oidc_credential_provider.go raw

   1  package credentials
   2  
   3  import (
   4  	"os"
   5  
   6  	"github.com/alibabacloud-go/tea/tea"
   7  )
   8  
   9  type oidcCredentialsProvider struct{}
  10  
  11  var providerOIDC = new(oidcCredentialsProvider)
  12  
  13  func newOidcCredentialsProvider() Provider {
  14  	return &oidcCredentialsProvider{}
  15  }
  16  
  17  func (p *oidcCredentialsProvider) resolve() (*Config, error) {
  18  	roleArn, ok1 := os.LookupEnv(ENVRoleArn)
  19  	oidcProviderArn, ok2 := os.LookupEnv(ENVOIDCProviderArn)
  20  	oidcTokenFilePath, ok3 := os.LookupEnv(ENVOIDCTokenFile)
  21  	if !ok1 || !ok2 || !ok3 {
  22  		return nil, nil
  23  	}
  24  
  25  	config := &Config{
  26  		Type:              tea.String("oidc_role_arn"),
  27  		RoleArn:           tea.String(roleArn),
  28  		OIDCProviderArn:   tea.String(oidcProviderArn),
  29  		OIDCTokenFilePath: tea.String(oidcTokenFilePath),
  30  		RoleSessionName:   tea.String("defaultSessionName"),
  31  	}
  32  	roleSessionName, ok := os.LookupEnv(ENVRoleSessionName)
  33  	if ok {
  34  		config.RoleSessionName = tea.String(roleSessionName)
  35  	}
  36  	return config, nil
  37  }
  38