aliyun · JacksonTian · Jul 29, 2024 · Jul 29, 2024
diff --git a/credentials/ecs_ram_role_credentials_provider.go b/credentials/ecs_ram_role_credentials_provider.go
@@ -50,65 +50,62 @@ func newEcsRAMRoleCredentialWithEnableIMDSv2(roleName string, enableIMDSv2 bool,
 	}
 }
 
-func (e *ECSRAMRoleCredentialsProvider) GetCredential() (*CredentialModel, error) {
+func (e *ECSRAMRoleCredentialsProvider) GetCredential() (credentials *CredentialModel, err error) {
 	if e.sessionCredential == nil || e.needUpdateCredential() {
-		err := e.updateCredential()
+		err = e.updateCredential()
 		if err != nil {
-			return nil, err
+			if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) {
+				// 虽然有错误，但是已有的 credentials 还有效
+			} else {
+				return
+			}
 		}
 	}
-	credential := &CredentialModel{
+
+	credentials = &CredentialModel{
 		AccessKeyId:     tea.String(e.sessionCredential.AccessKeyId),
 		AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret),
 		SecurityToken:   tea.String(e.sessionCredential.SecurityToken),
 		Type:            tea.String("ecs_ram_role"),
 	}
-	return credential, nil
+
+	return
 }
 
 // GetAccessKeyId reutrns  EcsRAMRoleCredential's AccessKeyId
 // if AccessKeyId is not exist or out of date, the function will update it.
-func (e *ECSRAMRoleCredentialsProvider) GetAccessKeyId() (*string, error) {
-	if e.sessionCredential == nil || e.needUpdateCredential() {
-		err := e.updateCredential()
-		if err != nil {
-			if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) {
-				return &e.sessionCredential.AccessKeyId, nil
-			}
-			return tea.String(""), err
-		}
+func (e *ECSRAMRoleCredentialsProvider) GetAccessKeyId() (accessKeyId *string, err error) {
+	c, err := e.GetCredential()
+	if err != nil {
+		return
 	}
-	return tea.String(e.sessionCredential.AccessKeyId), nil
+
+	accessKeyId = c.AccessKeyId
+	return
 }
 
 // GetAccessSecret reutrns  EcsRAMRoleCredential's AccessKeySecret
 // if AccessKeySecret is not exist or out of date, the function will update it.
-func (e *ECSRAMRoleCredentialsProvider) GetAccessKeySecret() (*string, error) {
-	if e.sessionCredential == nil || e.needUpdateCredential() {
-		err := e.updateCredential()
-		if err != nil {
-			if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) {
-				return &e.sessionCredential.AccessKeySecret, nil
-			}
-			return tea.String(""), err
-		}
+func (e *ECSRAMRoleCredentialsProvider) GetAccessKeySecret() (accessKeySecret *string, err error) {
+	c, err := e.GetCredential()
+	if err != nil {
+		return
 	}
-	return tea.String(e.sessionCredential.AccessKeySecret), nil
+
+	accessKeySecret = c.AccessKeySecret
+	return
 }
 
 // GetSecurityToken reutrns  EcsRAMRoleCredential's SecurityToken
 // if SecurityToken is not exist or out of date, the function will update it.
-func (e *ECSRAMRoleCredentialsProvider) GetSecurityToken() (*string, error) {
-	if e.sessionCredential == nil || e.needUpdateCredential() {
-		err := e.updateCredential()
-		if err != nil {
-			if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) {
-				return &e.sessionCredential.SecurityToken, nil
-			}
-			return tea.String(""), err
-		}
+func (e *ECSRAMRoleCredentialsProvider) GetSecurityToken() (securityToken *string, err error) {
+	c, err := e.GetCredential()
+	if err != nil {
+		return
 	}
-	return tea.String(e.sessionCredential.SecurityToken), nil
+
+	securityToken = c.SecurityToken
+	return
 }
 
