diff --git a/aliyun-net-sdk-core.Tests/Units/Auth/Provider/DefaultCredentialProviderTest.cs b/aliyun-net-sdk-core.Tests/Units/Auth/Provider/DefaultCredentialProviderTest.cs index 55c3162a6..d2daad123 100644 --- a/aliyun-net-sdk-core.Tests/Units/Auth/Provider/DefaultCredentialProviderTest.cs +++ b/aliyun-net-sdk-core.Tests/Units/Auth/Provider/DefaultCredentialProviderTest.cs @@ -51,6 +51,20 @@ public void GetAlibabaCloudClientCredentialWithException() Assert.Equal("There is no credential chain can use.", exception.Message); } + [Fact] + public void GetCredentialWithException() + { + var provider = new Mock(); + var defaultProvider = provider.Object; + + var exception = Assert.Throws(() => + { + var credential = defaultProvider.GetCredentials(); + }); + + Assert.Equal("There is no credential chain can use.", exception.Message); + } + /* Case: Test Credential File With default Client Name and file exist with ak value and type Result: should return AccessKeyCredential @@ -59,6 +73,14 @@ Use credential chains [Fact] public void GetCredentialFileAlibabaCloudCredentialWithAKType() { + var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN"); + var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN"); + var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE"); + + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null); + var profile = DefaultProfile.GetProfile(); profile.DefaultClientName = "default"; var defaultCredentialProvider = new DefaultCredentialProvider(profile, null); @@ -71,6 +93,9 @@ public void GetCredentialFileAlibabaCloudCredentialWithAKType() Assert.NotNull(credential); Assert.NotNull(credential.GetAccessKeyId()); Assert.NotNull(credential.GetAccessKeySecret()); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile); } /* @@ -81,6 +106,10 @@ Use credential chains [Fact] public void GetCredentialFileAlibabaCloudCredentialWithAKTypeButAKIsEmpty() { + var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN"); + var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN"); + var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE"); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null); Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null); Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null); @@ -97,12 +126,23 @@ public void GetCredentialFileAlibabaCloudCredentialWithAKTypeButAKIsEmpty() TestHelper.DeleteIniFile(); - Assert.Equal("Missing required variable option for 'default Client'", exception.Message); + Assert.Equal("Environment variable roleName('ALIBABA_CLOUD_ECS_METADATA') cannot be empty", exception.Message); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile); } [Fact] public void GetCredentialFileAlibabaCloudCredentialWithDefaultSection() { + var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN"); + var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN"); + var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE"); + + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null); + TestHelper.CreateIniFileWithDefaultSection(); var profile = DefaultProfile.GetProfile(); @@ -115,6 +155,37 @@ public void GetCredentialFileAlibabaCloudCredentialWithDefaultSection() TestHelper.DeleteIniFile(); Environment.SetEnvironmentVariable("ALIBABA_CLOUD_CREDENTIALS_FILE", null); Assert.NotNull(credential); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile); + + } + + [Fact] + public void GetOIDCAlibabaCloudCredentialTest() + { + var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN"); + var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN"); + var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE"); + var cacheRegionId = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID"); + + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", "test"); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", "test"); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", TestHelper.GetOIDCTokenFilePath()); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", "us-west-1"); + var profile = DefaultProfile.GetProfile(); + profile.DefaultClientName = "default"; + var defaultCredentialProvider = new DefaultCredentialProvider(profile, null); + var exception = Assert.Throws(() => + { + var credential = defaultCredentialProvider.GetAlibabaCloudClientCredential(); + }); + Assert.Contains("Parameter OIDCProviderArn is not valid", exception.Message); + + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", cacheRegionId); } /* @@ -125,6 +196,14 @@ Use credential chains [Fact] public void GetCredentialFileAlibabaCloudCredentialWithEcsRamRole() { + var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN"); + var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN"); + var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE"); + + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null); + var ecsRamRoleCredential = new InstanceProfileCredentials("fakeak", "fakeaks", "fakesession", DateTime.UtcNow.ToString(), 4000); var mockHomePath = EnvironmentUtil.GetHomePath(); @@ -144,6 +223,10 @@ public void GetCredentialFileAlibabaCloudCredentialWithEcsRamRole() TestHelper.DeleteIniFile(); Assert.NotNull(credential); + + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile); } /* @@ -161,11 +244,9 @@ public void GetCredentialFileAlibabaCloudCredentialWithFileAndAkExist() var defaultCredentialProvider = new DefaultCredentialProvider(profile, null); - var credential = (BasicCredentials)defaultCredentialProvider.GetCredentialFileAlibabaCloudCredential(); - + var ex = Assert.Throws(() => (BasicCredentials)defaultCredentialProvider.GetCredentialFileAlibabaCloudCredential()); + Assert.Equal("The configured client type is empty", ex.Message); TestHelper.DeleteIniFile(); - Assert.NotNull(credential); - Assert.Equal("foo", credential.GetAccessKeyId()); } /* @@ -182,10 +263,10 @@ public void GetCredentialFileAlibabaCloudCredentialWithFileAndAkExistNotDefault( var defaultCredentialProvider = new DefaultCredentialProvider(profile, null); - var credential = defaultCredentialProvider.GetCredentialFileAlibabaCloudCredential(); + var ex = Assert.Throws(() => defaultCredentialProvider.GetCredentialFileAlibabaCloudCredential()); + Assert.Equal("The configured client type is empty", ex.Message); TestHelper.DeleteIniFile(); - Assert.Null(credential); } /* @@ -328,15 +409,15 @@ public void GetInstanceRamRoleAlibabaCloudCredential() defaultCredentialProvider.GetInstanceRamRoleAlibabaCloudCredential(); }); - Assert.Equal("RegionID cannot be null or empty.", exception.Message); + Assert.Equal("Environment variable roleName('ALIBABA_CLOUD_ECS_METADATA') cannot be empty", exception.Message); Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", "region_id"); profile.DefaultClientName = "test"; defaultCredentialProvider = new DefaultCredentialProvider(profile, null); - var credentialProvider = defaultCredentialProvider.GetInstanceRamRoleAlibabaCloudCredential(); + var ex = Assert.Throws(() => defaultCredentialProvider.GetInstanceRamRoleAlibabaCloudCredential()); Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", null); - Assert.Null(credentialProvider); + Assert.Equal("Environment variable roleName('ALIBABA_CLOUD_ECS_METADATA') cannot be empty", exception.Message); } [Fact] @@ -369,13 +450,13 @@ public void GetInstanceRamRoleAlibabaCloudCredential3() Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", "region_id"); profile.DefaultClientName = "default"; var defaultCredentialProvider = new DefaultCredentialProvider(profile, null); - var exception = Assert.Throws(() => + var exception = Assert.Throws(() => { var credentialProvider = defaultCredentialProvider.GetInstanceRamRoleAlibabaCloudCredential(); }); Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", null); - Assert.Equal("You must specifiy a valid role name.", exception.ParamName); + Assert.StartsWith("Environment variable roleName('ALIBABA_CLOUD_ECS_METADATA') cannot be empty", exception.Message); } [Fact] @@ -465,11 +546,10 @@ public void GetRsaKeyPairAlibabaCloudCredential() var defaultCredentialProvider = new DefaultCredentialProvider(profile, "publicKeyId", "privateKeyFile", rsaProvider); - var actualCredentil = defaultCredentialProvider.GetRsaKeyPairAlibabaCloudCredential(); + var ex = Assert.Throws(() => defaultCredentialProvider.GetRsaKeyPairAlibabaCloudCredential()); Environment.SetEnvironmentVariable("ALIBABA_CLOUD_REGION_ID", null); - Assert.NotNull(actualCredentil); - Assert.Equal("aks", actualCredentil.GetAccessKeySecret()); + Assert.Equal("The configured public_key_id or private_key_file is empty", ex.Message); } [Fact] @@ -496,6 +576,14 @@ public void GetRsaKeyPairAlibabaCloudCredential2() [Fact] public void GetRsaKeyPairAlibabaCloudCredentialWithException() { + var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN"); + var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN"); + var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE"); + + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null); + var profile = DefaultProfile.GetProfile(); var defaultCredentialProvider = new DefaultCredentialProvider(profile, null); @@ -504,12 +592,23 @@ public void GetRsaKeyPairAlibabaCloudCredentialWithException() var credential = defaultCredentialProvider.GetRsaKeyPairAlibabaCloudCredential(); }); - Assert.Equal("Missing required variable option for 'default Client'", exception.Message); + Assert.Equal("The configured private_key_file is empty", exception.Message); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile); } [Fact] public void GetOIDCAlibabaCloudCredential() { + var cacheRoleArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN"); + var cacheProviderArn = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN"); + var cacheFile = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE"); + + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null); + var profile = DefaultProfile.GetProfile(); var defaultCredentialProvider = new DefaultCredentialProvider(profile, null); Assert.Null(defaultCredentialProvider.GetOIDCAlibabaCloudCredential()); @@ -529,9 +628,9 @@ public void GetOIDCAlibabaCloudCredential() Assert.Equal("fakesessiontoken", credential.GetSessionToken()); Assert.False(credential.WillSoonExpire()); - Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", null); - Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", null); - Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", null); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_ROLE_ARN", cacheRoleArn); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_PROVIDER_ARN", cacheProviderArn); + Environment.SetEnvironmentVariable("ALIBABA_CLOUD_OIDC_TOKEN_FILE", cacheFile); } } } diff --git a/aliyun-net-sdk-core.Tests/Units/TestHelper.cs b/aliyun-net-sdk-core.Tests/Units/TestHelper.cs index c1101a368..79b81e14a 100644 --- a/aliyun-net-sdk-core.Tests/Units/TestHelper.cs +++ b/aliyun-net-sdk-core.Tests/Units/TestHelper.cs @@ -74,6 +74,11 @@ public static string GetIniFilePath() return Directory.GetCurrentDirectory() + slash + "credentials.ini"; } + public static string GetTestIniFilePath() + { + return HomePath + Slash + "configTest.ini"; + } + public static void DeleteIniFile() { File.Delete(homePath + slash + ".alibabacloud" + slash + "credentials.ini"); diff --git a/aliyun-net-sdk-core.Tests/Units/Utils/IniFileHelperTest.cs b/aliyun-net-sdk-core.Tests/Units/Utils/IniFileHelperTest.cs index e295ac574..bc187ae6d 100644 --- a/aliyun-net-sdk-core.Tests/Units/Utils/IniFileHelperTest.cs +++ b/aliyun-net-sdk-core.Tests/Units/Utils/IniFileHelperTest.cs @@ -61,5 +61,16 @@ public void TestGetValue() TestHelper.DeleteIniFile(); Assert.Empty(value); } + + [Fact] + public void Test() + { + var path = TestHelper.GetTestIniFilePath(); + var iniReader = new IniReader(path); + var accessKeyId = iniReader.GetValue("access_key_id", "default"); + var accessKeySecret = iniReader.GetValue("access_key_secret", "default"); + Assert.Equal("foo", accessKeyId); + Assert.Equal("bar", accessKeySecret); + } } } diff --git a/aliyun-net-sdk-core.Tests/aliyun-net-sdk-core-unit-tests.csproj b/aliyun-net-sdk-core.Tests/aliyun-net-sdk-core-unit-tests.csproj index e5b4c5902..04608d372 100644 --- a/aliyun-net-sdk-core.Tests/aliyun-net-sdk-core-unit-tests.csproj +++ b/aliyun-net-sdk-core.Tests/aliyun-net-sdk-core-unit-tests.csproj @@ -13,6 +13,9 @@ Always + + Always + diff --git a/aliyun-net-sdk-core.Tests/configTest.ini b/aliyun-net-sdk-core.Tests/configTest.ini new file mode 100644 index 000000000..de3379e6c --- /dev/null +++ b/aliyun-net-sdk-core.Tests/configTest.ini @@ -0,0 +1,33 @@ +[default] +enable = true +type = access_key +access_key_id = foo +access_key_secret = bar +region_id = cn-hangzhou + +[client1] +enable = false +type = ecs_ram_role +role_name = EcsRamRoleTest + + +[client2] +enable = false +type = ram_role_arn +access_key_id = foo +access_key_secret = bar +role_arn = role_arn +role_session_name = session_name + + +[client3] +enable = false +type = bearer_token +bearer_token = bearer_token + + +[client4] +enable = false +type = rsa_key_pair +public_key_id = publicKeyId +private_key_file = /your/pk.pem diff --git a/aliyun-net-sdk-core/Auth/Provider/DefaultCredentialProvider.cs b/aliyun-net-sdk-core/Auth/Provider/DefaultCredentialProvider.cs index ee9c9a608..08401be3f 100644 --- a/aliyun-net-sdk-core/Auth/Provider/DefaultCredentialProvider.cs +++ b/aliyun-net-sdk-core/Auth/Provider/DefaultCredentialProvider.cs @@ -19,14 +19,14 @@ using System; using System.IO; - +using System.Text; using Aliyun.Acs.Core.Exceptions; using Aliyun.Acs.Core.Profile; using Aliyun.Acs.Core.Utils; namespace Aliyun.Acs.Core.Auth.Provider { - public class DefaultCredentialProvider + public class DefaultCredentialProvider : AlibabaCloudCredentialsProvider { private static IClientProfile defaultProfile; @@ -44,38 +44,37 @@ public class DefaultCredentialProvider private string oidcTokenFile; public DefaultCredentialProvider() - { - } - - public DefaultCredentialProvider( - IClientProfile profile, - AlibabaCloudCredentialsProvider alibabaCloudCredentialProvider - ) { accessKeyId = EnvironmentUtil.GetEnvironmentAccessKeyId(); accessKeySecret = EnvironmentUtil.GetEnvironmentAccessKeySecret(); regionId = EnvironmentUtil.GetEnvironmentRegionId(); credentialFileLocation = EnvironmentUtil.GetEnvironmentCredentialFile(); roleName = EnvironmentUtil.GetEnvironmentRoleName(); - defaultProfile = profile; roleArn = EnvironmentUtil.GetEnvironmentRoleArn(); oidcProviderArn = EnvironmentUtil.GetEnvironmentOIDCProviderArn(); oidcTokenFile = EnvironmentUtil.GetEnvironmentOIDCTokenFile(); + } + + [Obsolete] + public DefaultCredentialProvider( + IClientProfile profile, + AlibabaCloudCredentialsProvider alibabaCloudCredentialProvider + ) : this() + { + defaultProfile = profile; this.alibabaCloudCredentialProvider = alibabaCloudCredentialProvider; } + [Obsolete] public DefaultCredentialProvider( IClientProfile profile, string publicKeyId, string privateKeyFile, AlibabaCloudCredentialsProvider alibabaCloudCredentialsProvider - ) + ) : this(profile, alibabaCloudCredentialsProvider) { - defaultProfile = profile; this.privateKeyFile = privateKeyFile; this.publicKeyId = publicKeyId; - regionId = EnvironmentUtil.GetEnvironmentRegionId(); - alibabaCloudCredentialProvider = alibabaCloudCredentialsProvider; } public AlibabaCloudCredentials GetAlibabaCloudClientCredential() @@ -99,11 +98,16 @@ internal virtual AlibabaCloudCredentials GetOIDCAlibabaCloudCredential() { return null; } - return new OIDCCredentialsProvider(roleArn, oidcProviderArn, oidcTokenFile, null, null).GetCredentials(); + return new OIDCCredentialsProvider(roleArn, oidcProviderArn, oidcTokenFile, null, regionId).GetCredentials(); } public AlibabaCloudCredentials GetEnvironmentAlibabaCloudCredential() { + if (AuthUtils.GetClientType() != "default") + { + return null; + } + if (null == accessKeyId || null == accessKeySecret) { return null; @@ -115,7 +119,7 @@ public AlibabaCloudCredentials GetEnvironmentAlibabaCloudCredential() "Environment credential variable 'ALIBABA_CLOUD_ACCESS_KEY_*' cannot be empty"); } - return defaultProfile.DefaultClientName.Equals("default") ? GetAccessKeyCredential() : null; + return GetAccessKeyCredential(); } public AlibabaCloudCredentials GetCredentialFileAlibabaCloudCredential() @@ -145,26 +149,35 @@ public AlibabaCloudCredentials GetCredentialFileAlibabaCloudCredential() var iniReader = new IniReader(credentialFileLocation); var sectionNameList = iniReader.GetSections(); - if (null != defaultProfile.DefaultClientName) + if (null != defaultProfile) { - var userDefineSectionNode = defaultProfile.DefaultClientName; + var userDefineSectionNode = "default"; var iniKeyTypeValue = iniReader.GetValue("type", userDefineSectionNode); + if(string.IsNullOrEmpty(iniKeyTypeValue)) + { + throw new ClientException("The configured client type is empty"); + } + if (iniKeyTypeValue.Equals("access_key")) { accessKeyId = iniReader.GetValue("access_key_id", userDefineSectionNode); accessKeySecret = iniReader.GetValue("access_key_secret", userDefineSectionNode); - regionId = iniReader.GetValue("region_id", userDefineSectionNode); - + if (string.IsNullOrEmpty(accessKeyId) || string.IsNullOrEmpty(accessKeySecret)) + { + return null; + } return GetAccessKeyCredential(); } if (iniKeyTypeValue.Equals("ecs_ram_role")) { roleName = iniReader.GetValue("role_name", userDefineSectionNode); - regionId = iniReader.GetValue("region_id", userDefineSectionNode); - + if (string.IsNullOrEmpty(roleName)) + { + throw new ClientException("The configured role_name is empty"); + } return GetInstanceRamRoleAlibabaCloudCredential(); } @@ -172,7 +185,17 @@ public AlibabaCloudCredentials GetCredentialFileAlibabaCloudCredential() { accessKeyId = iniReader.GetValue("access_key_id", userDefineSectionNode); accessKeySecret = iniReader.GetValue("access_key_secret", userDefineSectionNode); + if (string.IsNullOrEmpty(accessKeyId) || string.IsNullOrEmpty(accessKeySecret)) + { + throw new ClientException("The configured access_key_id or access_key_secret is empty"); + } + roleArn = iniReader.GetValue("role_arn", userDefineSectionNode); + var roleSessionName = iniReader.GetValue("role_session_name", userDefineSectionNode); + if (string.IsNullOrEmpty(roleArn) || string.IsNullOrEmpty(roleSessionName)) + { + throw new ClientException("The configured role_session_name or role_arn is empty"); + } return GetRamRoleArnAlibabaCloudCredential(); } @@ -197,7 +220,6 @@ public AlibabaCloudCredentials GetCredentialFileAlibabaCloudCredential() accessKeyId = iniReader.GetValue("access_key_id", "default"); accessKeySecret = iniReader.GetValue("access_key_secret", "default"); regionId = iniReader.GetValue("region_id", "default"); - return GetAccessKeyCredential(); } } @@ -207,14 +229,9 @@ public AlibabaCloudCredentials GetCredentialFileAlibabaCloudCredential() public virtual AlibabaCloudCredentials GetInstanceRamRoleAlibabaCloudCredential() { - if (null == regionId || regionId.Equals("")) + if (string.IsNullOrEmpty(roleName)) { - throw new ClientException("RegionID cannot be null or empty."); - } - - if (!defaultProfile.DefaultClientName.Equals("default")) - { - return null; + throw new ClientException("Environment variable roleName('ALIBABA_CLOUD_ECS_METADATA') cannot be empty"); } InstanceProfileCredentialsProvider instanceProfileCredentialProvider; @@ -233,10 +250,13 @@ public virtual AlibabaCloudCredentials GetInstanceRamRoleAlibabaCloudCredential( public AlibabaCloudCredentials GetAccessKeyCredential() { - if (string.IsNullOrEmpty(accessKeyId) || string.IsNullOrEmpty(accessKeySecret) || - string.IsNullOrEmpty(regionId)) + if (accessKeyId == null) { - throw new ClientException("Missing required variable option for 'default Client'"); + throw new ArgumentException("Access key ID cannot be null."); + } + if (accessKeySecret == null) + { + throw new ArgumentException("Access key secret cannot be null."); } var accessKeyCredentialProvider = @@ -247,8 +267,7 @@ public AlibabaCloudCredentials GetAccessKeyCredential() public virtual AlibabaCloudCredentials GetRamRoleArnAlibabaCloudCredential() { - if (string.IsNullOrEmpty(accessKeyId) || string.IsNullOrEmpty(accessKeySecret) || - string.IsNullOrEmpty(regionId)) + if (string.IsNullOrEmpty(accessKeyId) || string.IsNullOrEmpty(accessKeySecret)) { throw new ClientException("Missing required variable option for 'default Client'"); } @@ -277,10 +296,24 @@ public virtual AlibabaCloudCredentials GetRamRoleArnAlibabaCloudCredential() public virtual AlibabaCloudCredentials GetRsaKeyPairAlibabaCloudCredential() { - if (string.IsNullOrEmpty(publicKeyId) || string.IsNullOrEmpty(privateKeyFile) || - string.IsNullOrEmpty(regionId)) + if (string.IsNullOrEmpty(privateKeyFile)) { - throw new ClientException("Missing required variable option for 'default Client'"); + throw new ClientException("The configured