.Join(homedir, ".aliyun/config.json") - conf, err1 := newConfigurationFromPath(cfgPath) if err1 != nil { err = err1 diff --git a/credentials/providers/cli_profile_test.go b/credentials/providers/cli_profile_test.go index 9f14f84..40fc8df 100644 --- a/credentials/providers/cli_profile_test.go +++ b/credentials/providers/cli_profile_test.go @@ -191,8 +191,10 @@ func TestCLIProfileCredentialsProvider_getCredentialsProvider(t *testing.T) { func TestCLIProfileCredentialsProvider_GetCredentials(t *testing.T) { originHttpDo := httpDo defer func() { httpDo = originHttpDo }() + rollback := utils.Memory("ALIBABA_CLOUD_CONFIG_FILE") defer func() { getHomePath = utils.GetHomePath + rollback() }() getHomePath = func() string { @@ -211,6 +213,14 @@ func TestCLIProfileCredentialsProvider_GetCredentials(t *testing.T) { _, err = provider.GetCredentials() assert.EqualError(t, err, "reading aliyun cli config from '/path/invalid/home/dir/.aliyun/config.json' failed open /path/invalid/home/dir/.aliyun/config.json: no such file or directory") + // testcase: specify credentials file with env + os.Setenv("ALIBABA_CLOUD_CONFIG_FILE", "/path/to/config.invalid") + provider, err = NewCLIProfileCredentialsProviderBuilder().Build() + assert.Nil(t, err) + _, err = provider.GetCredentials() + assert.EqualError(t, err, "reading aliyun cli config from '/path/to/config.invalid' failed open /path/to/config.invalid: no such file or directory") + os.Unsetenv("ALIBABA_CLOUD_CONFIG_FILE") + getHomePath = func() string { wd, _ := os.Getwd() return path.Join(wd, "fixtures") diff --git a/credentials/providers/default.go b/credentials/providers/default.go index 4f130ff..597625f 100644 --- a/credentials/providers/default.go +++ b/credentials/providers/default.go @@ -46,7 +46,7 @@ func NewDefaultCredentialsProvider() (provider *DefaultCredentialsProvider) { // credentials uri if os.Getenv("ALIBABA_CLOUD_CREDENTIALS_URI") != "" { - credentialsUriProvider, err := NewURLCredentialsProviderBuilderBuilder().Build() + credentialsUriProvider, err := NewURLCredentialsProviderBuilder().Build() if err == nil { providers = append(providers, credentialsUriProvider) } diff --git a/credentials/providers/uri.go b/credentials/providers/uri.go index 6572805..ccd877d 100644 --- a/credentials/providers/uri.go +++ b/credentials/providers/uri.go @@ -25,7 +25,7 @@ type URLCredentialsProviderBuilder struct { provider *URLCredentialsProvider } -func NewURLCredentialsProviderBuilderBuilder() *URLCredentialsProviderBuilder { +func NewURLCredentialsProviderBuilder() *URLCredentialsProviderBuilder { return &URLCredentialsProviderBuilder{ provider: &URLCredentialsProvider{}, } diff --git a/credentials/providers/uri_test.go b/credentials/providers/uri_test.go index d891d40..f16577a 100644 --- a/credentials/providers/uri_test.go +++ b/credentials/providers/uri_test.go @@ -18,19 +18,19 @@ func TestNewURLCredentialsProvider(t *testing.T) { rollback() }() // case 1: no credentials provider - _, err := NewURLCredentialsProviderBuilderBuilder(). + _, err := NewURLCredentialsProviderBuilder(). Build() assert.EqualError(t, err, "the url is empty") // case 2: no role arn os.Setenv("ALIBABA_CLOUD_CREDENTIALS_URI", "http://localhost:8080") - p, err := NewURLCredentialsProviderBuilderBuilder(). + p, err := NewURLCredentialsProviderBuilder(). Build() assert.Nil(t, err) assert.True(t, strings.HasPrefix(p.url, "http://localhost:8080")) // case 3: check default role session name - p, err = NewURLCredentialsProviderBuilderBuilder(). + p, err = NewURLCredentialsProviderBuilder(). WithUrl("http://localhost:9090"). Build() assert.Nil(t, err) @@ -40,7 +40,7 @@ func TestNewURLCredentialsProvider(t *testing.T) { func TestURLCredentialsProvider_getCredentials(t *testing.T) { originHttpDo := httpDo defer func() { httpDo = originHttpDo }() - p, err := NewURLCredentialsProviderBuilderBuilder(). + p, err := NewURLCredentialsProviderBuilder(). WithUrl("http://localhost:8080"). Build() assert.Nil(t, err) @@ -132,7 +132,7 @@ func TestURLCredentialsProvider_GetCredentials(t *testing.T) { defer func() { httpDo = originHttpDo }() // case 0: get previous credentials failed - p, err := NewURLCredentialsProviderBuilderBuilder(). + p, err := NewURLCredentialsProviderBuilder(). WithUrl("http://localhost:8080"). Build() assert.Nil(t, err) @@ -184,7 +184,7 @@ func TestURLCredentialsProvider_GetCredentials(t *testing.T) { } func TestURLCredentialsProviderWithHttpOptions(t *testing.T) { - p, err := NewURLCredentialsProviderBuilderBuilder(). + p, err := NewURLCredentialsProviderBuilder(). WithUrl("http://localhost:8080"). WithHttpOptions(&HttpOptions{ ConnectTimeout: 1000, diff --git a/integration/auth_test.go b/integration/auth_test.go index d6fa678..2acec9e 100644 --- a/integration/auth_test.go +++ b/integration/auth_test.go @@ -79,6 +79,7 @@ func TestOidc(t *testing.T) { assert.NotNil(t, c.AccessKeySecret) assert.NotNil(t, c.SecurityToken) assert.Equal(t, "oidc_role_arn", *c.Type) + assert.Equal(t, "oidc_role_arn", *c.ProviderName) } func TestDefaultProvider(t *testing.T) { @@ -90,5 +91,6 @@ func TestDefaultProvider(t *testing.T) { assert.NotNil(t, c.AccessKeyId) assert.NotNil(t, c.AccessKeySecret) assert.NotNil(t, c.SecurityToken) - assert.Equal(t, "default/oidc_role_arn", *c.Type) + assert.Equal(t, "default", *c.Type) + assert.Equal(t, "default/oidc_role_arn", *c.ProviderName) }