func()

in oss/lib/command.go [289:537]

• 215 lines of code
• 53 McCabe index (conditional complexity)

func (cmd *Command) ossClient(bucket string) (*oss.Client, error) {
	endpoint, isCname := cmd.getEndpoint(bucket)
	accessKeyID, _ := GetString(OptionAccessKeyID, cmd.options)
	accessKeySecret, _ := GetString(OptionAccessKeySecret, cmd.options)
	stsToken, _ := GetString(OptionSTSToken, cmd.options)
	disableCRC64, _ := GetBool(OptionDisableCRC64, cmd.options)
	proxyHost, _ := GetString(OptionProxyHost, cmd.options)
	proxyUser, _ := GetString(OptionProxyUser, cmd.options)
	proxyPwd, _ := GetString(OptionProxyPwd, cmd.options)

	mode, _ := GetString(OptionMode, cmd.options)
	ecsRoleName, _ := GetString(OptionECSRoleName, cmd.options)

	strTokenTimeout, _ := GetString(OptionTokenTimeout, cmd.options)
	ramRoleArn, _ := GetString(OptionRamRoleArn, cmd.options)
	roleSessionName, _ := GetString(OptionRoleSessionName, cmd.options)
	externalId, _ := GetString(OptionExternalId, cmd.options)

	strReadTimeout, _ := GetString(OptionReadTimeout, cmd.options)
	strConnectTimeout, _ := GetString(OptionConnectTimeout, cmd.options)

	stsRegion, _ := GetString(OptionSTSRegion, cmd.options)

	ecsUrl := ""

	localHost, _ := GetString(OptionLocalHost, cmd.options)
	bSkipVerifyCert, _ := GetBool(OptionSkipVerifyCert, cmd.options)
	region, _ := GetString(OptionRegion, cmd.options)
	signVersion, _ := GetString(OptionSignVersion, cmd.options)
	cloudBoxID, _ := GetString(OptionCloudBoxID, cmd.options)

	bPassword, _ := GetBool(OptionPassword, cmd.options)
	bForcePathStyle, _ := GetBool(OptionForcePathStyle, cmd.options)

	if bPassword {
		if cmd.inputKeySecret == "" {
			strPwd, err := GetPassword("input access key secret:")
			fmt.Printf("\r")
			if err != nil {
				return nil, err
			}
			cmd.inputKeySecret = string(strPwd)
		}
		accessKeySecret = cmd.inputKeySecret
	}

	options := []oss.ClientOption{}
	if region != "" {
		options = append(options, oss.Region(region))
	}

	if signVersion != "" {
		if strings.EqualFold(signVersion, "v4") {
			if region == "" {
				return nil, fmt.Errorf("In the v4 signature scenario, please enter the region")
			}
		}
		options = append(options, oss.AuthVersion(oss.AuthVersionType(signVersion)))
	}

	if cloudBoxID != "" {
		options = append(options, oss.CloudBoxId(cloudBoxID))
	}

	if strings.EqualFold(mode, "AK") {
		if err := cmd.checkCredentials(endpoint, accessKeyID, accessKeySecret); err != nil {
			return nil, err
		}
	} else if strings.EqualFold(mode, "StsToken") {

		if err := cmd.checkCredentials(endpoint, accessKeyID, accessKeySecret); err != nil {
			return nil, err
		}
		if stsToken == "" {
			return nil, fmt.Errorf("stsToken is empty")
		}
		options = append(options, oss.SecurityToken(stsToken))

	} else if strings.EqualFold(mode, "RamRoleArn") {
		if err := cmd.checkCredentials(endpoint, accessKeyID, accessKeySecret); err != nil {
			return nil, err
		}
		if ramRoleArn == "" {
			ramRoleArn, _ = cmd.getRamRoleArn()
		}
		if ramRoleArn == "" {
			return nil, fmt.Errorf("ramRoleArn is empty")
		}
		if roleSessionName == "" {
			roleSessionName = "SessNameRand" + randStr(5)
		}
		if externalId == "" {
			externalId, _ = cmd.getExternalId()
		}

		stsClient := NewClient(accessKeyID, accessKeySecret, ramRoleArn, roleSessionName, externalId)

		if strTokenTimeout == "" {
			strTokenTimeout = "3600"
		}
		intTokenTimeout, err := strconv.Atoi(strTokenTimeout)
		if err != nil {
			return nil, err
		}
		TokenTimeout := uint(intTokenTimeout)

		stsEndPoint := ""
		if stsRegion == "" {
			stsEndPoint = ""
		} else {
			stsEndPoint = "https://sts." + stsRegion + ".aliyuncs.com"
		}

		resp, err := stsClient.AssumeRole(TokenTimeout, stsEndPoint)
		if err != nil {
			return nil, err
		}

