credentials

package
v1.4.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 20, 2024 License: Apache-2.0 Imports: 17 Imported by: 65

Documentation

Overview

Package credentials is an alibaba cloud official credentials provider implementation

Index

Constants

View Source
const (
	// EnvVarAccessKeyId is a name of ALIBABA_CLOUD_ACCESS_KEY_Id
	EnvVarAccessKeyId    = "ALIBABA_CLOUD_ACCESS_KEY_Id"
	EnvVarAccessKeyIdNew = "ALIBABA_CLOUD_ACCESS_KEY_ID"
	// EnvVarAccessKeySecret is a name of ALIBABA_CLOUD_ACCESS_KEY_SECRET
	EnvVarAccessKeySecret = "ALIBABA_CLOUD_ACCESS_KEY_SECRET"
)
View Source
const (
	ENVCredentialFile          = "ALIBABA_CLOUD_CREDENTIALS_FILE"
	ENVEcsMetadata             = "ALIBABA_CLOUD_ECS_METADATA"
	ENVEcsMetadataIMDSv2Enable = "ALIBABA_CLOUD_ECS_IMDSV2_ENABLE"
	PATHCredentialFile         = "~/.alibabacloud/credentials"
	ENVRoleArn                 = "ALIBABA_CLOUD_ROLE_ARN"
	ENVOIDCProviderArn         = "ALIBABA_CLOUD_OIDC_PROVIDER_ARN"
	ENVOIDCTokenFile           = "ALIBABA_CLOUD_OIDC_TOKEN_FILE"
	ENVRoleSessionName         = "ALIBABA_CLOUD_ROLE_SESSION_NAME"
)

Environmental virables that may be used by the provider

Variables

This section is empty.

Functions

This section is empty.

Types

type BearerTokenCredential

type BearerTokenCredential struct {
	BearerToken string
}

BearerTokenCredential is a kind of credential

func (*BearerTokenCredential) GetAccessKeyId added in v0.0.2

func (b *BearerTokenCredential) GetAccessKeyId() (*string, error)

GetAccessKeyId is useless for BearerTokenCredential

func (*BearerTokenCredential) GetAccessKeySecret added in v0.0.2

func (b *BearerTokenCredential) GetAccessKeySecret() (*string, error)

GetAccessSecret is useless for BearerTokenCredential

func (*BearerTokenCredential) GetBearerToken

func (b *BearerTokenCredential) GetBearerToken() *string

GetBearerToken reutrns BearerTokenCredential's BearerToken

func (*BearerTokenCredential) GetCredential added in v1.3.1

func (s *BearerTokenCredential) GetCredential() (*CredentialModel, error)

func (*BearerTokenCredential) GetSecurityToken

func (b *BearerTokenCredential) GetSecurityToken() (*string, error)

GetSecurityToken is useless for BearerTokenCredential

func (*BearerTokenCredential) GetType

func (b *BearerTokenCredential) GetType() *string

GetType reutrns BearerTokenCredential's type

type Config added in v0.0.3

type Config struct {
	// Credential type, including access_key, sts, bearer, ecs_ram_role, ram_role_arn, rsa_key_pair, oidc_role_arn, credentials_uri
	Type            *string `json:"type"`
	AccessKeyId     *string `json:"access_key_id"`
	AccessKeySecret *string `json:"access_key_secret"`
	SecurityToken   *string `json:"security_token"`
	BearerToken     *string `json:"bearer_token"`

	// Used when the type is ram_role_arn or oidc_role_arn
	OIDCProviderArn       *string `json:"oidc_provider_arn"`
	OIDCTokenFilePath     *string `json:"oidc_token"`
	RoleArn               *string `json:"role_arn"`
	RoleSessionName       *string `json:"role_session_name"`
	RoleSessionExpiration *int    `json:"role_session_expiration"`
	Policy                *string `json:"policy"`
	ExternalId            *string `json:"external_id"`
	STSEndpoint           *string `json:"sts_endpoint"`

	// Used when the type is ecs_ram_role
	RoleName *string `json:"role_name"`
	// Deprecated
	EnableIMDSv2  *bool `json:"enable_imds_v2"`
	DisableIMDSv1 *bool `json:"disable_imds_v1"`
	// Deprecated
	MetadataTokenDuration *int `json:"metadata_token_duration"`

	// Used when the type is credentials_uri
	Url *string `json:"url"`

	// Deprecated
	// Used when the type is rsa_key_pair
	SessionExpiration *int    `json:"session_expiration"`
	PublicKeyId       *string `json:"public_key_id"`
	PrivateKeyFile    *string `json:"private_key_file"`
	Host              *string `json:"host"`

