aliyun · yndu13 · Nov 11, 2024 · Nov 11, 2024
diff --git a/credentials/internal/http/http.go b/credentials/internal/http/http.go
@@ -94,7 +94,7 @@ func Do(req *Request) (res *Response, err error) {
 	httpClient := &http.Client{}
 
 	if req.ReadTimeout != 0 {
-		httpClient.Timeout = req.ReadTimeout
+		httpClient.Timeout = req.ReadTimeout + req.ConnectTimeout
 	}
 
 	transport := &http.Transport{}

diff --git a/credentials/providers/cli_profile.go b/credentials/providers/cli_profile.go
@@ -210,11 +210,16 @@ func (provider *CLIProfileCredentialsProvider) GetCredentials() (cc *Credentials
 		return
 	}
 
+	providerName := innerCC.ProviderName
+	if providerName == "" {
+		providerName = provider.innerProvider.GetProviderName()
+	}
+
 	cc = &Credentials{
 		AccessKeyId:     innerCC.AccessKeyId,
 		AccessKeySecret: innerCC.AccessKeySecret,
 		SecurityToken:   innerCC.SecurityToken,
-		ProviderName:    fmt.Sprintf("%s/%s", provider.GetProviderName(), provider.innerProvider.GetProviderName()),
+		ProviderName:    fmt.Sprintf("%s/%s", provider.GetProviderName(), providerName),
 	}
 
 	return

diff --git a/credentials/providers/cli_profile_test.go b/credentials/providers/cli_profile_test.go
@@ -6,6 +6,7 @@ import (
 	"strings"
 	"testing"
 
+	httputil "github.com/aliyun/credentials-go/credentials/internal/http"
 	"github.com/aliyun/credentials-go/credentials/internal/utils"
 	"github.com/stretchr/testify/assert"
 )
@@ -188,6 +189,8 @@ func TestCLIProfileCredentialsProvider_getCredentialsProvider(t *testing.T) {
 }
 
 func TestCLIProfileCredentialsProvider_GetCredentials(t *testing.T) {
+	originHttpDo := httpDo
+	defer func() { httpDo = originHttpDo }()
 	defer func() {
 		getHomePath = utils.GetHomePath
 	}()
@@ -230,4 +233,20 @@ func TestCLIProfileCredentialsProvider_GetCredentials(t *testing.T) {
 	assert.Nil(t, err)
 	_, err = provider.GetCredentials()
 	assert.Contains(t, err.Error(), "InvalidAccessKeyId.NotFound")
+
+	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
+		res = &httputil.Response{
+			StatusCode: 200,
+			Body:       []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"ststoken"}}`),
+		}
+		return
+	}
+	provider, err = NewCLIProfileCredentialsProviderBuilder().WithProfileName("ChainableRamRoleArn").Build()
+	assert.Nil(t, err)
+	cc, err = provider.GetCredentials()
+	assert.Nil(t, err)
+	assert.Equal(t, "akid", cc.AccessKeyId)
+	assert.Equal(t, "aksecret", cc.AccessKeySecret)
+	assert.Equal(t, "ststoken", cc.SecurityToken)
+	assert.Equal(t, "cli_profile/ram_role_arn/ram_role_arn/static_ak", cc.ProviderName)
 }
diff --git a/credentials/providers/default.go b/credentials/providers/default.go
@@ -64,11 +64,16 @@ func (provider *DefaultCredentialsProvider) GetCredentials() (cc *Credentials, e
 			return
 		}
 
+		providerName := inner.ProviderName
+		if providerName == "" {
+			providerName = provider.lastUsedProvider.GetProviderName()
+		}
+
 		cc = &Credentials{
 			AccessKeyId:     inner.AccessKeyId,
 			AccessKeySecret: inner.AccessKeySecret,
 			SecurityToken:   inner.SecurityToken,
-			ProviderName:    fmt.Sprintf("%s/%s", provider.GetProviderName(), provider.lastUsedProvider.GetProviderName()),
+			ProviderName:    fmt.Sprintf("%s/%s", provider.GetProviderName(), providerName),
 		}
 		return
 	}
@@ -84,11 +89,15 @@ func (provider *DefaultCredentialsProvider) GetCredentials() (cc *Credentials, e
 		}
 
 		if inner != nil {
+			providerName := inner.ProviderName
+			if providerName == "" {
+				providerName = p.GetProviderName()
+			}
 			cc = &Credentials{
 				AccessKeyId:     inner.AccessKeyId,
 				AccessKeySecret: inner.AccessKeySecret,
 				SecurityToken:   inner.SecurityToken,
-				ProviderName:    fmt.Sprintf("%s/%s", provider.GetProviderName(), p.GetProviderName()),
+				ProviderName:    fmt.Sprintf("%s/%s", provider.GetProviderName(), providerName),
 			}
 			return
 		}

diff --git a/credentials/providers/default_test.go b/credentials/providers/default_test.go
@@ -2,8 +2,10 @@ package providers
 
 import (
 	"os"
+	"path"
 	"testing"
 
