backend/oss: Support for assume role config
This commit is contained in:
parent
447fe62986
commit
a490dfa495
|
@ -3,9 +3,12 @@ package oss
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
|
||||||
|
"github.com/aliyun/alibaba-cloud-sdk-go/services/sts"
|
||||||
"github.com/aliyun/aliyun-oss-go-sdk/oss"
|
"github.com/aliyun/aliyun-oss-go-sdk/oss"
|
||||||
"github.com/hashicorp/terraform/backend"
|
"github.com/hashicorp/terraform/backend"
|
||||||
"github.com/hashicorp/terraform/helper/schema"
|
"github.com/hashicorp/terraform/helper/schema"
|
||||||
|
"github.com/hashicorp/terraform/helper/validation"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
@ -129,6 +132,8 @@ func New() backend.Backend {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
"assume_role": assumeRoleSchema(),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -137,6 +142,42 @@ func New() backend.Backend {
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func assumeRoleSchema() *schema.Schema {
|
||||||
|
return &schema.Schema{
|
||||||
|
Type: schema.TypeSet,
|
||||||
|
Optional: true,
|
||||||
|
MaxItems: 1,
|
||||||
|
Elem: &schema.Resource{
|
||||||
|
Schema: map[string]*schema.Schema{
|
||||||
|
"role_arn": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Required: true,
|
||||||
|
Description: "The ARN of a RAM role to assume prior to making API calls.",
|
||||||
|
DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ASSUME_ROLE_ARN", ""),
|
||||||
|
},
|
||||||
|
"session_name": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Optional: true,
|
||||||
|
Description: "The session name to use when assuming the role.",
|
||||||
|
DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ASSUME_ROLE_SESSION_NAME", "terraform"),
|
||||||
|
},
|
||||||
|
"policy": {
|
||||||
|
Type: schema.TypeString,
|
||||||
|
Optional: true,
|
||||||
|
Description: "The permissions applied when assuming a role. You cannot use this policy to grant permissions which exceed those of the role that is being assumed.",
|
||||||
|
},
|
||||||
|
"session_expiration": {
|
||||||
|
Type: schema.TypeInt,
|
||||||
|
Optional: true,
|
||||||
|
Description: "The time after which the established session for assuming role expires.",
|
||||||
|
ValidateFunc: validation.IntBetween(900, 3600),
|
||||||
|
DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION", 3600),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
type Backend struct {
|
type Backend struct {
|
||||||
*schema.Backend
|
*schema.Backend
|
||||||
|
|
||||||
|
@ -175,6 +216,21 @@ func (b *Backend) configure(ctx context.Context) error {
|
||||||
endpoint := d.Get("endpoint").(string)
|
endpoint := d.Get("endpoint").(string)
|
||||||
schma := "https"
|
schma := "https"
|
||||||
|
|
||||||
|
if v, ok := d.GetOk("assume_role"); ok {
|
||||||
|
for _, v := range v.(*schema.Set).List() {
|
||||||
|
assumeRole := v.(map[string]interface{})
|
||||||
|
roleArn := assumeRole["role_arn"].(string)
|
||||||
|
sessionName := assumeRole["session_name"].(string)
|
||||||
|
policy := assumeRole["policy"].(string)
|
||||||
|
sessionExpiration := assumeRole["session_expiration"].(int)
|
||||||
|
subAccessKeyId, subAccessKeySecret, subSecurityToken, err := getAssumeRoleAK(accessKey, secretKey, region, roleArn, sessionName, policy, sessionExpiration)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
accessKey, secretKey, securityToken = subAccessKeyId, subAccessKeySecret, subSecurityToken
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if endpoint == "" {
|
if endpoint == "" {
|
||||||
endpointItem, _ := b.getOSSEndpointByRegion(accessKey, secretKey, securityToken, region)
|
endpointItem, _ := b.getOSSEndpointByRegion(accessKey, secretKey, securityToken, region)
|
||||||
if endpointItem != nil && len(endpointItem.Endpoint) > 0 {
|
if endpointItem != nil && len(endpointItem.Endpoint) > 0 {
|
||||||
|
@ -238,6 +294,25 @@ func (b *Backend) getOSSEndpointByRegion(access_key, secret_key, security_token,
|
||||||
return endpointsResponse, nil
|
return endpointsResponse, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getAssumeRoleAK(accessKey, secretKey, region, roleArn, sessionName, policy string, sessionExpiration int) (string, string, string, error) {
|
||||||
|
request := sts.CreateAssumeRoleRequest()
|
||||||
|
request.RoleArn = roleArn
|
||||||
|
request.RoleSessionName = sessionName
|
||||||
|
request.DurationSeconds = requests.NewInteger(sessionExpiration)
|
||||||
|
request.Policy = policy
|
||||||
|
request.Scheme = "https"
|
||||||
|
|
||||||
|
client, err := sts.NewClientWithAccessKey(region, accessKey, secretKey)
|
||||||
|
if err != nil {
|
||||||
|
return "", "", "", err
|
||||||
|
}
|
||||||
|
response, err := client.AssumeRole(request)
|
||||||
|
if err != nil {
|
||||||
|
return "", "", "", err
|
||||||
|
}
|
||||||
|
return response.Credentials.AccessKeyId, response.Credentials.AccessKeySecret, response.Credentials.SecurityToken, nil
|
||||||
|
}
|
||||||
|
|
||||||
func getSdkConfig() *sdk.Config {
|
func getSdkConfig() *sdk.Config {
|
||||||
return sdk.NewConfig().
