credentials/providers/default.go (89 lines of code) (raw):
package providers
import (
"fmt"
"os"
"strings"
)
type DefaultCredentialsProvider struct {
providerChain []CredentialsProvider
lastUsedProvider CredentialsProvider
}
func NewDefaultCredentialsProvider() (provider *DefaultCredentialsProvider) {
providers := []CredentialsProvider{}
// Add static ak or sts credentials provider
envProvider, err := NewEnvironmentVariableCredentialsProviderBuilder().Build()
if err == nil {
providers = append(providers, envProvider)
}
// oidc check
oidcProvider, err := NewOIDCCredentialsProviderBuilder().Build()
if err == nil {
providers = append(providers, oidcProvider)
}
// cli credentials provider
cliProfileProvider, err := NewCLIProfileCredentialsProviderBuilder().Build()
if err == nil {
providers = append(providers, cliProfileProvider)
}
// profile credentials provider
profileProvider, err := NewProfileCredentialsProviderBuilder().Build()
if err == nil {
providers = append(providers, profileProvider)
}
// Add IMDS
ecsRamRoleProvider, err := NewECSRAMRoleCredentialsProviderBuilder().Build()
if err == nil {
providers = append(providers, ecsRamRoleProvider)
}
// credentials uri
if os.Getenv("ALIBABA_CLOUD_CREDENTIALS_URI") != "" {
credentialsUriProvider, err := NewURLCredentialsProviderBuilder().Build()
if err == nil {
providers = append(providers, credentialsUriProvider)
}
}
return &DefaultCredentialsProvider{
providerChain: providers,
}
}
func (provider *DefaultCredentialsProvider) GetCredentials() (cc *Credentials, err error) {
if provider.lastUsedProvider != nil {
inner, err1 := provider.lastUsedProvider.GetCredentials()
if err1 != nil {
err = err1
return
}
providerName := inner.ProviderName
if providerName == "" {
providerName = provider.lastUsedProvider.GetProviderName()
}
cc = &Credentials{
AccessKeyId: inner.AccessKeyId,
AccessKeySecret: inner.AccessKeySecret,
SecurityToken: inner.SecurityToken,
ProviderName: fmt.Sprintf("%s/%s", provider.GetProviderName(), providerName),
}
return
}
errors := []string{}
for _, p := range provider.providerChain {
provider.lastUsedProvider = p
inner, errInLoop := p.GetCredentials()
if errInLoop != nil {
errors = append(errors, errInLoop.Error())
// 如果有错误,进入下一个获取过程
continue
}
if inner != nil {
providerName := inner.ProviderName
if providerName == "" {
providerName = p.GetProviderName()
}
cc = &Credentials{
AccessKeyId: inner.AccessKeyId,
AccessKeySecret: inner.AccessKeySecret,
SecurityToken: inner.SecurityToken,
ProviderName: fmt.Sprintf("%s/%s", provider.GetProviderName(), providerName),
}
return
}
}
err = fmt.Errorf("unable to get credentials from any of the providers in the chain: %s", strings.Join(errors, ", "))
return
}
func (provider *DefaultCredentialsProvider) GetProviderName() string {
return "default"
}