in sdk/auth/credentials/providers/instance_metadata.go [141:198]
func (p *InstanceMetadataProvider) Retrieve() (auth.Credential, error) {
if p.RoleName == "" {
roleName, err := p.GetRoleName()
if err != nil {
return nil, err
}
p.RoleName = roleName
}
httpRequest, err := hookNewRequest(http.NewRequest)("GET", securityCredURL+p.RoleName, strings.NewReader(""))
if err != nil {
err = fmt.Errorf("refresh metadata token err: %s", err.Error())
return nil, err
}
metadataToken, err := p.getMetadataToken()
if err != nil {
return nil, err
}
if metadataToken != "" {
httpRequest.Header.Set("X-aliyun-ecs-metadata-token", metadataToken)
}
httpClient := &http.Client{}
httpResponse, err := hookDo(httpClient.Do)(httpRequest)
if err != nil {
err = fmt.Errorf("refresh metadata token err: %s", err.Error())
return nil, err
}
defer httpResponse.Body.Close()
responseBody, err := ioutil.ReadAll(httpResponse.Body)
if err != nil {
return nil, err
}
if httpResponse.StatusCode != http.StatusOK {
return nil, fmt.Errorf("received %d getting security credentials for %s", httpResponse.StatusCode, p.RoleName)
}
var data ecsRAMRoleCredentials
err = json.Unmarshal(responseBody, &data)
if err != nil {
return nil, fmt.Errorf("refresh metadata err, json.Unmarshal fail: %s", err.Error())
}
if data.AccessKeyId == nil || data.AccessKeySecret == nil || data.SecurityToken == nil {
return nil, fmt.Errorf("refresh metadata err, fail to get credentials, response: %s", string(responseBody))
}
if *data.Code != "Success" {
return nil, fmt.Errorf("refresh metadata err, Code is not Success, response: %s", string(responseBody))
}
return credentials.NewStsTokenCredential(*data.AccessKeyId, *data.AccessKeySecret, *data.SecurityToken), nil
}