Documentation
¶
Index ¶
- Constants
- func NewCliCredentials(configPath, profile string) *credentials.Credentials
- func UnixTimestampToTime(ts int64) time.Time
- type CliProvider
- type ConsoleLoginOAuthAPIError
- type ConsoleLoginOAuthClient
- type ConsoleLoginOAuthClientAPI
- type ConsoleLoginOAuthClientConfig
- type ConsoleLoginRefreshTokenRequest
- type ConsoleLoginRefreshableProvider
- type ConsoleLoginTokenResponse
- type CreateTokenRequest
- type CreateTokenResponse
- type GetRoleCredentialsRequest
- type GetRoleCredentialsResponse
- type LoginTokenCache
- type OAuthAPIError
- type OAuthClient
- type OAuthClientAPI
- type OAuthClientConfig
- type PortalAPIError
- type PortalClient
- type PortalClientAPI
- type PortalClientConfig
- type ResponseMetadata
- type RoleCredentials
- type SsoRefreshableProvider
- type SsoSession
- type SsoTokenCache
Constants ¶
const (
// CliProviderName provides a name of CLI config provider.
CliProviderName = "CliProvider"
)
Variables ¶
This section is empty.
Functions ¶
func NewCliCredentials ¶
func NewCliCredentials(configPath, profile string) *credentials.Credentials
NewCliCredentials returns a pointer to a new Credentials object wrapping the byteplus-cli config provider.
func UnixTimestampToTime ¶
Types ¶
type CliProvider ¶
type CliProvider struct {
credentials.Expiry
// contains filtered or unexported fields
}
CliProvider retrieves credentials from byteplus-cli's config file (~/.byteplus/config.json).
It supports reading access-key/secret-key/session-token, and will treat sts-expiration (Unix timestamp in seconds or milliseconds) as the credential's expiration time if present.
func NewCliProvider ¶ added in v1.0.62
func NewCliProvider(configPath, profile string) *CliProvider
NewCliProvider returns a raw *CliProvider for use in the default credential chain. Unlike NewCliCredentials, it does not wrap in a Credentials object, allowing the chain to manage expiration and caching uniformly.
func (*CliProvider) IsExpired ¶
func (p *CliProvider) IsExpired() bool
func (*CliProvider) Retrieve ¶
func (p *CliProvider) Retrieve() (credentials.Value, error)
type ConsoleLoginOAuthAPIError ¶ added in v1.0.68
type ConsoleLoginOAuthAPIError struct {
StatusCode int
ErrorCode string
ErrorDesc string
RawBody string
RequestID string
}
ConsoleLoginOAuthAPIError wraps non-2xx signin OAuth responses so callers can detect invalid_grant and run the disk-reload fallback.
func (*ConsoleLoginOAuthAPIError) Error ¶ added in v1.0.68
func (e *ConsoleLoginOAuthAPIError) Error() string
func (*ConsoleLoginOAuthAPIError) IsRefreshTokenInvalid ¶ added in v1.0.68
func (e *ConsoleLoginOAuthAPIError) IsRefreshTokenInvalid() bool
IsRefreshTokenInvalid reports whether signin rejected the refresh_token.
type ConsoleLoginOAuthClient ¶ added in v1.0.68
type ConsoleLoginOAuthClient struct {
// contains filtered or unexported fields
}
ConsoleLoginOAuthClient calls the signin OAuth token endpoint for the SDK console-login refresh path. Interactive authorization is handled only by CLI.
func NewConsoleLoginOAuthClient ¶ added in v1.0.68
func NewConsoleLoginOAuthClient(cfg *ConsoleLoginOAuthClientConfig) *ConsoleLoginOAuthClient
NewConsoleLoginOAuthClient creates a refresh-only OAuth client.
func (*ConsoleLoginOAuthClient) RefreshToken ¶ added in v1.0.68
func (c *ConsoleLoginOAuthClient) RefreshToken(ctx context.Context, req *ConsoleLoginRefreshTokenRequest) (*ConsoleLoginTokenResponse, error)
RefreshToken exchanges a refresh_token for a new access_token in memory.