+	httputil "github.com/aliyun/credentials-go/credentials/internal/http"
 	"github.com/aliyun/credentials-go/credentials/internal/utils"
 	"github.com/stretchr/testify/assert"
 )
@@ -102,12 +104,15 @@ func TestDefaultCredentialsProvider_GetCredentials(t *testing.T) {
 	rollback := utils.Memory("ALIBABA_CLOUD_ACCESS_KEY_ID",
 		"ALIBABA_CLOUD_ACCESS_KEY_SECRET",
 		"ALIBABA_CLOUD_SECURITY_TOKEN",
-		"ALIBABA_CLOUD_ECS_METADATA_DISABLED")
+		"ALIBABA_CLOUD_ECS_METADATA_DISABLED",
+		"ALIBABA_CLOUD_PROFILE")
 
 	defer func() {
 		getHomePath = utils.GetHomePath
 		rollback()
 	}()
+	originHttpDo := httpDo
+	defer func() { httpDo = originHttpDo }()
 
 	// testcase: empty home
 	getHomePath = func() string {
@@ -131,4 +136,23 @@ func TestDefaultCredentialsProvider_GetCredentials(t *testing.T) {
 	cc, err = provider.GetCredentials()
 	assert.Nil(t, err)
 	assert.Equal(t, &Credentials{AccessKeyId: "akid", AccessKeySecret: "aksecret", SecurityToken: "", ProviderName: "default/env"}, cc)
+
+	getHomePath = func() string {
+		wd, _ := os.Getwd()
+		return path.Join(wd, "fixtures")
+	}
+	os.Setenv("ALIBABA_CLOUD_ACCESS_KEY_ID", "")
+	os.Setenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET", "")
+	os.Setenv("ALIBABA_CLOUD_PROFILE", "ChainableRamRoleArn")
+	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
+		res = &httputil.Response{
+			StatusCode: 200,
+			Body:       []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"ststoken"}}`),
+		}
+		return
+	}
+	provider = NewDefaultCredentialsProvider()
+	cc, err = provider.GetCredentials()
+	assert.Nil(t, err)
+	assert.Equal(t, &Credentials{AccessKeyId: "akid", AccessKeySecret: "aksecret", SecurityToken: "ststoken", ProviderName: "default/cli_profile/ram_role_arn/ram_role_arn/static_ak"}, cc)
 }
diff --git a/credentials/providers/fixtures/.aliyun/config.json b/credentials/providers/fixtures/.aliyun/config.json
@@ -36,7 +36,13 @@
         {
             "name": "ChainableRamRoleArn",
             "mode": "ChainableRamRoleArn",
-            "source_profile": "ChainableRamRoleArn"
+            "ram_role_arn": "arn",
+            "source_profile": "RamRoleArn"
+        },
+        {
+            "name": "ChainableRamRoleArn1",
+            "mode": "ChainableRamRoleArn",
+            "source_profile": "AK"
         },
         {
             "name": "ChainableRamRoleArn2",

diff --git a/credentials/providers/profile.go b/credentials/providers/profile.go
@@ -149,11 +149,16 @@ func (provider *ProfileCredentialsProvider) GetCredentials() (cc *Credentials, e
 		return
 	}
 
+	providerName := innerCC.ProviderName
+	if providerName == "" {
+		providerName = provider.innerProvider.GetProviderName()
+	}
+
 	cc = &Credentials{
 		AccessKeyId:     innerCC.AccessKeyId,
 		AccessKeySecret: innerCC.AccessKeySecret,
 		SecurityToken:   innerCC.SecurityToken,
-		ProviderName:    fmt.Sprintf("%s/%s", provider.GetProviderName(), provider.innerProvider.GetProviderName()),
+		ProviderName:    fmt.Sprintf("%s/%s", provider.GetProviderName(), providerName),
 	}
 
 	return

diff --git a/credentials/providers/profile_test.go b/credentials/providers/profile_test.go
@@ -5,6 +5,7 @@ import (
 	"path"
 	"testing"
 