|
return sdk.NewConfig().
|
||||||
WithMaxRetryTime(5).
|
WithMaxRetryTime(5).
|
||||||
|
|
|
@ -112,7 +112,7 @@ func createOSSBucket(t *testing.T, ossClient *oss.Client, bucketName string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func deleteOSSBucket(t *testing.T, ossClient *oss.Client, bucketName string) {
|
func deleteOSSBucket(t *testing.T, ossClient *oss.Client, bucketName string) {
|
||||||
warning := "WARNING: Failed to delete the test OSS bucket. It may have been left in your Alicloud account and may incur storage charges. (error was %s)"
|
warning := "WARNING: Failed to delete the test OSS bucket. It may have been left in your Alibaba Cloud account and may incur storage charges. (error was %s)"
|
||||||
|
|
||||||
// first we have to get rid of the env objects, or we can't delete the bucket
|
// first we have to get rid of the env objects, or we can't delete the bucket
|
||||||
bucket, err := ossClient.Bucket(bucketName)
|
bucket, err := ossClient.Bucket(bucketName)
|
||||||
|
|
108
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/assume_role.go
generated
vendored
Normal file
108
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/assume_role.go
generated
vendored
Normal file
|
@ -0,0 +1,108 @@
|
||||||
|
package sts
|
||||||
|
|
||||||
|
//Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
//you may not use this file except in compliance with the License.
|
||||||
|
//You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
//http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
//Unless required by applicable law or agreed to in writing, software
|
||||||
|
//distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
//See the License for the specific language governing permissions and
|
||||||
|
//limitations under the License.
|
||||||
|
//
|
||||||
|
// Code generated by Alibaba Cloud SDK Code Generator.
|
||||||
|
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
|
||||||
|
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
|
||||||
|
)
|
||||||
|
|
||||||
|
// AssumeRole invokes the sts.AssumeRole API synchronously
|
||||||
|
// api document: https://help.aliyun.com/api/sts/assumerole.html
|
||||||
|
func (client *Client) AssumeRole(request *AssumeRoleRequest) (response *AssumeRoleResponse, err error) {
|
||||||
|
response = CreateAssumeRoleResponse()
|
||||||
|
err = client.DoAction(request, response)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// AssumeRoleWithChan invokes the sts.AssumeRole API asynchronously
|
||||||
|
// api document: https://help.aliyun.com/api/sts/assumerole.html
|
||||||
|
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
|
||||||
|
func (client *Client) AssumeRoleWithChan(request *AssumeRoleRequest) (<-chan *AssumeRoleResponse, <-chan error) {
|
||||||
|
responseChan := make(chan *AssumeRoleResponse, 1)
|
||||||
|
errChan := make(chan error, 1)
|
||||||
|
err := client.AddAsyncTask(func() {
|
||||||
|
defer close(responseChan)
|
||||||
|
defer close(errChan)
|
||||||
|
response, err := client.AssumeRole(request)
|
||||||
|
if err != nil {
|
||||||
|
errChan <- err
|
||||||
|
} else {
|
||||||
|
responseChan <- response
|
||||||
|
}
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
errChan <- err
|
||||||
|
close(responseChan)
|
||||||
|
close(errChan)
|
||||||
|
}
|
||||||
|
return responseChan, errChan
|
||||||
|
}
|
||||||
|
|
||||||
|
// AssumeRoleWithCallback invokes the sts.AssumeRole API asynchronously
|
||||||
|
// api document: https://help.aliyun.com/api/sts/assumerole.html
|
||||||
|
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
|
||||||
|
func (client *Client) AssumeRoleWithCallback(request *AssumeRoleRequest, callback func(response *AssumeRoleResponse, err error)) <-chan int {
|
||||||
|
result := make(chan int, 1)
|
||||||
|
err := client.AddAsyncTask(func() {
|
||||||
|
var response *AssumeRoleResponse
|
||||||
|
var err error
|
||||||
|
defer close(result)
|
||||||
|
response, err = client.AssumeRole(request)
|
||||||
|
callback(response, err)
|
||||||
|
result <- 1
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
defer close(result)
|
||||||
|
callback(nil, err)
|
||||||
|
result <- 0
|
||||||
|
}
|
||||||
|
return result
|
||||||
|
}
|
||||||
|
|
||||||
|
// AssumeRoleRequest is the request struct for api AssumeRole
|
||||||
|
type AssumeRoleRequest struct {
|
||||||
|
*requests.RpcRequest
|
||||||
|
RoleArn string `position:"Query" name:"RoleArn"`
|
||||||
|
RoleSessionName string `position:"Query" name:"RoleSessionName"`
|
||||||
|
DurationSeconds requests.Integer `position:"Query" name:"DurationSeconds"`
|
||||||
|
Policy string `position:"Query" name:"Policy"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// AssumeRoleResponse is the response struct for api AssumeRole
|
||||||
|
type AssumeRoleResponse struct {
|
||||||
|
*responses.BaseResponse
|
||||||
|
RequestId string `json:"RequestId" xml:"RequestId"`
|
||||||
|
Credentials Credentials `json:"Credentials" xml:"Credentials"`
|
||||||
|
AssumedRoleUser AssumedRoleUser `json:"AssumedRoleUser" xml:"AssumedRoleUser"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateAssumeRoleRequest creates a request to invoke AssumeRole API
|
||||||
|
func CreateAssumeRoleRequest() (request *AssumeRoleRequest) {
|
||||||
|
request = &AssumeRoleRequest{
|
||||||
|
RpcRequest: &requests.RpcRequest{},
|
||||||
|
}
|
||||||
|
request.InitWithApiInfo("Sts", "2015-04-01", "AssumeRole", "sts", "openAPI")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateAssumeRoleResponse creates a response to parse from AssumeRole response
|
||||||
|
func CreateAssumeRoleResponse() (response *AssumeRoleResponse) {
|
||||||
|
response = &AssumeRoleResponse{
|
||||||
|
BaseResponse: &responses.BaseResponse{},
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
81
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/client.go
generated
vendored
Normal file
81
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/client.go
generated
vendored
Normal file
|
@ -0,0 +1,81 @@
|
||||||
|
package sts
|
||||||
|
|
||||||
|
//Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
//you may not use this file except in compliance with the License.
|
||||||
|
//You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
//http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
//Unless required by applicable law or agreed to in writing, software
|
||||||
|
//distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
//See the License for the specific language governing permissions and
|
||||||
|
//limitations under the License.
|
||||||
|
//
|
||||||
|
// Code generated by Alibaba Cloud SDK Code Generator.
|
||||||
|
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/aliyun/alibaba-cloud-sdk-go/sdk"
|
||||||
|
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Client is the sdk client struct, each func corresponds to an OpenAPI
|
||||||
|
type Client struct {
|
||||||
|
sdk.Client
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewClient creates a sdk client with environment variables
|
||||||
|
func NewClient() (client *Client, err error) {
|
||||||
|
client = &Client{}
|
||||||
|
err = client.Init()
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewClientWithOptions creates a sdk client with regionId/sdkConfig/credential
|
||||||
|
// this is the common api to create a sdk client
|
||||||
|
func NewClientWithOptions(regionId string, config *sdk.Config, credential auth.Credential) (client *Client, err error) {
|
||||||
|
client = &Client{}
|
||||||
|
err = client.InitWithOptions(regionId, config, credential)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewClientWithAccessKey is a shortcut to create sdk client with accesskey
|
||||||
|
// usage: https://help.aliyun.com/document_detail/66217.html
|
||||||
|
func NewClientWithAccessKey(regionId, accessKeyId, accessKeySecret string) (client *Client, err error) {
|
||||||
|
client = &Client{}
|
||||||
|
err = client.InitWithAccessKey(regionId, accessKeyId, accessKeySecret)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewClientWithStsToken is a shortcut to create sdk client with sts token
|
||||||
|
// usage: https://help.aliyun.com/document_detail/66222.html
|
||||||
|
func NewClientWithStsToken(regionId, stsAccessKeyId, stsAccessKeySecret, stsToken string) (client *Client, err error) {
|
||||||
|
client = &Client{}
|
||||||
|
err = client.InitWithStsToken(regionId, stsAccessKeyId, stsAccessKeySecret, stsToken)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewClientWithRamRoleArn is a shortcut to create sdk client with ram roleArn
|
||||||
|
// usage: https://help.aliyun.com/document_detail/66222.html
|
||||||
|
func NewClientWithRamRoleArn(regionId string, accessKeyId, accessKeySecret, roleArn, roleSessionName string) (client *Client, err error) {
|
||||||
|
client = &Client{}
|
||||||
|
err = client.InitWithRamRoleArn(regionId, accessKeyId, accessKeySecret, roleArn, roleSessionName)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewClientWithEcsRamRole is a shortcut to create sdk client with ecs ram role
|
||||||
|
// usage: https://help.aliyun.com/document_detail/66223.html
|
||||||
|
func NewClientWithEcsRamRole(regionId string, roleName string) (client *Client, err error) {
|
||||||
|
client = &Client{}
|
||||||
|
err = client.InitWithEcsRamRole(regionId, roleName)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewClientWithRsaKeyPair is a shortcut to create sdk client with rsa key pair
|
||||||
|
// attention: rsa key pair auth is only Japan regions available
|
||||||
|
func NewClientWithRsaKeyPair(regionId string, publicKeyId, privateKey string, sessionExpiration int) (client *Client, err error) {
|
||||||
|
client = &Client{}
|
||||||
|
err = client.InitWithRsaKeyPair(regionId, publicKeyId, privateKey, sessionExpiration)
|
||||||
|
return
|
||||||
|
}
|
104
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/generate_session_access_key.go
generated
vendored
Normal file
104
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/generate_session_access_key.go
generated
vendored
Normal file
|
@ -0,0 +1,104 @@
|
||||||
|
package sts
|
||||||
|
|
||||||
|
//Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
//you may not use this file except in compliance with the License.
|
||||||
|
//You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
//http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
//Unless required by applicable law or agreed to in writing, software
|
||||||
|
//distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
//See the License for the specific language governing permissions and
|
||||||
|
//limitations under the License.
|
||||||
|
//
|
||||||
|
// Code generated by Alibaba Cloud SDK Code Generator.
|
||||||
|
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
|
||||||
|
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
|
||||||
|
)
|
||||||
|
|
||||||
|
// GenerateSessionAccessKey invokes the sts.GenerateSessionAccessKey API synchronously
|
||||||
|
// api document: https://help.aliyun.com/api/sts/generatesessionaccesskey.html
|
||||||
|
func (client *Client) GenerateSessionAccessKey(request *GenerateSessionAccessKeyRequest) (response *GenerateSessionAccessKeyResponse, err error) {
|
||||||
|
response = CreateGenerateSessionAccessKeyResponse()
|
||||||
|
err = client.DoAction(request, response)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// GenerateSessionAccessKeyWithChan invokes the sts.GenerateSessionAccessKey API asynchronously
|
||||||
|
// api document: https://help.aliyun.com/api/sts/generatesessionaccesskey.html
|
||||||
|
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
|
||||||
|
func (client *Client) GenerateSessionAccessKeyWithChan(request *GenerateSessionAccessKeyRequest) (<-chan *GenerateSessionAccessKeyResponse, <-chan error) {
|
||||||
|
responseChan := make(chan *GenerateSessionAccessKeyResponse, 1)
|
||||||
|
errChan := make(chan error, 1)
|
||||||
|
err := client.AddAsyncTask(func() {
|
||||||
|
defer close(responseChan)
|
||||||
|
defer close(errChan)
|
||||||
|
response, err := client.GenerateSessionAccessKey(request)
|
||||||
|
if err != nil {
|
||||||
|
errChan <- err
|
||||||
|
} else {
|
||||||
|
responseChan <- response
|
||||||
|
}
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
errChan <- err
|
||||||
|
close(responseChan)
|
||||||
|
close(errChan)
|
||||||
|
}
|
||||||
|
return responseChan, errChan
|
||||||
|
}
|
||||||
|
|
||||||
|
// GenerateSessionAccessKeyWithCallback invokes the sts.GenerateSessionAccessKey API asynchronously
|
||||||
|
// api document: https://help.aliyun.com/api/sts/generatesessionaccesskey.html
|
||||||
|
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
|
||||||
|
func (client *Client) GenerateSessionAccessKeyWithCallback(request *GenerateSessionAccessKeyRequest, callback func(response *GenerateSessionAccessKeyResponse, err error)) <-chan int {
|
||||||
|
result := make(chan int, 1)
|
||||||
|
err := client.AddAsyncTask(func() {
|
||||||
|
var response *GenerateSessionAccessKeyResponse
|
||||||
|
var err error
|
||||||
|
defer close(result)
|
||||||
|
response, err = client.GenerateSessionAccessKey(request)
|
||||||
|
callback(response, err)
|
||||||
|
result <- 1
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
defer close(result)
|
||||||
|
callback(nil, err)
|
||||||
|
result <- 0
|
||||||
|
}
|
||||||
|
return result
|
||||||
|
}
|
||||||
|
|
||||||
|
// GenerateSessionAccessKeyRequest is the request struct for api GenerateSessionAccessKey
|
||||||
|
type GenerateSessionAccessKeyRequest struct {
|
||||||
|
*requests.RpcRequest
|
||||||
|
DurationSeconds requests.Integer `position:"Query" name:"DurationSeconds"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// GenerateSessionAccessKeyResponse is the response struct for api GenerateSessionAccessKey
|
||||||
|
type GenerateSessionAccessKeyResponse struct {
|
||||||
|
*responses.BaseResponse
|
||||||
|
RequestId string `json:"RequestId" xml:"RequestId"`
|
||||||
|
SessionAccessKey SessionAccessKey `json:"SessionAccessKey" xml:"SessionAccessKey"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateGenerateSessionAccessKeyRequest creates a request to invoke GenerateSessionAccessKey API
|
||||||
|
func CreateGenerateSessionAccessKeyRequest() (request *GenerateSessionAccessKeyRequest) {
|
||||||
|
request = &GenerateSessionAccessKeyRequest{
|
||||||
|
RpcRequest: &requests.RpcRequest{},
|
||||||
|
}
|
||||||
|
request.InitWithApiInfo("Sts", "2015-04-01", "GenerateSessionAccessKey", "sts", "openAPI")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateGenerateSessionAccessKeyResponse creates a response to parse from GenerateSessionAccessKey response
|
||||||
|
func CreateGenerateSessionAccessKeyResponse() (response *GenerateSessionAccessKeyResponse) {
|
||||||
|
response = &GenerateSessionAccessKeyResponse{
|
||||||
|
BaseResponse: &responses.BaseResponse{},
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
108
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/get_caller_identity.go
generated
vendored
Normal file
108
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/get_caller_identity.go
generated
vendored
Normal file
|
@ -0,0 +1,108 @@
|
||||||
|
package sts
|
||||||
|
|
||||||
|
//Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
//you may not use this file except in compliance with the License.
|
||||||
|
//You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
//http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
//Unless required by applicable law or agreed to in writing, software
|
||||||
|
//distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
//See the License for the specific language governing permissions and
|
||||||
|
//limitations under the License.
|
||||||
|
//
|
||||||
|
// Code generated by Alibaba Cloud SDK Code Generator.
