Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: update readme to use GetCredential first #56

Merged
merged 1 commit into from
Nov 20, 2023
Merged

doc: update readme to use GetCredential first #56

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
102 changes: 73 additions & 29 deletions README-CN.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ $ go get -u github.com/aliyun/credentials-go
$ dep ensure -add github.com/aliyun/credentials-go
```

##快速使用
## 快速使用
在您开始之前,您需要注册阿里云帐户并获取您的[凭证](https://usercenter.console.aliyun.com/#/manage/ak)。

### 凭证类型
Expand All @@ -57,9 +57,10 @@ func main(){
if err != nil {
return
}
accessKeyId, err := akCredential.GetAccessKeyId()
accessSecret, err := akCredential.GetAccessKeySecret()
credentialType := akCredential.GetType()
credential, err := cred.GetCredential()
accessKeyId := credential.AccessKeyId
accessSecret := credential.AccessKeySecret
credentialType := credential.Type
fmt.Println(accessKeyId, accessSecret, credentialType)
}
```
Expand Down Expand Up @@ -88,10 +89,12 @@ func main() {
if err != nil {
return
}
accessKeyId, err := stsCredential.GetAccessKeyId()
accessSecret, err := stsCredential.GetAccessKeySecret()
securityToken, err := stsCredential.GetSecurityToken()
credentialType := stsCredential.GetType()

credential, err := stsCredential.GetCredential()
accessKeyId := credential.AccessKeyId
accessSecret := credential.AccessKeySecret
securityToken := credential.SecurityToken
credentialType := credential.Type
fmt.Println(accessKeyId, accessSecret, securityToken, credentialType)
}
```
Expand Down Expand Up @@ -121,10 +124,14 @@ func main() {
if err != nil {
return
}
accessKeyId, err := oidcCredential.GetAccessKeyId()
accessKeySecret, err := oidcCredential.GetAccessKeySecret()
token, err := oidcCredential.GetSecurityToken()
fmt.Println(accessKeyId, accessKeySecret, token)

credential, err := oidcCredential.GetCredential()
accessKeyId := credential.AccessKeyId
accessSecret := credential.AccessKeySecret
securityToken := credential.SecurityToken
credentialType := credential.Type

fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType)
}
```

Expand Down Expand Up @@ -158,11 +165,39 @@ func main(){
if err != nil {
return
}
accessKeyId, err := arnCredential.GetAccessKeyId()
accessSecret, err := arnCredential.GetAccessKeySecret()
securityToken, err := arnCredential.GetSecurityToken()
credentialType := arnCredential.GetType()
fmt.Println(accessKeyId, accessSecret, securityToken, credentialType)
credential, err := arnCredential.GetCredential()
accessKeyId := credential.AccessKeyId
accessSecret := credential.AccessKeySecret
securityToken := credential.SecurityToken
credentialType := credential.Type

fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType)
}
```

#### uriCredential

```go
import (
"fmt"

"github.com/aliyun/credentials-go/credentials"
)

func main(){
config := new(credentials.Config).SetType("credentials_uri").SetURL("http://127.0.0.1")
uriCredential, err := credentials.NewCredential(config)
if err != nil {
return
}

credential, err := uriCredential.GetCredential()
accessKeyId := credential.AccessKeyId
accessSecret := credential.AccessKeySecret
securityToken := credential.SecurityToken
credentialType := credential.Type

fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType)
}
```

Expand All @@ -186,11 +221,14 @@ func main(){
if err != nil {
return
}
accessKeyId, err := ecsCredential.GetAccessKeyId()
accessSecret, err := ecsCredential.GetAccessKeySecret()
securityToken, err := ecsCredential.GetSecurityToken()
credentialType := ecsCredential.GetType()
fmt.Println(accessKeyId, accessSecret, securityToken, credentialType)

credential, err := ecsCredential.GetCredential()
accessKeyId := credential.AccessKeyId
accessSecret := credential.AccessKeySecret
securityToken := credential.SecurityToken
credentialType := credential.Type

fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType)
}
```

