Skip to content

Commit c363505

Browse files
sesky4sesky4
authored
fix: OIDCRoleArnCredential (TencentCloud#176)
1 parent 93f6505 commit c363505

File tree

1 file changed

+33
-30
lines changed

1 file changed

+33
-30
lines changed

tencentcloud/common/credential.py

Lines changed: 33 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
import json
1717
import os
1818
import time
19+
1920
try:
2021
# py3
2122
import configparser
@@ -32,6 +33,7 @@
3233
from tencentcloud.common.profile.http_profile import HttpProfile
3334
from tencentcloud.common.profile.client_profile import ClientProfile
3435

36+
3537
class Credential(object):
3638
def __init__(self, secret_id, secret_key, token=None):
3739
"""Tencent Cloud Credentials.
@@ -369,42 +371,21 @@ def get_credentials(self):
369371

370372

371373
class DefaultTkeOIDCRoleArnProvider(object):
372-
default_session_name = 'tencentcloud-python-sdk-'
373-
374-
def __init__(self):
375-
self.region = os.getenv('TKE_REGION')
376-
if not self.region:
377-
raise EnvironmentError("TKE_REGION not exist")
378-
379-
self.provider_id = os.getenv('TKE_PROVIDER_ID')
380-
if not self.provider_id:
381-
raise EnvironmentError("TKE_PROVIDER_ID not exist")
382-
383-
token_file = os.getenv('TKE_WEB_IDENTITY_TOKEN_FILE')
384-
if not token_file:
385-
raise EnvironmentError("TKE_WEB_IDENTITY_TOKEN_FILE not exist")
386-
387-
with open(token_file) as f:
388-
self.web_identity_token = f.read()
389-
390-
self.role_arn = os.getenv('TKE_ROLE_ARN')
391-
if not self.role_arn:
392-
raise EnvironmentError("TKE_ROLE_ARN not exist")
393-
394-
self.role_session_name = self.default_session_name + str(time.time() * 1e6) # time in microseconds
395-
396374
def get_credential(self):
397375
return self.get_credentials()
398376

399377
def get_credentials(self):
400-
return OIDCRoleArnCredential(self.region, self.provider_id, self.web_identity_token, self.role_arn,
401-
self.role_session_name)
378+
cred = OIDCRoleArnCredential('', '', '', '', '', 7200)
379+
cred._is_tke = True
380+
cred._init_from_tke()
381+
return cred
402382

403383

404384
class OIDCRoleArnCredential(object):
405385
_version = '2018-08-13'
406386
_service = "sts"
407387
_action = 'AssumeRoleWithWebIdentity'
388+
_default_session_name = 'tencentcloud-python-sdk-'
408389

409390
def __init__(self, region, provider_id, web_identity_token, role_arn, role_session_name, duration_seconds=7200):
410391
self._region = region
@@ -418,9 +399,7 @@ def __init__(self, region, provider_id, web_identity_token, role_arn, role_sessi
418399
self._tmp_secret_id = None
419400
self._tmp_secret_key = None
420401
self._expired_time = 0
421-
422-
self._last_role_arn = None
423-
self._tmp_credential = None
402+
self._is_tke = False
424403

425404
@property
426405
def secretId(self):
@@ -452,6 +431,8 @@ def _keep_fresh(self):
452431
self.refresh()
453432

454433
def refresh(self):
434+
if self._is_tke:
435+
self._init_from_tke()
455436
common_client = CommonClient(credential=None, region=self._region, version=self._version, service=self._service)
456437
params = {
457438
"ProviderId": self._provider_id,
@@ -467,4 +448,26 @@ def refresh(self):
467448
self._token = rsp["Response"]["Credentials"]["Token"]
468449
self._tmp_secret_id = rsp["Response"]["Credentials"]["TmpSecretId"]
469450
self._tmp_secret_key = rsp["Response"]["Credentials"]["TmpSecretKey"]
470-
self._expired_time = rsp["Response"]["ExpiredTime"] - self._duration_seconds * 0.9
451+
self._expired_time = rsp["Response"]["ExpiredTime"] - self._duration_seconds * 0.1
452+
453+
def _init_from_tke(self):
454+
self._region = os.getenv('TKE_REGION')
455+
if not self._region:
456+
raise EnvironmentError("TKE_REGION not exist")
457+
458+
self._provider_id = os.getenv('TKE_PROVIDER_ID')
459+
if not self._provider_id:
460+
raise EnvironmentError("TKE_PROVIDER_ID not exist")
461+
462+
token_file = os.getenv('TKE_WEB_IDENTITY_TOKEN_FILE')
463+
if not token_file:
464+
raise EnvironmentError("TKE_WEB_IDENTITY_TOKEN_FILE not exist")
465+
466+
with open(token_file) as f:
467+
self.web_identity_token = f.read()
468+
469+
self._role_arn = os.getenv('TKE_ROLE_ARN')
470+
if not self._role_arn:
471+
raise EnvironmentError("TKE_ROLE_ARN not exist")
472+
473+
self._role_session_name = self._default_session_name + str(time.time() * 1e6) # time in microsecond

0 commit comments

Comments
 (0)