|
||||||
|
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
|
||||||
|
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
|
||||||
|
)
|
||||||
|
|
||||||
|
// GetCallerIdentity invokes the sts.GetCallerIdentity API synchronously
|
||||||
|
// api document: https://help.aliyun.com/api/sts/getcalleridentity.html
|
||||||
|
func (client *Client) GetCallerIdentity(request *GetCallerIdentityRequest) (response *GetCallerIdentityResponse, err error) {
|
||||||
|
response = CreateGetCallerIdentityResponse()
|
||||||
|
err = client.DoAction(request, response)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetCallerIdentityWithChan invokes the sts.GetCallerIdentity API asynchronously
|
||||||
|
// api document: https://help.aliyun.com/api/sts/getcalleridentity.html
|
||||||
|
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
|
||||||
|
func (client *Client) GetCallerIdentityWithChan(request *GetCallerIdentityRequest) (<-chan *GetCallerIdentityResponse, <-chan error) {
|
||||||
|
responseChan := make(chan *GetCallerIdentityResponse, 1)
|
||||||
|
errChan := make(chan error, 1)
|
||||||
|
err := client.AddAsyncTask(func() {
|
||||||
|
defer close(responseChan)
|
||||||
|
defer close(errChan)
|
||||||
|
response, err := client.GetCallerIdentity(request)
|
||||||
|
if err != nil {
|
||||||
|
errChan <- err
|
||||||
|
} else {
|
||||||
|
responseChan <- response
|
||||||
|
}
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
errChan <- err
|
||||||
|
close(responseChan)
|
||||||
|
close(errChan)
|
||||||
|
}
|
||||||
|
return responseChan, errChan
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetCallerIdentityWithCallback invokes the sts.GetCallerIdentity API asynchronously
|
||||||
|
// api document: https://help.aliyun.com/api/sts/getcalleridentity.html
|
||||||
|
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
|
||||||
|
func (client *Client) GetCallerIdentityWithCallback(request *GetCallerIdentityRequest, callback func(response *GetCallerIdentityResponse, err error)) <-chan int {
|
||||||
|
result := make(chan int, 1)
|
||||||
|
err := client.AddAsyncTask(func() {
|
||||||
|
var response *GetCallerIdentityResponse
|
||||||
|
var err error
|
||||||
|
defer close(result)
|
||||||
|
response, err = client.GetCallerIdentity(request)
|
||||||
|
callback(response, err)
|
||||||
|
result <- 1
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
defer close(result)
|
||||||
|
callback(nil, err)
|
||||||
|
result <- 0
|
||||||
|
}
|
||||||
|
return result
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetCallerIdentityRequest is the request struct for api GetCallerIdentity
|
||||||
|
type GetCallerIdentityRequest struct {
|
||||||
|
*requests.RpcRequest
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetCallerIdentityResponse is the response struct for api GetCallerIdentity
|
||||||
|
type GetCallerIdentityResponse struct {
|
||||||
|
*responses.BaseResponse
|
||||||
|
AccountId string `json:"AccountId" xml:"AccountId"`
|
||||||
|
UserId string `json:"UserId" xml:"UserId"`
|
||||||
|
RoleId string `json:"RoleId" xml:"RoleId"`
|
||||||
|
Arn string `json:"Arn" xml:"Arn"`
|
||||||
|
IdentityType string `json:"IdentityType" xml:"IdentityType"`
|
||||||
|
PrincipalId string `json:"PrincipalId" xml:"PrincipalId"`
|
||||||
|
RequestId string `json:"RequestId" xml:"RequestId"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateGetCallerIdentityRequest creates a request to invoke GetCallerIdentity API
|
||||||
|
func CreateGetCallerIdentityRequest() (request *GetCallerIdentityRequest) {
|
||||||
|
request = &GetCallerIdentityRequest{
|
||||||
|
RpcRequest: &requests.RpcRequest{},
|
||||||
|
}
|
||||||
|
request.InitWithApiInfo("Sts", "2015-04-01", "GetCallerIdentity", "sts", "openAPI")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateGetCallerIdentityResponse creates a response to parse from GetCallerIdentity response
|
||||||
|
func CreateGetCallerIdentityResponse() (response *GetCallerIdentityResponse) {
|
||||||
|
response = &GetCallerIdentityResponse{
|
||||||
|
BaseResponse: &responses.BaseResponse{},
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
22
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/struct_assumed_role_user.go
generated
vendored
Normal file
22
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/struct_assumed_role_user.go
generated
vendored
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
package sts
|
||||||
|
|
||||||
|
//Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
//you may not use this file except in compliance with the License.
