From 8543e22507d0bc947f02177d26fed8cdcac34811 Mon Sep 17 00:00:00 2001 From: zpp <865287328@qq.com> Date: Wed, 4 Sep 2024 16:28:44 +0800 Subject: [PATCH] feat: support OIDC credentials provider into default credentials provider chain. --- .../Auth/Provider/DefaultCredentialProvider.cs | 15 +++++++++++++++ aliyun-net-sdk-core/Utils/EnvironmentUtil.cs | 18 ++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/aliyun-net-sdk-core/Auth/Provider/DefaultCredentialProvider.cs b/aliyun-net-sdk-core/Auth/Provider/DefaultCredentialProvider.cs index 235c4a849a..0ab510ab6b 100644 --- a/aliyun-net-sdk-core/Auth/Provider/DefaultCredentialProvider.cs +++ b/aliyun-net-sdk-core/Auth/Provider/DefaultCredentialProvider.cs @@ -39,6 +39,8 @@ public class DefaultCredentialProvider private string regionId; private string roleArn; private string roleName; + private string oidcProviderArn; + private string oidcTokenFile; public DefaultCredentialProvider() { @@ -55,6 +57,9 @@ AlibabaCloudCredentialsProvider alibabaCloudCredentialProvider credentialFileLocation = EnvironmentUtil.GetEnvironmentCredentialFile(); roleName = EnvironmentUtil.GetEnvironmentRoleName(); defaultProfile = profile; + roleArn = EnvironmentUtil.GetEnvironmentRoleArn(); + oidcProviderArn = EnvironmentUtil.GetEnvironmentOIDCProviderArn(); + oidcTokenFile = EnvironmentUtil.GetEnvironmentOIDCTokenFile(); this.alibabaCloudCredentialProvider = alibabaCloudCredentialProvider; } @@ -75,6 +80,7 @@ AlibabaCloudCredentialsProvider alibabaCloudCredentialsProvider public AlibabaCloudCredentials GetAlibabaCloudClientCredential() { var credential = GetEnvironmentAlibabaCloudCredential() ?? + GetOIDCAlibabaCloudCredentials() ?? GetCredentialFileAlibabaCloudCredential() ?? GetInstanceRamRoleAlibabaCloudCredential(); @@ -86,6 +92,15 @@ public AlibabaCloudCredentials GetAlibabaCloudClientCredential() return credential; } + public AlibabaCloudCredentials GetOIDCAlibabaCloudCredentials() + { + if (string.IsNullOrEmpty(oidcProviderArn) || string.IsNullOrEmpty(roleArn) || string.IsNullOrEmpty(oidcTokenFile)) + { + return null; + } + return new OIDCCredentialsProvider(roleArn, oidcProviderArn, oidcTokenFile, "java-sdk-v1-default-rsn", null).GetCredentials(); + } + public AlibabaCloudCredentials GetEnvironmentAlibabaCloudCredential() { if (null == accessKeyId || null == accessKeySecret) diff --git a/aliyun-net-sdk-core/Utils/EnvironmentUtil.cs b/aliyun-net-sdk-core/Utils/EnvironmentUtil.cs index 286919323a..5f99232947 100644 --- a/aliyun-net-sdk-core/Utils/EnvironmentUtil.cs +++ b/aliyun-net-sdk-core/Utils/EnvironmentUtil.cs @@ -28,6 +28,9 @@ public class EnvironmentUtil private static readonly string ENV_REGION_ID = "ALIBABA_CLOUD_REGION_ID"; private static readonly string ENV_CREDENTIAL_FILE = "ALIBABA_CLOUD_CREDENTIALS_FILE"; private static readonly string ENV_ROLE_NAME = "ALIBABA_CLOUD_ECS_METADATA"; + private static readonly string ENV_ROLE_ARN = "ALIBABA_CLOUD_ROLE_ARN"; + private static readonly string ENV_OIDC_PROVIDER_ARN = "ALIBABA_CLOUD_OIDC_PROVIDER_ARN"; + private static readonly string ENV_OIDC_TOKEN_FILE = "ALIBABA_CLOUD_OIDC_TOKEN_FILE"; public static string GetHomePath() { @@ -68,6 +71,21 @@ public static string GetEnvironmentRoleName() return Environment.GetEnvironmentVariable(ENV_ROLE_NAME) ?? null; } + public static string GetEnvironmentRoleArn() + { + return Environment.GetEnvironmentVariable(ENV_ROLE_ARN) ?? null; + } + + public static string GetEnvironmentOIDCProviderArn() + { + return Environment.GetEnvironmentVariable(ENV_OIDC_PROVIDER_ARN) ?? null; + } + + public static string GetEnvironmentOIDCTokenFile() + { + return Environment.GetEnvironmentVariable(ENV_OIDC_TOKEN_FILE) ?? null; + } + public static string GetComposedPath(string homePath, string slash) { return homePath + slash + ".alibabacloud" + slash + "credentials.ini";