+	httputil "github.com/aliyun/credentials-go/credentials/internal/http"
 	"github.com/aliyun/credentials-go/credentials/internal/utils"
 	"github.com/stretchr/testify/assert"
 	"gopkg.in/ini.v1"
@@ -195,6 +196,8 @@ func TestProfileCredentialsProvider_getCredentialsProvider(t *testing.T) {
 }
 
 func TestProfileCredentialsProviderGetCredentials(t *testing.T) {
+	originHttpDo := httpDo
+	defer func() { httpDo = originHttpDo }()
 	rollback := utils.Memory("ALIBABA_CLOUD_CREDENTIALS_FILE")
 	defer func() {
 		getHomePath = utils.GetHomePath
@@ -249,4 +252,20 @@ func TestProfileCredentialsProviderGetCredentials(t *testing.T) {
 	cc, err = provider.GetCredentials()
 	assert.Nil(t, err)
 	assert.Equal(t, &Credentials{AccessKeyId: "foo", AccessKeySecret: "bar", SecurityToken: "", ProviderName: "profile/static_ak"}, cc)
+
+	httpDo = func(req *httputil.Request) (res *httputil.Response, err error) {
+		res = &httputil.Response{
+			StatusCode: 200,
+			Body:       []byte(`{"Credentials": {"AccessKeyId":"akid","AccessKeySecret":"aksecret","Expiration":"2021-10-20T04:27:09Z","SecurityToken":"ststoken"}}`),
+		}
+		return
+	}
+	provider, err = NewProfileCredentialsProviderBuilder().WithProfileName("ram").Build()
+	assert.Nil(t, err)
+	cc, err = provider.GetCredentials()
+	assert.Nil(t, err)
+	assert.Equal(t, "akid", cc.AccessKeyId)
+	assert.Equal(t, "aksecret", cc.AccessKeySecret)
+	assert.Equal(t, "ststoken", cc.SecurityToken)
+	assert.Equal(t, "profile/ram_role_arn/static_ak", cc.ProviderName)
 }
diff --git a/credentials/providers/ram_role_arn.go b/credentials/providers/ram_role_arn.go
@@ -65,9 +65,10 @@ type RAMRoleARNCredentialsProvider struct {
 	// for http options
 	httpOptions *HttpOptions
 	// inner
-	expirationTimestamp int64
-	lastUpdateTimestamp int64
-	sessionCredentials  *sessionCredentials
+	expirationTimestamp  int64
+	lastUpdateTimestamp  int64
+	previousProviderName string
+	sessionCredentials   *sessionCredentials
 }
 
 type RAMRoleARNCredentialsProviderBuilder struct {
@@ -356,14 +357,15 @@ func (provider *RAMRoleARNCredentialsProvider) GetCredentials() (cc *Credentials
 
 		provider.expirationTimestamp = expirationTime.Unix()
 		provider.lastUpdateTimestamp = time.Now().Unix()
+		provider.previousProviderName = previousCredentials.ProviderName
 		provider.sessionCredentials = sessionCredentials
 	}
 
 	cc = &Credentials{
 		AccessKeyId:     provider.sessionCredentials.AccessKeyId,
 		AccessKeySecret: provider.sessionCredentials.AccessKeySecret,
 		SecurityToken:   provider.sessionCredentials.SecurityToken,
-		ProviderName:    fmt.Sprintf("%s/%s", provider.GetProviderName(), provider.credentialsProvider.GetProviderName()),
+		ProviderName:    fmt.Sprintf("%s/%s", provider.GetProviderName(), provider.previousProviderName),
 	}
 	return
 }

diff --git a/credentials/providers/ram_role_arn_test.go b/credentials/providers/ram_role_arn_test.go
@@ -2,7 +2,6 @@ package providers
 
 import (
 	"errors"
-	"fmt"
 	"os"
 	"strings"
 	"testing"
@@ -142,7 +141,6 @@ func TestNewRAMRoleARNCredentialsProvider(t *testing.T) {
 		WithDurationSeconds(1000).
 		Build()
 	assert.Nil(t, err)
-	fmt.Println(p.credentialsProvider)
 	cre, err := p.credentialsProvider.GetCredentials()
 	assert.Nil(t, err)
 	assert.Equal(t, "ak", cre.AccessKeyId)
@@ -398,6 +396,21 @@ func TestRAMRoleARNCredentialsProviderGetCredentials(t *testing.T) {
 	assert.Equal(t, "ststoken", cc.SecurityToken)
 	assert.Equal(t, "ram_role_arn/static_ak", cc.ProviderName)
 	assert.True(t, p.needUpdateCredential())
+
+	pp, err := NewRAMRoleARNCredentialsProviderBuilder().
+		WithCredentialsProvider(p).
+		WithRoleArn("roleArn").
+		WithRoleSessionName("rsn").
+		WithDurationSeconds(1000).
+		Build()
+	assert.Nil(t, err)
+	cc, err = pp.GetCredentials()
+	assert.Nil(t, err)
+	assert.Equal(t, "akid", cc.AccessKeyId)
+	assert.Equal(t, "aksecret", cc.AccessKeySecret)
+	assert.Equal(t, "ststoken", cc.SecurityToken)
+	assert.True(t, pp.needUpdateCredential())
+	assert.Equal(t, "ram_role_arn/ram_role_arn/static_ak", cc.ProviderName)
 }
 
 func TestRAMRoleARNCredentialsProviderGetCredentialsWithError(t *testing.T) {