Skip to content

Commit

Permalink
fix proxy for credentials
Browse files Browse the repository at this point in the history
  • Loading branch information
JacksonTian committed May 9, 2024
1 parent 2241807 commit ba0f15a
Show file tree
Hide file tree
Showing 6 changed files with 40 additions and 20 deletions.
1 change: 1 addition & 0 deletions .github/workflows/go.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ jobs:
make install
bash ./integration/vpc_test.sh
bash ./integration/oss_test.sh
bash ./integration/https_proxy.sh
if: env.ACCESS_KEY_ID != '' && env.ACCESS_KEY_SECRET != '' && matrix.os != 'windows-latest'
env:
ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY_ID }}
Expand Down
2 changes: 1 addition & 1 deletion config/hello.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ import (
)

func doHello(ctx *cli.Context, profile *Profile) (err error) {
credential, err := profile.GetCredential(ctx, tea.String(""))
credential, err := profile.GetCredential(ctx, nil)
if err != nil {
return
}
Expand Down
21 changes: 13 additions & 8 deletions config/profile.go
Original file line number Diff line number Diff line change
Expand Up @@ -279,8 +279,7 @@ func (cp *Profile) GetCredential(ctx *cli.Context, proxyHost *string) (cred cred
SetRoleArn(cp.RamRoleArn).
SetRoleSessionName(cp.RoleSessionName).
SetRoleSessionExpiration(cp.ExpiredSeconds).
SetSTSEndpoint(getSTSEndpoint(cp.StsRegion)).
SetProxy(*proxyHost)
SetSTSEndpoint(getSTSEndpoint(cp.StsRegion))

if cp.StsToken != "" {
config.SetSecurityToken(cp.StsToken)
Expand Down Expand Up @@ -318,8 +317,7 @@ func (cp *Profile) GetCredential(ctx *cli.Context, proxyHost *string) (cred cred
SetRoleArn(cp.RamRoleArn).
SetRoleSessionName(cp.RoleSessionName).
SetRoleSessionExpiration(cp.ExpiredSeconds).
SetSTSEndpoint(getSTSEndpoint(cp.StsRegion)).
SetProxy(*proxyHost)
SetSTSEndpoint(getSTSEndpoint(cp.StsRegion))

case ChainableRamRoleArn:
profileName := cp.SourceProfile
Expand Down Expand Up @@ -352,8 +350,7 @@ func (cp *Profile) GetCredential(ctx *cli.Context, proxyHost *string) (cred cred
SetRoleArn(cp.RamRoleArn).
SetRoleSessionName(cp.RoleSessionName).
SetRoleSessionExpiration(cp.ExpiredSeconds).
SetSTSEndpoint(getSTSEndpoint(cp.StsRegion)).
SetProxy(*proxyHost)
SetSTSEndpoint(getSTSEndpoint(cp.StsRegion))

if model.SecurityToken != nil {
config.SetSecurityToken(*model.SecurityToken)
Expand Down Expand Up @@ -430,13 +427,21 @@ func (cp *Profile) GetCredential(ctx *cli.Context, proxyHost *string) (cred cred
SetRoleArn(cp.RamRoleArn).
SetRoleSessionName(cp.RoleSessionName).
SetSTSEndpoint(getSTSEndpoint(cp.StsRegion)).
SetSessionExpiration(3600).
SetProxy(*proxyHost)
SetSessionExpiration(3600)

default:
return nil, fmt.Errorf("unexcepted certificate mode: %s", cp.Mode)
}

if proxyHost != nil {
config.SetProxy(*proxyHost)
} else {
proxy := util.GetFromEnv("HTTPS_PROXY", "https_proxy")
if proxy != "" {
config.SetProxy(proxy)
}
}

return credentialsv2.NewCredential(config)
}

Expand Down
17 changes: 8 additions & 9 deletions config/profile_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ import (
"os"
"testing"