 // GetBearerToken is useless for EcsRAMRoleCredential

diff --git a/credentials/ecs_ram_role_credentials_provider_test.go b/credentials/ecs_ram_role_credentials_provider_test.go
@@ -27,7 +27,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) {
 	accesskeyId, err := auth.GetAccessKeyId()
 	assert.NotNil(t, err)
 	assert.Equal(t, "refresh Ecs sts token err: sdk test", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 
 	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
 		return func(req *http.Request) (*http.Response, error) {
@@ -37,17 +37,17 @@ func Test_EcsRAmRoleCredential(t *testing.T) {
 	accesskeyId, err = auth.GetAccessKeyId()
 	assert.NotNil(t, err)
 	assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 
 	accesskeySecret, err := auth.GetAccessKeySecret()
 	assert.NotNil(t, err)
 	assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error())
-	assert.Equal(t, "", *accesskeySecret)
+	assert.Nil(t, accesskeySecret)
 
 	ststoken, err := auth.GetSecurityToken()
 	assert.NotNil(t, err)
 	assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error())
-	assert.Equal(t, "", *ststoken)
+	assert.Nil(t, ststoken)
 
 	assert.Equal(t, "", *auth.GetBearerToken())
 
@@ -80,7 +80,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) {
 	accesskeyId, err = auth.GetAccessKeyId()
 	assert.NotNil(t, err)
 	assert.Equal(t, "refresh Ecs sts token err: Json Unmarshal fail: invalid character ':' after top-level value", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 
 	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
 		return func(req *http.Request) (*http.Response, error) {
@@ -90,7 +90,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) {
 	accesskeyId, err = auth.GetAccessKeyId()
 	assert.NotNil(t, err)
 	assert.Equal(t, "refresh Ecs sts token err: Code is not Success", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 
 	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
 		return func(req *http.Request) (*http.Response, error) {
@@ -100,7 +100,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) {
 	accesskeyId, err = auth.GetAccessKeyId()
 	assert.NotNil(t, err)
 	assert.Equal(t, "refresh Ecs sts token err: AccessKeyId: , AccessKeySecret: accessKeySecret, SecurityToken: securitytoken, Expiration: expiration", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 
 	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
 		return func(req *http.Request) (*http.Response, error) {
@@ -140,7 +140,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) {
 	}()
 	accesskeyId, err = auth.GetAccessKeyId()
 	assert.Equal(t, "refresh Ecs sts token err: error parse", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 }
 
 func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
@@ -156,19 +156,19 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
 	accesskeyId, err := auth.GetAccessKeyId()
 	assert.NotNil(t, err)
 	assert.Equal(t, "refresh Ecs sts token err: sdk test", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 
 	auth = newEcsRAMRoleCredentialWithEnableIMDSv2("go sdk", true, 0, 0.5, nil)
 	accesskeyId, err = auth.GetAccessKeyId()
 	assert.NotNil(t, err)
 	assert.Equal(t, "failed to get token from ECS Metadata Service: sdk test", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 
 	auth = newEcsRAMRoleCredentialWithEnableIMDSv2("go sdk", true, 180, 0.5, nil)
 	accesskeyId, err = auth.GetAccessKeyId()
 	assert.NotNil(t, err)
 	assert.Equal(t, "failed to get token from ECS Metadata Service: sdk test", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 
 	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
 		return func(req *http.Request) (*http.Response, error) {
@@ -178,7 +178,7 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
 	accesskeyId, err = auth.GetAccessKeyId()
 	assert.NotNil(t, err)
 	assert.Equal(t, "failed to get token from ECS Metadata Service: httpStatus: 300, message = ", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 
 	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
 		return func(req *http.Request) (*http.Response, error) {
@@ -207,7 +207,7 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
 	accesskeyId, err = auth.GetAccessKeyId()
 	assert.NotNil(t, err)
 	assert.Equal(t, "refresh Ecs sts token err: Json Unmarshal fail: invalid character ':' after top-level value", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 
 	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
 		return func(req *http.Request) (*http.Response, error) {
@@ -217,7 +217,7 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
 	accesskeyId, err = auth.GetAccessKeyId()
 	assert.NotNil(t, err)
 	assert.Equal(t, "refresh Ecs sts token err: Code is not Success", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 
 	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
 		return func(req *http.Request) (*http.Response, error) {
@@ -227,7 +227,7 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
 	accesskeyId, err = auth.GetAccessKeyId()
 	assert.NotNil(t, err)
 	assert.Equal(t, "refresh Ecs sts token err: AccessKeyId: , AccessKeySecret: accessKeySecret, SecurityToken: securitytoken, Expiration: expiration", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 
 	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
 		return func(req *http.Request) (*http.Response, error) {
@@ -267,5 +267,5 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) {
 	}()
 	accesskeyId, err = auth.GetAccessKeyId()
 	assert.Equal(t, "refresh Ecs sts token err: error parse", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 }