		accessKeyID = resp.Credentials.AccessKeyId
		accessKeySecret = resp.Credentials.AccessKeySecret
		stsToken = resp.Credentials.SecurityToken
		options = append(options, oss.SecurityToken(stsToken))
	} else if strings.EqualFold(mode, "EcsRamRole") {
		if ecsRoleName != "" {
			ecsUrl = "http://100.100.100.200/latest/meta-data/Ram/security-credentials/" + ecsRoleName
		} else {
			ecsUrl, _ = cmd.getEcsRamAkService()
		}

		if ecsUrl == "" {
			return nil, fmt.Errorf("ecsUrl is empty")
		}
		ecsRoleAKBuild := EcsRoleAKBuild{url: ecsUrl}
		options = append(options, oss.SetCredentialsProvider(&ecsRoleAKBuild))
		accessKeyID = ""
		accessKeySecret = ""

	} else if mode == "" {
		ecsUrl, _ = cmd.getEcsRamAkService()
		if accessKeyID == "" && ecsUrl == "" {
			return nil, fmt.Errorf("accessKeyID and ecsUrl are both empty")
		}
		if ecsUrl == "" {
			if err := cmd.checkCredentials(endpoint, accessKeyID, accessKeySecret); err != nil {
				return nil, err
			}
		}
		if accessKeyID == "" {
			LogInfo("using user ak service:%s\n", ecsUrl)
			ecsRoleAKBuild := EcsRoleAKBuild{url: ecsUrl}
			options = append(options, oss.SetCredentialsProvider(&ecsRoleAKBuild))
		}

		if stsToken != "" {
			options = append(options, oss.SecurityToken(stsToken))
		}
	}

	if strConnectTimeout == "" {
		strConnectTimeout = "120"
	}
	if strReadTimeout == "" {
		strReadTimeout = "1200"
	}
	connectTimeout, err := strconv.ParseInt(strConnectTimeout, 10, 64)
	if err != nil {
		return nil, err
	}
	readTimeout, err := strconv.ParseInt(strReadTimeout, 10, 64)
	if err != nil {
		return nil, err
	}

	userAgent, _ := GetString(OptionUserAgent, cmd.options)
	options = append(options, oss.UseCname(isCname), oss.UserAgent(getUserAgent(userAgent)), oss.Timeout(connectTimeout, readTimeout))

	if disableCRC64 {
		options = append(options, oss.EnableCRC(false))
	} else {
		options = append(options, oss.EnableCRC(true))
	}

	if proxyHost != "" {
		if proxyUser != "" {
			options = append(options, oss.AuthProxy(proxyHost, proxyUser, proxyPwd))
		} else {
			options = append(options, oss.Proxy(proxyHost))
		}
	}

	if localHost != "" {
		ipAddr, err := net.ResolveIPAddr("ip", localHost)
		if err != nil {
			return nil, fmt.Errorf("net.ResolveIPAddr error,%s", err.Error())
		}
		localTCPAddr := &(net.TCPAddr{IP: ipAddr.IP})
		options = append(options, oss.SetLocalAddr(localTCPAddr))
	}

	if logLevel > oss.LogOff {
		options = append(options, oss.SetLogLevel(logLevel))
		options = append(options, oss.SetLogger(utilLogger))
	}

	if bSkipVerifyCert {
		LogInfo("skip verify oss server's tls certificate\n")
		options = append(options, oss.InsecureSkipVerify(true))
	}

	if bForcePathStyle {
		LogInfo("use path-style access instead of virtual hosted-style access.\n")
		options = append(options, oss.ForcePathStyle(true))
	}

	client, err := oss.New(endpoint, accessKeyID, accessKeySecret, options...)
	if err != nil {
		return nil, err
	}

	maxUpSpeed, errUp := GetInt(OptionMaxUpSpeed, cmd.options)
	if errUp == nil {
		if maxUpSpeed >= 0 {
			errUp = client.LimitUploadSpeed(int(maxUpSpeed))
			if errUp != nil {
				return nil, errUp
			} else {
				LogInfo("set maxupspeed success,value is %d(KB/s)\n", maxUpSpeed)
			}
		} else {
			return nil, fmt.Errorf("invalid value,maxupspeed %d less than 0", maxUpSpeed)
		}
	}

	maxDownSpeed, errDown := GetInt(OptionMaxDownSpeed, cmd.options)
	if errDown == nil {
		if maxDownSpeed >= 0 {
			errDown = client.LimitDownloadSpeed(int(maxDownSpeed))
			if errDown != nil {
				return nil, errDown
			} else {
				LogInfo("set maxdownspeed success,value is %d(KB/s)\n", maxDownSpeed)
			}
		} else {
			return nil, fmt.Errorf("invalid value,maxdownspeed %d less than 0", maxDownSpeed)
		}
	}

	return client, nil
}