"github.com/alibabacloud-go/tea/tea"
"github.com/aliyun/aliyun-cli/cli"

"github.com/stretchr/testify/assert"
Expand Down Expand Up @@ -426,17 +425,17 @@ func TestGetCredentialByAK(t *testing.T) {

actual.Mode = AK
actual.AccessKeyId = "accessKeyId"
credential, err := actual.GetCredential(newCtx(), tea.String(""))
credential, err := actual.GetCredential(newCtx(), nil)
assert.Nil(t, credential)
assert.EqualError(t, err, "AccessKeyId/AccessKeySecret is empty! run `aliyun configure` first")

actual.AccessKeySecret = "accessKeySecret"
credential, err = actual.GetCredential(newCtx(), tea.String(""))
credential, err = actual.GetCredential(newCtx(), nil)
assert.Nil(t, credential)
assert.EqualError(t, err, "default RegionId is empty! run `aliyun configure` first")

actual.RegionId = "cn-hangzhou"
credential, err = actual.GetCredential(newCtx(), tea.String(""))
credential, err = actual.GetCredential(newCtx(), nil)
assert.Nil(t, err)
assert.NotNil(t, credential)

Expand All @@ -447,22 +446,22 @@ func TestGetCredentialBySts(t *testing.T) {
actual := newProfile()

actual.Mode = StsToken
credential, err := actual.GetCredential(newCtx(), tea.String(""))
credential, err := actual.GetCredential(newCtx(), nil)
assert.Nil(t, credential)
assert.EqualError(t, err, "AccessKeyId cannot be empty")

actual.AccessKeyId = "akid"
credential, err = actual.GetCredential(newCtx(), tea.String(""))
credential, err = actual.GetCredential(newCtx(), nil)
assert.Nil(t, credential)
assert.EqualError(t, err, "AccessKeySecret cannot be empty")

actual.AccessKeySecret = "aksecret"
credential, err = actual.GetCredential(newCtx(), tea.String(""))
credential, err = actual.GetCredential(newCtx(), nil)
assert.Nil(t, credential)
assert.EqualError(t, err, "SecurityToken cannot be empty")

actual.StsToken = "ststoken"
credential, err = actual.GetCredential(newCtx(), tea.String(""))
credential, err = actual.GetCredential(newCtx(), nil)
assert.Nil(t, err)
assert.NotNil(t, credential)

Expand Down Expand Up @@ -501,7 +500,7 @@ func TestGetProfileWithChainable(t *testing.T) {
p.RamRoleArn = "acs:ram::test:role/test"
p.RoleSessionName = "sessionname"

c, err := p.GetCredential(newCtx(), tea.String(""))
c, err := p.GetCredential(newCtx(), nil)
assert.NotNil(t, c)
assert.Nil(t, err)
}
15 changes: 15 additions & 0 deletions integration/https_proxy.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
#!/bin/bash

export HTTPS_PROXY=https://1.2.3.4:8080/

cmd="aliyun sts GetCallerIdentity --access-key-id $ACCESS_KEY_ID --access-key-secret $ACCESS_KEY_SECRET --region $REGION_ID 2>&1"
g_var=$(eval $cmd)

err=$(echo $g_var | grep -i -e "proxyconnect tcp" -e "timeout")

if [[ $err == "" ]]
then
exit 1
fi

exit 0
4 changes: 2 additions & 2 deletions openapi/invoker.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ import (
"strings"
"time"

"github.com/alibabacloud-go/tea/tea"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
Expand All @@ -32,10 +31,11 @@ import (
)

func GetClient(cp *config.Profile, ctx *cli.Context) (client *sdk.Client, err error) {
credential, err := cp.GetCredential(ctx, tea.String(""))
credential, err := cp.GetCredential(ctx, nil)
if err != nil {
return
}

model, err := credential.GetCredential()
if err != nil {
return
Expand Down

0 comments on commit ba0f15a

Please sign in to comment.