clicreds

package
v1.0.68 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 15, 2026 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// CliProviderName provides a name of CLI config provider.
	CliProviderName = "CliProvider"
)

Variables

This section is empty.

Functions

func NewCliCredentials

func NewCliCredentials(configPath, profile string) *credentials.Credentials

NewCliCredentials returns a pointer to a new Credentials object wrapping the byteplus-cli config provider.

func UnixTimestampToTime

func UnixTimestampToTime(ts int64) time.Time

Types

type CliProvider

type CliProvider struct {
	credentials.Expiry
	// contains filtered or unexported fields
}

CliProvider retrieves credentials from byteplus-cli's config file (~/.byteplus/config.json).

It supports reading access-key/secret-key/session-token, and will treat sts-expiration (Unix timestamp in seconds or milliseconds) as the credential's expiration time if present.

func NewCliProvider added in v1.0.62

func NewCliProvider(configPath, profile string) *CliProvider

NewCliProvider returns a raw *CliProvider for use in the default credential chain. Unlike NewCliCredentials, it does not wrap in a Credentials object, allowing the chain to manage expiration and caching uniformly.

func (*CliProvider) IsExpired

func (p *CliProvider) IsExpired() bool

func (*CliProvider) Retrieve

func (p *CliProvider) Retrieve() (credentials.Value, error)

type ConsoleLoginOAuthAPIError added in v1.0.68

type ConsoleLoginOAuthAPIError struct {
	StatusCode int
	ErrorCode  string
	ErrorDesc  string
	RawBody    string
	RequestID  string
}

ConsoleLoginOAuthAPIError wraps non-2xx signin OAuth responses so callers can detect invalid_grant and run the disk-reload fallback.

func (*ConsoleLoginOAuthAPIError) Error added in v1.0.68

func (e *ConsoleLoginOAuthAPIError) Error() string

func (*ConsoleLoginOAuthAPIError) IsRefreshTokenInvalid added in v1.0.68

func (e *ConsoleLoginOAuthAPIError) IsRefreshTokenInvalid() bool

IsRefreshTokenInvalid reports whether signin rejected the refresh_token.

type ConsoleLoginOAuthClient added in v1.0.68

type ConsoleLoginOAuthClient struct {
	// contains filtered or unexported fields
}

ConsoleLoginOAuthClient calls the signin OAuth token endpoint for the SDK console-login refresh path. Interactive authorization is handled only by CLI.

func NewConsoleLoginOAuthClient added in v1.0.68

func NewConsoleLoginOAuthClient(cfg *ConsoleLoginOAuthClientConfig) *ConsoleLoginOAuthClient

NewConsoleLoginOAuthClient creates a refresh-only OAuth client.

func (*ConsoleLoginOAuthClient) RefreshToken added in v1.0.68

RefreshToken exchanges a refresh_token for a new access_token in memory.

type ConsoleLoginOAuthClientAPI added in v1.0.68

type ConsoleLoginOAuthClientAPI interface {
	RefreshToken(ctx context.Context, req *ConsoleLoginRefreshTokenRequest) (*ConsoleLoginTokenResponse, error)
}

ConsoleLoginOAuthClientAPI is the refresh-only interface used by tests.

type ConsoleLoginOAuthClientConfig added in v1.0.68

type ConsoleLoginOAuthClientConfig struct {
	EndpointURL string
	HTTPClient  *http.Client
}

ConsoleLoginOAuthClientConfig configures ConsoleLoginOAuthClient.

type ConsoleLoginRefreshTokenRequest added in v1.0.68

type ConsoleLoginRefreshTokenRequest struct {
	ClientID     string
	Scope        string
	RefreshToken string
}

ConsoleLoginRefreshTokenRequest is the refresh_token grant request.

type ConsoleLoginRefreshableProvider added in v1.0.68

type ConsoleLoginRefreshableProvider struct {
	// contains filtered or unexported fields
}

ConsoleLoginRefreshableProvider owns the in-memory console-login cache used by the SDK. It reads disk only on bootstrap and on invalid_grant fallback.

func (*ConsoleLoginRefreshableProvider) IsExpired added in v1.0.68

func (p *ConsoleLoginRefreshableProvider) IsExpired() bool

func (*ConsoleLoginRefreshableProvider) Retrieve added in v1.0.68

type ConsoleLoginTokenResponse added in v1.0.68

type ConsoleLoginTokenResponse struct {
	AccessToken  string `json:"access_token"`
	TokenType    string `json:"token_type"`
	ExpiresIn    int    `json:"expires_in"`
	RefreshToken string `json:"refresh_token"`
	Scope        string `json:"scope"`
	IDToken      string `json:"id_token"`
}

ConsoleLoginTokenResponse mirrors fields returned by the signin token API.

type CreateTokenRequest

type CreateTokenRequest struct {
	GrantType    string `json:"grant_type"`
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
	RefreshToken string `json:"refresh_token,omitempty"`
	DeviceCode   string `json:"device_code,omitempty"`
}

CreateTokenRequest 对应 CreateToken API 的请求参数。

type CreateTokenResponse

type CreateTokenResponse struct {
	AccessToken  string `json:"access_token"`
	TokenType    string `json:"token_type"`
	RefreshToken string `json:"refresh_token,omitempty"`
	ExpiresIn    int    `json:"expires_in"`
}

CreateTokenResponse 表示获取 Token 成功后的返回结构。

type GetRoleCredentialsRequest

type GetRoleCredentialsRequest struct {
	AccessToken string
	AccountID   string
	RoleName    string
	PageSize    int
	PageNumber  int
}

GetRoleCredentialsRequest 为 GetRoleCredentials 的请求参数封装。

type GetRoleCredentialsResponse

type GetRoleCredentialsResponse struct {
	RoleCredentials RoleCredentials
	RequestID       string
}

GetRoleCredentialsResponse 返回临时凭证及请求 ID。

type LoginTokenCache added in v1.0.68

type LoginTokenCache struct {
	LoginSession string          `json:"login_session"`
	AccessToken  json.RawMessage `json:"access_token"`
	IssuedAt     string          `json:"issued_at"`
	ExpiresIn    int64           `json:"expires_in"`
	TokenType    string          `json:"token_type"`
	RefreshToken string          `json:"refresh_token,omitempty"`
	IDToken      string          `json:"id_token,omitempty"`
	ClientID     string          `json:"client_id,omitempty"`
	Scope        string          `json:"scope,omitempty"`
	EndpointURL  string          `json:"endpoint_url,omitempty"`
}

type OAuthAPIError

type OAuthAPIError struct {
	StatusCode int
	Response   oauthErrorResponse
	RawBody    string
}

OAuthAPIError 用于承载 OAuth API 非 2xx 响应时的结构化错误信息。

func (*OAuthAPIError) Error

func (e *OAuthAPIError) Error() string

type OAuthClient

type OAuthClient struct {
	// contains filtered or unexported fields
}

OAuthClient 缓存拼好的 URL 和 HTTP 客户端,避免每次调用重新计算。

func NewOAuthClient

func NewOAuthClient(cfg *OAuthClientConfig) *OAuthClient

NewOAuthClient 根据配置创建 OAuthClient,包含默认值和可选覆盖项。

func (*OAuthClient) CreateToken

CreateToken 调用 CreateToken API,获取 access/refresh token。

type OAuthClientAPI

type OAuthClientAPI interface {
	CreateToken(ctx context.Context, req *CreateTokenRequest) (*CreateTokenResponse, error)
}

OAuthClientAPI 定义 OAuth 客户端对外暴露的方法集合,便于测试或替换实现。

type OAuthClientConfig

type OAuthClientConfig struct {
	// Region 控制使用的区域(默认:ap-southeast-1)。
	Region string
	// HTTPClient 允许注入自定义 HTTP 客户端(例如代理、超时)。
	HTTPClient *http.Client
}

