diff --git a/credentials/ecs_ram_role_credentials_provider.go b/credentials/ecs_ram_role_credentials_provider.go
deleted file mode 100644
index 5a54d7b..0000000
--- a/credentials/ecs_ram_role_credentials_provider.go
+++ /dev/null
@@ -1,204 +0,0 @@
-package credentials
-
-import (
-	"encoding/json"
-	"fmt"
-	"strconv"
-	"time"
-
-	"github.com/alibabacloud-go/tea/tea"
-	"github.com/aliyun/credentials-go/credentials/internal/utils"
-	"github.com/aliyun/credentials-go/credentials/request"
-)
-
-var securityCredURL = "http://100.100.100.200/latest/meta-data/ram/security-credentials/"
-var securityCredTokenURL = "http://100.100.100.200/latest/api/token"
-
-const defaultMetadataTokenDuration = int(21600)
-
-// ECSRAMRoleCredentialsProvider is a kind of credentials provider
-type ECSRAMRoleCredentialsProvider struct {
-	*credentialUpdater
-	RoleName              string
-	EnableIMDSv2          bool
-	MetadataTokenDuration int
-	sessionCredential     *sessionCredential
-	runtime               *utils.Runtime
-	metadataToken         string
-	staleTime             int64
-}
-
-type ecsRAMRoleResponse struct {
-	Code            string `json:"Code" xml:"Code"`
-	AccessKeyId     string `json:"AccessKeyId" xml:"AccessKeyId"`
-	AccessKeySecret string `json:"AccessKeySecret" xml:"AccessKeySecret"`
-	SecurityToken   string `json:"SecurityToken" xml:"SecurityToken"`
-	Expiration      string `json:"Expiration" xml:"Expiration"`
-}
-
-func newEcsRAMRoleCredentialWithEnableIMDSv2(roleName string, enableIMDSv2 bool, metadataTokenDuration int, inAdvanceScale float64, runtime *utils.Runtime) *ECSRAMRoleCredentialsProvider {
-	credentialUpdater := new(credentialUpdater)
-	if inAdvanceScale < 1 && inAdvanceScale > 0 {
-		credentialUpdater.inAdvanceScale = inAdvanceScale
-	}
-	return &ECSRAMRoleCredentialsProvider{
-		RoleName:              roleName,
-		EnableIMDSv2:          enableIMDSv2,
-		MetadataTokenDuration: metadataTokenDuration,
-		credentialUpdater:     credentialUpdater,
-		runtime:               runtime,
-	}
-}
-
-func (e *ECSRAMRoleCredentialsProvider) GetCredential() (credentials *CredentialModel, err error) {
-	if e.sessionCredential == nil || e.needUpdateCredential() {
-		err = e.updateCredential()
-		if err != nil {
-			if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) {
-				// 虽然有错误，但是已有的 credentials 还有效
-			} else {
-				return
-			}
-		}
-	}
-
-	credentials = &CredentialModel{
-		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
-		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
-		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
-		Type:            tea.String("ecs_ram_role"),
-	}
-
-	return
-}
-
-// GetAccessKeyId reutrns  EcsRAMRoleCredential's AccessKeyId
-// if AccessKeyId is not exist or out of date, the function will update it.
-func (e *ECSRAMRoleCredentialsProvider) GetAccessKeyId() (accessKeyId *string, err error) {
-	c, err := e.GetCredential()
-	if err != nil {
-		return
-	}
-
-	accessKeyId = c.AccessKeyId
-	return
-}
-
-// GetAccessSecret reutrns  EcsRAMRoleCredential's AccessKeySecret
-// if AccessKeySecret is not exist or out of date, the function will update it.
-func (e *ECSRAMRoleCredentialsProvider) GetAccessKeySecret() (accessKeySecret *string, err error) {
-	c, err := e.GetCredential()
-	if err != nil {
-		return
-	}
-
-	accessKeySecret = c.AccessKeySecret
-	return
-}
-
-// GetSecurityToken reutrns  EcsRAMRoleCredential's SecurityToken
-// if SecurityToken is not exist or out of date, the function will update it.
-func (e *ECSRAMRoleCredentialsProvider) GetSecurityToken() (securityToken *string, err error) {
-	c, err := e.GetCredential()
-	if err != nil {
-		return
-	}
-
-	securityToken = c.SecurityToken
-	return
-}
-
-// GetBearerToken is useless for EcsRAMRoleCredential
-func (e *ECSRAMRoleCredentialsProvider) GetBearerToken() *string {
-	return tea.String("")
-}
-
-// GetType reutrns  EcsRAMRoleCredential's type
-func (e *ECSRAMRoleCredentialsProvider) GetType() *string {
-	return tea.String("ecs_ram_role")
-}
-
-func getRoleName() (string, error) {
-	runtime := utils.NewRuntime(1, 1, "", "")
-	request := request.NewCommonRequest()
-	request.URL = securityCredURL
-	request.Method = "GET"
-	content, err := doAction(request, runtime)
-	if err != nil {
-		return "", err
-	}
-	return string(content), nil
-}
-
-func (e *ECSRAMRoleCredentialsProvider) getMetadataToken() (err error) {
-	if e.needToRefresh() {
-		if e.MetadataTokenDuration <= 0 {
-			e.MetadataTokenDuration = defaultMetadataTokenDuration
-		}
-		tmpTime := time.Now().Unix() + int64(e.MetadataTokenDuration*1000)
-		request := request.NewCommonRequest()
-		request.URL = securityCredTokenURL
-		request.Method = "PUT"
-		request.Headers["X-aliyun-ecs-metadata-token-ttl-seconds"] = strconv.Itoa(e.MetadataTokenDuration)
-		content, err := doAction(request, e.runtime)
-		if err != nil {
-			return err
-		}
-		e.staleTime = tmpTime
-		e.metadataToken = string(content)
-	}
-	return
-}
-
-func (e *ECSRAMRoleCredentialsProvider) updateCredential() (err error) {
-	if e.runtime == nil {
-		e.runtime = new(utils.Runtime)
-	}
-	request := request.NewCommonRequest()
-	if e.RoleName == "" {
-		e.RoleName, err = getRoleName()
-		if err != nil {
-			return fmt.Errorf("refresh Ecs sts token err: %s", err.Error())
-		}
-	}
-	if e.EnableIMDSv2 {
-		err = e.getMetadataToken()
-		if err != nil {
-			return fmt.Errorf("failed to get token from ECS Metadata Service: %s", err.Error())
-		}
-		request.Headers["X-aliyun-ecs-metadata-token"] = e.metadataToken
-	}
-	request.URL = securityCredURL + e.RoleName
-	request.Method = "GET"
-	content, err := doAction(request, e.runtime)
-	if err != nil {
-		return fmt.Errorf("refresh Ecs sts token err: %s", err.Error())
-	}
-	var resp *ecsRAMRoleResponse
-	err = json.Unmarshal(content, &resp)
-	if err != nil {
-		return fmt.Errorf("refresh Ecs sts token err: Json Unmarshal fail: %s", err.Error())
-	}
-	if resp.Code != "Success" {
-		return fmt.Errorf("refresh Ecs sts token err: Code is not Success")
-	}
-	if resp.AccessKeyId == "" || resp.AccessKeySecret == "" || resp.SecurityToken == "" || resp.Expiration == "" {
-		return fmt.Errorf("refresh Ecs sts token err: AccessKeyId: %s, AccessKeySecret: %s, SecurityToken: %s, Expiration: %s", resp.AccessKeyId, resp.AccessKeySecret, resp.SecurityToken, resp.Expiration)
-	}
-
-	expirationTime, err := time.Parse("2006-01-02T15:04:05Z", resp.Expiration)
-	e.lastUpdateTimestamp = time.Now().Unix()
-	e.credentialExpiration = int(expirationTime.Unix() - time.Now().Unix())
-	e.sessionCredential = &sessionCredential{
-		AccessKeyId:     resp.AccessKeyId,
-		AccessKeySecret: resp.AccessKeySecret,
-		SecurityToken:   resp.SecurityToken,
-	}
-
-	return
-}
-
-func (e *ECSRAMRoleCredentialsProvider) needToRefresh() (needToRefresh bool) {
-	needToRefresh = time.Now().Unix() >= e.staleTime
-	return
-}
diff --git a/credentials/ecs_ram_role_credentials_provider_test.go b/credentials/ecs_ram_role_credentials_provider_test.go
deleted file mode 100644
index 1d2c998..0000000
--- a/credentials/ecs_ram_role_credentials_provider_test.go
+++ /dev/null
@@ -1,271 +0,0 @@
-package credentials
-
-import (
-	"errors"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func Test_EcsRAmRoleCredential(t *testing.T) {
-	credentialUpdater := new(credentialUpdater)
-	credentialUpdater.inAdvanceScale = 0.5
-	auth := &ECSRAMRoleCredentialsProvider{
-		RoleName:          "go sdk",
-		credentialUpdater: credentialUpdater,
-		runtime:           nil,
-	}
-	origTestHookDo := hookDo
-	defer func() { hookDo = origTestHookDo }()
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(300, ``, errors.New("sdk test"))
-		}
-	}
-	accesskeyId, err := auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: sdk test", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(300, ``, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	accesskeySecret, err := auth.GetAccessKeySecret()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error())
-	assert.Nil(t, accesskeySecret)
-
-	ststoken, err := auth.GetSecurityToken()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error())
-	assert.Nil(t, ststoken)
-
-	assert.Equal(t, "", *auth.GetBearerToken())
-
-	assert.Equal(t, "ecs_ram_role", *auth.GetType())
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(400, `role`, nil)
-		}
-	}
-	auth.RoleName = ""
-	_, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: httpStatus: 400, message = role", err.Error())
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `role`, nil)
-		}
-	}
-	_, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: Json Unmarshal fail: invalid character 'r' looking for beginning of value", err.Error())
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration"`, nil)
-		}
-	}
-	auth.RoleName = "role"
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: Json Unmarshal fail: invalid character ':' after top-level value", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `{"AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration","Code":"fail"}`, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: Code is not Success", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `{"AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration","Code":"Success"}`, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: AccessKeyId: , AccessKeySecret: accessKeySecret, SecurityToken: securitytoken, Expiration: expiration", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2018-01-02T15:04:05Z","Code":"Success"}`, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.Nil(t, err)
-	assert.Equal(t, "accessKeyId", *accesskeyId)
-
-	accesskeySecret, err = auth.GetAccessKeySecret()
-	assert.Nil(t, err)
-	assert.Equal(t, "accessKeySecret", *accesskeySecret)
-
-	ststoken, err = auth.GetSecurityToken()
-	assert.Nil(t, err)
-	assert.Equal(t, "securitytoken", *ststoken)
-
-	err = errors.New("credentials")
-	err = hookParse(err)
-	assert.Equal(t, "credentials", err.Error())
-
-	cred, err := auth.GetCredential()
-	assert.Nil(t, err)
-	assert.Equal(t, "accessKeyId", *cred.AccessKeyId)
-	assert.Equal(t, "accessKeySecret", *cred.AccessKeySecret)
-	assert.Equal(t, "securitytoken", *cred.SecurityToken)
-	assert.Nil(t, cred.BearerToken)
-	assert.Equal(t, "ecs_ram_role", *cred.Type)
-
-	originHookParse := hookParse
-	hookParse = func(err error) error {
-		return errors.New("error parse")
-	}
-	defer func() {
-		hookParse = originHookParse
-	}()
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.Equal(t, "refresh Ecs sts token err: error parse", err.Error())
-	assert.Nil(t, accesskeyId)
-}
-
-func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
-	auth := newEcsRAMRoleCredentialWithEnableIMDSv2("go sdk", false, 0, 0.5, nil)
-	origTestHookDo := hookDo
-	defer func() { hookDo = origTestHookDo }()
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(300, ``, errors.New("sdk test"))
-		}
-	}
-	accesskeyId, err := auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: sdk test", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	auth = newEcsRAMRoleCredentialWithEnableIMDSv2("go sdk", true, 0, 0.5, nil)
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "failed to get token from ECS Metadata Service: sdk test", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	auth = newEcsRAMRoleCredentialWithEnableIMDSv2("go sdk", true, 180, 0.5, nil)
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "failed to get token from ECS Metadata Service: sdk test", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(300, ``, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "failed to get token from ECS Metadata Service: httpStatus: 300, message = ", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(400, `role`, nil)
-		}
-	}
-	auth.RoleName = ""
-	_, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: httpStatus: 400, message = role", err.Error())
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `role`, nil)
-		}
-	}
-	_, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: Json Unmarshal fail: invalid character 'r' looking for beginning of value", err.Error())
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration"`, nil)
-		}
-	}
-	auth.RoleName = "role"
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: Json Unmarshal fail: invalid character ':' after top-level value", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `{"AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration","Code":"fail"}`, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: Code is not Success", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `{"AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration","Code":"Success"}`, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh Ecs sts token err: AccessKeyId: , AccessKeySecret: accessKeySecret, SecurityToken: securitytoken, Expiration: expiration", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2018-01-02T15:04:05Z","Code":"Success"}`, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.Nil(t, err)
-	assert.Equal(t, "accessKeyId", *accesskeyId)
-
-	accesskeySecret, err := auth.GetAccessKeySecret()
-	assert.Nil(t, err)
-	assert.Equal(t, "accessKeySecret", *accesskeySecret)
-
-	ststoken, err := auth.GetSecurityToken()
-	assert.Nil(t, err)
-	assert.Equal(t, "securitytoken", *ststoken)
-
-	err = errors.New("credentials")
-	err = hookParse(err)
-	assert.Equal(t, "credentials", err.Error())
-
-	cred, err := auth.GetCredential()
-	assert.Nil(t, err)
-	assert.Equal(t, "accessKeyId", *cred.AccessKeyId)
-	assert.Equal(t, "accessKeySecret", *cred.AccessKeySecret)
-	assert.Equal(t, "securitytoken", *cred.SecurityToken)
-	assert.Nil(t, cred.BearerToken)
-	assert.Equal(t, "ecs_ram_role", *cred.Type)
-
-	originHookParse := hookParse
-	hookParse = func(err error) error {
-		return errors.New("error parse")
-	}
-	defer func() {
-		hookParse = originHookParse
-	}()
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.Equal(t, "refresh Ecs sts token err: error parse", err.Error())
-	assert.Nil(t, accesskeyId)
-}
diff --git a/credentials/oidc_credential_provider.go b/credentials/oidc_credential_provider.go
deleted file mode 100644
index 928eb93..0000000
--- a/credentials/oidc_credential_provider.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package credentials
-
-import (
-	"os"
-
-	"github.com/alibabacloud-go/tea/tea"
-)
-
-type oidcCredentialsProvider struct{}
-
-var providerOIDC = new(oidcCredentialsProvider)
-
-func newOidcCredentialsProvider() Provider {
-	return &oidcCredentialsProvider{}
-}
-
-func (p *oidcCredentialsProvider) resolve() (*Config, error) {
-	roleArn, ok1 := os.LookupEnv(ENVRoleArn)
-	oidcProviderArn, ok2 := os.LookupEnv(ENVOIDCProviderArn)
-	oidcTokenFilePath, ok3 := os.LookupEnv(ENVOIDCTokenFile)
-	if !ok1 || !ok2 || !ok3 {
-		return nil, nil
-	}
-
-	config := &Config{
-		Type:              tea.String("oidc_role_arn"),
-		RoleArn:           tea.String(roleArn),
-		OIDCProviderArn:   tea.String(oidcProviderArn),
-		OIDCTokenFilePath: tea.String(oidcTokenFilePath),
-		RoleSessionName:   tea.String("defaultSessionName"),
-	}
-	roleSessionName, ok := os.LookupEnv(ENVRoleSessionName)
-	if ok {
-		config.RoleSessionName = tea.String(roleSessionName)
-	}
-	return config, nil
-}
diff --git a/credentials/oidc_credential_provider_test.go b/credentials/oidc_credential_provider_test.go
deleted file mode 100644
index 67b9acb..0000000
--- a/credentials/oidc_credential_provider_test.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package credentials
-
-import (
-	"os"
-	"testing"
-
-	"github.com/alibabacloud-go/tea/tea"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestOidcCredentialsProvider(t *testing.T) {
-	p := newOidcCredentialsProvider()
-	roleArn := os.Getenv(ENVRoleArn)
-	oidcProviderArn := os.Getenv(ENVOIDCProviderArn)
-	oidcTokenFilePath := os.Getenv(ENVOIDCTokenFile)
-	roleSessionName := os.Getenv(ENVRoleSessionName)
-	os.Setenv(ENVRoleArn, "")
-	os.Setenv(ENVOIDCProviderArn, "")
-	os.Setenv(ENVOIDCTokenFile, "")
-	os.Setenv(ENVRoleSessionName, "")
-	defer func() {
-		os.Setenv(ENVRoleArn, roleArn)
-		os.Setenv(ENVOIDCProviderArn, oidcProviderArn)
-		os.Setenv(ENVOIDCTokenFile, oidcTokenFilePath)
-		os.Setenv(ENVRoleSessionName, roleSessionName)
-	}()
-	c, err := p.resolve()
-	assert.NotNil(t, c)
-	assert.Nil(t, err)
-
-	os.Setenv(ENVRoleArn, "roleArn")
-	os.Setenv(ENVOIDCProviderArn, "oidcProviderArn")
-	os.Setenv(ENVOIDCTokenFile, "oidcTokenFilePath")
-	os.Unsetenv(ENVRoleSessionName)
-	c, err = p.resolve()
-	assert.Nil(t, err)
-	assert.Equal(t, "roleArn", tea.StringValue(c.RoleArn))
-	assert.Equal(t, "oidcProviderArn", tea.StringValue(c.OIDCProviderArn))
-	assert.Equal(t, "oidcTokenFilePath", tea.StringValue(c.OIDCTokenFilePath))
-	assert.Equal(t, "defaultSessionName", tea.StringValue(c.RoleSessionName))
-	assert.Equal(t, "oidc_role_arn", tea.StringValue(c.Type))
-
-	os.Setenv(ENVRoleSessionName, "roleSessionName")
-	c, err = p.resolve()
-	assert.Nil(t, err)
-	assert.Equal(t, "roleArn", tea.StringValue(c.RoleArn))
-	assert.Equal(t, "oidcProviderArn", tea.StringValue(c.OIDCProviderArn))
-	assert.Equal(t, "oidcTokenFilePath", tea.StringValue(c.OIDCTokenFilePath))
-	assert.Equal(t, "roleSessionName", tea.StringValue(c.RoleSessionName))
-	assert.Equal(t, "oidc_role_arn", tea.StringValue(c.Type))
-
-	os.Unsetenv(ENVRoleArn)
-	os.Unsetenv(ENVOIDCProviderArn)
-	os.Unsetenv(ENVOIDCTokenFile)
-	os.Unsetenv(ENVRoleSessionName)
-	c, err = p.resolve()
-	assert.Nil(t, c)
-	assert.Nil(t, err)
-}
diff --git a/credentials/provider_chain.go b/credentials/provider_chain.go
