refactor: improve all credentials providers

.github/workflows/ci.yml

@@ -8,6 +8,10 @@ on:
 defaults:
   run:
     shell: bash
+
+permissions:
+  id-token: write
+
 jobs:
   build:
 
@@ -37,6 +41,19 @@ jobs:
 
     - name: Install dependencies
       run: composer install --prefer-dist --no-progress --no-suggest
+
+    - name: Setup OIDC
+      run: npm install @actions/[email protected] @actions/http-client
+
+    - name: Get Id Token
+      uses: actions/github-script@v7
+      id: idtoken
+      with:
+        script: |
+          const coreDemo = require('@actions/core');
+          const idToken = await coreDemo.getIDToken('sts.aliyuncs.com');
+          const fsx = require('fs/promises');
+          await fsx.writeFile('/tmp/oidc_token', idToken);
 
     - name: Run test case
       run: composer test
@@ -46,7 +63,13 @@ jobs:
         ROLE_ARN: ${{ secrets.ROLE_ARN }}
         PUBLIC_KEY_ID: ${{ secrets.PUBLIC_KEY_ID }}
         PRIVATE_KEY_LINE_1: ${{ secrets.PRIVATE_KEY_LINE_1 }}
+
+        # for OIDC
+        ALIBABA_CLOUD_OIDC_PROVIDER_ARN: ${{ secrets.ALIBABA_CLOUD_OIDC_PROVIDER_ARN }}
+        ALIBABA_CLOUD_OIDC_TOKEN_FILE: "/tmp/oidc_token"
+        ALIBABA_CLOUD_ROLE_ARN: ${{ secrets.OIDC_ROLE_ARN }}
+
     - name: Upload Coverage Report
       uses: codecov/codecov-action@v4
       with:
-        token: ${{ secrets.CODECOV_TOKEN }} # required
+        token: ${{ secrets.CODECOV_TOKEN }} # required

README-zh-CN.md

@@ -134,7 +134,6 @@ $bearerToken = new Credential([
     'bearer_token' => '<bearer_token>',
 ]);
 $bearerToken->getBearerToken();
-$bearerToken->getSignature();
 ```
 
 ## 默认凭证提供程序链

README.md

@@ -134,7 +134,6 @@ $bearerToken = new Credential([
     'bearer_token' => '<bearer_token>',
 ]);
 $bearerToken->getBearerToken();
-$bearerToken->getSignature();
 ```
 
 ## Default credential provider chain

phpunit.xml

@@ -39,15 +39,11 @@
         <whitelist processUncoveredFilesFromWhitelist="true">
             <directory suffix=".php">./src</directory>
             <exclude>
-                <file>./src/Profile/DefaultProfile.php</file>
-                <file>./src/DefaultAcsClient.php</file>
-                <file>./src/Release.php</file>
-                <file>./src/SDK.php</file>
-                <file>./src/Functions.php</file>
-                <file>./src/Constants/Business.php</file>
-                <file>./src/Constants/ErrorCode.php</file>
-                <file>./src/Signature/Signature.php</file>
-                <file>./src/Credentials/CredentialsInterface.php</file>
+                <file>./src/Credential/Config.php</file>
+                <file>./src/Credential/CredentialModel.php</file>
+                <file>./src/Providers/CredentialsProvider.php</file>
+                <file>./src/CredentialsInterface.php</file>
+                <file>./src/CredentialsProviderWrap.php</file>
             </exclude>
         </whitelist>
     </filter>

src/AccessKeyCredential.php

@@ -2,9 +2,12 @@
 
 namespace AlibabaCloud\Credentials;
 
+use AlibabaCloud\Credentials\Utils\Filter;
+use AlibabaCloud\Credentials\Credential\CredentialModel;
 use AlibabaCloud\Credentials\Signature\ShaHmac1Signature;
 
 /**
+ * @deprecated
  * Use the AccessKey to complete the authentication.
  */
 class AccessKeyCredential implements CredentialsInterface
@@ -29,7 +32,7 @@ public function __construct($access_key_id, $access_key_secret)
     {
         Filter::accessKey($access_key_id, $access_key_secret);
 
-        $this->accessKeyId     = $access_key_id;
+        $this->accessKeyId = $access_key_id;
         $this->accessKeySecret = $access_key_secret;
     }
 
@@ -69,4 +72,15 @@ public function getSecurityToken()
     {
         return '';
     }
+    /**
+     * @inheritDoc
+     */
+    public function getCredential()
+    {
+        return new CredentialModel([
+            'accessKeyId' => $this->accessKeyId,
+            'accessKeySecret' => $this->accessKeySecret,
+            'type' => 'access_key',
+        ]);
+    }
 }

src/BearerTokenCredential.php

@@ -2,6 +2,8 @@
 
 namespace AlibabaCloud\Credentials;
 
+use AlibabaCloud\Credentials\Utils\Filter;
+use AlibabaCloud\Credentials\Credential\CredentialModel;
 use AlibabaCloud\Credentials\Signature\BearerTokenSignature;
 
 /**
@@ -50,4 +52,16 @@ public function getSignature()
     {
         return new BearerTokenSignature();
     }
+
+    /**
+     * @inheritDoc
+     */
+    public function getCredential()
+    {
+        return new CredentialModel([
+            'bearerToken' => $this->bearerToken,
+            'type' => 'bearer',
+        ]);
+    }
+
 }