aliyun · JacksonTian · Jul 29, 2024 · Jul 28, 2024
diff --git a/credentials/oidc_credential.go → credentials/oidc_credentials_provider.go b/credentials/oidc_credential.go → credentials/oidc_credentials_provider.go
@@ -14,7 +14,7 @@ import (
 )
 
 // OIDCCredential is a kind of credentials
-type OIDCCredential struct {
+type OIDCCredentialsProvider struct {
 	*credentialUpdater
 	AccessKeyId           string
 	AccessKeySecret       string
@@ -39,8 +39,8 @@ type OIDCcredentialsInResponse struct {
 	Expiration      string `json:"Expiration" xml:"Expiration"`
 }
 
-func newOIDCRoleArnCredential(accessKeyId, accessKeySecret, roleArn, OIDCProviderArn, OIDCTokenFilePath, RoleSessionName, policy string, RoleSessionExpiration int, runtime *utils.Runtime) *OIDCCredential {
-	return &OIDCCredential{
+func newOIDCRoleArnCredential(accessKeyId, accessKeySecret, roleArn, OIDCProviderArn, OIDCTokenFilePath, RoleSessionName, policy string, RoleSessionExpiration int, runtime *utils.Runtime) *OIDCCredentialsProvider {
+	return &OIDCCredentialsProvider{
 		AccessKeyId:           accessKeyId,
 		AccessKeySecret:       accessKeySecret,
 		RoleArn:               roleArn,
@@ -54,7 +54,7 @@ func newOIDCRoleArnCredential(accessKeyId, accessKeySecret, roleArn, OIDCProvide
 	}
 }
 
-func (e *OIDCCredential) GetCredential() (*CredentialModel, error) {
+func (e *OIDCCredentialsProvider) GetCredential() (*CredentialModel, error) {
 	if e.sessionCredential == nil || e.needUpdateCredential() {
 		err := e.updateCredential()
 		if err != nil {
@@ -72,67 +72,66 @@ func (e *OIDCCredential) GetCredential() (*CredentialModel, error) {
 
 // GetAccessKeyId reutrns OIDCCredential's AccessKeyId
 // if AccessKeyId is not exist or out of date, the function will update it.
-func (r *OIDCCredential) GetAccessKeyId() (*string, error) {
-	if r.sessionCredential == nil || r.needUpdateCredential() {
-		err := r.updateCredential()
-		if err != nil {
-			return tea.String(""), err
-		}
+func (r *OIDCCredentialsProvider) GetAccessKeyId() (accessKeyId *string, err error) {
+	c, err := r.GetCredential()
+	if err != nil {
+		return
 	}
-	return tea.String(r.sessionCredential.AccessKeyId), nil
+
+	accessKeyId = c.AccessKeyId
+	return
 }
 
 // GetAccessSecret reutrns OIDCCredential's AccessKeySecret
 // if AccessKeySecret is not exist or out of date, the function will update it.
-func (r *OIDCCredential) GetAccessKeySecret() (*string, error) {
-	if r.sessionCredential == nil || r.needUpdateCredential() {
-		err := r.updateCredential()
-		if err != nil {
-			return tea.String(""), err
-		}
+func (r *OIDCCredentialsProvider) GetAccessKeySecret() (accessKeySecret *string, err error) {
+	c, err := r.GetCredential()
+	if err != nil {
+		return
 	}
-	return tea.String(r.sessionCredential.AccessKeySecret), nil
+
+	accessKeySecret = c.AccessKeySecret
+	return
 }
 
 // GetSecurityToken reutrns OIDCCredential's SecurityToken
 // if SecurityToken is not exist or out of date, the function will update it.
-func (r *OIDCCredential) GetSecurityToken() (*string, error) {
-	if r.sessionCredential == nil || r.needUpdateCredential() {
-		err := r.updateCredential()
-		if err != nil {
-			return tea.String(""), err
-		}
+func (r *OIDCCredentialsProvider) GetSecurityToken() (securityToken *string, err error) {
+	c, err := r.GetCredential()
+	if err != nil {
+		return
 	}
-	return tea.String(r.sessionCredential.SecurityToken), nil
+
+	securityToken = c.SecurityToken
+	return
 }
 
 // GetBearerToken is useless OIDCCredential
-func (r *OIDCCredential) GetBearerToken() *string {
+func (r *OIDCCredentialsProvider) GetBearerToken() *string {
 	return tea.String("")
 }
 
