diff --git a/README-CN.md b/README-CN.md index 446facf..45505fd 100644 --- a/README-CN.md +++ b/README-CN.md @@ -30,7 +30,7 @@ $ go get -u github.com/aliyun/credentials-go $ dep ensure -add github.com/aliyun/credentials-go ``` -##快速使用 +## 快速使用 在您开始之前,您需要注册阿里云帐户并获取您的[凭证](https://usercenter.console.aliyun.com/#/manage/ak)。 ### 凭证类型 @@ -57,9 +57,10 @@ func main(){ if err != nil { return } - accessKeyId, err := akCredential.GetAccessKeyId() - accessSecret, err := akCredential.GetAccessKeySecret() - credentialType := akCredential.GetType() + credential, err := cred.GetCredential() + accessKeyId := credential.AccessKeyId + accessSecret := credential.AccessKeySecret + credentialType := credential.Type fmt.Println(accessKeyId, accessSecret, credentialType) } ``` @@ -88,10 +89,12 @@ func main() { if err != nil { return } - accessKeyId, err := stsCredential.GetAccessKeyId() - accessSecret, err := stsCredential.GetAccessKeySecret() - securityToken, err := stsCredential.GetSecurityToken() - credentialType := stsCredential.GetType() + + credential, err := stsCredential.GetCredential() + accessKeyId := credential.AccessKeyId + accessSecret := credential.AccessKeySecret + securityToken := credential.SecurityToken + credentialType := credential.Type fmt.Println(accessKeyId, accessSecret, securityToken, credentialType) } ``` @@ -121,10 +124,14 @@ func main() { if err != nil { return } - accessKeyId, err := oidcCredential.GetAccessKeyId() - accessKeySecret, err := oidcCredential.GetAccessKeySecret() - token, err := oidcCredential.GetSecurityToken() - fmt.Println(accessKeyId, accessKeySecret, token) + + credential, err := oidcCredential.GetCredential() + accessKeyId := credential.AccessKeyId + accessSecret := credential.AccessKeySecret + securityToken := credential.SecurityToken + credentialType := credential.Type + + fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType) } ``` @@ -158,11 +165,39 @@ func main(){ if err != nil { return } - accessKeyId, err := arnCredential.GetAccessKeyId() - accessSecret, err := arnCredential.GetAccessKeySecret() - securityToken, err := arnCredential.GetSecurityToken() - credentialType := arnCredential.GetType() - fmt.Println(accessKeyId, accessSecret, securityToken, credentialType) + credential, err := arnCredential.GetCredential() + accessKeyId := credential.AccessKeyId + accessSecret := credential.AccessKeySecret + securityToken := credential.SecurityToken + credentialType := credential.Type + + fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType) +} +``` + +#### uriCredential + +```go +import ( + "fmt" + + "github.com/aliyun/credentials-go/credentials" +) + +func main(){ + config := new(credentials.Config).SetType("credentials_uri").SetURL("http://127.0.0.1") + uriCredential, err := credentials.NewCredential(config) + if err != nil { + return + } + + credential, err := uriCredential.GetCredential() + accessKeyId := credential.AccessKeyId + accessSecret := credential.AccessKeySecret + securityToken := credential.SecurityToken + credentialType := credential.Type + + fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType) } ``` @@ -186,11 +221,14 @@ func main(){ if err != nil { return } - accessKeyId, err := ecsCredential.GetAccessKeyId() - accessSecret, err := ecsCredential.GetAccessKeySecret() - securityToken, err := ecsCredential.GetSecurityToken() - credentialType := ecsCredential.GetType() - fmt.Println(accessKeyId, accessSecret, securityToken, credentialType) + + credential, err := ecsCredential.GetCredential() + accessKeyId := credential.AccessKeyId + accessSecret := credential.AccessKeySecret + securityToken := credential.SecurityToken + credentialType := credential.Type + + fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType) } ``` @@ -216,11 +254,14 @@ func main(){ if err != nil { return } - accessKeyId, err := rsaCredential.GetAccessKeyId() - accessSecret, err := rsaCredential.GetAccessKeySecret() - securityToken, err := rsaCredential.GetSecurityToken() - credentialType := rsaCredential.GetType() - fmt.Println(accessKeyId, accessSecret, securityToken, credentialType) + + credential, err := rsaCredential.GetCredential() + accessKeyId := credential.AccessKeyId + accessSecret := credential.AccessKeySecret + securityToken := credential.SecurityToken + credentialType := credential.Type + + fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType) } ``` @@ -245,8 +286,11 @@ func main(){ if err != nil { return } - bearerToken := bearerCredential.GetBearerToken() - credentialType := bearerCredential.GetType() + + credential, err := bearerCredential.GetCredential() + + bearerToken := credential.BearerToken + credentialType := credential.Type fmt.Println(bearerToken, credentialType) } ``` diff --git a/README.md b/README.md index a71c4f0..80a567d 100644 --- a/README.md +++ b/README.md @@ -57,9 +57,10 @@ func main(){ if err != nil { return } - accessKeyId, err := akCredential.GetAccessKeyId() - accessSecret, err := akCredential.GetAccessKeySecret() - credentialType := akCredential.GetType() + credential, err := cred.GetCredential() + accessKeyId := credential.AccessKeyId + accessSecret := credential.AccessKeySecret + credentialType := credential.Type fmt.Println(accessKeyId, accessSecret, credentialType) } ``` @@ -88,14 +89,53 @@ func main() { if err != nil { return } - accessKeyId, err := stsCredential.GetAccessKeyId() - accessSecret, err := stsCredential.GetAccessKeySecret() - securityToken, err := stsCredential.GetSecurityToken() - credentialType := stsCredential.GetType() + + credential, err := stsCredential.GetCredential() + accessKeyId := credential.AccessKeyId + accessSecret := credential.AccessKeySecret + securityToken := credential.SecurityToken + credentialType := credential.Type fmt.Println(accessKeyId, accessSecret, securityToken, credentialType) } ``` +#### AssumeRoleWithOIDC +When executing oidc role SSO, obtain the temporary identity credential (STS token) playing the RAM role by calling the AssumeRoleWithOIDC api. + +``` go +package main + +import ( + "fmt" + "net/http" + + "github.com/aliyun/credentials-go/credentials" +) + +func main() { + config := new(credentials.Config). + SetType("oidc_role_arn"). + SetOIDCProviderArn("OIDCProviderArn"). + SetOIDCTokenFilePath("OIDCTokenFilePath"). + SetRoleSessionName("RoleSessionName"). + SetPolicy("Policy"). + SetRoleArn("RoleArn"). + SetSessionExpiration(3600) + oidcCredential, err := credentials.NewCredential(config) + if err != nil { + return + } + + credential, err := oidcCredential.GetCredential() + accessKeyId := credential.AccessKeyId + accessSecret := credential.AccessKeySecret + securityToken := credential.SecurityToken + credentialType := credential.Type + + fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType) +} +``` + #### RamRoleArn By specifying [RAM Role][RAM Role], the credential will be able to automatically request maintenance of STS Token. If you want to limit the permissions([How to make a policy][policy]) of STS Token, you can assign value for `Policy`. ```go @@ -126,13 +166,16 @@ func main(){ if err != nil { return } - accessKeyId, err := arnCredential.GetAccessKeyId() - accessSecret, err := arnCredential.GetAccessKeySecret() - securityToken, err := arnCredential.GetSecurityToken() - credentialType := arnCredential.GetType() - fmt.Println(accessKeyId, accessSecret, securityToken, credentialType) + credential, err := arnCredential.GetCredential() + accessKeyId := credential.AccessKeyId + accessSecret := credential.AccessKeySecret + securityToken := credential.SecurityToken + credentialType := credential.Type + + fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType) } ``` + #### uriCredential ```go import ( @@ -143,17 +186,21 @@ import ( func main(){ config := new(credentials.Config).SetType("credentials_uri").SetURL("http://127.0.0.1") - credential, err := credentials.NewCredential(config) + uriCredential, err := credentials.NewCredential(config) if err != nil { return } - accessKeyId, err := credential.GetAccessKeyId() - accessKeySecret, err := credential.GetAccessKeySecret() - fmt.Println(accessKeyId, accessKeySecret) + + credential, err := uriCredential.GetCredential() + accessKeyId := credential.AccessKeyId + accessSecret := credential.AccessKeySecret + securityToken := credential.SecurityToken + credentialType := credential.Type + + fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType) } ``` - #### EcsRamRole By specifying the role name, the credential will be able to automatically request maintenance of STS Token. ```go @@ -174,11 +221,14 @@ func main(){ if err != nil { return } - accessKeyId, err := ecsCredential.GetAccessKeyId() - accessSecret, err := ecsCredential.GetAccessKeySecret() - securityToken, err := ecsCredential.GetSecurityToken() - credentialType := ecsCredential.GetType() - fmt.Println(accessKeyId, accessSecret, securityToken, credentialType) + + credential, err := ecsCredential.GetCredential() + accessKeyId := credential.AccessKeyId + accessSecret := credential.AccessKeySecret + securityToken := credential.SecurityToken + credentialType := credential.Type + + fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType) } ``` @@ -204,11 +254,14 @@ func main(){ if err != nil { return } - accessKeyId, err := rsaCredential.GetAccessKeyId() - accessSecret, err := rsaCredential.GetAccessKeySecret() - securityToken, err := rsaCredential.GetSecurityToken() - credentialType := rsaCredential.GetType() - fmt.Println(accessKeyId, accessSecret, securityToken, credentialType) + + credential, err := rsaCredential.GetCredential() + accessKeyId := credential.AccessKeyId + accessSecret := credential.AccessKeySecret + securityToken := credential.SecurityToken + credentialType := credential.Type + + fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType) } ``` @@ -232,46 +285,16 @@ func main(){ if err != nil { return } - bearerToken := bearerCredential.GetBearerToken() - credentialType := bearerCredential.GetType() - fmt.Println(bearerToken, credentialType) -} -``` -#### AssumeRoleWithOIDC -When performing oidc role SSO, obtain the temporary identity credential (STS Token) that plays the role of RAM by calling the AssumeRoleWithOIDC interface. -``` go -package main + credential, err := bearerCredential.GetCredential() -import ( - "fmt" - "net/http" - - "github.com/aliyun/credentials-go/credentials" -) - -func main() { - config := new(credentials.Config). - SetType("oidc_role_arn"). - SetOIDCProviderArn("OIDCProviderArn"). - SetOIDCTokenFilePath("OIDCTokenFilePath"). - SetRoleSessionName("RoleSessionName"). - SetPolicy("Policy"). - SetRoleArn("RoleArn"). - SetSessionExpiration(3600) - oidcCredential, err := credentials.NewCredential(config) - if err != nil { - return - } - accessKeyId, err := oidcCredential.GetAccessKeyId() - accessKeySecret, err := oidcCredential.GetAccessKeySecret() - token, err := oidcCredential.GetSecurityToken() - fmt.Println(accessKeyId, accessKeySecret, token) + bearerToken := credential.BearerToken + credentialType := credential.Type + fmt.Println(bearerToken, credentialType) } ``` - -### Provider +### Credential Provider Chain If you call `NewCredential()` with nil, it will use provider chain to get credential for you. #### 1. Environment Credentials diff --git a/credentials/oidc_credential.go b/credentials/oidc_credential.go index de0acc7..c2b9630 100644 --- a/credentials/oidc_credential.go +++ b/credentials/oidc_credential.go @@ -13,8 +13,6 @@ import ( "github.com/aliyun/credentials-go/credentials/utils" ) -const defaultOIDCDurationSeconds = 3600 - // OIDCCredential is a kind of credentials type OIDCCredential struct { *credentialUpdater diff --git a/credentials/provider.go b/credentials/provider.go index fe813db..9ad6216 100644 --- a/credentials/provider.go +++ b/credentials/provider.go @@ -1,6 +1,6 @@ package credentials -//Environmental virables that may be used by the provider +// Environmental virables that may be used by the provider const ( ENVCredentialFile = "ALIBABA_CLOUD_CREDENTIALS_FILE" ENVEcsMetadata = "ALIBABA_CLOUD_ECS_METADATA" diff --git a/credentials/sts_role_arn_credential_test.go b/credentials/sts_role_arn_credential_test.go index 17fdc4f..42f1eaa 100644 --- a/credentials/sts_role_arn_credential_test.go +++ b/credentials/sts_role_arn_credential_test.go @@ -17,7 +17,7 @@ func mockResponse(statusCode int, content string, mockerr error) (res *http.Resp res = &http.Response{ Proto: "HTTP/1.1", ProtoMajor: 1, - Header: map[string][]string{"sdk": []string{"test"}}, + Header: map[string][]string{"sdk": {"test"}}, StatusCode: statusCode, Status: status + " " + http.StatusText(statusCode), }