in alibabacloud_credentials/provider/oidc.py [0:0]
def _refresh_credentials(self) -> RefreshResult[Credentials]:
token = _get_token(self._oidc_token_file_path)
tea_request = ph.get_new_request()
tea_request.query = {
'Action': 'AssumeRoleWithOIDC',
'Format': 'JSON',
'Version': '2015-04-01',
'DurationSeconds': str(self._duration_seconds),
'RoleArn': self._role_arn,
'OIDCProviderArn': self._oidc_provider_arn,
'OIDCToken': token,
'RoleSessionName': self._role_session_name,
'Timestamp': ph.get_iso_8061_date()
}
if self._policy is not None and self._policy != '':
tea_request.query['Policy'] = self._policy
tea_request.protocol = 'https'
tea_request.headers['host'] = self._sts_endpoint
response = TeaCore.do_action(tea_request, self._runtime_options)
if response.status_code != 200:
raise CredentialException(
f'error refreshing credentials from oidc_role_arn, http_code: {response.status_code}, result: {response.body.decode("utf-8")}')
dic = json.loads(response.body.decode('utf-8'))
if 'Credentials' not in dic:
raise CredentialException(
f'error retrieving credentials from oidc_role_arn result: {response.body.decode("utf-8")}')
cre = dic.get('Credentials')
if 'AccessKeyId' not in cre or 'AccessKeySecret' not in cre or 'SecurityToken' not in cre:
raise CredentialException(
f'error retrieving credentials from oidc_role_arn result: {response.body.decode("utf-8")}')
# 先转换为时间数组
time_array = time.strptime(cre.get('Expiration'), '%Y-%m-%dT%H:%M:%SZ')
# 转换为时间戳
expiration = calendar.timegm(time_array)
credentials = Credentials(
access_key_id=cre.get('AccessKeyId'),
access_key_secret=cre.get('AccessKeySecret'),
security_token=cre.get('SecurityToken'),
expiration=expiration,
provider_name=self.get_provider_name()
)
return RefreshResult(value=credentials,
stale_time=_get_stale_time(expiration))