in src/providers/cli_profile.ts [109:165]
private getCredentialsProvider(conf: Configuration, profileName: string): CredentialsProvider {
const p = getProfile(conf, profileName);
switch (p.mode) {
case 'AK':
return StaticAKCredentialsProvider.builder()
.withAccessKeyId(p.access_key_id)
.withAccessKeySecret(p.access_key_secret)
.build();
case 'StsToken':
return StaticSTSCredentialsProvider.builder()
.withAccessKeyId(p.access_key_id)
.withAccessKeySecret(p.access_key_secret)
.withSecurityToken(p.sts_token)
.build();
case 'RamRoleArn': {
const previousProvider = StaticAKCredentialsProvider.builder()
.withAccessKeyId(p.access_key_id)
.withAccessKeySecret(p.access_key_secret)
.build();
return RAMRoleARNCredentialsProvider.builder()
.withCredentialsProvider(previousProvider)
.withRoleArn(p.ram_role_arn)
.withRoleSessionName(p.ram_session_name)
.withDurationSeconds(p.expired_seconds)
.withStsRegionId(p.sts_region)
.withStsEndpoint(p.sts_endpoint)
.withEnableVpc(p.enable_vpc)
.build();
}
case 'EcsRamRole':
return ECSRAMRoleCredentialsProvider.builder().withRoleName(p.ram_role_name).build();
case 'OIDC':
return OIDCRoleArnCredentialsProvider.builder()
.withOIDCTokenFilePath(p.oidc_token_file)
.withOIDCProviderArn(p.oidc_provider_arn)
.withRoleArn(p.ram_role_arn)
.withStsRegionId(p.sts_region)
.withDurationSeconds(p.expired_seconds)
.withRoleSessionName(p.ram_session_name)
.withDurationSeconds(p.duration_seconds)
.withEnableVpc(p.enable_vpc)
.build();
case 'ChainableRamRoleArn': {
const previousProvider = this.getCredentialsProvider(conf, p.source_profile);
return RAMRoleARNCredentialsProvider.builder()
.withCredentialsProvider(previousProvider)
.withRoleArn(p.ram_role_arn)
.withRoleSessionName(p.ram_session_name)
.withDurationSeconds(p.expired_seconds)
.withStsRegionId(p.sts_region)
.build();
}
default:
throw new Error(`unsupported profile mode '${p.mode}'`);
}
}