Support sts for RAMRoleARNCredentialsProvider

aliyun · Jul 26, 2024 · 058f06e · 058f06e
1 parent aa59092
commit 058f06e
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/credentials/credential.go b/credentials/credential.go
@@ -268,9 +268,10 @@ func NewCredential(config *Config) (credential Credential, err error) {
 			ConnectTimeout: tea.IntValue(config.ConnectTimeout),
 			STSEndpoint:    tea.StringValue(config.STSEndpoint),
 		}
-		credential = newRAMRoleArnWithExternalIdCredential(
+		credential = newRAMRoleArnl(
 			tea.StringValue(config.AccessKeyId),
 			tea.StringValue(config.AccessKeySecret),
+			tea.StringValue(config.SecurityToken),
 			tea.StringValue(config.RoleArn),
 			tea.StringValue(config.RoleSessionName),
 			tea.StringValue(config.Policy),

diff --git a/credentials/sts_role_arn_credential.go b/credentials/sts_role_arn_credential.go
@@ -19,6 +19,7 @@ type RAMRoleArnCredential struct {
 	*credentialUpdater
 	AccessKeyId           string
 	AccessKeySecret       string
+	SecurityToken         string
 	RoleArn               string
 	RoleSessionName       string
 	RoleSessionExpiration int
@@ -39,6 +40,21 @@ type credentialsInResponse struct {
 	Expiration      string `json:"Expiration" xml:"Expiration"`
 }
 
+func newRAMRoleArnl(accessKeyId, accessKeySecret, securityToken, roleArn, roleSessionName, policy string, roleSessionExpiration int, externalId string, runtime *utils.Runtime) *RAMRoleArnCredential {
+	return &RAMRoleArnCredential{
+		AccessKeyId:           accessKeyId,
+		AccessKeySecret:       accessKeySecret,
+		SecurityToken:         securityToken,
+		RoleArn:               roleArn,
+		RoleSessionName:       roleSessionName,
+		RoleSessionExpiration: roleSessionExpiration,
+		Policy:                policy,
+		ExternalId:            externalId,
+		credentialUpdater:     new(credentialUpdater),
+		runtime:               runtime,
+	}
+}
+
 func newRAMRoleArnCredential(accessKeyId, accessKeySecret, roleArn, roleSessionName, policy string, roleSessionExpiration int, runtime *utils.Runtime) *RAMRoleArnCredential {
 	return &RAMRoleArnCredential{
 		AccessKeyId:           accessKeyId,
@@ -140,6 +156,9 @@ func (r *RAMRoleArnCredential) updateCredential() (err error) {
 	request.Scheme = "HTTPS"
 	request.Method = "GET"
 	request.QueryParams["AccessKeyId"] = r.AccessKeyId
+	if r.SecurityToken != "" {
+		request.QueryParams["SecurityToken"] = r.SecurityToken
+	}
 	request.QueryParams["Action"] = "AssumeRole"
 	request.QueryParams["Format"] = "JSON"
 	if r.RoleSessionExpiration > 0 {