private_key_file is empty"); + } + + string privateKey; + try + { + privateKey = File.ReadAllText(privateKeyFile, Encoding.UTF8); + } + catch (IOException) + { + privateKey = null; + } + + if (string.IsNullOrEmpty(publicKeyId) || string.IsNullOrEmpty(privateKey)) + { + throw new ClientException("The configured public_key_id or private_key_file is empty"); } var rsaKeyPairCredential = new KeyPairCredentials(publicKeyId, privateKeyFile); @@ -304,5 +337,20 @@ public virtual string GetHomePath() { return EnvironmentUtil.GetHomePath(); } + + public AlibabaCloudCredentials GetCredentials() + { + var credential = GetEnvironmentAlibabaCloudCredential() ?? + GetOIDCAlibabaCloudCredential() ?? + GetCredentialFileAlibabaCloudCredential() ?? + GetInstanceRamRoleAlibabaCloudCredential(); + + if (credential == null) + { + throw new ClientException("There is no credential chain can use."); + } + + return credential; + } } } diff --git a/aliyun-net-sdk-core/Auth/Provider/InstanceProfileCredentialsProvider.cs b/aliyun-net-sdk-core/Auth/Provider/InstanceProfileCredentialsProvider.cs index b5084ca88..1cc8b1bf3 100644 --- a/aliyun-net-sdk-core/Auth/Provider/InstanceProfileCredentialsProvider.cs +++ b/aliyun-net-sdk-core/Auth/Provider/InstanceProfileCredentialsProvider.cs @@ -17,6 +17,7 @@ * under the License. */ +using System; using Aliyun.Acs.Core.Exceptions; using Aliyun.Acs.Core.Utils; @@ -63,15 +64,18 @@ public virtual AlibabaCloudCredentials GetCredentials() } catch (ClientException ex) { - if (ex.ErrorCode.Equals("SDK.SessionTokenExpired") && - ex.ErrorMessage.Equals("Current session token has expired.")) + if (ex.ErrorCode != null && ex.ErrorCode.Equals("SDK.SessionTokenExpired") && + ex.ErrorMessage != null && ex.ErrorMessage.Equals("Current session token has expired.")) { CommonLog.LogException(ex, ex.ErrorCode, ex.ErrorMessage); throw new ClientException(ex.ErrorCode, ex.ErrorMessage); } // Use the current expiring session token and wait for next round - credentials.SetLastFailedRefreshTime(); + if (credentials != null) + { + credentials.SetLastFailedRefreshTime(); + } } return credentials; diff --git a/aliyun-net-sdk-core/Utils/AuthUtils.cs b/aliyun-net-sdk-core/Utils/AuthUtils.cs index 137ffe918..4de57966f 100644 --- a/aliyun-net-sdk-core/Utils/AuthUtils.cs +++ b/aliyun-net-sdk-core/Utils/AuthUtils.cs @@ -28,12 +28,22 @@ namespace Aliyun.Acs.Core.Utils public class AuthUtils { private static volatile string oidcToken; + private static volatile string clientType = Environment.GetEnvironmentVariable("ALIBABA_CLOUD_PROFILE"); AuthUtils() { } - + public static string GetClientType() + { + if (clientType == null) + { + AuthUtils.clientType = "default"; + } + return AuthUtils.clientType; + } + + public static string GetOIDCToken(string OIDCTokenFilePath) { byte[] buffer; diff --git a/aliyun-net-sdk-core/Utils/IniFileHelper.cs b/aliyun-net-sdk-core/Utils/IniFileHelper.cs index 34ec0db63..29d01e367 100644 --- a/aliyun-net-sdk-core/Utils/IniFileHelper.cs +++ b/aliyun-net-sdk-core/Utils/IniFileHelper.cs @@ -32,9 +32,7 @@ public class IniReader public IniReader(string file) { var txt = File.ReadAllText(file); - var currentSection = - new Dictionary(StringComparer.InvariantCultureIgnoreCase); - + var currentSection = new Dictionary(StringComparer.InvariantCultureIgnoreCase); ini[""] = currentSection; foreach (var line in txt.Split(new[] { "\n" }, StringSplitOptions.RemoveEmptyEntries) @@ -49,18 +47,18 @@ public IniReader(string file) if (line.StartsWith("[") && line.EndsWith("]")) { currentSection = new Dictionary(StringComparer.InvariantCultureIgnoreCase); - ini[line.Substring(1, line.LastIndexOf("]") - 1)] = currentSection; + ini[line.Substring(1, line.LastIndexOf("]") - 1).Trim()] = currentSection; continue; } var idx = line.IndexOf("="); if (idx == -1) { - currentSection[line] = ""; + currentSection[line.Trim()] = ""; } else { - currentSection[line.Substring(0, idx)] = line.Substring(idx + 1); + currentSection[line.Substring(0, idx).Trim()] = line.Substring(idx + 1).Trim(); } } } @@ -86,7 +84,6 @@ public string GetValue(string key, string section, string @default) { return @default; } - return ini[section][key]; }