diff --git a/credentials/ecs_ram_role_credentials_provider.go b/credentials/ecs_ram_role_credentials_provider.go index 343c569..70a0520 100644 --- a/credentials/ecs_ram_role_credentials_provider.go +++ b/credentials/ecs_ram_role_credentials_provider.go @@ -50,65 +50,62 @@ func newEcsRAMRoleCredentialWithEnableIMDSv2(roleName string, enableIMDSv2 bool, } } -func (e *ECSRAMRoleCredentialsProvider) GetCredential() (*CredentialModel, error) { +func (e *ECSRAMRoleCredentialsProvider) GetCredential() (credentials *CredentialModel, err error) { if e.sessionCredential == nil || e.needUpdateCredential() { - err := e.updateCredential() + err = e.updateCredential() if err != nil { - return nil, err + if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) { + // 虽然有错误,但是已有的 credentials 还有效 + } else { + return + } } } - credential := &CredentialModel{ + + credentials = &CredentialModel{ AccessKeyId: tea.String(e.sessionCredential.AccessKeyId), AccessKeySecret: tea.String(e.sessionCredential.AccessKeySecret), SecurityToken: tea.String(e.sessionCredential.SecurityToken), Type: tea.String("ecs_ram_role"), } - return credential, nil + + return } // GetAccessKeyId reutrns EcsRAMRoleCredential's AccessKeyId // if AccessKeyId is not exist or out of date, the function will update it. -func (e *ECSRAMRoleCredentialsProvider) GetAccessKeyId() (*string, error) { - if e.sessionCredential == nil || e.needUpdateCredential() { - err := e.updateCredential() - if err != nil { - if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) { - return &e.sessionCredential.AccessKeyId, nil - } - return tea.String(""), err - } +func (e *ECSRAMRoleCredentialsProvider) GetAccessKeyId() (accessKeyId *string, err error) { + c, err := e.GetCredential() + if err != nil { + return } - return tea.String(e.sessionCredential.AccessKeyId), nil + + accessKeyId = c.AccessKeyId + return } // GetAccessSecret reutrns EcsRAMRoleCredential's AccessKeySecret // if AccessKeySecret is not exist or out of date, the function will update it. -func (e *ECSRAMRoleCredentialsProvider) GetAccessKeySecret() (*string, error) { - if e.sessionCredential == nil || e.needUpdateCredential() { - err := e.updateCredential() - if err != nil { - if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) { - return &e.sessionCredential.AccessKeySecret, nil - } - return tea.String(""), err - } +func (e *ECSRAMRoleCredentialsProvider) GetAccessKeySecret() (accessKeySecret *string, err error) { + c, err := e.GetCredential() + if err != nil { + return } - return tea.String(e.sessionCredential.AccessKeySecret), nil + + accessKeySecret = c.AccessKeySecret + return } // GetSecurityToken reutrns EcsRAMRoleCredential's SecurityToken // if SecurityToken is not exist or out of date, the function will update it. -func (e *ECSRAMRoleCredentialsProvider) GetSecurityToken() (*string, error) { - if e.sessionCredential == nil || e.needUpdateCredential() { - err := e.updateCredential() - if err != nil { - if e.credentialExpiration > (int(time.Now().Unix()) - int(e.lastUpdateTimestamp)) { - return &e.sessionCredential.SecurityToken, nil - } - return tea.String(""), err - } +func (e *ECSRAMRoleCredentialsProvider) GetSecurityToken() (securityToken *string, err error) { + c, err := e.GetCredential() + if err != nil { + return } - return tea.String(e.sessionCredential.SecurityToken), nil + + securityToken = c.SecurityToken + return } // GetBearerToken is useless for EcsRAMRoleCredential diff --git a/credentials/ecs_ram_role_credentials_provider_test.go b/credentials/ecs_ram_role_credentials_provider_test.go index af1685c..1d2c998 100644 --- a/credentials/ecs_ram_role_credentials_provider_test.go +++ b/credentials/ecs_ram_role_credentials_provider_test.go @@ -27,7 +27,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) { accesskeyId, err := auth.GetAccessKeyId() assert.NotNil(t, err) assert.Equal(t, "refresh Ecs sts token err: sdk test", err.Error()) - assert.Equal(t, "", *accesskeyId) + assert.Nil(t, accesskeyId) hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { return func(req *http.Request) (*http.Response, error) { @@ -37,17 +37,17 @@ func Test_EcsRAmRoleCredential(t *testing.T) { accesskeyId, err = auth.GetAccessKeyId() assert.NotNil(t, err) assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error()) - assert.Equal(t, "", *accesskeyId) + assert.Nil(t, accesskeyId) accesskeySecret, err := auth.GetAccessKeySecret() assert.NotNil(t, err) assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error()) - assert.Equal(t, "", *accesskeySecret) + assert.Nil(t, accesskeySecret) ststoken, err := auth.GetSecurityToken() assert.NotNil(t, err) assert.Equal(t, "refresh Ecs sts token err: httpStatus: 300, message = ", err.Error()) - assert.Equal(t, "", *ststoken) + assert.Nil(t, ststoken) assert.Equal(t, "", *auth.GetBearerToken()) @@ -80,7 +80,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) { accesskeyId, err = auth.GetAccessKeyId() assert.NotNil(t, err) assert.Equal(t, "refresh Ecs sts token err: Json Unmarshal fail: invalid character ':' after top-level value", err.Error()) - assert.Equal(t, "", *accesskeyId) + assert.Nil(t, accesskeyId) hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { return func(req *http.Request) (*http.Response, error) { @@ -90,7 +90,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) { accesskeyId, err = auth.GetAccessKeyId() assert.NotNil(t, err) assert.Equal(t, "refresh Ecs sts token err: Code is not Success", err.Error()) - assert.Equal(t, "", *accesskeyId) + assert.Nil(t, accesskeyId) hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { return func(req *http.Request) (*http.Response, error) { @@ -100,7 +100,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) { accesskeyId, err = auth.GetAccessKeyId() assert.NotNil(t, err) assert.Equal(t, "refresh Ecs sts token err: AccessKeyId: , AccessKeySecret: accessKeySecret, SecurityToken: securitytoken, Expiration: expiration", err.Error()) - assert.Equal(t, "", *accesskeyId) + assert.Nil(t, accesskeyId) hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { return func(req *http.Request) (*http.Response, error) { @@ -140,7 +140,7 @@ func Test_EcsRAmRoleCredential(t *testing.T) { }() accesskeyId, err = auth.GetAccessKeyId() assert.Equal(t, "refresh Ecs sts token err: error parse", err.Error()) - assert.Equal(t, "", *accesskeyId) + assert.Nil(t, accesskeyId) } func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) { @@ -156,19 +156,19 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) { accesskeyId, err := auth.GetAccessKeyId() assert.NotNil(t, err) assert.Equal(t, "refresh Ecs sts token err: sdk test", err.Error()) - assert.Equal(t, "", *accesskeyId) + assert.Nil(t, accesskeyId) auth = newEcsRAMRoleCredentialWithEnableIMDSv2("go sdk", true, 0, 0.5, nil) accesskeyId, err = auth.GetAccessKeyId() assert.NotNil(t, err) assert.Equal(t, "failed to get token from ECS Metadata Service: sdk test", err.Error()) - assert.Equal(t, "", *accesskeyId) + assert.Nil(t, accesskeyId) auth = newEcsRAMRoleCredentialWithEnableIMDSv2("go sdk", true, 180, 0.5, nil) accesskeyId, err = auth.GetAccessKeyId() assert.NotNil(t, err) assert.Equal(t, "failed to get token from ECS Metadata Service: sdk test", err.Error()) - assert.Equal(t, "", *accesskeyId) + assert.Nil(t, accesskeyId) hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { return func(req *http.Request) (*http.Response, error) { @@ -178,7 +178,7 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) { accesskeyId, err = auth.GetAccessKeyId() assert.NotNil(t, err) assert.Equal(t, "failed to get token from ECS Metadata Service: httpStatus: 300, message = ", err.Error()) - assert.Equal(t, "", *accesskeyId) + assert.Nil(t, accesskeyId) hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { return func(req *http.Request) (*http.Response, error) { @@ -207,7 +207,7 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) { accesskeyId, err = auth.GetAccessKeyId() assert.NotNil(t, err) assert.Equal(t, "refresh Ecs sts token err: Json Unmarshal fail: invalid character ':' after top-level value", err.Error()) - assert.Equal(t, "", *accesskeyId) + assert.Nil(t, accesskeyId) hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { return func(req *http.Request) (*http.Response, error) { @@ -217,7 +217,7 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) { accesskeyId, err = auth.GetAccessKeyId() assert.NotNil(t, err) assert.Equal(t, "refresh Ecs sts token err: Code is not Success", err.Error()) - assert.Equal(t, "", *accesskeyId) + assert.Nil(t, accesskeyId) hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { return func(req *http.Request) (*http.Response, error) { @@ -227,7 +227,7 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) { accesskeyId, err = auth.GetAccessKeyId() assert.NotNil(t, err) assert.Equal(t, "refresh Ecs sts token err: AccessKeyId: , AccessKeySecret: accessKeySecret, SecurityToken: securitytoken, Expiration: expiration", err.Error()) - assert.Equal(t, "", *accesskeyId) + assert.Nil(t, accesskeyId) hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) { return func(req *http.Request) (*http.Response, error) { @@ -267,5 +267,5 @@ func Test_EcsRAmRoleCredentialEnableIMDSv2(t *testing.T) { }() accesskeyId, err = auth.GetAccessKeyId() assert.Equal(t, "refresh Ecs sts token err: error parse", err.Error()) - assert.Equal(t, "", *accesskeyId) + assert.Nil(t, accesskeyId) }