	// Read timeout, in milliseconds.
	// The default value for ecs_ram_role is 1000ms, the default value for ram_role_arn is 5000ms, and the default value for oidc_role_arn is 5000ms.
	Timeout *int `json:"timeout"`
	// Connection timeout, in milliseconds.
	// The default value for ecs_ram_role is 1000ms, the default value for ram_role_arn is 10000ms, and the default value for oidc_role_arn is 10000ms.
	ConnectTimeout *int `json:"connect_timeout"`

	Proxy          *string  `json:"proxy"`
	InAdvanceScale *float64 `json:"inAdvanceScale"`
}

Config is important when call NewCredential

func (Config) GoString added in v1.1.2

func (s Config) GoString() string

func (*Config) SetAccessKeyId added in v1.1.2

func (s *Config) SetAccessKeyId(v string) *Config

func (*Config) SetAccessKeySecret added in v1.1.2

func (s *Config) SetAccessKeySecret(v string) *Config

func (*Config) SetBearerToken added in v1.1.2

func (s *Config) SetBearerToken(v string) *Config

func (*Config) SetConnectTimeout added in v1.1.2

func (s *Config) SetConnectTimeout(v int) *Config

func (*Config) SetDisableIMDSv1 added in v1.3.10

func (s *Config) SetDisableIMDSv1(v bool) *Config

func (*Config) SetEnableIMDSv2 added in v1.3.4

func (s *Config) SetEnableIMDSv2(v bool) *Config

func (*Config) SetExternalId added in v1.3.11

func (s *Config) SetExternalId(v string) *Config

func (*Config) SetHost added in v1.1.2

func (s *Config) SetHost(v string) *Config

func (*Config) SetMetadataTokenDuration added in v1.3.4

func (s *Config) SetMetadataTokenDuration(v int) *Config

func (*Config) SetOIDCProviderArn added in v1.2.0

func (s *Config) SetOIDCProviderArn(v string) *Config

func (*Config) SetOIDCTokenFilePath added in v1.2.0

func (s *Config) SetOIDCTokenFilePath(v string) *Config

func (*Config) SetPolicy added in v1.1.2

func (s *Config) SetPolicy(v string) *Config

func (*Config) SetPrivateKeyFile added in v1.1.2

func (s *Config) SetPrivateKeyFile(v string) *Config

func (*Config) SetProxy added in v1.1.2

func (s *Config) SetProxy(v string) *Config

func (*Config) SetPublicKeyId added in v1.1.2

func (s *Config) SetPublicKeyId(v string) *Config

func (*Config) SetRoleArn added in v1.1.2

func (s *Config) SetRoleArn(v string) *Config

func (*Config) SetRoleName added in v1.1.2

func (s *Config) SetRoleName(v string) *Config

func (*Config) SetRoleSessionExpiration added in v1.1.2

func (s *Config) SetRoleSessionExpiration(v int) *Config

func (*Config) SetRoleSessionName added in v1.1.2

func (s *Config) SetRoleSessionName(v string) *Config

func (*Config) SetSTSEndpoint added in v1.2.7

func (s *Config) SetSTSEndpoint(v string) *Config

func (*Config) SetSecurityToken added in v1.1.2

func (s *Config) SetSecurityToken(v string) *Config

func (*Config) SetSessionExpiration added in v1.1.2

func (s *Config) SetSessionExpiration(v int) *Config

func (*Config) SetTimeout added in v1.1.2

func (s *Config) SetTimeout(v int) *Config

func (*Config) SetType added in v1.1.2

func (s *Config) SetType(v string) *Config

func (*Config) SetURLCredential added in v1.2.0

func (s *Config) SetURLCredential(v string) *Config

func (Config) String added in v1.1.2

func (s Config) String() string

type Credential

type Credential interface {
	// Deprecated: GetAccessKeyId is deprecated, use GetCredential instead of.
	GetAccessKeyId() (*string, error)
	// Deprecated: GetAccessKeySecret is deprecated, use GetCredential instead of.
	GetAccessKeySecret() (*string, error)
	// Deprecated: GetSecurityToken is deprecated, use GetCredential instead of.
	GetSecurityToken() (*string, error)
	GetBearerToken() *string
	GetType() *string
	GetCredential() (*CredentialModel, error)
}

Credential is an interface for getting actual credential

func FromCredentialsProvider added in v1.4.0

func FromCredentialsProvider(typeName string, cp providers.CredentialsProvider) Credential

func NewCredential

func NewCredential(config *Config) (credential Credential, err error)

NewCredential return a credential according to the type in config. if config is nil, the function will use default provider chain to get credentials. please see README.md for detail.

type CredentialModel added in v1.3.1

type CredentialModel struct {
	// accesskey id
	AccessKeyId *string `json:"accessKeyId,omitempty" xml:"accessKeyId,omitempty"`
	// accesskey secret
	AccessKeySecret *string `json:"accessKeySecret,omitempty" xml:"accessKeySecret,omitempty"`
	// security token
	SecurityToken *string `json:"securityToken,omitempty" xml:"securityToken,omitempty"`
	// bearer token
	BearerToken *string `json:"bearerToken,omitempty" xml:"bearerToken,omitempty"`
	// type
	Type *string `json:"type,omitempty" xml:"type,omitempty"`
}