Expand All @@ -216,11 +254,14 @@ func main(){
if err != nil {
return
}
accessKeyId, err := rsaCredential.GetAccessKeyId()
accessSecret, err := rsaCredential.GetAccessKeySecret()
securityToken, err := rsaCredential.GetSecurityToken()
credentialType := rsaCredential.GetType()
fmt.Println(accessKeyId, accessSecret, securityToken, credentialType)

credential, err := rsaCredential.GetCredential()
accessKeyId := credential.AccessKeyId
accessSecret := credential.AccessKeySecret
securityToken := credential.SecurityToken
credentialType := credential.Type

fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType)
}
```

Expand All @@ -245,8 +286,11 @@ func main(){
if err != nil {
return
}
bearerToken := bearerCredential.GetBearerToken()
credentialType := bearerCredential.GetType()

credential, err := bearerCredential.GetCredential()

bearerToken := credential.BearerToken
credentialType := credential.Type
fmt.Println(bearerToken, credentialType)
}
```
Expand Down
147 changes: 85 additions & 62 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,9 +57,10 @@ func main(){
if err != nil {
return
}
accessKeyId, err := akCredential.GetAccessKeyId()
accessSecret, err := akCredential.GetAccessKeySecret()
credentialType := akCredential.GetType()
credential, err := cred.GetCredential()
accessKeyId := credential.AccessKeyId
accessSecret := credential.AccessKeySecret
credentialType := credential.Type
fmt.Println(accessKeyId, accessSecret, credentialType)
}
```
Expand Down Expand Up @@ -88,14 +89,53 @@ func main() {
if err != nil {
return
}
accessKeyId, err := stsCredential.GetAccessKeyId()
accessSecret, err := stsCredential.GetAccessKeySecret()
securityToken, err := stsCredential.GetSecurityToken()
credentialType := stsCredential.GetType()

credential, err := stsCredential.GetCredential()
accessKeyId := credential.AccessKeyId
accessSecret := credential.AccessKeySecret
securityToken := credential.SecurityToken
credentialType := credential.Type
fmt.Println(accessKeyId, accessSecret, securityToken, credentialType)
}
```

#### AssumeRoleWithOIDC
When executing oidc role SSO, obtain the temporary identity credential (STS token) playing the RAM role by calling the AssumeRoleWithOIDC api.

``` go
package main

import (
"fmt"
"net/http"

"github.com/aliyun/credentials-go/credentials"
)

func main() {
config := new(credentials.Config).
SetType("oidc_role_arn").
SetOIDCProviderArn("OIDCProviderArn").
SetOIDCTokenFilePath("OIDCTokenFilePath").
SetRoleSessionName("RoleSessionName").
SetPolicy("Policy").
SetRoleArn("RoleArn").
SetSessionExpiration(3600)
oidcCredential, err := credentials.NewCredential(config)
if err != nil {
return
}

credential, err := oidcCredential.GetCredential()
accessKeyId := credential.AccessKeyId
accessSecret := credential.AccessKeySecret
securityToken := credential.SecurityToken
credentialType := credential.Type

fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType)
}
```

#### RamRoleArn
By specifying [RAM Role][RAM Role], the credential will be able to automatically request maintenance of STS Token. If you want to limit the permissions([How to make a policy][policy]) of STS Token, you can assign value for `Policy`.
```go
Expand Down Expand Up @@ -126,13 +166,16 @@ func main(){
if err != nil {
return
}
accessKeyId, err := arnCredential.GetAccessKeyId()
accessSecret, err := arnCredential.GetAccessKeySecret()
securityToken, err := arnCredential.GetSecurityToken()
credentialType := arnCredential.GetType()
fmt.Println(accessKeyId, accessSecret, securityToken, credentialType)
credential, err := arnCredential.GetCredential()
accessKeyId := credential.AccessKeyId
accessSecret := credential.AccessKeySecret
securityToken := credential.SecurityToken
credentialType := credential.Type

fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType)
}
```

#### uriCredential
```go
import (
Expand All @@ -143,17 +186,21 @@ import (

func main(){
config := new(credentials.Config).SetType("credentials_uri").SetURL("http://127.0.0.1")
credential, err := credentials.NewCredential(config)
uriCredential, err := credentials.NewCredential(config)
if err != nil {
return
}
accessKeyId, err := credential.GetAccessKeyId()
accessKeySecret, err := credential.GetAccessKeySecret()
fmt.Println(accessKeyId, accessKeySecret)

credential, err := uriCredential.GetCredential()
accessKeyId := credential.AccessKeyId
accessSecret := credential.AccessKeySecret
securityToken := credential.SecurityToken
credentialType := credential.Type

fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType)
}
```


#### EcsRamRole
By specifying the role name, the credential will be able to automatically request maintenance of STS Token.
```go
Expand All @@ -174,11 +221,14 @@ func main(){
if err != nil {
return
}
accessKeyId, err := ecsCredential.GetAccessKeyId()
accessSecret, err := ecsCredential.GetAccessKeySecret()
securityToken, err := ecsCredential.GetSecurityToken()
credentialType := ecsCredential.GetType()
fmt.Println(accessKeyId, accessSecret, securityToken, credentialType)

credential, err := ecsCredential.GetCredential()
accessKeyId := credential.AccessKeyId
accessSecret := credential.AccessKeySecret
securityToken := credential.SecurityToken
credentialType := credential.Type

fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType)
}
```

Expand All @@ -204,11 +254,14 @@ func main(){
if err != nil {
return
}
accessKeyId, err := rsaCredential.GetAccessKeyId()
accessSecret, err := rsaCredential.GetAccessKeySecret()
securityToken, err := rsaCredential.GetSecurityToken()
credentialType := rsaCredential.GetType()
fmt.Println(accessKeyId, accessSecret, securityToken, credentialType)

credential, err := rsaCredential.GetCredential()
accessKeyId := credential.AccessKeyId
accessSecret := credential.AccessKeySecret
securityToken := credential.SecurityToken
credentialType := credential.Type

fmt.Println(accessKeyId, accessKeySecret, securityToken, credentialType)
}
```

Expand All @@ -232,46 +285,16 @@ func main(){
if err != nil {
return
}
bearerToken := bearerCredential.GetBearerToken()
credentialType := bearerCredential.GetType()
fmt.Println(bearerToken, credentialType)
}
```

#### AssumeRoleWithOIDC
When performing oidc role SSO, obtain the temporary identity credential (STS Token) that plays the role of RAM by calling the AssumeRoleWithOIDC interface.
``` go
package main
credential, err := bearerCredential.GetCredential()

import (
"fmt"
"net/http"

"github.com/aliyun/credentials-go/credentials"
)

func main() {
config := new(credentials.Config).
SetType("oidc_role_arn").
SetOIDCProviderArn("OIDCProviderArn").
SetOIDCTokenFilePath("OIDCTokenFilePath").
SetRoleSessionName("RoleSessionName").
SetPolicy("Policy").
SetRoleArn("RoleArn").
SetSessionExpiration(3600)
oidcCredential, err := credentials.NewCredential(config)
if err != nil {
return
}
accessKeyId, err := oidcCredential.GetAccessKeyId()
accessKeySecret, err := oidcCredential.GetAccessKeySecret()
token, err := oidcCredential.GetSecurityToken()
fmt.Println(accessKeyId, accessKeySecret, token)
bearerToken := credential.BearerToken
credentialType := credential.Type
fmt.Println(bearerToken, credentialType)
}
```


### Provider
### Credential Provider Chain
If you call `NewCredential()` with nil, it will use provider chain to get credential for you.

#### 1. Environment Credentials
Expand Down
2 changes: 0 additions & 2 deletions credentials/oidc_credential.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,6 @@ import (
"github.com/aliyun/credentials-go/credentials/utils"
)

const defaultOIDCDurationSeconds = 3600

// OIDCCredential is a kind of credentials
type OIDCCredential struct {
*credentialUpdater
Expand Down
2 changes: 1 addition & 1 deletion credentials/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
package credentials

//Environmental virables that may be used by the provider
// Environmental virables that may be used by the provider
const (
ENVCredentialFile = "ALIBABA_CLOUD_CREDENTIALS_FILE"
ENVEcsMetadata = "ALIBABA_CLOUD_ECS_METADATA"
Expand Down
2 changes: 1 addition & 1 deletion credentials/sts_role_arn_credential_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ func mockResponse(statusCode int, content string, mockerr error) (res *http.Resp
res = &http.Response{
Proto: "HTTP/1.1",
ProtoMajor: 1,
Header: map[string][]string{"sdk": []string{"test"}},
Header: map[string][]string{"sdk": {"test"}},
StatusCode: statusCode,
Status: status + " " + http.StatusText(statusCode),
}
Expand Down