updates

libraries/deno-commons-mod.ts

@@ -13,6 +13,10 @@ import {promisify} from "node:util";
 // import { decodeBase64, encodeBase64 } from "jsr:@std/encoding/base64";
 // import { decodeHex, encodeHex } from "jsr:@std/encoding/hex";
 
+// envs:
+// RUN_ENV -> "ALIBABA_CLOUD" | "HATTER_CLI";
+// ALIBABA_CLOUD_INSTANCE_IDENTITY_MODE -> "normal" | "secured";
+
 export function isDeno(): boolean {
     return typeof Deno !== "undefined";
 }
@@ -1356,7 +1360,7 @@ export async function getSecretValueViaAlibabaCloudInstanceIdentity(
     return secretResponse.data.value;
 }
 
-async function getSecretValueViaHatterCli(key: string): Promise<string> {
+export async function getSecretValueViaHatterCli(key: string): Promise<string> {
     const output = await execCommand("hatter", [
         "secret",
         "get",
@@ -1440,6 +1444,22 @@ export async function assumeRoleByKeyViaAlibabaCloudInstanceIdentity(
     return assumeRoleResponse.data;
 }
 
+export async function assumeRoleByKeyViaHatterCli(roleArn: string): Promise<string> {
+    const output = await execCommand("hatter", [
+        "cloud-key",
+        "assume-role",
+        "--role-arn",
+        roleArn,
+    ]);
+    const assumeRoleResponse = output
+        .getStdoutAsJson() as AssumeRoleByKeyResponse;
+    log.debug("assumeRoleResponse", assumeRoleResponse);
+    if (assumeRoleResponse.status != 200) {
+        throw new Error(`Get secret failed: ${assumeRoleResponse.status}`);
+    }
+    return assumeRoleResponse.data;
+}
+
 export async function assumeRoleByKey(
     roleArn: string,
     runEnv?: SecretValueRunEnv,
@@ -1450,5 +1470,5 @@ export async function assumeRoleByKey(
     if (runEnv == "ALIBABA_CLOUD") {
         return await assumeRoleByKeyViaAlibabaCloudInstanceIdentity(roleArn);
     }
-    throw new Error(`Run env not supported: ${runEnv}`);
+    return await assumeRoleByKeyViaHatterCli(roleArn);
 }