in sdk/auth/credentials/credentials.go [888:949]
func (provider *ECSRAMRoleCredentialsProvider) getMetadataToken() (metadataToken string, err error) {
// PUT http://100.100.100.200/latest/api/token
var requestUrl = "http://100.100.100.200/latest/api/token"
httpRequest, _err := hookNewRequest(http.NewRequest)("PUT", requestUrl, strings.NewReader(""))
if _err != nil {
if provider.disableIMDSv1 {
err = fmt.Errorf("get metadata token failed: %s", _err.Error())
}
return
}
httpRequest.Header.Set("X-aliyun-ecs-metadata-token-ttl-seconds", strconv.Itoa(defaultMetadataTokenDuration))
connectTimeout := 1 * time.Second
readTimeout := 1 * time.Second
if provider.httpOptions != nil && provider.httpOptions.ConnectTimeout > 0 {
connectTimeout = provider.httpOptions.ConnectTimeout
}
if provider.httpOptions != nil && provider.httpOptions.ReadTimeout > 0 {
readTimeout = provider.httpOptions.ReadTimeout
}
transport := http.DefaultTransport.(*http.Transport).Clone()
transport.DialContext = func(ctx context.Context, network, address string) (net.Conn, error) {
return (&net.Dialer{
Timeout: connectTimeout,
DualStack: true,
}).DialContext(ctx, network, address)
}
httpClient := &http.Client{
Timeout: connectTimeout + readTimeout,
Transport: transport,
}
httpResponse, _err := hookDo(httpClient.Do)(httpRequest)
if _err != nil {
if provider.disableIMDSv1 {
err = fmt.Errorf("get metadata token failed: %s", _err.Error())
}
return
}
defer httpResponse.Body.Close()
responseBody, _err := ioutil.ReadAll(httpResponse.Body)
if _err != nil {
if provider.disableIMDSv1 {
err = fmt.Errorf("get metadata token failed: %s", _err.Error())
}
return
}
if httpResponse.StatusCode != http.StatusOK {
if provider.disableIMDSv1 {
err = errors.NewServerError(httpResponse.StatusCode, string(responseBody), "refresh Ecs sts token err")
}
return
}
metadataToken = strings.TrimSpace(string(responseBody))
return
}