From 819deff72e23b6d0c80f63602f6e1c7395f3f07f Mon Sep 17 00:00:00 2001 From: Yellow Shine Date: Mon, 7 Apr 2025 17:33:05 +0800 Subject: [PATCH] feat: support iam role way to get credential Signed-off-by: Yellow Shine --- auth.go | 40 ++++++++++++++++++++++++++++++++++++++++ go.mod | 4 +++- go.sum | 9 ++++++++- 3 files changed, 51 insertions(+), 2 deletions(-) diff --git a/auth.go b/auth.go index cd612e1..8d49a90 100644 --- a/auth.go +++ b/auth.go @@ -19,6 +19,8 @@ import ( "strings" "sync" "time" + + "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common" ) const ( @@ -332,6 +334,44 @@ type TransportIface interface { GetCredential() (string, string, string, error) } +type OidcCredentialTransport struct { + Transport http.RoundTripper +} + +func (t *OidcCredentialTransport) RoundTrip(req *http.Request) (*http.Response, error) { + // get credential and would refresh credential if expired + ak, sk, token, err := t.GetCredential() + if err != nil { + return nil, err + } + req = cloneRequest(req) + // 增加 Authorization header + authTime := NewAuthTime(defaultAuthExpire) + AddAuthorizationHeader(ak, sk, token, req, authTime) + + resp, err := t.transport().RoundTrip(req) + return resp, err +} + +func (t *OidcCredentialTransport) GetCredential() (string, string, string, error) { + provider, err := common.DefaultTkeOIDCRoleArnProvider() + if err != nil { + return "", "", "", err + } + credential, err := provider.GetCredential() + if err != nil { + return "", "", "", err + } + return credential.GetSecretId(), credential.GetSecretKey(), credential.GetToken(), nil +} + +func (t *OidcCredentialTransport) transport() http.RoundTripper { + if t.Transport != nil { + return t.Transport + } + return http.DefaultTransport +} + // AuthorizationTransport 给请求增加 Authorization header type AuthorizationTransport struct { SecretID string diff --git a/go.mod b/go.mod index 898feb0..a9b16ee 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,9 @@ require ( github.com/google/uuid v1.1.1 github.com/mitchellh/mapstructure v1.4.3 github.com/mozillazg/go-httpheader v0.2.1 + github.com/rs/dnscache v0.0.0-20230804202142-fc85eb664529 github.com/stretchr/testify v1.3.0 - github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.563 + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1129 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.563 + github.com/tencentyun/qcloud-cos-sts-sdk v0.0.0-20250331052146-438e09f9e7f9 ) diff --git a/go.sum b/go.sum index 5cd35c1..9203e2c 100644 --- a/go.sum +++ b/go.sum @@ -16,10 +16,17 @@ github.com/mozillazg/go-httpheader v0.2.1 h1:geV7TrjbL8KXSyvghnFm+NyTux/hxwueTSr github.com/mozillazg/go-httpheader v0.2.1/go.mod h1:jJ8xECTlalr6ValeXYdOF8fFUISeBAdw6E61aqQma60= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rs/dnscache v0.0.0-20230804202142-fc85eb664529 h1:18kd+8ZUlt/ARXhljq+14TwAoKa61q6dX8jtwOf6DH8= +github.com/rs/dnscache v0.0.0-20230804202142-fc85eb664529/go.mod h1:qe5TWALJ8/a1Lqznoc5BDHpYX/8HU60Hm2AwRmqzxqA= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.563 h1:2VDxTtn9dAqI2DnnvB9fXpPE4DblOmquyzmN2zxTD8A= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.563/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1129 h1:T9WMHYVasPNH3zcDNoaLL+9jUk04PcOZznDvJ6Dykr8= +github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1129/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.563 h1:FoX+MK4vHThvPO6FbP5q98zD8S3n+d5+DbtK7skl++c= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms v1.0.563/go.mod h1:uom4Nvi9W+Qkom0exYiJ9VWJjXwyxtPYTkKkaLMlfE0= +github.com/tencentyun/qcloud-cos-sts-sdk v0.0.0-20250331052146-438e09f9e7f9 h1:+nV6TVcD70k94aI/wTP5weLrgbXuxBDDRdo5musW/8A= +github.com/tencentyun/qcloud-cos-sts-sdk v0.0.0-20250331052146-438e09f9e7f9/go.mod h1:b18KQa4IxHbxeseW1GcZox53d7J0z39VNONTxvvlkXw= +golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=