type ConsoleLoginOAuthClientAPI ¶ added in v1.0.68
type ConsoleLoginOAuthClientAPI interface {
RefreshToken(ctx context.Context, req *ConsoleLoginRefreshTokenRequest) (*ConsoleLoginTokenResponse, error)
}
ConsoleLoginOAuthClientAPI is the refresh-only interface used by tests.
type ConsoleLoginOAuthClientConfig ¶ added in v1.0.68
ConsoleLoginOAuthClientConfig configures ConsoleLoginOAuthClient.
type ConsoleLoginRefreshTokenRequest ¶ added in v1.0.68
ConsoleLoginRefreshTokenRequest is the refresh_token grant request.
type ConsoleLoginRefreshableProvider ¶ added in v1.0.68
type ConsoleLoginRefreshableProvider struct {
// contains filtered or unexported fields
}
ConsoleLoginRefreshableProvider owns the in-memory console-login cache used by the SDK. It reads disk only on bootstrap and on invalid_grant fallback.
func (*ConsoleLoginRefreshableProvider) IsExpired ¶ added in v1.0.68
func (p *ConsoleLoginRefreshableProvider) IsExpired() bool
func (*ConsoleLoginRefreshableProvider) Retrieve ¶ added in v1.0.68
func (p *ConsoleLoginRefreshableProvider) Retrieve() (credentials.Value, error)
type ConsoleLoginTokenResponse ¶ added in v1.0.68
type ConsoleLoginTokenResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
RefreshToken string `json:"refresh_token"`
Scope string `json:"scope"`
IDToken string `json:"id_token"`
}
ConsoleLoginTokenResponse mirrors fields returned by the signin token API.
type CreateTokenRequest ¶
type CreateTokenRequest struct {
GrantType string `json:"grant_type"`
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"`
RefreshToken string `json:"refresh_token,omitempty"`
DeviceCode string `json:"device_code,omitempty"`
}
CreateTokenRequest 对应 CreateToken API 的请求参数。
type CreateTokenResponse ¶
type CreateTokenResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
RefreshToken string `json:"refresh_token,omitempty"`
ExpiresIn int `json:"expires_in"`
}
CreateTokenResponse 表示获取 Token 成功后的返回结构。
type GetRoleCredentialsRequest ¶
type GetRoleCredentialsRequest struct {
AccessToken string
AccountID string
RoleName string
PageSize int
PageNumber int
}
GetRoleCredentialsRequest 为 GetRoleCredentials 的请求参数封装。
type GetRoleCredentialsResponse ¶
type GetRoleCredentialsResponse struct {
RoleCredentials RoleCredentials
RequestID string
}
GetRoleCredentialsResponse 返回临时凭证及请求 ID。
type LoginTokenCache ¶ added in v1.0.68
type LoginTokenCache struct {
LoginSession string `json:"login_session"`
AccessToken json.RawMessage `json:"access_token"`
IssuedAt string `json:"issued_at"`
ExpiresIn int64 `json:"expires_in"`
TokenType string `json:"token_type"`
RefreshToken string `json:"refresh_token,omitempty"`
IDToken string `json:"id_token,omitempty"`
ClientID string `json:"client_id,omitempty"`
Scope string `json:"scope,omitempty"`
EndpointURL string `json:"endpoint_url,omitempty"`
}
type OAuthAPIError ¶
OAuthAPIError 用于承载 OAuth API 非 2xx 响应时的结构化错误信息。
func (*OAuthAPIError) Error ¶
func (e *OAuthAPIError) Error() string
type OAuthClient ¶
type OAuthClient struct {
// contains filtered or unexported fields
}
OAuthClient 缓存拼好的 URL 和 HTTP 客户端,避免每次调用重新计算。
func NewOAuthClient ¶
func NewOAuthClient(cfg *OAuthClientConfig) *OAuthClient
NewOAuthClient 根据配置创建 OAuthClient,包含默认值和可选覆盖项。
func (*OAuthClient) CreateToken ¶
