diff --git a/credentials/internal/http/http.go b/credentials/internal/http/http.go index bc5dfd5..03a77e3 100644 --- a/credentials/internal/http/http.go +++ b/credentials/internal/http/http.go @@ -94,7 +94,7 @@ func Do(req *Request) (res *Response, err error) { httpClient := &http.Client{} if req.ReadTimeout != 0 { - httpClient.Timeout = req.ReadTimeout + httpClient.Timeout = req.ReadTimeout + req.ConnectTimeout } transport := &http.Transport{} diff --git a/credentials/providers/cli_profile.go b/credentials/providers/cli_profile.go index cdd240e..9189703 100644 --- a/credentials/providers/cli_profile.go +++ b/credentials/providers/cli_profile.go @@ -210,11 +210,16 @@ func (provider *CLIProfileCredentialsProvider) GetCredentials() (cc *Credentials return } + providerName := innerCC.ProviderName + if providerName == "" { + providerName = provider.innerProvider.GetProviderName() + } + cc = &Credentials{ AccessKeyId: innerCC.AccessKeyId, AccessKeySecret: innerCC.AccessKeySecret, SecurityToken: innerCC.SecurityToken, - ProviderName: fmt.Sprintf("%s/%s", provider.GetProviderName(), provider.innerProvider.GetProviderName()), + ProviderName: fmt.Sprintf("%s/%s", provider.GetProviderName(), providerName), } return diff --git a/credentials/providers/cli_profile_test.go b/credentials/providers/cli_profile_test.go index 1c183dc..41bdf8f 100644 --- a/credentials/providers/cli_profile_test.go +++ b/credentials/providers/cli_profile_test.go @@ -6,6 +6,7 @@ import ( "strings" "testing" + httputil "github.com/aliyun/credentials-go/credentials/internal/http" "github.com/aliyun/credentials-go/credentials/internal/utils" "github.com/stretchr/testify/assert" ) @@ -188,6 +189,8 @@ func TestCLIProfileCredentialsProvider_getCredentialsProvider(t *testing.T) { } func TestCLIProfileCredentialsProvider_GetCredentials(t *testing.T) { + originHttpDo := httpDo + defer func() { httpDo = originHttpDo }() defer func() { getHomePath = utils.GetHomePath }() @@ -230,4 +233,20 @@ func TestCLIProfileCredentialsProvider_GetCredentials(t *testing.T) { assert.Nil(t, err) _, err = provider.GetCredentials() assert.Contains(t, err.Error(), "InvalidAccessKeyId.NotFound") + + httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { + res = &httputil.Response{ + StatusCode: 200, + Body: []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"ststoken"}}`), + } + return + } + provider, err = NewCLIProfileCredentialsProviderBuilder().WithProfileName("ChainableRamRoleArn").Build() + assert.Nil(t, err) + cc, err = provider.GetCredentials() + assert.Nil(t, err) + assert.Equal(t, "akid", cc.AccessKeyId) + assert.Equal(t, "aksecret", cc.AccessKeySecret) + assert.Equal(t, "ststoken", cc.SecurityToken) + assert.Equal(t, "cli_profile/ram_role_arn/ram_role_arn/static_ak", cc.ProviderName) } diff --git a/credentials/providers/default.go b/credentials/providers/default.go index 9743676..d0a7cb3 100644 --- a/credentials/providers/default.go +++ b/credentials/providers/default.go @@ -64,11 +64,16 @@ func (provider *DefaultCredentialsProvider) GetCredentials() (cc *Credentials, e return } + providerName := inner.ProviderName + if providerName == "" { + providerName = provider.lastUsedProvider.GetProviderName() + } + cc = &Credentials{ AccessKeyId: inner.AccessKeyId, AccessKeySecret: inner.AccessKeySecret, SecurityToken: inner.SecurityToken, - ProviderName: fmt.Sprintf("%s/%s", provider.GetProviderName(), provider.lastUsedProvider.GetProviderName()), + ProviderName: fmt.Sprintf("%s/%s", provider.GetProviderName(), providerName), } return } @@ -84,11 +89,15 @@ func (provider *DefaultCredentialsProvider) GetCredentials() (cc *Credentials, e } if inner != nil { + providerName := inner.ProviderName + if providerName == "" { + providerName = p.GetProviderName() + } cc = &Credentials{ AccessKeyId: inner.AccessKeyId, AccessKeySecret: inner.AccessKeySecret, SecurityToken: inner.SecurityToken, - ProviderName: fmt.Sprintf("%s/%s", provider.GetProviderName(), p.GetProviderName()), + ProviderName: fmt.Sprintf("%s/%s", provider.GetProviderName(), providerName), } return } diff --git a/credentials/providers/default_test.go b/credentials/providers/default_test.go index 5c971bc..ce651fd 100644 --- a/credentials/providers/default_test.go +++ b/credentials/providers/default_test.go @@ -2,8 +2,10 @@ package providers import ( "os" + "path" "testing" + httputil "github.com/aliyun/credentials-go/credentials/internal/http" "github.com/aliyun/credentials-go/credentials/internal/utils" "github.com/stretchr/testify/assert" ) @@ -102,12 +104,15 @@ func TestDefaultCredentialsProvider_GetCredentials(t *testing.T) { rollback := utils.Memory("ALIBABA_CLOUD_ACCESS_KEY_ID", "ALIBABA_CLOUD_ACCESS_KEY_SECRET", "ALIBABA_CLOUD_SECURITY_TOKEN", - "ALIBABA_CLOUD_ECS_METADATA_DISABLED") + "ALIBABA_CLOUD_ECS_METADATA_DISABLED", + "ALIBABA_CLOUD_PROFILE") defer func() { getHomePath = utils.GetHomePath rollback() }() + originHttpDo := httpDo + defer func() { httpDo = originHttpDo }() // testcase: empty home getHomePath = func() string { @@ -131,4 +136,23 @@ func TestDefaultCredentialsProvider_GetCredentials(t *testing.T) { cc, err = provider.GetCredentials() assert.Nil(t, err) assert.Equal(t, &Credentials{AccessKeyId: "akid", AccessKeySecret: "aksecret", SecurityToken: "", ProviderName: "default/env"}, cc) + + getHomePath = func() string { + wd, _ := os.Getwd() + return path.Join(wd, "fixtures") + } + os.Setenv("ALIBABA_CLOUD_ACCESS_KEY_ID", "") + os.Setenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET", "") + os.Setenv("ALIBABA_CLOUD_PROFILE", "ChainableRamRoleArn") + httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { + res = &httputil.Response{ + StatusCode: 200, + Body: []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"ststoken"}}`), + } + return + } + provider = NewDefaultCredentialsProvider() + cc, err = provider.GetCredentials() + assert.Nil(t, err) + assert.Equal(t, &Credentials{AccessKeyId: "akid", AccessKeySecret: "aksecret", SecurityToken: "ststoken", ProviderName: "default/cli_profile/ram_role_arn/ram_role_arn/static_ak"}, cc) } diff --git a/credentials/providers/fixtures/.aliyun/config.json b/credentials/providers/fixtures/.aliyun/config.json index e0ea4c8..be3d80b 100644 --- a/credentials/providers/fixtures/.aliyun/config.json +++ b/credentials/providers/fixtures/.aliyun/config.json @@ -36,7 +36,13 @@ { "name": "ChainableRamRoleArn", "mode": "ChainableRamRoleArn", - "source_profile": "ChainableRamRoleArn" + "ram_role_arn": "arn", + "source_profile": "RamRoleArn" + }, + { + "name": "ChainableRamRoleArn1", + "mode": "ChainableRamRoleArn", + "source_profile": "AK" }, { "name": "ChainableRamRoleArn2", diff --git a/credentials/providers/profile.go b/credentials/providers/profile.go index 36cef69..c26548e 100644 --- a/credentials/providers/profile.go +++ b/credentials/providers/profile.go @@ -149,11 +149,16 @@ func (provider *ProfileCredentialsProvider) GetCredentials() (cc *Credentials, e return } + providerName := innerCC.ProviderName + if providerName == "" { + providerName = provider.innerProvider.GetProviderName() + } + cc = &Credentials{ AccessKeyId: innerCC.AccessKeyId, AccessKeySecret: innerCC.AccessKeySecret, SecurityToken: innerCC.SecurityToken, - ProviderName: fmt.Sprintf("%s/%s", provider.GetProviderName(), provider.innerProvider.GetProviderName()), + ProviderName: fmt.Sprintf("%s/%s", provider.GetProviderName(), providerName), } return diff --git a/credentials/providers/profile_test.go b/credentials/providers/profile_test.go index 66b5f21..535b288 100644 --- a/credentials/providers/profile_test.go +++ b/credentials/providers/profile_test.go @@ -5,6 +5,7 @@ import ( "path" "testing" + httputil "github.com/aliyun/credentials-go/credentials/internal/http" "github.com/aliyun/credentials-go/credentials/internal/utils" "github.com/stretchr/testify/assert" "gopkg.in/ini.v1" @@ -195,6 +196,8 @@ func TestProfileCredentialsProvider_getCredentialsProvider(t *testing.T) { } func TestProfileCredentialsProviderGetCredentials(t *testing.T) { + originHttpDo := httpDo + defer func() { httpDo = originHttpDo }() rollback := utils.Memory("ALIBABA_CLOUD_CREDENTIALS_FILE") defer func() { getHomePath = utils.GetHomePath @@ -249,4 +252,20 @@ func TestProfileCredentialsProviderGetCredentials(t *testing.T) { cc, err = provider.GetCredentials() assert.Nil(t, err) assert.Equal(t, &Credentials{AccessKeyId: "foo", AccessKeySecret: "bar", SecurityToken: "", ProviderName: "profile/static_ak"}, cc) + + httpDo = func(req *httputil.Request) (res *httputil.Response, err error) { + res = &httputil.Response{ + StatusCode: 200, + Body: []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"ststoken"}}`), + } + return + } + provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("ram").Build() + assert.Nil(t, err) + cc, err = provider.GetCredentials() + assert.Nil(t, err) + assert.Equal(t, "akid", cc.AccessKeyId) + assert.Equal(t, "aksecret", cc.AccessKeySecret) + assert.Equal(t, "ststoken", cc.SecurityToken) + assert.Equal(t, "profile/ram_role_arn/static_ak", cc.ProviderName) } diff --git a/credentials/providers/ram_role_arn.go b/credentials/providers/ram_role_arn.go index cd25302..969e271 100644 --- a/credentials/providers/ram_role_arn.go +++ b/credentials/providers/ram_role_arn.go @@ -65,9 +65,10 @@ type RAMRoleARNCredentialsProvider struct { // for http options httpOptions *HttpOptions // inner - expirationTimestamp int64 - lastUpdateTimestamp int64 - sessionCredentials *sessionCredentials + expirationTimestamp int64 + lastUpdateTimestamp int64 + previousProviderName string + sessionCredentials *sessionCredentials } type RAMRoleARNCredentialsProviderBuilder struct { @@ -356,6 +357,7 @@ func (provider *RAMRoleARNCredentialsProvider) GetCredentials() (cc *Credentials provider.expirationTimestamp = expirationTime.Unix() provider.lastUpdateTimestamp = time.Now().Unix() + provider.previousProviderName = previousCredentials.ProviderName provider.sessionCredentials = sessionCredentials } @@ -363,7 +365,7 @@ func (provider *RAMRoleARNCredentialsProvider) GetCredentials() (cc *Credentials AccessKeyId: provider.sessionCredentials.AccessKeyId, AccessKeySecret: provider.sessionCredentials.AccessKeySecret, SecurityToken: provider.sessionCredentials.SecurityToken, - ProviderName: fmt.Sprintf("%s/%s", provider.GetProviderName(), provider.credentialsProvider.GetProviderName()), + ProviderName: fmt.Sprintf("%s/%s", provider.GetProviderName(), provider.previousProviderName), } return } diff --git a/credentials/providers/ram_role_arn_test.go b/credentials/providers/ram_role_arn_test.go index 57f0ec2..7b98192 100644 --- a/credentials/providers/ram_role_arn_test.go +++ b/credentials/providers/ram_role_arn_test.go @@ -2,7 +2,6 @@ package providers import ( "errors" - "fmt" "os" "strings" "testing" @@ -142,7 +141,6 @@ func TestNewRAMRoleARNCredentialsProvider(t *testing.T) { WithDurationSeconds(1000). Build() assert.Nil(t, err) - fmt.Println(p.credentialsProvider) cre, err := p.credentialsProvider.GetCredentials() assert.Nil(t, err) assert.Equal(t, "ak", cre.AccessKeyId) @@ -398,6 +396,21 @@ func TestRAMRoleARNCredentialsProviderGetCredentials(t *testing.T) { assert.Equal(t, "ststoken", cc.SecurityToken) assert.Equal(t, "ram_role_arn/static_ak", cc.ProviderName) assert.True(t, p.needUpdateCredential()) + + pp, err := NewRAMRoleARNCredentialsProviderBuilder(). + WithCredentialsProvider(p). + WithRoleArn("roleArn"). + WithRoleSessionName("rsn"). + WithDurationSeconds(1000). + Build() + assert.Nil(t, err) + cc, err = pp.GetCredentials() + assert.Nil(t, err) + assert.Equal(t, "akid", cc.AccessKeyId) + assert.Equal(t, "aksecret", cc.AccessKeySecret) + assert.Equal(t, "ststoken", cc.SecurityToken) + assert.True(t, pp.needUpdateCredential()) + assert.Equal(t, "ram_role_arn/ram_role_arn/static_ak", cc.ProviderName) } func TestRAMRoleARNCredentialsProviderGetCredentialsWithError(t *testing.T) {