in src/main/java/com/aliyun/credentials/provider/ProfileCredentialsProvider.java [125:156]
private CredentialModel getSTSOIDCRoleSessionCredentials(Map<String, String> clientConfig,
CredentialsProviderFactory factory) {
String roleSessionName = clientConfig.get(AuthConstant.INI_ROLE_SESSION_NAME);
String roleArn = clientConfig.get(AuthConstant.INI_ROLE_ARN);
String OIDCProviderArn = clientConfig.get(AuthConstant.INI_OIDC_PROVIDER_ARN);
String OIDCTokenFilePath = clientConfig.get(AuthConstant.INI_OIDC_TOKEN_FILE_PATH);
String regionId = clientConfig.get(AuthConstant.DEFAULT_REGION);
String policy = clientConfig.get(AuthConstant.INI_POLICY);
if (StringUtils.isEmpty(roleArn)) {
throw new CredentialException("The configured role_arn is empty.");
}
if (StringUtils.isEmpty(OIDCProviderArn)) {
throw new CredentialException("The configured oidc_provider_arn is empty.");
}
OIDCRoleArnCredentialProvider provider = factory.createCredentialsProvider(
OIDCRoleArnCredentialProvider.builder()
.roleArn(roleArn)
.roleSessionName(roleSessionName)
.oidcProviderArn(OIDCProviderArn)
.oidcTokenFilePath(OIDCTokenFilePath)
.regionId(regionId)
.policy(policy)
.build());
CredentialModel credential = provider.getCredentials();
return CredentialModel.builder()
.accessKeyId(credential.getAccessKeyId())
.accessKeySecret(credential.getAccessKeySecret())
.securityToken(credential.getSecurityToken())
.type(credential.getType())
.providerName(String.format("%s/%s", this.getProviderName(), credential.getProviderName()))
.build();
}