in aliyun-net-credentials/Provider/EcsRamRoleCredentialProvider.cs [400:454]
private RefreshResult<CredentialModel> GetNewSessionCredentials(IConnClient client)
{
string contentAccessKeyId;
string contentAccessKeySecret;
string contentSecurityToken;
string contentExpiration;
var currentRoleName = this.roleName;
if (string.IsNullOrWhiteSpace(this.roleName))
{
currentRoleName = GetMetadata(client, "http://" + MetadataServiceHost + UrlInEcsMetadata);
}
var jsonContent = GetMetadata(client, "http://" + MetadataServiceHost + UrlInEcsMetadata + currentRoleName);
var contentObj = JsonConvert.DeserializeObject<Dictionary<string, string>>(jsonContent);
if (!"Success".Equals(contentObj.Get("Code")))
{
throw new CredentialException(EcsMetadataFetchErrorMsg);
}
if (!contentObj.ContainsKey("AccessKeyId") || !contentObj.ContainsKey("AccessKeySecret") ||
!contentObj.ContainsKey("SecurityToken"))
{
throw new CredentialException(string.Format("Error retrieving credentials from IMDS result: {0}.",
jsonContent));
}
try
{
contentAccessKeyId = contentObj["AccessKeyId"];
contentAccessKeySecret = contentObj["AccessKeySecret"];
contentSecurityToken = contentObj["SecurityToken"];
contentExpiration = contentObj["Expiration"];
}
catch
{
throw new CredentialException("Invalid json got from ECS Metadata service.");
}
var expirationStr = contentExpiration.Replace('T', ' ').Replace('Z', ' ');
var dt = Convert.ToDateTime(expirationStr);
var expiration = dt.GetTimeMillis();
var credentialModel = new CredentialModel
{
AccessKeyId = contentAccessKeyId,
AccessKeySecret = contentAccessKeySecret,
SecurityToken = contentSecurityToken,
Expiration = expiration,
Type = AuthConstant.EcsRamRole,
ProviderName = GetProviderName()
};
return new RefreshResult<CredentialModel>.Builder(credentialModel).StaleTime(GetStaleTime(expiration))
.PrefetchTime(GetPrefetchTime(expiration)).Build();
}