Skip to content

Commit

Permalink
feat: support external id for ram role arn
Browse files Browse the repository at this point in the history
  • Loading branch information
yndu13 authored and JacksonTian committed Jun 6, 2023
1 parent ca9459b commit 03a0fa7
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 1 deletion.
11 changes: 10 additions & 1 deletion credentials/credential.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ type Config struct {
InAdvanceScale *float64 `json:"inAdvanceScale"`
Url *string `json:"url"`
STSEndpoint *string `json:"sts_endpoint"`
ExternalId *string `json:"external_id"`
}

func (s Config) String() string {
Expand Down Expand Up @@ -234,7 +235,15 @@ func NewCredential(config *Config) (credential Credential, err error) {
ConnectTimeout: tea.IntValue(config.ConnectTimeout),
STSEndpoint: tea.StringValue(config.STSEndpoint),
}
credential = newRAMRoleArnCredential(tea.StringValue(config.AccessKeyId), tea.StringValue(config.AccessKeySecret), tea.StringValue(config.RoleArn), tea.StringValue(config.RoleSessionName), tea.StringValue(config.Policy), tea.IntValue(config.RoleSessionExpiration), runtime)
credential = newRAMRoleArnWithExternalIdCredential(
tea.StringValue(config.AccessKeyId),
tea.StringValue(config.AccessKeySecret),
tea.StringValue(config.RoleArn),
tea.StringValue(config.RoleSessionName),
tea.StringValue(config.Policy),
tea.IntValue(config.RoleSessionExpiration),
tea.StringValue(config.ExternalId),
runtime)
case "rsa_key_pair":
err = checkRSAKeyPair(config)
if err != nil {
Expand Down
18 changes: 18 additions & 0 deletions credentials/sts_role_arn_credential.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ type RAMRoleArnCredential struct {
RoleSessionName string
RoleSessionExpiration int
Policy string
ExternalId string
sessionCredential *sessionCredential
runtime *utils.Runtime
}
Expand Down Expand Up @@ -51,6 +52,20 @@ func newRAMRoleArnCredential(accessKeyId, accessKeySecret, roleArn, roleSessionN
}
}

func newRAMRoleArnWithExternalIdCredential(accessKeyId, accessKeySecret, roleArn, roleSessionName, policy string, roleSessionExpiration int, externalId string, runtime *utils.Runtime) *RAMRoleArnCredential {
return &RAMRoleArnCredential{
AccessKeyId: accessKeyId,
AccessKeySecret: accessKeySecret,
RoleArn: roleArn,
RoleSessionName: roleSessionName,
RoleSessionExpiration: roleSessionExpiration,
Policy: policy,
ExternalId: externalId,
credentialUpdater: new(credentialUpdater),
runtime: runtime,
}
}

// GetAccessKeyId reutrns RamRoleArnCredential's AccessKeyId
// if AccessKeyId is not exist or out of date, the function will update it.
func (r *RAMRoleArnCredential) GetAccessKeyId() (*string, error) {
Expand Down Expand Up @@ -125,6 +140,9 @@ func (r *RAMRoleArnCredential) updateCredential() (err error) {
if r.Policy != "" {
request.QueryParams["Policy"] = r.Policy
}
if r.ExternalId != "" {
request.QueryParams["ExternalId"] = r.ExternalId
}
request.QueryParams["RoleSessionName"] = r.RoleSessionName
request.QueryParams["SignatureMethod"] = "HMAC-SHA1"
request.QueryParams["SignatureVersion"] = "1.0"
Expand Down
18 changes: 18 additions & 0 deletions credentials/sts_role_arn_credential_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,4 +133,22 @@ func Test_RoleArnCredential(t *testing.T) {
assert.NotNil(t, err)
assert.Equal(t, "refresh RoleArn sts token err: Credentials is empty", err.Error())
assert.Equal(t, "", *accesskeyId)

auth = newRAMRoleArnWithExternalIdCredential("accessKeyId", "accessKeySecret", "roleArn", "roleSessionName", "policy", 3600, "externalId", nil)
hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
return func(req *http.Request) (*http.Response, error) {
return mockResponse(200, `{"Credentials":{"AccessKeyId":"accessKeyId","AccessKeySecret":"accessKeySecret","SecurityToken":"securitytoken","Expiration":"2020-01-02T15:04:05Z"}}`, nil)
}
}
accesskeyId, err = auth.GetAccessKeyId()
assert.Nil(t, err)
assert.Equal(t, "accessKeyId", *accesskeyId)

accesskeySecret, err = auth.GetAccessKeySecret()
assert.Nil(t, err)
assert.Equal(t, "accessKeySecret", *accesskeySecret)

ststoken, err = auth.GetSecurityToken()
assert.Nil(t, err)
assert.Equal(t, "securitytoken", *ststoken)
}

0 comments on commit 03a0fa7

Please sign in to comment.