 // GetType reutrns OIDCCredential's type
-func (r *OIDCCredential) GetType() *string {
+func (r *OIDCCredentialsProvider) GetType() *string {
 	return tea.String("oidc_role_arn")
 }
 
-func (r *OIDCCredential) GetOIDCToken(OIDCTokenFilePath string) *string {
-	tokenPath := OIDCTokenFilePath
-	_, err := os.Stat(tokenPath)
+func getOIDCToken(tokenFilePath string) *string {
+	_, err := os.Stat(tokenFilePath)
 	if os.IsNotExist(err) {
-		tokenPath = os.Getenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE")
-		if tokenPath == "" {
+		tokenFilePath = os.Getenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE")
+		if tokenFilePath == "" {
 			return nil
 		}
 	}
-	byt, err := ioutil.ReadFile(tokenPath)
+	byt, err := ioutil.ReadFile(tokenFilePath)
 	if err != nil {
 		return nil
 	}
 	return tea.String(string(byt))
 }
 
-func (r *OIDCCredential) updateCredential() (err error) {
+func (r *OIDCCredentialsProvider) updateCredential() (err error) {
 	if r.runtime == nil {
 		r.runtime = new(utils.Runtime)
 	}
@@ -148,7 +147,7 @@ func (r *OIDCCredential) updateCredential() (err error) {
 	request.QueryParams["Format"] = "JSON"
 	request.BodyParams["RoleArn"] = r.RoleArn
 	request.BodyParams["OIDCProviderArn"] = r.OIDCProviderArn
-	token := r.GetOIDCToken(r.OIDCTokenFilePath)
+	token := getOIDCToken(r.OIDCTokenFilePath)
 	request.BodyParams["OIDCToken"] = tea.StringValue(token)
 	if r.Policy != "" {
 		request.QueryParams["Policy"] = r.Policy

diff --git a/credentials/oidc_credential_test.go → ...entials/oidc_credentials_provider_test.go b/credentials/oidc_credential_test.go → ...entials/oidc_credentials_provider_test.go
@@ -20,7 +20,7 @@ func Test_oidcCredential_updateCredential(t *testing.T) {
 	accesskeyId, err := oidcCredential.GetAccessKeyId()
 	assert.NotNil(t, err)
 	assert.Equal(t, "refresh RoleArn sts token err: sdk test", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 
 	assert.Equal(t, "oidc_role_arn", *oidcCredential.GetType())
 
@@ -29,6 +29,7 @@ func Test_oidcCredential_updateCredential(t *testing.T) {
 			return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2020-01-02T15:04:05Z"}}`, nil)
 		}
 	}
+
 	accesskeyId, err = oidcCredential.GetAccessKeyId()
 	assert.Nil(t, err)
 	assert.Equal(t, "accessKeyId", *accesskeyId)
@@ -50,14 +51,14 @@ func Test_oidcCredential_updateCredential(t *testing.T) {
 	assert.Equal(t, "oidc_role_arn", *cred.Type)
 
