Merge pull request #828 from l1b0k/release-1.9

Release 1.9

Author: BSWANG

cmd/terway-controlplane/terway-controlplane.go

@@ -24,6 +24,7 @@ import (
 	"os"
 	"time"
 
+	"github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider"
 	"github.com/samber/lo"
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/exporters/otlp/otlptrace"
@@ -180,14 +181,16 @@ func main() {
 		}
 	}
 
-	var providers []credential.Interface
-	if string(cfg.Credential.AccessKey) != "" && string(cfg.Credential.AccessSecret) != "" {
-		providers = append(providers, credential.NewAKPairProvider(string(cfg.Credential.AccessKey), string(cfg.Credential.AccessSecret)))
-	}
-	providers = append(providers, credential.NewEncryptedCredentialProvider(cfg.CredentialPath, cfg.SecretNamespace, cfg.SecretName))
-	providers = append(providers, credential.NewMetadataProvider())
+	prov := provider.NewChainProvider(
+		provider.NewAccessKeyProvider(string(cfg.Credential.AccessKey), string(cfg.Credential.AccessSecret)),
+		provider.NewEncryptedFileProvider(provider.EncryptedFileProviderOptions{
+			FilePath:      cfg.CredentialPath,
+			RefreshPeriod: 30 * time.Minute,
+		}),
+		provider.NewECSMetadataProvider(provider.ECSMetadataProviderOptions{}),
+	)
 
-	clientSet, err := credential.NewClientMgr(cfg.RegionID, providers...)
+	clientSet, err := credential.NewClientMgr(cfg.RegionID, prov)
 	if err != nil {
 		panic(err)
 	}

daemon/builder.go

@@ -9,6 +9,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider"
 	"github.com/samber/lo"
 	"k8s.io/client-go/util/flowcontrol"
 
@@ -149,14 +150,16 @@ func (b *NetworkServiceBuilder) setupAliyunClient() error {
 	}
 	meta := instance.GetInstanceMeta()
 
-	var providers []credential.Interface
-	if string(b.config.AccessID) != "" && string(b.config.AccessSecret) != "" {
-		providers = append(providers, credential.NewAKPairProvider(string(b.config.AccessID), string(b.config.AccessSecret)))
-	}
-	providers = append(providers, credential.NewEncryptedCredentialProvider(utils.NormalizePath(b.config.CredentialPath), "", ""))
-	providers = append(providers, credential.NewMetadataProvider())
+	prov := provider.NewChainProvider(
+		provider.NewAccessKeyProvider(string(b.config.AccessID), string(b.config.AccessSecret)),
+		provider.NewEncryptedFileProvider(provider.EncryptedFileProviderOptions{
+			FilePath:      b.config.CredentialPath,
+			RefreshPeriod: 30 * time.Minute,
+		}),
+		provider.NewECSMetadataProvider(provider.ECSMetadataProviderOptions{}),
+	)
 
-	clientSet, err := credential.NewClientMgr(meta.RegionID, providers...)
+	clientSet, err := credential.NewClientMgr(meta.RegionID, prov)
 	if err != nil {
 		return err
 	}

daemon/server.go

@@ -16,6 +16,7 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/AliyunContainerService/terway/pkg/aliyun/metadata"
 	"github.com/alexflint/go-filemutex"
 	"github.com/go-logr/logr"
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -227,7 +228,7 @@ func runDebugServer(ctx context.Context, wg *sync.WaitGroup, debugSocketListen s
 func registerPrometheus() {
 	prometheus.MustRegister(metric.RPCLatency)
 	prometheus.MustRegister(metric.OpenAPILatency)
-	prometheus.MustRegister(metric.MetadataLatency)
+	prometheus.MustRegister(metadata.MetadataLatency)
 	// ResourcePool
 	prometheus.MustRegister(metric.ResourcePoolTotal)
 	prometheus.MustRegister(metric.ResourcePoolIdle)

examples/maxpods/maxpods.go

@@ -5,7 +5,9 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"time"
 
+	"github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider"
 	"github.com/sirupsen/logrus"
 	"k8s.io/client-go/util/flowcontrol"
 
@@ -36,15 +38,17 @@ func main() {
 	flag.Parse()
 	log.SetOutput(io.Discard)
 	logrus.SetOutput(io.Discard)
-	ins := instance.GetInstanceMeta()
 
-	providers := []credential.Interface{
-		credential.NewAKPairProvider(accessKeyID, accessKeySecret),
-		credential.NewEncryptedCredentialProvider(credentialPath, "", ""),
-		credential.NewMetadataProvider(),
-	}
+	prov := provider.NewChainProvider(
+		provider.NewAccessKeyProvider(string(accessKeyID), string(accessKeySecret)),
+		provider.NewEncryptedFileProvider(provider.EncryptedFileProviderOptions{
+			FilePath:      credentialPath,
+			RefreshPeriod: 30 * time.Minute,
+		}),
+		provider.NewECSMetadataProvider(provider.ECSMetadataProviderOptions{}),
+	)
 
-	c, err := credential.NewClientMgr(ins.RegionID, providers...)
+	c, err := credential.NewClientMgr(region, prov)
 	if err != nil {
 		panic(err)
 	}

go.mod

@@ -3,6 +3,7 @@ module github.com/AliyunContainerService/terway
 go 1.21
 
 require (
+	github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.18.1
 	github.com/Jeffail/gabs/v2 v2.7.0
 	github.com/Microsoft/go-winio v0.6.0
 	github.com/Microsoft/hcsshim v0.9.9
@@ -11,7 +12,6 @@ require (
 	github.com/boltdb/bolt v1.3.1
 	github.com/containernetworking/cni v1.1.2
 	github.com/containernetworking/plugins v1.3.0
-	github.com/denverdino/aliyungo v0.0.0-20201215054313-f635de23c5e0
 	github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7
 	github.com/evanphx/json-patch v5.6.0+incompatible
 	github.com/go-logr/logr v1.3.0
@@ -63,6 +63,10 @@ require (
 	atomicgo.dev/cursor v0.1.1 // indirect
 	atomicgo.dev/keyboard v0.2.9 // indirect
 	atomicgo.dev/schedule v0.0.2 // indirect
+	github.com/AliyunContainerService/ack-ram-tool/pkg/ecsmetadata v0.0.7 // indirect
+	github.com/alibabacloud-go/debug v1.0.1 // indirect
+	github.com/alibabacloud-go/tea v1.2.2 // indirect
+	github.com/aliyun/credentials-go v1.4.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.1.3 // indirect

go.sum

@@ -40,6 +40,10 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.18.1 h1:YWDC5K6uH/hUB9iBqNMzcbYw/mpySDyRiMv4auyB7xY=
+github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.18.1/go.mod h1:eoheXiZu1MD1WqNrjd6QCzH9eNc564OBZhwmPpIHWfw=
+github.com/AliyunContainerService/ack-ram-tool/pkg/ecsmetadata v0.0.7 h1:cBT6x76uGPD6IyNwTQyODnjL55YN/btXLT2QTX0BlaY=
+github.com/AliyunContainerService/ack-ram-tool/pkg/ecsmetadata v0.0.7/go.mod h1:QM3VKYNyD5thMEWqKef+uOfpNmZG7RjG7wOsCdavj9w=
 github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
@@ -105,8 +109,15 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF
 github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
 github.com/alexflint/go-filemutex v1.2.0 h1:1v0TJPDtlhgpW4nJ+GvxCLSlUDC3+gW0CQQvlmfDR/s=
 github.com/alexflint/go-filemutex v1.2.0/go.mod h1:mYyQSWvw9Tx2/H2n9qXPb52tTYfE0pZAWcBq5mK025c=
+github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc=
+github.com/alibabacloud-go/debug v1.0.1 h1:MsW9SmUtbb1Fnt3ieC6NNZi6aEwrXfDksD4QA6GSbPg=
+github.com/alibabacloud-go/debug v1.0.1/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc=
+github.com/alibabacloud-go/tea v1.2.2 h1:aTsR6Rl3ANWPfqeQugPglfurloyBJY85eFy7Gc1+8oU=
+github.com/alibabacloud-go/tea v1.2.2/go.mod h1:CF3vOzEMAG+bR4WOql8gc2G9H3EkH3ZLAQdpmpXMgwk=
 github.com/aliyun/alibaba-cloud-sdk-go v1.63.88 h1:87jNTxliGqU2yB3H09xCd4U3cZCmR4AkOMqWgaluo5Q=
 github.com/aliyun/alibaba-cloud-sdk-go v1.63.88/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ=
+github.com/aliyun/credentials-go v1.4.5 h1:O76WYKgdy1oQYYiJkERjlA2dxGuvLRrzuO2ScrtGWSk=
+github.com/aliyun/credentials-go v1.4.5/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
@@ -287,8 +298,6 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
-github.com/denverdino/aliyungo v0.0.0-20201215054313-f635de23c5e0 h1:e1w8ltprC3V935s7qcCVbBukcWixdSPONEjHYRvhX5c=
-github.com/denverdino/aliyungo v0.0.0-20201215054313-f635de23c5e0/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
 github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
@@ -921,6 +930,7 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1013,6 +1023,8 @@ golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1036,6 +1048,7 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1121,13 +1134,17 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1142,6 +1159,7 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

pkg/aliyun/credential/ak.go

@@ -3,14 +3,17 @@
 package credential
 
 import (
-	"errors"
+	"context"
+	"fmt"
 	"net/http"
 	"net/url"
 	"os"
 	"strings"
 	"sync"
 	"time"
 
+	"github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
 	"github.com/aliyun/alibaba-cloud-sdk-go/services/eflo"
 	ctrl "sigs.k8s.io/controller-runtime"
 
@@ -70,7 +73,7 @@ func clientCfg() *sdk.Config {
 type ClientMgr struct {
 	regionID string
 
-	auth Interface
+	provider provider.CredentialsProvider
 
 	// protect things below
 	sync.RWMutex
@@ -85,12 +88,17 @@ type ClientMgr struct {
 	ecsDomainOverride  string
 	vpcDomainOverride  string
 	efloDomainOverride string
+
+	efloRegionOverride string
+
+	endpointType string
 }
 
 // NewClientMgr return new aliyun client manager
-func NewClientMgr(regionID string, providers ...Interface) (*ClientMgr, error) {
+func NewClientMgr(regionID string, providers provider.CredentialsProvider) (*ClientMgr, error) {
 	mgr := &ClientMgr{
 		regionID: regionID,
+		provider: providers,
 	}
 
 	var err error
@@ -106,19 +114,20 @@ func NewClientMgr(regionID string, providers ...Interface) (*ClientMgr, error) {
 	if err != nil {
 		return nil, err
 	}
-	for _, p := range providers {
-		c, err := p.Resolve()
-		if err != nil {
-			return nil, err
-		}
-		if c == nil {
-			continue
-		}
-		mgr.auth = p
-		break
+
+	mgr.efloRegionOverride = os.Getenv("EFLO_REGION_ID")
+	if mgr.efloRegionOverride == "" {
+		mgr.efloRegionOverride = regionID
 	}
-	if mgr.auth == nil {
-		return nil, errors.New("unable to found a valid credential provider")
+
+	mgr.endpointType = "vpc"
+	if os.Getenv("ALICLOUD_ENDPOINT_TYPE") != "" {
+		mgr.endpointType = os.Getenv("ALICLOUD_ENDPOINT_TYPE")
+	}
+
+	_, err = providers.Credentials(context.Background())
+	if err != nil {
+		return nil, fmt.Errorf("failed to get credentials: %w", err)
 	}
 
 	return mgr, nil
@@ -172,41 +181,50 @@ func (c *ClientMgr) refreshToken() (bool, error) {
 			}
 		}()
 
-		cc, err := c.auth.Resolve()
+		cc, err := c.provider.Credentials(context.Background())
 		if err != nil {
 			return false, err
 		}
 
-		c.ecs, err = ecs.NewClientWithOptions(c.regionID, clientCfg(), cc.Credential)
+		cre := &credentials.StsTokenCredential{
+			AccessKeyId:       cc.AccessKeyId,
+			AccessKeySecret:   cc.AccessKeySecret,
+			AccessKeyStsToken: cc.SecurityToken,
+		}
+
+		c.ecs, err = ecs.NewClientWithOptions(c.regionID, clientCfg(), cre)
 		if err != nil {
 			return false, err
 		}
-		c.ecs.SetEndpointRules(c.ecs.EndpointMap, "regional", "vpc")
+		c.ecs.SetEndpointRules(c.ecs.EndpointMap, "regional", c.endpointType)
 
 		if c.ecsDomainOverride != "" {
 			c.ecs.Domain = c.ecsDomainOverride
 		}
 
-		c.vpc, err = vpc.NewClientWithOptions(c.regionID, clientCfg(), cc.Credential)
+		c.vpc, err = vpc.NewClientWithOptions(c.regionID, clientCfg(), cre)
 		if err != nil {
 			return false, err
 		}
-		c.vpc.SetEndpointRules(c.vpc.EndpointMap, "regional", "vpc")
+		c.vpc.SetEndpointRules(c.vpc.EndpointMap, "regional", c.endpointType)
 
 		if c.vpcDomainOverride != "" {
 			c.vpc.Domain = c.vpcDomainOverride
 		}
 
-		c.eflo, err = eflo.NewClientWithOptions(c.regionID, clientCfg(), cc.Credential)
+		c.eflo, err = eflo.NewClientWithOptions(c.efloRegionOverride, clientCfg(), cre)
 		if err != nil {
 			return false, err
 		}
-		c.eflo.SetEndpointRules(c.eflo.EndpointMap, "regional", "vpc")
+		c.eflo.SetEndpointRules(c.eflo.EndpointMap, "regional", c.endpointType)
 
 		if c.efloDomainOverride != "" {
 			c.eflo.Domain = c.efloDomainOverride
 		}
 
+		if cc.Expiration.IsZero() {
+			c.expireAt = time.Now().Add(5 * time.Minute)
+		}
 		c.expireAt = cc.Expiration
 		return true, nil
 	}