in credentials/credential.go [227:380]
func NewCredential(config *Config) (credential Credential, err error) {
if config == nil {
provider := providers.NewDefaultCredentialsProvider()
credential = FromCredentialsProvider("default", provider)
return
}
switch tea.StringValue(config.Type) {
case "credentials_uri":
provider, err := providers.NewURLCredentialsProviderBuilder().
WithUrl(tea.StringValue(config.Url)).
WithHttpOptions(&providers.HttpOptions{
Proxy: tea.StringValue(config.Proxy),
ReadTimeout: tea.IntValue(config.Timeout),
ConnectTimeout: tea.IntValue(config.ConnectTimeout),
}).
Build()
if err != nil {
return nil, err
}
credential = FromCredentialsProvider("credentials_uri", provider)
case "oidc_role_arn":
provider, err := providers.NewOIDCCredentialsProviderBuilder().
WithRoleArn(tea.StringValue(config.RoleArn)).
WithOIDCTokenFilePath(tea.StringValue(config.OIDCTokenFilePath)).
WithOIDCProviderARN(tea.StringValue(config.OIDCProviderArn)).
WithDurationSeconds(tea.IntValue(config.RoleSessionExpiration)).
WithPolicy(tea.StringValue(config.Policy)).
WithRoleSessionName(tea.StringValue(config.RoleSessionName)).
WithSTSEndpoint(tea.StringValue(config.STSEndpoint)).
WithHttpOptions(&providers.HttpOptions{
Proxy: tea.StringValue(config.Proxy),
ReadTimeout: tea.IntValue(config.Timeout),
ConnectTimeout: tea.IntValue(config.ConnectTimeout),
}).
Build()
if err != nil {
return nil, err
}
credential = FromCredentialsProvider("oidc_role_arn", provider)
case "access_key":
provider, err := providers.NewStaticAKCredentialsProviderBuilder().
WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
Build()
if err != nil {
return nil, err
}
credential = FromCredentialsProvider("access_key", provider)
case "sts":
provider, err := providers.NewStaticSTSCredentialsProviderBuilder().
WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
WithSecurityToken(tea.StringValue(config.SecurityToken)).
Build()
if err != nil {
return nil, err
}
credential = FromCredentialsProvider("sts", provider)
case "ecs_ram_role":
provider, err := providers.NewECSRAMRoleCredentialsProviderBuilder().
WithRoleName(tea.StringValue(config.RoleName)).
WithDisableIMDSv1(tea.BoolValue(config.DisableIMDSv1)).
Build()
if err != nil {
return nil, err
}
credential = FromCredentialsProvider("ecs_ram_role", provider)
case "ram_role_arn":
var credentialsProvider providers.CredentialsProvider
if config.SecurityToken != nil && *config.SecurityToken != "" {
credentialsProvider, err = providers.NewStaticSTSCredentialsProviderBuilder().
WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
WithSecurityToken(tea.StringValue(config.SecurityToken)).
Build()
} else {
credentialsProvider, err = providers.NewStaticAKCredentialsProviderBuilder().
WithAccessKeyId(tea.StringValue(config.AccessKeyId)).
WithAccessKeySecret(tea.StringValue(config.AccessKeySecret)).
Build()
}
if err != nil {
return nil, err
}
provider, err := providers.NewRAMRoleARNCredentialsProviderBuilder().
WithCredentialsProvider(credentialsProvider).
WithRoleArn(tea.StringValue(config.RoleArn)).
WithRoleSessionName(tea.StringValue(config.RoleSessionName)).
WithPolicy(tea.StringValue(config.Policy)).
WithDurationSeconds(tea.IntValue(config.RoleSessionExpiration)).
WithExternalId(tea.StringValue(config.ExternalId)).
WithStsEndpoint(tea.StringValue(config.STSEndpoint)).
WithHttpOptions(&providers.HttpOptions{
Proxy: tea.StringValue(config.Proxy),
ReadTimeout: tea.IntValue(config.Timeout),
ConnectTimeout: tea.IntValue(config.ConnectTimeout),
}).
Build()
if err != nil {
return nil, err
}
credential = FromCredentialsProvider("ram_role_arn", provider)
case "rsa_key_pair":
err = checkRSAKeyPair(config)
if err != nil {
return
}
file, err1 := os.Open(tea.StringValue(config.PrivateKeyFile))
if err1 != nil {
err = fmt.Errorf("InvalidPath: Can not open PrivateKeyFile, err is %s", err1.Error())
return
}
defer file.Close()
var privateKey string
scan := bufio.NewScanner(file)
for scan.Scan() {
if strings.HasPrefix(scan.Text(), "----") {
continue
}
privateKey += scan.Text() + "\n"
}
runtime := &utils.Runtime{
Host: tea.StringValue(config.Host),
Proxy: tea.StringValue(config.Proxy),
ReadTimeout: tea.IntValue(config.Timeout),
ConnectTimeout: tea.IntValue(config.ConnectTimeout),
STSEndpoint: tea.StringValue(config.STSEndpoint),
}
credential = newRsaKeyPairCredential(
privateKey,
tea.StringValue(config.PublicKeyId),
tea.IntValue(config.SessionExpiration),
runtime)
case "bearer":
if tea.StringValue(config.BearerToken) == "" {
err = errors.New("BearerToken cannot be empty")
return
}
credential = newBearerTokenCredential(tea.StringValue(config.BearerToken))
default:
err = errors.New("invalid type option, support: access_key, sts, bearer, ecs_ram_role, ram_role_arn, rsa_key_pair, oidc_role_arn, credentials_uri")
return
}
return credential, nil
}