diff --git a/libraries/deno-commons-mod.ts b/libraries/deno-commons-mod.ts index 2220a36..42f220c 100644 --- a/libraries/deno-commons-mod.ts +++ b/libraries/deno-commons-mod.ts @@ -13,6 +13,10 @@ import {promisify} from "node:util"; // import { decodeBase64, encodeBase64 } from "jsr:@std/encoding/base64"; // import { decodeHex, encodeHex } from "jsr:@std/encoding/hex"; +// envs: +// RUN_ENV -> "ALIBABA_CLOUD" | "HATTER_CLI"; +// ALIBABA_CLOUD_INSTANCE_IDENTITY_MODE -> "normal" | "secured"; + export function isDeno(): boolean { return typeof Deno !== "undefined"; } @@ -1356,7 +1360,7 @@ export async function getSecretValueViaAlibabaCloudInstanceIdentity( return secretResponse.data.value; } -async function getSecretValueViaHatterCli(key: string): Promise { +export async function getSecretValueViaHatterCli(key: string): Promise { const output = await execCommand("hatter", [ "secret", "get", @@ -1440,6 +1444,22 @@ export async function assumeRoleByKeyViaAlibabaCloudInstanceIdentity( return assumeRoleResponse.data; } +export async function assumeRoleByKeyViaHatterCli(roleArn: string): Promise { + const output = await execCommand("hatter", [ + "cloud-key", + "assume-role", + "--role-arn", + roleArn, + ]); + const assumeRoleResponse = output + .getStdoutAsJson() as AssumeRoleByKeyResponse; + log.debug("assumeRoleResponse", assumeRoleResponse); + if (assumeRoleResponse.status != 200) { + throw new Error(`Get secret failed: ${assumeRoleResponse.status}`); + } + return assumeRoleResponse.data; +} + export async function assumeRoleByKey( roleArn: string, runEnv?: SecretValueRunEnv, @@ -1450,5 +1470,5 @@ export async function assumeRoleByKey( if (runEnv == "ALIBABA_CLOUD") { return await assumeRoleByKeyViaAlibabaCloudInstanceIdentity(roleArn); } - throw new Error(`Run env not supported: ${runEnv}`); + return await assumeRoleByKeyViaHatterCli(roleArn); }