OAuthClientConfig 用于配置 OAuth 客户端的可选项。

type PortalAPIError

type PortalAPIError struct {
	StatusCode int
	RequestID  string
	Message    string
	RawBody    string
}

PortalAPIError 用于承载 Portal API 非 2xx 响应时的结构化错误信息。

func (*PortalAPIError) Error

func (e *PortalAPIError) Error() string

type PortalClient

type PortalClient struct {
	// contains filtered or unexported fields
}

PortalClient 封装 CloudIdentity Portal API 调用,集中管理 URL、HTTP 客户端和默认分页参数。

func NewPortalClient

func NewPortalClient(cfg *PortalClientConfig) *PortalClient

NewPortalClient 根据配置创建 PortalClient,包含默认值和可选覆盖项。

func (*PortalClient) GetRoleCredentials

GetRoleCredentials 使用 Portal 访问令牌换取指定账号和角色的临时凭证。

type PortalClientAPI

type PortalClientAPI interface {
	GetRoleCredentials(ctx context.Context, req *GetRoleCredentialsRequest) (*GetRoleCredentialsResponse, error)
}

PortalClientAPI 定义 Portal 客户端对外暴露的方法集合,便于测试或替换实现。

type PortalClientConfig

type PortalClientConfig struct {
	Region          string       // 区域标识(当前逻辑未使用)
	BaseURL         string       // 自定义 Portal 基础地址
	HTTPClient      *http.Client // 自定义 HTTP 客户端(可注入超时、代理等)
	DefaultPageSize int          // 默认分页大小
}

PortalClientConfig 用于配置 Portal 客户端的可选项,比如自定义 BaseURL、HTTPClient 或分页大小。

type ResponseMetadata

type ResponseMetadata struct {
	RequestID string `json:"RequestId"`
}

ResponseMetadata 表示 Portal API 返回的基础元信息。

type RoleCredentials

type RoleCredentials struct {
	AccessKeyID     string `json:"AccessKeyId"`
	Expiration      int64  `json:"Expiration"`
	SecretAccessKey string `json:"SecretAccessKey"`
	SessionToken    string `json:"SessionToken"`
}

RoleCredentials 表示 GetRoleCredentials 返回的临时凭证信息。

type SsoRefreshableProvider added in v1.0.68

type SsoRefreshableProvider struct {
	// contains filtered or unexported fields
}

SsoRefreshableProvider keeps the SSO token cache in memory while refreshing.

It reads the CLI cache on bootstrap and once more only when OAuth rejects the in-memory refresh token with invalid_grant. The SDK never writes the SSO cache file; byteplus-cli remains the sole writer.

func (*SsoRefreshableProvider) IsExpired added in v1.0.68

func (p *SsoRefreshableProvider) IsExpired() bool

func (*SsoRefreshableProvider) Retrieve added in v1.0.68

func (p *SsoRefreshableProvider) Retrieve() (credentials.Value, error)

type SsoSession

type SsoSession struct {
	Name               string   `json:"name"`
	StartURL           string   `json:"start-url"`
	Region             string   `json:"region"`
	RegistrationScopes []string `json:"registration-scopes,omitempty"`
}

type SsoTokenCache

type SsoTokenCache struct {
	StartURL              string `json:"start_url"`
	SessionName           string `json:"session_name"`
	AccessToken           string `json:"access_token"`
	ExpiresAt             string `json:"expires_at"`
	ClientId              string `json:"client_id"`
	ClientSecret          string `json:"client_secret"`
	ClientIdIssuedAt      int64  `json:"client_id_issued_at,omitempty"`
	ClientSecretExpiresAt int64  `json:"client_secret_expires_at,omitempty"`
	RefreshToken          string `json:"refresh_token,omitempty"`
	Region                string `json:"region"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL