default.go raw

   1  package providers
   2  
   3  import (
   4  	"fmt"
   5  	"os"
   6  	"strings"
   7  )
   8  
   9  type DefaultCredentialsProvider struct {
  10  	providerChain    []CredentialsProvider
  11  	lastUsedProvider CredentialsProvider
  12  }
  13  
  14  func NewDefaultCredentialsProvider() (provider *DefaultCredentialsProvider) {
  15  	providers := []CredentialsProvider{}
  16  
  17  	// Add static ak or sts credentials provider
  18  	envProvider, err := NewEnvironmentVariableCredentialsProviderBuilder().Build()
  19  	if err == nil {
  20  		providers = append(providers, envProvider)
  21  	}
  22  
  23  	// oidc check
  24  	oidcProvider, err := NewOIDCCredentialsProviderBuilder().Build()
  25  	if err == nil {
  26  		providers = append(providers, oidcProvider)
  27  	}
  28  
  29  	// cli credentials provider
  30  	cliProfileProvider, err := NewCLIProfileCredentialsProviderBuilder().Build()
  31  	if err == nil {
  32  		providers = append(providers, cliProfileProvider)
  33  	}
  34  
  35  	// profile credentials provider
  36  	profileProvider, err := NewProfileCredentialsProviderBuilder().Build()
  37  	if err == nil {
  38  		providers = append(providers, profileProvider)
  39  	}
  40  
  41  	// Add IMDS
  42  	ecsRamRoleProvider, err := NewECSRAMRoleCredentialsProviderBuilder().Build()
  43  	if err == nil {
  44  		providers = append(providers, ecsRamRoleProvider)
  45  	}
  46  
  47  	// credentials uri
  48  	if os.Getenv("ALIBABA_CLOUD_CREDENTIALS_URI") != "" {
  49  		credentialsUriProvider, err := NewURLCredentialsProviderBuilder().Build()
  50  		if err == nil {
  51  			providers = append(providers, credentialsUriProvider)
  52  		}
  53  	}
  54  
  55  	return &DefaultCredentialsProvider{
  56  		providerChain: providers,
  57  	}
  58  }
  59  
  60  func (provider *DefaultCredentialsProvider) GetCredentials() (cc *Credentials, err error) {
  61  	if provider.lastUsedProvider != nil {
  62  		inner, err1 := provider.lastUsedProvider.GetCredentials()
  63  		if err1 != nil {
  64  			err = err1
  65  			return
  66  		}
  67  
  68  		providerName := inner.ProviderName
  69  		if providerName == "" {
  70  			providerName = provider.lastUsedProvider.GetProviderName()
  71  		}
  72  
  73  		cc = &Credentials{
  74  			AccessKeyId:     inner.AccessKeyId,
  75  			AccessKeySecret: inner.AccessKeySecret,
  76  			SecurityToken:   inner.SecurityToken,
  77  			ProviderName:    fmt.Sprintf("%s/%s", provider.GetProviderName(), providerName),
  78  		}
  79  		return
  80  	}
  81  
  82  	errors := []string{}
  83  	for _, p := range provider.providerChain {
  84  		provider.lastUsedProvider = p
  85  		inner, errInLoop := p.GetCredentials()
  86  		if errInLoop != nil {
  87  			errors = append(errors, errInLoop.Error())
  88  			// 如果有错误，进入下一个获取过程
  89  			continue
  90  		}
  91  
  92  		if inner != nil {
  93  			providerName := inner.ProviderName
  94  			if providerName == "" {
  95  				providerName = p.GetProviderName()
  96  			}
  97  			cc = &Credentials{
  98  				AccessKeyId:     inner.AccessKeyId,
  99  				AccessKeySecret: inner.AccessKeySecret,
 100  				SecurityToken:   inner.SecurityToken,
 101  				ProviderName:    fmt.Sprintf("%s/%s", provider.GetProviderName(), providerName),
 102  			}
 103  			return
 104  		}
 105  	}
 106  
 107  	err = fmt.Errorf("unable to get credentials from any of the providers in the chain: %s", strings.Join(errors, ", "))
 108  	return
 109  }
 110  
 111  func (provider *DefaultCredentialsProvider) GetProviderName() string {
 112  	return "default"
 113  }
 114