package providers import ( "errors" "fmt" "os" "path" "github.com/aliyun/credentials-go/credentials/internal/utils" "gopkg.in/ini.v1" ) type ProfileCredentialsProvider struct { profileName string innerProvider CredentialsProvider } type ProfileCredentialsProviderBuilder struct { provider *ProfileCredentialsProvider } func NewProfileCredentialsProviderBuilder() (builder *ProfileCredentialsProviderBuilder) { return &ProfileCredentialsProviderBuilder{ provider: &ProfileCredentialsProvider{}, } } func (b *ProfileCredentialsProviderBuilder) WithProfileName(profileName string) *ProfileCredentialsProviderBuilder { b.provider.profileName = profileName return b } func (b *ProfileCredentialsProviderBuilder) Build() (provider *ProfileCredentialsProvider, err error) { // 优先级： // 1. 使用显示指定的 profileName // 2. 使用环境变量（ALIBABA_CLOUD_PROFILE）指定的 profileName // 3. 兜底使用 default 作为 profileName b.provider.profileName = utils.GetDefaultString(b.provider.profileName, os.Getenv("ALIBABA_CLOUD_PROFILE"), "default") provider = b.provider return } func (provider *ProfileCredentialsProvider) getCredentialsProvider(ini *ini.File) (credentialsProvider CredentialsProvider, err error) { section, err := ini.GetSection(provider.profileName) if err != nil { err = errors.New("ERROR: Can not load section" + err.Error()) return } value, err := section.GetKey("type") if err != nil { err = errors.New("ERROR: Can not find credential type" + err.Error()) return } switch value.String() { case "access_key": value1, err1 := section.GetKey("access_key_id") value2, err2 := section.GetKey("access_key_secret") if err1 != nil || err2 != nil { err = errors.New("ERROR: Failed to get value") return } if value1.String() == "" || value2.String() == "" { err = errors.New("ERROR: Value can't be empty") return } credentialsProvider, err = NewStaticAKCredentialsProviderBuilder(). WithAccessKeyId(value1.String()). WithAccessKeySecret(value2.String()). Build() case "ecs_ram_role": value1, err1 := section.GetKey("role_name") if err1 != nil { err = errors.New("ERROR: Failed to get value") return } credentialsProvider, err = NewECSRAMRoleCredentialsProviderBuilder().WithRoleName(value1.String()).Build() case "ram_role_arn": value1, err1 := section.GetKey("access_key_id") value2, err2 := section.GetKey("access_key_secret") value3, err3 := section.GetKey("role_arn") value4, err4 := section.GetKey("role_session_name") if err1 != nil || err2 != nil || err3 != nil || err4 != nil { err = errors.New("ERROR: Failed to get value") return } if value1.String() == "" || value2.String() == "" || value3.String() == "" || value4.String() == "" { err = errors.New("ERROR: Value can't be empty") return } previous, err5 := NewStaticAKCredentialsProviderBuilder(). WithAccessKeyId(value1.String()). WithAccessKeySecret(value2.String()). Build() if err5 != nil { err = errors.New("get previous credentials provider failed") return } rawPolicy, _ := section.GetKey("policy") policy := "" if rawPolicy != nil { policy = rawPolicy.String() } credentialsProvider, err = NewRAMRoleARNCredentialsProviderBuilder(). WithCredentialsProvider(previous). WithRoleArn(value3.String()). WithRoleSessionName(value4.String()). WithPolicy(policy). WithDurationSeconds(3600). Build() default: err = errors.New("ERROR: Failed to get credential") } return } func (provider *ProfileCredentialsProvider) GetCredentials() (cc *Credentials, err error) { if provider.innerProvider == nil { sharedCfgPath := os.Getenv("ALIBABA_CLOUD_CREDENTIALS_FILE") if sharedCfgPath == "" { homeDir := getHomePath() if homeDir == "" { err = fmt.Errorf("cannot found home dir") return } sharedCfgPath = path.Join(homeDir, ".alibabacloud/credentials") } ini, err1 := ini.Load(sharedCfgPath) if err1 != nil { err = errors.New("ERROR: Can not open file" + err1.Error()) return } provider.innerProvider, err = provider.getCredentialsProvider(ini) if err != nil { return } } innerCC, err := provider.innerProvider.GetCredentials() if err != nil { return } providerName := innerCC.ProviderName if providerName == "" { providerName = provider.innerProvider.GetProviderName() } cc = &Credentials{ AccessKeyId: innerCC.AccessKeyId, AccessKeySecret: innerCC.AccessKeySecret, SecurityToken: innerCC.SecurityToken, ProviderName: fmt.Sprintf("%s/%s", provider.GetProviderName(), providerName), } return } func (provider *ProfileCredentialsProvider) GetProviderName() string { return "profile" }