deleted file mode 100644
index e433886..0000000
--- a/credentials/provider_chain.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package credentials
-
-import (
-	"errors"
-)
-
-type providerChain struct {
-	Providers []Provider
-}
-
-var defaultproviders = []Provider{providerEnv, providerOIDC, providerProfile, providerInstance}
-var defaultChain = newProviderChain(defaultproviders)
-
-func newProviderChain(providers []Provider) Provider {
-	return &providerChain{
-		Providers: providers,
-	}
-}
-
-func (p *providerChain) resolve() (*Config, error) {
-	for _, provider := range p.Providers {
-		config, err := provider.resolve()
-		if err != nil {
-			return nil, err
-		} else if config == nil {
-			continue
-		}
-		return config, err
-	}
-	return nil, errors.New("no credential found")
-
-}
diff --git a/credentials/provider_chain_test.go b/credentials/provider_chain_test.go
deleted file mode 100644
index d6718b2..0000000
--- a/credentials/provider_chain_test.go
+++ /dev/null
@@ -1,124 +0,0 @@
-package credentials
-
-import (
-	"os"
-	"testing"
-
-	"github.com/alibabacloud-go/tea/tea"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestProviderChain(t *testing.T) {
-	env := newEnvProvider()
-	pp := newProfileProvider()
-	instanceP := newInstanceCredentialsProvider()
-
-	pc := newProviderChain([]Provider{env, pp, instanceP})
-
-	originAccessKeyIdNew := os.Getenv(EnvVarAccessKeyIdNew)
-	originAccessKeyId := os.Getenv(EnvVarAccessKeyId)
-	originAccessKeySecret := os.Getenv(EnvVarAccessKeySecret)
-	os.Setenv(EnvVarAccessKeyId, "")
-	os.Setenv(EnvVarAccessKeyIdNew, "")
-	os.Setenv(EnvVarAccessKeySecret, "")
-	defer func() {
-		os.Setenv(EnvVarAccessKeyIdNew, originAccessKeyIdNew)
-		os.Setenv(EnvVarAccessKeyId, originAccessKeyId)
-		os.Setenv(EnvVarAccessKeySecret, originAccessKeySecret)
-	}()
-	c, err := pc.resolve()
-	assert.Nil(t, c)
-	assert.EqualError(t, err, "ALIBABA_CLOUD_ACCESS_KEY_ID or ALIBABA_CLOUD_ACCESS_KEY_Id cannot be empty")
-
-	os.Setenv(EnvVarAccessKeyId, "AccessKeyId")
-	os.Setenv(EnvVarAccessKeySecret, "AccessKeySecret")
-	c, err = pc.resolve()
-	assert.NotNil(t, c)
-	assert.Nil(t, err)
-
-	os.Unsetenv(EnvVarAccessKeyId)
-	os.Unsetenv(EnvVarAccessKeySecret)
-	os.Unsetenv(ENVCredentialFile)
-	os.Unsetenv(ENVEcsMetadata)
-
-	c, err = pc.resolve()
-	assert.Nil(t, c)
-	assert.EqualError(t, err, "no credential found")
-}
-
-func TestDefaultChainNoCred(t *testing.T) {
-	accessKeyIdNew := os.Getenv(EnvVarAccessKeyIdNew)
-	accessKeyId := os.Getenv(EnvVarAccessKeyId)
-	accessKeySecret := os.Getenv(EnvVarAccessKeySecret)
-	ecsMetadata := os.Getenv(ENVEcsMetadata)
-	roleArn := os.Getenv(ENVRoleArn)
-	oidcProviderArn := os.Getenv(ENVOIDCProviderArn)
-	oidcTokenFilePath := os.Getenv(ENVOIDCTokenFile)
-	roleSessionName := os.Getenv(ENVRoleSessionName)
-	os.Unsetenv(EnvVarAccessKeyId)
-	os.Unsetenv(EnvVarAccessKeySecret)
-	os.Unsetenv(ENVCredentialFile)
-	os.Unsetenv(ENVEcsMetadata)
-	os.Unsetenv(ENVRoleArn)
-	os.Unsetenv(ENVOIDCProviderArn)
-	os.Unsetenv(ENVOIDCTokenFile)
-	os.Unsetenv(ENVRoleSessionName)
-	defer func() {
-		os.Setenv(EnvVarAccessKeyIdNew, accessKeyIdNew)
-		os.Setenv(EnvVarAccessKeyId, accessKeyId)
-		os.Setenv(EnvVarAccessKeySecret, accessKeySecret)
-		os.Setenv(ENVEcsMetadata, ecsMetadata)
-		os.Setenv(ENVRoleArn, roleArn)
-		os.Setenv(ENVOIDCProviderArn, oidcProviderArn)
-		os.Setenv(ENVOIDCTokenFile, oidcTokenFilePath)
-		os.Setenv(ENVRoleSessionName, roleSessionName)
-	}()
-
-	chain, err := defaultChain.resolve()
-	assert.Nil(t, chain)
-	assert.Equal(t, "no credential found", err.Error())
-}
-
-func TestDefaultChainHasCred(t *testing.T) {
-	accessKeyIdNew := os.Getenv(EnvVarAccessKeyIdNew)
-	accessKeyId := os.Getenv(EnvVarAccessKeyId)
-	accessKeySecret := os.Getenv(EnvVarAccessKeySecret)
-	os.Unsetenv(EnvVarAccessKeyId)
-	os.Unsetenv(EnvVarAccessKeySecret)
-	os.Unsetenv(ENVCredentialFile)
-
-	path, _ := os.Getwd()
-	oidcTokenFilePathVar := path + "/oidc_token"
-	roleArn := os.Getenv(ENVRoleArn)
-	oidcProviderArn := os.Getenv(ENVOIDCProviderArn)
-	oidcTokenFilePath := os.Getenv(ENVOIDCTokenFile)
-	roleSessionName := os.Getenv(ENVRoleSessionName)
-	os.Setenv(ENVRoleArn, "acs:ram::roleArn:role/roleArn")
-	os.Setenv(ENVOIDCProviderArn, "acs:ram::roleArn")
-	os.Setenv(ENVOIDCTokenFile, oidcTokenFilePathVar)
-	os.Setenv(ENVRoleSessionName, "roleSessionName")
-	defer func() {
-		os.Setenv(EnvVarAccessKeyIdNew, accessKeyIdNew)
-		os.Setenv(EnvVarAccessKeyId, accessKeyId)
-		os.Setenv(EnvVarAccessKeySecret, accessKeySecret)
-		os.Setenv(ENVRoleArn, roleArn)
-		os.Setenv(ENVOIDCProviderArn, oidcProviderArn)
-		os.Setenv(ENVOIDCTokenFile, oidcTokenFilePath)
