feat: support StsToken mode in cli profile

yndu13 · yndu13 · commit faaacd26b403 · 2025-04-18T16:45:07.000+08:00
diff --git a/.github/workflows/testPython.yml b/.github/workflows/testPython.yml
@@ -11,7 +11,7 @@ permissions:
 
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       matrix:
         python-version: [ "3.8", "3.9", "3.10", "3.11", "3.12" ]
diff --git a/alibabacloud_credentials/client.py b/alibabacloud_credentials/client.py
@@ -92,7 +92,7 @@ def __init__(self,
                  config: Config = None,
                  provider: ICredentialsProvider = None):
         if provider is not None:
-            self.cloud_credential = _CredentialsProviderWrap(provider=provider)
+            self.cloud_credential = _CredentialsProviderWrap(type_name=provider.get_provider_name(), provider=provider)
         elif config is None:
             provider = DefaultCredentialsProvider()
             self.cloud_credential = _CredentialsProviderWrap(type_name='default', provider=provider)
diff --git a/alibabacloud_credentials/provider/cli_profile.py b/alibabacloud_credentials/provider/cli_profile.py
@@ -5,7 +5,7 @@
 import aiofiles
 
 from alibabacloud_credentials.provider import StaticAKCredentialsProvider, EcsRamRoleCredentialsProvider, \
-    RamRoleArnCredentialsProvider, OIDCRoleArnCredentialsProvider, RsaKeyPairCredentialsProvider
+    RamRoleArnCredentialsProvider, OIDCRoleArnCredentialsProvider, StaticSTSCredentialsProvider
 from .refreshable import Credentials
 from alibabacloud_credentials_api import ICredentialsProvider
 from alibabacloud_credentials.utils import auth_constant as ac
@@ -115,6 +115,12 @@ def _get_credentials_provider(self, config: Dict, profile_name: str) -> ICredent
                         access_key_id=profile.get('access_key_id'),
                         access_key_secret=profile.get('access_key_secret')
                     )
+                elif mode == "StsToken":
+                    return StaticSTSCredentialsProvider(
+                        access_key_id=profile.get('access_key_id'),
+                        access_key_secret=profile.get('access_key_secret'),
+                        security_token=profile.get('sts_token')
+                    )
                 elif mode == "RamRoleArn":
                     pre_provider = StaticAKCredentialsProvider(
                         access_key_id=profile.get('access_key_id'),
diff --git a/alibabacloud_credentials/provider/ecs_ram_role.py b/alibabacloud_credentials/provider/ecs_ram_role.py
@@ -14,8 +14,8 @@
 from alibabacloud_credentials.utils import parameter_helper as ph
 from alibabacloud_credentials.exceptions import CredentialException
 
-logging.basicConfig(level=logging.DEBUG)
 log = logging.getLogger(__name__)
+log.setLevel(logging.DEBUG)
 
 
 class EcsRamRoleCredentialsProvider(ICredentialsProvider):
diff --git a/alibabacloud_credentials/provider/refreshable.py b/alibabacloud_credentials/provider/refreshable.py
@@ -13,8 +13,8 @@
 from alibabacloud_credentials.exceptions import CredentialException
 from alibabacloud_credentials_api import ICredentials
 
-logging.basicConfig(level=logging.DEBUG)
 log = logging.getLogger(__name__)
+log.setLevel(logging.DEBUG)
 
 T = TypeVar('T')
 INT64_MAX = 2 ** 63 - 1
diff --git a/tests/provider/test_cli_profile.py b/tests/provider/test_cli_profile.py
@@ -32,6 +32,13 @@ def setUp(self):
                     "access_key_id": "test_access_key_id",
                     "access_key_secret": "test_access_key_secret"
                 },
+                {
+                    "name": "sts_token",
+                    "mode": "StsToken",
+                    "access_key_id": "test_access_key_id",
+                    "access_key_secret": "test_access_key_secret",
+                    "sts_token": "test_security_token"
+                },
                 {
                     "name": "ram_role_profile",
                     "mode": "RamRoleArn",
@@ -114,6 +121,23 @@ def test_get_credentials_valid_ak(self):
                         self.assertIsNone(credentials.get_security_token())
                         self.assertEqual(credentials.get_provider_name(), "cli_profile/static_ak")
 
+    def test_get_credentials_valid_sts(self):
+        """
+        Test case 2: Valid input, successfully retrieves credentials for StsToken mode
+        """
+        with patch('alibabacloud_credentials.provider.cli_profile.au.environment_cli_profile_disabled', 'False'):
+            with patch('os.path.exists', return_value=True):
+                with patch('os.path.isfile', return_value=True):
+                    with patch('alibabacloud_credentials.provider.cli_profile._load_config', return_value=self.config):
+                        provider = CLIProfileCredentialsProvider(profile_name='sts_token')
+
+                        credentials = provider.get_credentials()
+
+                        self.assertEqual(credentials.get_access_key_id(), self.access_key_id)
+                        self.assertEqual(credentials.get_access_key_secret(), self.access_key_secret)
+                        self.assertEqual(credentials.get_security_token(), self.security_token)
+                        self.assertEqual(credentials.get_provider_name(), "cli_profile/static_sts")
+
     def test_get_credentials_valid_ram_role_arn(self):
         """
         Test case 3: Valid input, successfully retrieves credentials for RamRoleArn mode
