in sdk/auth/credentials/credentials.go [1207:1268]
func (b *OIDCCredentialsProviderBuilder) Build() (provider *OIDCCredentialsProvider, err error) {
provider = b.provider
if provider.roleSessionName == "" {
provider.roleSessionName = "aliyun-go-sdk-" + strconv.FormatInt(time.Now().UnixNano()/1000, 10)
}
if provider.oidcTokenFilePath == "" {
provider.oidcTokenFilePath = os.Getenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE")
}
if provider.oidcTokenFilePath == "" {
err = errors.NewClientError(errors.InvalidParamErrorCode, "OIDCTokenFilePath can not be empty", nil)
return
}
if provider.oidcProviderARN == "" {
provider.oidcProviderARN = os.Getenv("ALIBABA_CLOUD_OIDC_PROVIDER_ARN")
}
if provider.oidcProviderARN == "" {
err = errors.NewClientError(errors.InvalidParamErrorCode, "OIDCProviderARN can not be empty", nil)
return
}
if provider.roleArn == "" {
provider.roleArn = os.Getenv("ALIBABA_CLOUD_ROLE_ARN")
}
if provider.roleArn == "" {
err = errors.NewClientError(errors.InvalidParamErrorCode, "RoleArn can not be empty", nil)
return
}
if provider.durationSeconds == 0 {
provider.durationSeconds = 3600
}
if provider.durationSeconds < 900 || provider.durationSeconds > 3600 {
err = errors.NewClientError(errors.InvalidParamErrorCode, "Assume Role session duration should be in the range of 15min - 1hr", nil)
}
// sts endpoint
if provider.stsEndpoint == "" {
if !provider.enableVpc {
provider.enableVpc = strings.ToLower(os.Getenv("ALIBABA_CLOUD_VPC_ENDPOINT_ENABLED")) == "true"
}
prefix := "sts"
if provider.enableVpc {
prefix = "sts-vpc"
}
if provider.stsRegion != "" {
provider.stsEndpoint = fmt.Sprintf("%s.%s.aliyuncs.com", prefix, provider.stsRegion)
} else if region := os.Getenv("ALIBABA_CLOUD_STS_REGION"); region != "" {
provider.stsEndpoint = fmt.Sprintf("%s.%s.aliyuncs.com", prefix, region)
} else {
provider.stsEndpoint = "sts.aliyuncs.com"
}
}
return
}