 	os.Setenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE", "")
-	token := oidcCredential.GetOIDCToken("/test")
+	token := getOIDCToken("/test")
 	assert.Nil(t, token)
 	path, _ := os.Getwd()
 	os.Setenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE", path+"/oidc_token")
-	token = oidcCredential.GetOIDCToken("/test")
+	token = getOIDCToken("/test")
 	assert.Equal(t, "test_long_oidc_token_eyJhbGciOiJSUzI1NiIsImtpZCI6ImFQaXlpNEVGSU8wWnlGcFh1V0psQUNWbklZVlJsUkNmM2tlSzNMUlhWT1UifQ.eyJhdWQiOlsic3RzLmFsaXl1bmNzLmNvbSJdLCJleHAiOjE2NDUxMTk3ODAsImlhdCI6MTY0NTA4Mzc4MCwiaXNzIjoiaHR0cHM6Ly9vaWRjLWFjay1jbi1oYW5nemhvdS5vc3MtY24taGFuZ3pob3UtaW50ZXJuYWwuYWxpeXVuY3MuY29tL2NmMWQ4ZGIwMjM0ZDk0YzEyOGFiZDM3MTc4NWJjOWQxNSIsImt1YmVybmV0ZXMuaW8iOnsibmFtZXNwYWNlIjoidGVzdC1ycnNhIiwicG9kIjp7Im5hbWUiOiJydW4tYXMtcm9vdCIsInVpZCI6ImIzMGI0MGY2LWNiZTAtNGY0Yy1hZGYyLWM1OGQ4ZmExZTAxMCJ9LCJzZXJ2aWNlYWNjb3VudCI6eyJuYW1lIjoidXNlcjEiLCJ1aWQiOiJiZTEyMzdjYS01MTY4LTQyMzYtYWUyMC00NDM1YjhmMGI4YzAifX0sIm5iZiI6MTY0NTA4Mzc4MCwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OnRlc3QtcnJzYTp1c2VyMSJ9.XGP-wgLj-iMiAHjLe0lZLh7y48Qsj9HzsEbNh706WwerBoxnssdsyGFb9lzd2FyM8CssbAOCstr7OuAMWNdJmDZgpiOGGSbQ-KXXmbfnIS4ix-V3pQF6LVBFr7xJlj20J6YY89um3rv_04t0iCGxKWs2ZMUyU1FbZpIPRep24LVKbUz1saiiVGgDBTIZdHA13Z-jUvYAnsxK_Kj5tc1K-IuQQU0IwSKJh5OShMcdPugMV5LwTL3ogCikfB7yljq5vclBhCeF2lXLIibvwF711TOhuJ5lMlh-a2KkIgwBHhANg_U9k4Mt_VadctfUGc4hxlSbBD0w9o9mDGKwgGmW5Q", *token)
 	os.Setenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE", "")
-	token = oidcCredential.GetOIDCToken(path + "/oidc_token")
+	token = getOIDCToken(path + "/oidc_token")
 	assert.Equal(t, 1027, len(*token))
 	assert.Equal(t, "test_long_oidc_token_eyJhbGciOiJSUzI1NiIsImtpZCI6ImFQaXlpNEVGSU8wWnlGcFh1V0psQUNWbklZVlJsUkNmM2tlSzNMUlhWT1UifQ.eyJhdWQiOlsic3RzLmFsaXl1bmNzLmNvbSJdLCJleHAiOjE2NDUxMTk3ODAsImlhdCI6MTY0NTA4Mzc4MCwiaXNzIjoiaHR0cHM6Ly9vaWRjLWFjay1jbi1oYW5nemhvdS5vc3MtY24taGFuZ3pob3UtaW50ZXJuYWwuYWxpeXVuY3MuY29tL2NmMWQ4ZGIwMjM0ZDk0YzEyOGFiZDM3MTc4NWJjOWQxNSIsImt1YmVybmV0ZXMuaW8iOnsibmFtZXNwYWNlIjoidGVzdC1ycnNhIiwicG9kIjp7Im5hbWUiOiJydW4tYXMtcm9vdCIsInVpZCI6ImIzMGI0MGY2LWNiZTAtNGY0Yy1hZGYyLWM1OGQ4ZmExZTAxMCJ9LCJzZXJ2aWNlYWNjb3VudCI6eyJuYW1lIjoidXNlcjEiLCJ1aWQiOiJiZTEyMzdjYS01MTY4LTQyMzYtYWUyMC00NDM1YjhmMGI4YzAifX0sIm5iZiI6MTY0NTA4Mzc4MCwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OnRlc3QtcnJzYTp1c2VyMSJ9.XGP-wgLj-iMiAHjLe0lZLh7y48Qsj9HzsEbNh706WwerBoxnssdsyGFb9lzd2FyM8CssbAOCstr7OuAMWNdJmDZgpiOGGSbQ-KXXmbfnIS4ix-V3pQF6LVBFr7xJlj20J6YY89um3rv_04t0iCGxKWs2ZMUyU1FbZpIPRep24LVKbUz1saiiVGgDBTIZdHA13Z-jUvYAnsxK_Kj5tc1K-IuQQU0IwSKJh5OShMcdPugMV5LwTL3ogCikfB7yljq5vclBhCeF2lXLIibvwF711TOhuJ5lMlh-a2KkIgwBHhANg_U9k4Mt_VadctfUGc4hxlSbBD0w9o9mDGKwgGmW5Q", *token)
 
@@ -72,5 +73,5 @@ func Test_oidcCredential_updateCredential(t *testing.T) {
 	accesskeyId, err = oidcCredential.GetAccessKeyId()
 	assert.NotNil(t, err)
 	assert.Equal(t, "refresh RoleArn sts token err: sdk test", err.Error())
-	assert.Equal(t, "", *accesskeyId)
+	assert.Nil(t, accesskeyId)
 }