|
||||||
|
//You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
//http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
//Unless required by applicable law or agreed to in writing, software
|
||||||
|
//distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
//See the License for the specific language governing permissions and
|
||||||
|
//limitations under the License.
|
||||||
|
//
|
||||||
|
// Code generated by Alibaba Cloud SDK Code Generator.
|
||||||
|
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
|
||||||
|
|
||||||
|
// AssumedRoleUser is a nested struct in sts response
|
||||||
|
type AssumedRoleUser struct {
|
||||||
|
Arn string `json:"Arn" xml:"Arn"`
|
||||||
|
AssumedRoleId string `json:"AssumedRoleId" xml:"AssumedRoleId"`
|
||||||
|
}
|
24
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/struct_credentials.go
generated
vendored
Normal file
24
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/struct_credentials.go
generated
vendored
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
package sts
|
||||||
|
|
||||||
|
//Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
//you may not use this file except in compliance with the License.
|
||||||
|
//You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
//http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
//Unless required by applicable law or agreed to in writing, software
|
||||||
|
//distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
//See the License for the specific language governing permissions and
|
||||||
|
//limitations under the License.
|
||||||
|
//
|
||||||
|
// Code generated by Alibaba Cloud SDK Code Generator.
|
||||||
|
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
|
||||||
|
|
||||||
|
// Credentials is a nested struct in sts response
|
||||||
|
type Credentials struct {
|
||||||
|
SecurityToken string `json:"SecurityToken" xml:"SecurityToken"`
|
||||||
|
AccessKeySecret string `json:"AccessKeySecret" xml:"AccessKeySecret"`
|
||||||
|
AccessKeyId string `json:"AccessKeyId" xml:"AccessKeyId"`
|
||||||
|
Expiration string `json:"Expiration" xml:"Expiration"`
|
||||||
|
}
|
23
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/struct_session_access_key.go
generated
vendored
Normal file
23
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/struct_session_access_key.go
generated
vendored
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
package sts
|
||||||
|
|
||||||
|
//Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
//you may not use this file except in compliance with the License.
|
||||||
|
//You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
//http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
//Unless required by applicable law or agreed to in writing, software
|
||||||
|
//distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
//See the License for the specific language governing permissions and
|
||||||
|
//limitations under the License.
|
||||||
|
//
|
||||||
|
// Code generated by Alibaba Cloud SDK Code Generator.
|
||||||
|
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
|
||||||
|
|
||||||
|
// SessionAccessKey is a nested struct in sts response
|
||||||
|
type SessionAccessKey struct {
|
||||||
|
SessionAccessKeyId string `json:"SessionAccessKeyId" xml:"SessionAccessKeyId"`
|
||||||
|
SessionAccessKeySecret string `json:"SessionAccessKeySecret" xml:"SessionAccessKeySecret"`
|
||||||
|
Expiration string `json:"Expiration" xml:"Expiration"`
|
||||||
|
}
|
|
@ -50,12 +50,13 @@ github.com/agl/ed25519/edwards25519
|
||||||
# github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190329064014-6e358769c32a
|
# github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190329064014-6e358769c32a
|
||||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk
|
github.com/aliyun/alibaba-cloud-sdk-go/sdk
|
||||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials
|
github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials
|
||||||
|
github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests
|
||||||
github.com/aliyun/alibaba-cloud-sdk-go/services/location
|
github.com/aliyun/alibaba-cloud-sdk-go/services/location
|
||||||
|
github.com/aliyun/alibaba-cloud-sdk-go/services/sts
|
||||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth
|
github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth
|
||||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/provider
|
github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/provider
|
||||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/endpoints
|
github.com/aliyun/alibaba-cloud-sdk-go/sdk/endpoints
|
||||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/errors
|
github.com/aliyun/alibaba-cloud-sdk-go/sdk/errors
|
||||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests
|
|
||||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses
|
github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses
|
||||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/utils
|
github.com/aliyun/alibaba-cloud-sdk-go/sdk/utils
|
||||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers
|
github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers
|
||||||
|
|
|
@ -75,8 +75,8 @@ data "terraform_remote_state" "network" {
|
||||||
|
|
||||||
The following configuration options or environment variables are supported:
|
The following configuration options or environment variables are supported:
|
||||||
|
|
||||||
* `access_key` - (Optional) Alicloud access key. It supports environment variables `ALICLOUD_ACCESS_KEY` and `ALICLOUD_ACCESS_KEY_ID`.
|
* `access_key` - (Optional) Alibaba Cloud access key. It supports environment variables `ALICLOUD_ACCESS_KEY` and `ALICLOUD_ACCESS_KEY_ID`.
|
||||||
* `secret_key` - (Optional) Alicloud secret access key. It supports environment variables `ALICLOUD_SECRET_KEY` and `ALICLOUD_ACCESS_KEY_SECRET`.
|
* `secret_key` - (Optional) Alibaba Cloud secret access key. It supports environment variables `ALICLOUD_SECRET_KEY` and `ALICLOUD_ACCESS_KEY_SECRET`.
|
||||||
* `security_token` - (Optional) STS access token. It supports environment variable `ALICLOUD_SECURITY_TOKEN`.
|
* `security_token` - (Optional) STS access token. It supports environment variable `ALICLOUD_SECURITY_TOKEN`.
|
||||||
* `region` - (Optional) The region of the OSS bucket. It supports environment variables `ALICLOUD_REGION` and `ALICLOUD_DEFAULT_REGION`.
|
* `region` - (Optional) The region of the OSS bucket. It supports environment variables `ALICLOUD_REGION` and `ALICLOUD_DEFAULT_REGION`.
|
||||||
* `endpoint` - (Optional) A custom endpoint for the OSS API. It supports environment variables `ALICLOUD_OSS_ENDPOINT` and `OSS_ENDPOINT`.
|
* `endpoint` - (Optional) A custom endpoint for the OSS API. It supports environment variables `ALICLOUD_OSS_ENDPOINT` and `OSS_ENDPOINT`.
|
||||||
|
@ -90,6 +90,18 @@ The following configuration options or environment variables are supported:
|
||||||
* `acl` - (Optional) [Object
|
* `acl` - (Optional) [Object
|
||||||
ACL](https://www.alibabacloud.com/help/doc-detail/52284.htm)
|
ACL](https://www.alibabacloud.com/help/doc-detail/52284.htm)
|
||||||
to be applied to the state file.
|
to be applied to the state file.
|
||||||
|
* `assume_role` - (Optional) If provided with a role ARN, will attempt to assume this role using the supplied credentials.
|
||||||
|
|
||||||
|
The nested `assume_role` block supports the following:
|
||||||
|
* `role_arn` - (Required) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports environment variable `ALICLOUD_ASSUME_ROLE_ARN`.
|
||||||
|
Terraform executes configuration on account with provided credentials.
|
||||||
|
|
||||||
|
* `policy` - (Optional) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary
|
||||||
|
security credentials. You cannot use this policy to grant permissions which exceed those of the role that is being assumed.
|
||||||
|
|
||||||
|
* `session_name` - (Optional) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable `ALICLOUD_ASSUME_ROLE_SESSION_NAME`.
|
||||||
|
|
||||||
|
* `session_expiration` - (Optional) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud use own default value). It supports environment variable `ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION`.
|
||||||
|
|
||||||
-> **Note:** If you want to store state in the custom OSS endpoint, you can specify a environment variable `OSS_ENDPOINT`, like "oss-cn-beijing-internal.aliyuncs.com"
|
-> **Note:** If you want to store state in the custom OSS endpoint, you can specify a environment variable `OSS_ENDPOINT`, like "oss-cn-beijing-internal.aliyuncs.com"
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,7 @@ down to see all providers.
|
||||||
|
|
||||||
- [ACME](/docs/providers/acme/index.html)
|
- [ACME](/docs/providers/acme/index.html)
|
||||||
- [Akamai](/docs/providers/akamai/index.html)
|
- [Akamai](/docs/providers/akamai/index.html)
|
||||||
- [Alicloud](/docs/providers/alicloud/index.html)
|
- [Alibaba Cloud](/docs/providers/alicloud/index.html)
|
||||||
- [Archive](/docs/providers/archive/index.html)
|
- [Archive](/docs/providers/archive/index.html)
|
||||||
- [Arukas](/docs/providers/arukas/index.html)
|
- [Arukas](/docs/providers/arukas/index.html)
|
||||||
- [Avi Vantage](/docs/providers/avi/index.html)
|
- [Avi Vantage](/docs/providers/avi/index.html)
|
||||||
|
|
Loading…
Reference in New Issue