func (c *OAuthClient) CreateToken(ctx context.Context, req *CreateTokenRequest) (*CreateTokenResponse, error)
CreateToken 调用 CreateToken API,获取 access/refresh token。
type OAuthClientAPI ¶
type OAuthClientAPI interface {
CreateToken(ctx context.Context, req *CreateTokenRequest) (*CreateTokenResponse, error)
}
OAuthClientAPI 定义 OAuth 客户端对外暴露的方法集合,便于测试或替换实现。
type OAuthClientConfig ¶
type OAuthClientConfig struct {
// Region 控制使用的区域(默认:ap-southeast-1)。
Region string
// HTTPClient 允许注入自定义 HTTP 客户端(例如代理、超时)。
HTTPClient *http.Client
}
OAuthClientConfig 用于配置 OAuth 客户端的可选项。
type PortalAPIError ¶
PortalAPIError 用于承载 Portal API 非 2xx 响应时的结构化错误信息。
func (*PortalAPIError) Error ¶
func (e *PortalAPIError) Error() string
type PortalClient ¶
type PortalClient struct {
// contains filtered or unexported fields
}
PortalClient 封装 CloudIdentity Portal API 调用,集中管理 URL、HTTP 客户端和默认分页参数。
func NewPortalClient ¶
func NewPortalClient(cfg *PortalClientConfig) *PortalClient
NewPortalClient 根据配置创建 PortalClient,包含默认值和可选覆盖项。
func (*PortalClient) GetRoleCredentials ¶
func (c *PortalClient) GetRoleCredentials(ctx context.Context, req *GetRoleCredentialsRequest) (*GetRoleCredentialsResponse, error)
GetRoleCredentials 使用 Portal 访问令牌换取指定账号和角色的临时凭证。
type PortalClientAPI ¶
type PortalClientAPI interface {
GetRoleCredentials(ctx context.Context, req *GetRoleCredentialsRequest) (*GetRoleCredentialsResponse, error)
}
PortalClientAPI 定义 Portal 客户端对外暴露的方法集合,便于测试或替换实现。
type PortalClientConfig ¶
type PortalClientConfig struct {
Region string // 区域标识(当前逻辑未使用)
BaseURL string // 自定义 Portal 基础地址
HTTPClient *http.Client // 自定义 HTTP 客户端(可注入超时、代理等)
DefaultPageSize int // 默认分页大小
}
PortalClientConfig 用于配置 Portal 客户端的可选项,比如自定义 BaseURL、HTTPClient 或分页大小。
type ResponseMetadata ¶
type ResponseMetadata struct {
RequestID string `json:"RequestId"`
}
ResponseMetadata 表示 Portal API 返回的基础元信息。
type RoleCredentials ¶
type RoleCredentials struct {
AccessKeyID string `json:"AccessKeyId"`
Expiration int64 `json:"Expiration"`
SecretAccessKey string `json:"SecretAccessKey"`
SessionToken string `json:"SessionToken"`
}
RoleCredentials 表示 GetRoleCredentials 返回的临时凭证信息。
type SsoRefreshableProvider ¶ added in v1.0.68
type SsoRefreshableProvider struct {
// contains filtered or unexported fields
}
SsoRefreshableProvider keeps the SSO token cache in memory while refreshing.
It reads the CLI cache on bootstrap and once more only when OAuth rejects the in-memory refresh token with invalid_grant. The SDK never writes the SSO cache file; byteplus-cli remains the sole writer.
func (*SsoRefreshableProvider) IsExpired ¶ added in v1.0.68
func (p *SsoRefreshableProvider) IsExpired() bool
func (*SsoRefreshableProvider) Retrieve ¶ added in v1.0.68
func (p *SsoRefreshableProvider) Retrieve() (credentials.Value, error)
type SsoSession ¶
type SsoTokenCache ¶
type SsoTokenCache struct {
StartURL string `json:"start_url"`
SessionName string `json:"session_name"`
AccessToken string `json:"access_token"`
ExpiresAt string `json:"expires_at"`
ClientId string `json:"client_id"`
ClientSecret string `json:"client_secret"`
ClientIdIssuedAt int64 `json:"client_id_issued_at,omitempty"`
ClientSecretExpiresAt int64 `json:"client_secret_expires_at,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
Region string `json:"region"`
}