-		os.Setenv(ENVRoleSessionName, roleSessionName)
-	}()
-
-	config, err := defaultChain.resolve()
-	assert.NotNil(t, config)
-	assert.Nil(t, err)
-	assert.Equal(t, "acs:ram::roleArn:role/roleArn", tea.StringValue(config.RoleArn))
-	assert.Equal(t, "acs:ram::roleArn", tea.StringValue(config.OIDCProviderArn))
-	assert.Equal(t, oidcTokenFilePathVar, tea.StringValue(config.OIDCTokenFilePath))
-	assert.Equal(t, "roleSessionName", tea.StringValue(config.RoleSessionName))
-	assert.Equal(t, "oidc_role_arn", tea.StringValue(config.Type))
-
-	os.Setenv("ALIBABA_CLOUD_CLI_PROFILE_DISABLED", "true")
-	cred, err := NewCredential(nil)
-	assert.Nil(t, err)
-	assert.NotNil(t, cred)
-	assert.Equal(t, "default", *cred.GetType())
-}
diff --git a/credentials/ram_role_arn_credentials_provider.go b/credentials/ram_role_arn_credentials_provider.go
deleted file mode 100644
index 71ae004..0000000
--- a/credentials/ram_role_arn_credentials_provider.go
+++ /dev/null
@@ -1,219 +0,0 @@
-package credentials
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"strconv"
-	"time"
-
-	"github.com/alibabacloud-go/tea/tea"
-	"github.com/aliyun/credentials-go/credentials/internal/utils"
-	"github.com/aliyun/credentials-go/credentials/request"
-)
-
-const defaultDurationSeconds = 3600
-
-// RAMRoleArnCredentialsProvider is a kind of credentials
-type RAMRoleArnCredentialsProvider struct {
-	*credentialUpdater
-	AccessKeyId           string
-	AccessKeySecret       string
-	SecurityToken         string
-	RoleArn               string
-	RoleSessionName       string
-	RoleSessionExpiration int
-	Policy                string
-	ExternalId            string
-	sessionCredential     *sessionCredential
-	runtime               *utils.Runtime
-}
-
-type ramRoleArnResponse struct {
-	Credentials *credentialsInResponse `json:"Credentials" xml:"Credentials"`
-}
-
-type credentialsInResponse struct {
-	AccessKeyId     string `json:"AccessKeyId" xml:"AccessKeyId"`
-	AccessKeySecret string `json:"AccessKeySecret" xml:"AccessKeySecret"`
-	SecurityToken   string `json:"SecurityToken" xml:"SecurityToken"`
-	Expiration      string `json:"Expiration" xml:"Expiration"`
-}
-
-func newRAMRoleArnl(accessKeyId, accessKeySecret, securityToken, roleArn, roleSessionName, policy string, roleSessionExpiration int, externalId string, runtime *utils.Runtime) *RAMRoleArnCredentialsProvider {
-	return &RAMRoleArnCredentialsProvider{
-		AccessKeyId:           accessKeyId,
-		AccessKeySecret:       accessKeySecret,
-		SecurityToken:         securityToken,
-		RoleArn:               roleArn,
-		RoleSessionName:       roleSessionName,
-		RoleSessionExpiration: roleSessionExpiration,
-		Policy:                policy,
-		ExternalId:            externalId,
-		credentialUpdater:     new(credentialUpdater),
-		runtime:               runtime,
-	}
-}
-
-func newRAMRoleArnCredential(accessKeyId, accessKeySecret, roleArn, roleSessionName, policy string, roleSessionExpiration int, runtime *utils.Runtime) *RAMRoleArnCredentialsProvider {
-	return &RAMRoleArnCredentialsProvider{
-		AccessKeyId:           accessKeyId,
-		AccessKeySecret:       accessKeySecret,
-		RoleArn:               roleArn,
-		RoleSessionName:       roleSessionName,
-		RoleSessionExpiration: roleSessionExpiration,
-		Policy:                policy,
-		credentialUpdater:     new(credentialUpdater),
-		runtime:               runtime,
-	}
-}
-
-func newRAMRoleArnWithExternalIdCredential(accessKeyId, accessKeySecret, roleArn, roleSessionName, policy string, roleSessionExpiration int, externalId string, runtime *utils.Runtime) *RAMRoleArnCredentialsProvider {
-	return &RAMRoleArnCredentialsProvider{
-		AccessKeyId:           accessKeyId,
-		AccessKeySecret:       accessKeySecret,
-		RoleArn:               roleArn,
-		RoleSessionName:       roleSessionName,
-		RoleSessionExpiration: roleSessionExpiration,
-		Policy:                policy,
-		ExternalId:            externalId,
-		credentialUpdater:     new(credentialUpdater),
-		runtime:               runtime,
-	}
-}
-
-func (e *RAMRoleArnCredentialsProvider) GetCredential() (*CredentialModel, error) {
-	if e.sessionCredential == nil || e.needUpdateCredential() {
-		err := e.updateCredential()
-		if err != nil {
-			return nil, err
-		}
-	}
-	credential := &CredentialModel{
-		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
-		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
-		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
-		Type:            tea.String("ram_role_arn"),
-	}
-	return credential, nil
-}
-
-// GetAccessKeyId reutrns RAMRoleArnCredentialsProvider's AccessKeyId
-// if AccessKeyId is not exist or out of date, the function will update it.
-func (r *RAMRoleArnCredentialsProvider) GetAccessKeyId() (accessKeyId *string, err error) {
-	c, err := r.GetCredential()
-	if err != nil {
-		return
-	}
-
-	accessKeyId = c.AccessKeyId
-	return
-}
-
-// GetAccessSecret reutrns RAMRoleArnCredentialsProvider's AccessKeySecret
-// if AccessKeySecret is not exist or out of date, the function will update it.
-func (r *RAMRoleArnCredentialsProvider) GetAccessKeySecret() (accessKeySecret *string, err error) {
-	c, err := r.GetCredential()
-	if err != nil {
-		return
-	}
-
-	accessKeySecret = c.AccessKeySecret
-	return
-}
-
-// GetSecurityToken reutrns RAMRoleArnCredentialsProvider's SecurityToken
-// if SecurityToken is not exist or out of date, the function will update it.
-func (r *RAMRoleArnCredentialsProvider) GetSecurityToken() (securityToken *string, err error) {
-	c, err := r.GetCredential()
-	if err != nil {
-		return
-	}
-
-	securityToken = c.SecurityToken
-	return
-}
-
-// GetBearerToken is useless RAMRoleArnCredentialsProvider
-func (r *RAMRoleArnCredentialsProvider) GetBearerToken() *string {
-	return tea.String("")
-}
-
-// GetType reutrns RAMRoleArnCredentialsProvider's type
-func (r *RAMRoleArnCredentialsProvider) GetType() *string {
-	return tea.String("ram_role_arn")
-}
-
-func (r *RAMRoleArnCredentialsProvider) updateCredential() (err error) {
-	if r.runtime == nil {
-		r.runtime = new(utils.Runtime)
-	}
-	request := request.NewCommonRequest()
-	request.Domain = "sts.aliyuncs.com"
-	if r.runtime.STSEndpoint != "" {
-		request.Domain = r.runtime.STSEndpoint
-	}
-	request.Scheme = "HTTPS"
-	request.Method = "GET"
-	request.QueryParams["AccessKeyId"] = r.AccessKeyId
-	if r.SecurityToken != "" {
-		request.QueryParams["SecurityToken"] = r.SecurityToken
-	}
-	request.QueryParams["Action"] = "AssumeRole"
-	request.QueryParams["Format"] = "JSON"
-	if r.RoleSessionExpiration > 0 {
-		if r.RoleSessionExpiration >= 900 && r.RoleSessionExpiration <= 3600 {
-			request.QueryParams["DurationSeconds"] = strconv.Itoa(r.RoleSessionExpiration)
-		} else {
-			err = errors.New("[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr")
-			return
-		}
-	} else {
-		request.QueryParams["DurationSeconds"] = strconv.Itoa(defaultDurationSeconds)
-	}
-	request.QueryParams["RoleArn"] = r.RoleArn
-	if r.Policy != "" {
-		request.QueryParams["Policy"] = r.Policy
-	}
-	if r.ExternalId != "" {
-		request.QueryParams["ExternalId"] = r.ExternalId
-	}
-	request.QueryParams["RoleSessionName"] = r.RoleSessionName
-	request.QueryParams["SignatureMethod"] = "HMAC-SHA1"
-	request.QueryParams["SignatureVersion"] = "1.0"
-	request.QueryParams["Version"] = "2015-04-01"
-	request.QueryParams["Timestamp"] = utils.GetTimeInFormatISO8601()
-	request.QueryParams["SignatureNonce"] = utils.GetUUID()
-	signature := utils.ShaHmac1(request.BuildStringToSign(), r.AccessKeySecret+"&")
-	request.QueryParams["Signature"] = signature
-	request.Headers["Host"] = request.Domain
-	request.Headers["Accept-Encoding"] = "identity"
-	request.URL = request.BuildURL()
-	content, err := doAction(request, r.runtime)
-	if err != nil {
-		return fmt.Errorf("refresh RoleArn sts token err: %s", err.Error())
-	}
-	var resp *ramRoleArnResponse
-	err = json.Unmarshal(content, &resp)
-	if err != nil {
-		return fmt.Errorf("refresh RoleArn sts token err: Json.Unmarshal fail: %s", err.Error())
-	}
-	if resp == nil || resp.Credentials == nil {
-		return fmt.Errorf("refresh RoleArn sts token err: Credentials is empty")
-	}
-	respCredentials := resp.Credentials
-	if respCredentials.AccessKeyId == "" || respCredentials.AccessKeySecret == "" || respCredentials.SecurityToken == "" || respCredentials.Expiration == "" {
-		return fmt.Errorf("refresh RoleArn sts token err: AccessKeyId: %s, AccessKeySecret: %s, SecurityToken: %s, Expiration: %s", respCredentials.AccessKeyId, respCredentials.AccessKeySecret, respCredentials.SecurityToken, respCredentials.Expiration)
-	}
-
-	expirationTime, err := time.Parse("2006-01-02T15:04:05Z", respCredentials.Expiration)
-	r.lastUpdateTimestamp = time.Now().Unix()
-	r.credentialExpiration = int(expirationTime.Unix() - time.Now().Unix())
-	r.sessionCredential = &sessionCredential{
-		AccessKeyId:     respCredentials.AccessKeyId,
-		AccessKeySecret: respCredentials.AccessKeySecret,
-		SecurityToken:   respCredentials.SecurityToken,
-	}
-
-	return
-}
diff --git a/credentials/ram_role_arn_credentials_provider_test.go b/credentials/ram_role_arn_credentials_provider_test.go
deleted file mode 100644
index 04c66f2..0000000
--- a/credentials/ram_role_arn_credentials_provider_test.go
+++ /dev/null
@@ -1,175 +0,0 @@
-package credentials
-
-import (
-	"bytes"
-	"errors"
-	"io/ioutil"
-	"net/http"
-	"strconv"
-	"testing"
-
-	"github.com/aliyun/credentials-go/credentials/internal/utils"
-	"github.com/stretchr/testify/assert"
-)
-
-func mockResponse(statusCode int, content string, mockerr error) (res *http.Response, err error) {
-	status := strconv.Itoa(statusCode)
-	res = &http.Response{
-		Proto:      "HTTP/1.1",
-		ProtoMajor: 1,
-		Header:     map[string][]string{"sdk": {"test"}},
-		StatusCode: statusCode,
-		Status:     status + " " + http.StatusText(statusCode),
-	}
-	res.Body = ioutil.NopCloser(bytes.NewReader([]byte(content)))
-	err = mockerr
-	return
-}
-
-func Test_RoleArnCredential(t *testing.T) {
-	auth := newRAMRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", "policy", 300, nil)
-	origTestHookDo := hookDo
-	defer func() { hookDo = origTestHookDo }()
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration"}}`, errors.New("Internal error"))
-		}
-	}
-	accesskeyId, err := auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	accesskeySecret, err := auth.GetAccessKeySecret()
-	assert.NotNil(t, err)
-	assert.Equal(t, "[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr", err.Error())
-	assert.Nil(t, accesskeySecret)
-
-	ststoken, err := auth.GetSecurityToken()
-	assert.NotNil(t, err)
-	assert.Equal(t, "[InvalidParam]:Assume Role session duration should be in the range of 15min - 1Hr", err.Error())
-	assert.Nil(t, ststoken)
-
-	assert.Equal(t, "", *auth.GetBearerToken())
-	assert.Equal(t, "ram_role_arn", *auth.GetType())
-
-	auth.RoleSessionExpiration = 1000
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh RoleArn sts token err: Internal error", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	auth.RoleSessionExpiration = 0
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh RoleArn sts token err: Internal error", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(300, ``, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh RoleArn sts token err: httpStatus: 300, message = ", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration"}}`, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh RoleArn sts token err: Json.Unmarshal fail: invalid character ':' after top-level value", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `{"Credentials":{"AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"expiration"}}`, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh RoleArn sts token err: AccessKeyId: , AccessKeySecret: accessKeySecret, SecurityToken: securitytoken, Expiration: expiration", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `{}`, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh RoleArn sts token err: Credentials is empty", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2020-01-02T15:04:05Z"}}`, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.Nil(t, err)
-	assert.Equal(t, "accessKeyId", *accesskeyId)
-
-	accesskeySecret, err = auth.GetAccessKeySecret()
-	assert.Nil(t, err)
-	assert.Equal(t, "accessKeySecret", *accesskeySecret)
-
-	ststoken, err = auth.GetSecurityToken()
-	assert.Nil(t, err)
-	assert.Equal(t, "securitytoken", *ststoken)
-
-	cred, err := auth.GetCredential()
-	assert.Nil(t, err)
-	assert.Equal(t, "accessKeyId", *cred.AccessKeyId)
-	assert.Equal(t, "accessKeySecret", *cred.AccessKeySecret)
-	assert.Equal(t, "securitytoken", *cred.SecurityToken)
-	assert.Nil(t, cred.BearerToken)
-	assert.Equal(t, "ram_role_arn", *cred.Type)
-
-	auth = newRAMRoleArnCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", "policy", 3600, &utils.Runtime{STSEndpoint: "www.aliyun.com"})
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			assert.Equal(t, "www.aliyun.com", req.Host)
-			return mockResponse(200, `{}`, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.NotNil(t, err)
-	assert.Equal(t, "refresh RoleArn sts token err: Credentials is empty", err.Error())
-	assert.Nil(t, accesskeyId)
-
-	auth = newRAMRoleArnWithExternalIdCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", "policy", 3600, "externalId", nil)
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2020-01-02T15:04:05Z"}}`, nil)
-		}
-	}
-	accesskeyId, err = auth.GetAccessKeyId()
-	assert.Nil(t, err)
-	assert.Equal(t, "accessKeyId", *accesskeyId)
-
-	accesskeySecret, err = auth.GetAccessKeySecret()
-	assert.Nil(t, err)
-	assert.Equal(t, "accessKeySecret", *accesskeySecret)
-
-	ststoken, err = auth.GetSecurityToken()
-	assert.Nil(t, err)
-	assert.Equal(t, "securitytoken", *ststoken)
-}
-
-func TestStsRoleARNCredentialsProviderWithSecurityToken(t *testing.T) {
-	auth := newRAMRoleArnl("accessKeyId", "accessKeySecret", "securityToken", "roleArn", "roleSessionName", "policy", 3600, "externalId", nil)
-	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
-		return func(req *http.Request) (*http.Response, error) {
-			assert.Equal(t, "securityToken", req.URL.Query().Get("SecurityToken"))
-			return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2020-01-02T15:04:05Z"}}`, nil)
-		}
-	}
-
-	_, err := auth.GetCredential()
-	assert.Nil(t, err)
-}