CredentialModel is a model

func (CredentialModel) GoString added in v1.3.1

func (s CredentialModel) GoString() string

func (*CredentialModel) SetAccessKeyId added in v1.3.1

func (s *CredentialModel) SetAccessKeyId(v string) *CredentialModel

func (*CredentialModel) SetAccessKeySecret added in v1.3.1

func (s *CredentialModel) SetAccessKeySecret(v string) *CredentialModel

func (*CredentialModel) SetBearerToken added in v1.3.1

func (s *CredentialModel) SetBearerToken(v string) *CredentialModel

func (*CredentialModel) SetSecurityToken added in v1.3.1

func (s *CredentialModel) SetSecurityToken(v string) *CredentialModel

func (*CredentialModel) SetType added in v1.3.1

func (s *CredentialModel) SetType(v string) *CredentialModel

func (CredentialModel) String added in v1.3.1

func (s CredentialModel) String() string

type ECSRAMRoleCredentialsProvider added in v1.3.7

type ECSRAMRoleCredentialsProvider struct {
	RoleName              string
	EnableIMDSv2          bool
	MetadataTokenDuration int
	// contains filtered or unexported fields
}

ECSRAMRoleCredentialsProvider is a kind of credentials provider

func (*ECSRAMRoleCredentialsProvider) GetAccessKeyId added in v1.3.7

func (e *ECSRAMRoleCredentialsProvider) GetAccessKeyId() (accessKeyId *string, err error)

GetAccessKeyId reutrns EcsRAMRoleCredential's AccessKeyId if AccessKeyId is not exist or out of date, the function will update it.

func (*ECSRAMRoleCredentialsProvider) GetAccessKeySecret added in v1.3.7

func (e *ECSRAMRoleCredentialsProvider) GetAccessKeySecret() (accessKeySecret *string, err error)

GetAccessSecret reutrns EcsRAMRoleCredential's AccessKeySecret if AccessKeySecret is not exist or out of date, the function will update it.

func (*ECSRAMRoleCredentialsProvider) GetBearerToken added in v1.3.7

func (e *ECSRAMRoleCredentialsProvider) GetBearerToken() *string

GetBearerToken is useless for EcsRAMRoleCredential

func (*ECSRAMRoleCredentialsProvider) GetCredential added in v1.3.7

func (e *ECSRAMRoleCredentialsProvider) GetCredential() (credentials *CredentialModel, err error)

func (*ECSRAMRoleCredentialsProvider) GetSecurityToken added in v1.3.7

func (e *ECSRAMRoleCredentialsProvider) GetSecurityToken() (securityToken *string, err error)

GetSecurityToken reutrns EcsRAMRoleCredential's SecurityToken if SecurityToken is not exist or out of date, the function will update it.

func (*ECSRAMRoleCredentialsProvider) GetType added in v1.3.7

func (e *ECSRAMRoleCredentialsProvider) GetType() *string

GetType reutrns EcsRAMRoleCredential's type

type Provider

type Provider interface {
	// contains filtered or unexported methods
}

Provider will be implemented When you want to customize the provider.

type RAMRoleArnCredentialsProvider added in v1.3.7

type RAMRoleArnCredentialsProvider struct {
	AccessKeyId           string
	AccessKeySecret       string
	SecurityToken         string
	RoleArn               string
	RoleSessionName       string
	RoleSessionExpiration int
	Policy                string
	ExternalId            string
	// contains filtered or unexported fields
}

RAMRoleArnCredentialsProvider is a kind of credentials

func (*RAMRoleArnCredentialsProvider) GetAccessKeyId added in v1.3.7

func (r *RAMRoleArnCredentialsProvider) GetAccessKeyId() (accessKeyId *string, err error)

GetAccessKeyId reutrns RAMRoleArnCredentialsProvider's AccessKeyId if AccessKeyId is not exist or out of date, the function will update it.

func (*RAMRoleArnCredentialsProvider) GetAccessKeySecret added in v1.3.7

func (r *RAMRoleArnCredentialsProvider) GetAccessKeySecret() (accessKeySecret *string, err error)

GetAccessSecret reutrns RAMRoleArnCredentialsProvider's AccessKeySecret if AccessKeySecret is not exist or out of date, the function will update it.

