in commands/run.js [75:163]
async function getCredential(profile, parent) {
switch (profile.mode) {
case 'AK': {
const id = profile['access_key_id'];
const secret = profile['access_key_secret'];
return new CredentialModel(id, secret);
}
case 'RamRoleArn': {
const config = new Config({
type: 'ram_role_arn',
accessKeyId: profile['access_key_id'], // AccessKeyId of your account
accessKeySecret: profile['access_key_secret'], // AccessKeySecret of your account
roleArn: profile['ram_role_arn'], // Format: acs:ram::USER_ID:role/ROLE_NAME
roleSessionName: profile['ram_session_name'] || 'ACC_SESSION', // Role Session Name
// policy: 'policy', // Not required, limit the permissions of STS Token
roleSessionExpiration: 3600, // Not required, limit the Valid time of STS Token
stsRegion: profile['sts_region'] || 'cn-hangzhou'
});
const cred = new Credential(config);
const id = await cred.getAccessKeyId();
const secret = await cred.getAccessKeySecret();
const securityToken = await cred.getSecurityToken();
return new CredentialModel(id, secret, securityToken);
}
case 'EcsRamRole': {
const config = new Config({
type: 'ecs_ram_role',
roleName: profile['ram_role_name']
});
const cred = new Credential(config);
const id = await cred.getAccessKeyId();
const secret = await cred.getAccessKeySecret();
const securityToken = await cred.getSecurityToken();
return new CredentialModel(id, secret, securityToken);
}
case 'CredentialsURI': {
const config = new Config({
type: 'credentials_uri',
credentialsURI: profile['credentials_uri']
});
const cred = new Credential(config);
const id = await cred.getAccessKeyId();
const secret = await cred.getAccessKeySecret();
const securityToken = await cred.getSecurityToken();
return new CredentialModel(id, secret, securityToken);
}
case 'ChainableRamRoleArn': {
const sourceProfileName = profile['source_profile'];
const sourceProfile = loadProfile(parent, sourceProfileName);
const credential = await getCredential(sourceProfile);
const config = new Config({
type: 'ram_role_arn',
accessKeyId: credential.getAccessKeyId(), // AccessKeyId of your account
accessKeySecret: credential.getAccessKeySecret(), // AccessKeySecret of your account
securityToken: credential.getSecurityToken(),
roleArn: profile['ram_role_arn'], // Format: acs:ram::USER_ID:role/ROLE_NAME
roleSessionName: profile['ram_session_name'] || 'ACC_SESSION', // Role Session Name
// policy: 'policy', // Not required, limit the permissions of STS Token
roleSessionExpiration: 3600, // Not required, limit the Valid time of STS Token
stsRegion: profile['sts_region'] || 'cn-hangzhou'
});
const cred = new Credential(config);
const id = await cred.getAccessKeyId();
const secret = await cred.getAccessKeySecret();
const securityToken = await cred.getSecurityToken();
return new CredentialModel(id, secret, securityToken);
}
case 'External': {
const command = profile['process_command'];
const cp = exec(command, {
cwd: process.cwd(),
encoding: null
});
const result = await onFinish(cp);
const stdout = result.stdout.toString();
const response = JSON.parse(stdout);
if (response.mode === 'AK') {
return new CredentialModel(response['access_key_id'], response['access_key_secret']);
} else if (response.mode === 'STS') {
return new CredentialModel(response['access_key_id'], response['access_key_secret'], response['security_token']);
} else if (response.mode === 'StsToken') {
return new CredentialModel(response['access_key_id'], response['access_key_secret'], response['sts_token']);
}
break;
}
default:
return null;
}
}