func (*RAMRoleArnCredentialsProvider) GetBearerToken added in v1.3.7

func (r *RAMRoleArnCredentialsProvider) GetBearerToken() *string

GetBearerToken is useless RAMRoleArnCredentialsProvider

func (*RAMRoleArnCredentialsProvider) GetCredential added in v1.3.7

func (e *RAMRoleArnCredentialsProvider) GetCredential() (*CredentialModel, error)

func (*RAMRoleArnCredentialsProvider) GetSecurityToken added in v1.3.7

func (r *RAMRoleArnCredentialsProvider) GetSecurityToken() (securityToken *string, err error)

GetSecurityToken reutrns RAMRoleArnCredentialsProvider's SecurityToken if SecurityToken is not exist or out of date, the function will update it.

func (*RAMRoleArnCredentialsProvider) GetType added in v1.3.7

func (r *RAMRoleArnCredentialsProvider) GetType() *string

GetType reutrns RAMRoleArnCredentialsProvider's type

type RsaKeyPairCredentialsProvider deprecated added in v1.3.7

type RsaKeyPairCredentialsProvider struct {
	PrivateKey        string
	PublicKeyId       string
	SessionExpiration int
	// contains filtered or unexported fields
}

Deprecated: no more recommend to use it RsaKeyPairCredentialsProvider is a kind of credentials provider

func (*RsaKeyPairCredentialsProvider) GetAccessKeyId added in v1.3.7

func (r *RsaKeyPairCredentialsProvider) GetAccessKeyId() (accessKeyId *string, err error)

GetAccessKeyId reutrns RsaKeyPairCredential's AccessKeyId if AccessKeyId is not exist or out of date, the function will update it.

func (*RsaKeyPairCredentialsProvider) GetAccessKeySecret added in v1.3.7

func (r *RsaKeyPairCredentialsProvider) GetAccessKeySecret() (accessKeySecret *string, err error)

GetAccessSecret reutrns RsaKeyPairCredential's AccessKeySecret if AccessKeySecret is not exist or out of date, the function will update it.

func (*RsaKeyPairCredentialsProvider) GetBearerToken added in v1.3.7

func (r *RsaKeyPairCredentialsProvider) GetBearerToken() *string

GetBearerToken is useless for RsaKeyPairCredential

func (*RsaKeyPairCredentialsProvider) GetCredential added in v1.3.7

func (e *RsaKeyPairCredentialsProvider) GetCredential() (*CredentialModel, error)

func (*RsaKeyPairCredentialsProvider) GetSecurityToken added in v1.3.7

func (r *RsaKeyPairCredentialsProvider) GetSecurityToken() (*string, error)

GetSecurityToken is useless RsaKeyPairCredential

func (*RsaKeyPairCredentialsProvider) GetType added in v1.3.7

func (r *RsaKeyPairCredentialsProvider) GetType() *string

GetType reutrns RsaKeyPairCredential's type

type URLCredentialsProvider added in v1.3.7

type URLCredentialsProvider struct {
	URL string
	// contains filtered or unexported fields
}

URLCredential is a kind of credential

func (*URLCredentialsProvider) GetAccessKeyId added in v1.3.7

func (e *URLCredentialsProvider) GetAccessKeyId() (accessKeyId *string, err error)

GetAccessKeyId reutrns URLCredential's AccessKeyId if AccessKeyId is not exist or out of date, the function will update it.

func (*URLCredentialsProvider) GetAccessKeySecret added in v1.3.7

func (e *URLCredentialsProvider) GetAccessKeySecret() (accessKeySecret *string, err error)

GetAccessSecret reutrns URLCredential's AccessKeySecret if AccessKeySecret is not exist or out of date, the function will update it.

func (*URLCredentialsProvider) GetBearerToken added in v1.3.7

func (e *URLCredentialsProvider) GetBearerToken() *string

GetBearerToken is useless for URLCredential

func (*URLCredentialsProvider) GetCredential added in v1.3.7

func (e *URLCredentialsProvider) GetCredential() (*CredentialModel, error)

func (*URLCredentialsProvider) GetSecurityToken added in v1.3.7

func (e *URLCredentialsProvider) GetSecurityToken() (securityToken *string, err error)

GetSecurityToken reutrns URLCredential's SecurityToken if SecurityToken is not exist or out of date, the function will update it.

func (*URLCredentialsProvider) GetType added in v1.3.7

func (e *URLCredentialsProvider) GetType() *string

GetType reutrns URLCredential's type

type URLResponse added in v1.2.0

type URLResponse struct {
	AccessKeyId     string `json:"AccessKeyId" xml:"AccessKeyId"`
	AccessKeySecret string `json:"AccessKeySecret" xml:"AccessKeySecret"`
	SecurityToken   string `json:"SecurityToken" xml:"SecurityToken"`
	Expiration      string `json:"Expiration" xml:"Expiration"`
}

Directories

Path Synopsis
internal
Package request is used for internal.
Package request is used for internal.
Package request is used for internal.
Package request is used for internal.
Package request is used for internal.
Package request is used for internal.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL