backend/oss: Support for assume role config
This commit is contained in:
parent
447fe62986
commit
a490dfa495
|
@ -3,9 +3,12 @@ package oss
|
|||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/services/sts"
|
||||
"github.com/aliyun/aliyun-oss-go-sdk/oss"
|
||||
"github.com/hashicorp/terraform/backend"
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
"github.com/hashicorp/terraform/helper/validation"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
|
@ -129,6 +132,8 @@ func New() backend.Backend {
|
|||
return nil, nil
|
||||
},
|
||||
},
|
||||
|
||||
"assume_role": assumeRoleSchema(),
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -137,6 +142,42 @@ func New() backend.Backend {
|
|||
return result
|
||||
}
|
||||
|
||||
func assumeRoleSchema() *schema.Schema {
|
||||
return &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
MaxItems: 1,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"role_arn": {
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
Description: "The ARN of a RAM role to assume prior to making API calls.",
|
||||
DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ASSUME_ROLE_ARN", ""),
|
||||
},
|
||||
"session_name": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Description: "The session name to use when assuming the role.",
|
||||
DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ASSUME_ROLE_SESSION_NAME", "terraform"),
|
||||
},
|
||||
"policy": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Description: "The permissions applied when assuming a role. You cannot use this policy to grant permissions which exceed those of the role that is being assumed.",
|
||||
},
|
||||
"session_expiration": {
|
||||
Type: schema.TypeInt,
|
||||
Optional: true,
|
||||
Description: "The time after which the established session for assuming role expires.",
|
||||
ValidateFunc: validation.IntBetween(900, 3600),
|
||||
DefaultFunc: schema.EnvDefaultFunc("ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION", 3600),
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
type Backend struct {
|
||||
*schema.Backend
|
||||
|
||||
|
@ -175,6 +216,21 @@ func (b *Backend) configure(ctx context.Context) error {
|
|||
endpoint := d.Get("endpoint").(string)
|
||||
schma := "https"
|
||||
|
||||
if v, ok := d.GetOk("assume_role"); ok {
|
||||
for _, v := range v.(*schema.Set).List() {
|
||||
assumeRole := v.(map[string]interface{})
|
||||
roleArn := assumeRole["role_arn"].(string)
|
||||
sessionName := assumeRole["session_name"].(string)
|
||||
policy := assumeRole["policy"].(string)
|
||||
sessionExpiration := assumeRole["session_expiration"].(int)
|
||||
subAccessKeyId, subAccessKeySecret, subSecurityToken, err := getAssumeRoleAK(accessKey, secretKey, region, roleArn, sessionName, policy, sessionExpiration)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
accessKey, secretKey, securityToken = subAccessKeyId, subAccessKeySecret, subSecurityToken
|
||||
}
|
||||
}
|
||||
|
||||
if endpoint == "" {
|
||||
endpointItem, _ := b.getOSSEndpointByRegion(accessKey, secretKey, securityToken, region)
|
||||
if endpointItem != nil && len(endpointItem.Endpoint) > 0 {
|
||||
|
@ -238,6 +294,25 @@ func (b *Backend) getOSSEndpointByRegion(access_key, secret_key, security_token,
|
|||
return endpointsResponse, nil
|
||||
}
|
||||
|
||||
func getAssumeRoleAK(accessKey, secretKey, region, roleArn, sessionName, policy string, sessionExpiration int) (string, string, string, error) {
|
||||
request := sts.CreateAssumeRoleRequest()
|
||||
request.RoleArn = roleArn
|
||||
request.RoleSessionName = sessionName
|
||||
request.DurationSeconds = requests.NewInteger(sessionExpiration)
|
||||
request.Policy = policy
|
||||
request.Scheme = "https"
|
||||
|
||||
client, err := sts.NewClientWithAccessKey(region, accessKey, secretKey)
|
||||
if err != nil {
|
||||
return "", "", "", err
|
||||
}
|
||||
response, err := client.AssumeRole(request)
|
||||
if err != nil {
|
||||
return "", "", "", err
|
||||
}
|
||||
return response.Credentials.AccessKeyId, response.Credentials.AccessKeySecret, response.Credentials.SecurityToken, nil
|
||||
}
|
||||
|
||||
func getSdkConfig() *sdk.Config {
|
||||
return sdk.NewConfig().
|
||||
WithMaxRetryTime(5).
|
||||
|
|
|
@ -112,7 +112,7 @@ func createOSSBucket(t *testing.T, ossClient *oss.Client, bucketName string) {
|
|||
}
|
||||
|
||||
func deleteOSSBucket(t *testing.T, ossClient *oss.Client, bucketName string) {
|
||||
warning := "WARNING: Failed to delete the test OSS bucket. It may have been left in your Alicloud account and may incur storage charges. (error was %s)"
|
||||
warning := "WARNING: Failed to delete the test OSS bucket. It may have been left in your Alibaba Cloud account and may incur storage charges. (error was %s)"
|
||||
|
||||
// first we have to get rid of the env objects, or we can't delete the bucket
|
||||
bucket, err := ossClient.Bucket(bucketName)
|
||||
|
|
108
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/assume_role.go
generated
vendored
Normal file
108
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/assume_role.go
generated
vendored
Normal file
|
@ -0,0 +1,108 @@
|
|||
package sts
|
||||
|
||||
//Licensed under the Apache License, Version 2.0 (the "License");
|
||||
//you may not use this file except in compliance with the License.
|
||||
//You may obtain a copy of the License at
|
||||
//
|
||||
//http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
//Unless required by applicable law or agreed to in writing, software
|
||||
//distributed under the License is distributed on an "AS IS" BASIS,
|
||||
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
//See the License for the specific language governing permissions and
|
||||
//limitations under the License.
|
||||
//
|
||||
// Code generated by Alibaba Cloud SDK Code Generator.
|
||||
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
|
||||
|
||||
import (
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
|
||||
)
|
||||
|
||||
// AssumeRole invokes the sts.AssumeRole API synchronously
|
||||
// api document: https://help.aliyun.com/api/sts/assumerole.html
|
||||
func (client *Client) AssumeRole(request *AssumeRoleRequest) (response *AssumeRoleResponse, err error) {
|
||||
response = CreateAssumeRoleResponse()
|
||||
err = client.DoAction(request, response)
|
||||
return
|
||||
}
|
||||
|
||||
// AssumeRoleWithChan invokes the sts.AssumeRole API asynchronously
|
||||
// api document: https://help.aliyun.com/api/sts/assumerole.html
|
||||
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
|
||||
func (client *Client) AssumeRoleWithChan(request *AssumeRoleRequest) (<-chan *AssumeRoleResponse, <-chan error) {
|
||||
responseChan := make(chan *AssumeRoleResponse, 1)
|
||||
errChan := make(chan error, 1)
|
||||
err := client.AddAsyncTask(func() {
|
||||
defer close(responseChan)
|
||||
defer close(errChan)
|
||||
response, err := client.AssumeRole(request)
|
||||
if err != nil {
|
||||
errChan <- err
|
||||
} else {
|
||||
responseChan <- response
|
||||
}
|
||||
})
|
||||
if err != nil {
|
||||
errChan <- err
|
||||
close(responseChan)
|
||||
close(errChan)
|
||||
}
|
||||
return responseChan, errChan
|
||||
}
|
||||
|
||||
// AssumeRoleWithCallback invokes the sts.AssumeRole API asynchronously
|
||||
// api document: https://help.aliyun.com/api/sts/assumerole.html
|
||||
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
|
||||
func (client *Client) AssumeRoleWithCallback(request *AssumeRoleRequest, callback func(response *AssumeRoleResponse, err error)) <-chan int {
|
||||
result := make(chan int, 1)
|
||||
err := client.AddAsyncTask(func() {
|
||||
var response *AssumeRoleResponse
|
||||
var err error
|
||||
defer close(result)
|
||||
response, err = client.AssumeRole(request)
|
||||
callback(response, err)
|
||||
result <- 1
|
||||
})
|
||||
if err != nil {
|
||||
defer close(result)
|
||||
callback(nil, err)
|
||||
result <- 0
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
// AssumeRoleRequest is the request struct for api AssumeRole
|
||||
type AssumeRoleRequest struct {
|
||||
*requests.RpcRequest
|
||||
RoleArn string `position:"Query" name:"RoleArn"`
|
||||
RoleSessionName string `position:"Query" name:"RoleSessionName"`
|
||||
DurationSeconds requests.Integer `position:"Query" name:"DurationSeconds"`
|
||||
Policy string `position:"Query" name:"Policy"`
|
||||
}
|
||||
|
||||
// AssumeRoleResponse is the response struct for api AssumeRole
|
||||
type AssumeRoleResponse struct {
|
||||
*responses.BaseResponse
|
||||
RequestId string `json:"RequestId" xml:"RequestId"`
|
||||
Credentials Credentials `json:"Credentials" xml:"Credentials"`
|
||||
AssumedRoleUser AssumedRoleUser `json:"AssumedRoleUser" xml:"AssumedRoleUser"`
|
||||
}
|
||||
|
||||
// CreateAssumeRoleRequest creates a request to invoke AssumeRole API
|
||||
func CreateAssumeRoleRequest() (request *AssumeRoleRequest) {
|
||||
request = &AssumeRoleRequest{
|
||||
RpcRequest: &requests.RpcRequest{},
|
||||
}
|
||||
request.InitWithApiInfo("Sts", "2015-04-01", "AssumeRole", "sts", "openAPI")
|
||||
return
|
||||
}
|
||||
|
||||
// CreateAssumeRoleResponse creates a response to parse from AssumeRole response
|
||||
func CreateAssumeRoleResponse() (response *AssumeRoleResponse) {
|
||||
response = &AssumeRoleResponse{
|
||||
BaseResponse: &responses.BaseResponse{},
|
||||
}
|
||||
return
|
||||
}
|
81
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/client.go
generated
vendored
Normal file
81
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/client.go
generated
vendored
Normal file
|
@ -0,0 +1,81 @@
|
|||
package sts
|
||||
|
||||
//Licensed under the Apache License, Version 2.0 (the "License");
|
||||
//you may not use this file except in compliance with the License.
|
||||
//You may obtain a copy of the License at
|
||||
//
|
||||
//http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
//Unless required by applicable law or agreed to in writing, software
|
||||
//distributed under the License is distributed on an "AS IS" BASIS,
|
||||
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
//See the License for the specific language governing permissions and
|
||||
//limitations under the License.
|
||||
//
|
||||
// Code generated by Alibaba Cloud SDK Code Generator.
|
||||
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
|
||||
|
||||
import (
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/sdk"
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth"
|
||||
)
|
||||
|
||||
// Client is the sdk client struct, each func corresponds to an OpenAPI
|
||||
type Client struct {
|
||||
sdk.Client
|
||||
}
|
||||
|
||||
// NewClient creates a sdk client with environment variables
|
||||
func NewClient() (client *Client, err error) {
|
||||
client = &Client{}
|
||||
err = client.Init()
|
||||
return
|
||||
}
|
||||
|
||||
// NewClientWithOptions creates a sdk client with regionId/sdkConfig/credential
|
||||
// this is the common api to create a sdk client
|
||||
func NewClientWithOptions(regionId string, config *sdk.Config, credential auth.Credential) (client *Client, err error) {
|
||||
client = &Client{}
|
||||
err = client.InitWithOptions(regionId, config, credential)
|
||||
return
|
||||
}
|
||||
|
||||
// NewClientWithAccessKey is a shortcut to create sdk client with accesskey
|
||||
// usage: https://help.aliyun.com/document_detail/66217.html
|
||||
func NewClientWithAccessKey(regionId, accessKeyId, accessKeySecret string) (client *Client, err error) {
|
||||
client = &Client{}
|
||||
err = client.InitWithAccessKey(regionId, accessKeyId, accessKeySecret)
|
||||
return
|
||||
}
|
||||
|
||||
// NewClientWithStsToken is a shortcut to create sdk client with sts token
|
||||
// usage: https://help.aliyun.com/document_detail/66222.html
|
||||
func NewClientWithStsToken(regionId, stsAccessKeyId, stsAccessKeySecret, stsToken string) (client *Client, err error) {
|
||||
client = &Client{}
|
||||
err = client.InitWithStsToken(regionId, stsAccessKeyId, stsAccessKeySecret, stsToken)
|
||||
return
|
||||
}
|
||||
|
||||
// NewClientWithRamRoleArn is a shortcut to create sdk client with ram roleArn
|
||||
// usage: https://help.aliyun.com/document_detail/66222.html
|
||||
func NewClientWithRamRoleArn(regionId string, accessKeyId, accessKeySecret, roleArn, roleSessionName string) (client *Client, err error) {
|
||||
client = &Client{}
|
||||
err = client.InitWithRamRoleArn(regionId, accessKeyId, accessKeySecret, roleArn, roleSessionName)
|
||||
return
|
||||
}
|
||||
|
||||
// NewClientWithEcsRamRole is a shortcut to create sdk client with ecs ram role
|
||||
// usage: https://help.aliyun.com/document_detail/66223.html
|
||||
func NewClientWithEcsRamRole(regionId string, roleName string) (client *Client, err error) {
|
||||
client = &Client{}
|
||||
err = client.InitWithEcsRamRole(regionId, roleName)
|
||||
return
|
||||
}
|
||||
|
||||
// NewClientWithRsaKeyPair is a shortcut to create sdk client with rsa key pair
|
||||
// attention: rsa key pair auth is only Japan regions available
|
||||
func NewClientWithRsaKeyPair(regionId string, publicKeyId, privateKey string, sessionExpiration int) (client *Client, err error) {
|
||||
client = &Client{}
|
||||
err = client.InitWithRsaKeyPair(regionId, publicKeyId, privateKey, sessionExpiration)
|
||||
return
|
||||
}
|
104
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/generate_session_access_key.go
generated
vendored
Normal file
104
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/generate_session_access_key.go
generated
vendored
Normal file
|
@ -0,0 +1,104 @@
|
|||
package sts
|
||||
|
||||
//Licensed under the Apache License, Version 2.0 (the "License");
|
||||
//you may not use this file except in compliance with the License.
|
||||
//You may obtain a copy of the License at
|
||||
//
|
||||
//http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
//Unless required by applicable law or agreed to in writing, software
|
||||
//distributed under the License is distributed on an "AS IS" BASIS,
|
||||
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
//See the License for the specific language governing permissions and
|
||||
//limitations under the License.
|
||||
//
|
||||
// Code generated by Alibaba Cloud SDK Code Generator.
|
||||
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
|
||||
|
||||
import (
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
|
||||
)
|
||||
|
||||
// GenerateSessionAccessKey invokes the sts.GenerateSessionAccessKey API synchronously
|
||||
// api document: https://help.aliyun.com/api/sts/generatesessionaccesskey.html
|
||||
func (client *Client) GenerateSessionAccessKey(request *GenerateSessionAccessKeyRequest) (response *GenerateSessionAccessKeyResponse, err error) {
|
||||
response = CreateGenerateSessionAccessKeyResponse()
|
||||
err = client.DoAction(request, response)
|
||||
return
|
||||
}
|
||||
|
||||
// GenerateSessionAccessKeyWithChan invokes the sts.GenerateSessionAccessKey API asynchronously
|
||||
// api document: https://help.aliyun.com/api/sts/generatesessionaccesskey.html
|
||||
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
|
||||
func (client *Client) GenerateSessionAccessKeyWithChan(request *GenerateSessionAccessKeyRequest) (<-chan *GenerateSessionAccessKeyResponse, <-chan error) {
|
||||
responseChan := make(chan *GenerateSessionAccessKeyResponse, 1)
|
||||
errChan := make(chan error, 1)
|
||||
err := client.AddAsyncTask(func() {
|
||||
defer close(responseChan)
|
||||
defer close(errChan)
|
||||
response, err := client.GenerateSessionAccessKey(request)
|
||||
if err != nil {
|
||||
errChan <- err
|
||||
} else {
|
||||
responseChan <- response
|
||||
}
|
||||
})
|
||||
if err != nil {
|
||||
errChan <- err
|
||||
close(responseChan)
|
||||
close(errChan)
|
||||
}
|
||||
return responseChan, errChan
|
||||
}
|
||||
|
||||
// GenerateSessionAccessKeyWithCallback invokes the sts.GenerateSessionAccessKey API asynchronously
|
||||
// api document: https://help.aliyun.com/api/sts/generatesessionaccesskey.html
|
||||
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
|
||||
func (client *Client) GenerateSessionAccessKeyWithCallback(request *GenerateSessionAccessKeyRequest, callback func(response *GenerateSessionAccessKeyResponse, err error)) <-chan int {
|
||||
result := make(chan int, 1)
|
||||
err := client.AddAsyncTask(func() {
|
||||
var response *GenerateSessionAccessKeyResponse
|
||||
var err error
|
||||
defer close(result)
|
||||
response, err = client.GenerateSessionAccessKey(request)
|
||||
callback(response, err)
|
||||
result <- 1
|
||||
})
|
||||
if err != nil {
|
||||
defer close(result)
|
||||
callback(nil, err)
|
||||
result <- 0
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
// GenerateSessionAccessKeyRequest is the request struct for api GenerateSessionAccessKey
|
||||
type GenerateSessionAccessKeyRequest struct {
|
||||
*requests.RpcRequest
|
||||
DurationSeconds requests.Integer `position:"Query" name:"DurationSeconds"`
|
||||
}
|
||||
|
||||
// GenerateSessionAccessKeyResponse is the response struct for api GenerateSessionAccessKey
|
||||
type GenerateSessionAccessKeyResponse struct {
|
||||
*responses.BaseResponse
|
||||
RequestId string `json:"RequestId" xml:"RequestId"`
|
||||
SessionAccessKey SessionAccessKey `json:"SessionAccessKey" xml:"SessionAccessKey"`
|
||||
}
|
||||
|
||||
// CreateGenerateSessionAccessKeyRequest creates a request to invoke GenerateSessionAccessKey API
|
||||
func CreateGenerateSessionAccessKeyRequest() (request *GenerateSessionAccessKeyRequest) {
|
||||
request = &GenerateSessionAccessKeyRequest{
|
||||
RpcRequest: &requests.RpcRequest{},
|
||||
}
|
||||
request.InitWithApiInfo("Sts", "2015-04-01", "GenerateSessionAccessKey", "sts", "openAPI")
|
||||
return
|
||||
}
|
||||
|
||||
// CreateGenerateSessionAccessKeyResponse creates a response to parse from GenerateSessionAccessKey response
|
||||
func CreateGenerateSessionAccessKeyResponse() (response *GenerateSessionAccessKeyResponse) {
|
||||
response = &GenerateSessionAccessKeyResponse{
|
||||
BaseResponse: &responses.BaseResponse{},
|
||||
}
|
||||
return
|
||||
}
|
108
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/get_caller_identity.go
generated
vendored
Normal file
108
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/get_caller_identity.go
generated
vendored
Normal file
|
@ -0,0 +1,108 @@
|
|||
package sts
|
||||
|
||||
//Licensed under the Apache License, Version 2.0 (the "License");
|
||||
//you may not use this file except in compliance with the License.
|
||||
//You may obtain a copy of the License at
|
||||
//
|
||||
//http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
//Unless required by applicable law or agreed to in writing, software
|
||||
//distributed under the License is distributed on an "AS IS" BASIS,
|
||||
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
//See the License for the specific language governing permissions and
|
||||
//limitations under the License.
|
||||
//
|
||||
// Code generated by Alibaba Cloud SDK Code Generator.
|
||||
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
|
||||
|
||||
import (
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
|
||||
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
|
||||
)
|
||||
|
||||
// GetCallerIdentity invokes the sts.GetCallerIdentity API synchronously
|
||||
// api document: https://help.aliyun.com/api/sts/getcalleridentity.html
|
||||
func (client *Client) GetCallerIdentity(request *GetCallerIdentityRequest) (response *GetCallerIdentityResponse, err error) {
|
||||
response = CreateGetCallerIdentityResponse()
|
||||
err = client.DoAction(request, response)
|
||||
return
|
||||
}
|
||||
|
||||
// GetCallerIdentityWithChan invokes the sts.GetCallerIdentity API asynchronously
|
||||
// api document: https://help.aliyun.com/api/sts/getcalleridentity.html
|
||||
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
|
||||
func (client *Client) GetCallerIdentityWithChan(request *GetCallerIdentityRequest) (<-chan *GetCallerIdentityResponse, <-chan error) {
|
||||
responseChan := make(chan *GetCallerIdentityResponse, 1)
|
||||
errChan := make(chan error, 1)
|
||||
err := client.AddAsyncTask(func() {
|
||||
defer close(responseChan)
|
||||
defer close(errChan)
|
||||
response, err := client.GetCallerIdentity(request)
|
||||
if err != nil {
|
||||
errChan <- err
|
||||
} else {
|
||||
responseChan <- response
|
||||
}
|
||||
})
|
||||
if err != nil {
|
||||
errChan <- err
|
||||
close(responseChan)
|
||||
close(errChan)
|
||||
}
|
||||
return responseChan, errChan
|
||||
}
|
||||
|
||||
// GetCallerIdentityWithCallback invokes the sts.GetCallerIdentity API asynchronously
|
||||
// api document: https://help.aliyun.com/api/sts/getcalleridentity.html
|
||||
// asynchronous document: https://help.aliyun.com/document_detail/66220.html
|
||||
func (client *Client) GetCallerIdentityWithCallback(request *GetCallerIdentityRequest, callback func(response *GetCallerIdentityResponse, err error)) <-chan int {
|
||||
result := make(chan int, 1)
|
||||
err := client.AddAsyncTask(func() {
|
||||
var response *GetCallerIdentityResponse
|
||||
var err error
|
||||
defer close(result)
|
||||
response, err = client.GetCallerIdentity(request)
|
||||
callback(response, err)
|
||||
result <- 1
|
||||
})
|
||||
if err != nil {
|
||||
defer close(result)
|
||||
callback(nil, err)
|
||||
result <- 0
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
// GetCallerIdentityRequest is the request struct for api GetCallerIdentity
|
||||
type GetCallerIdentityRequest struct {
|
||||
*requests.RpcRequest
|
||||
}
|
||||
|
||||
// GetCallerIdentityResponse is the response struct for api GetCallerIdentity
|
||||
type GetCallerIdentityResponse struct {
|
||||
*responses.BaseResponse
|
||||
AccountId string `json:"AccountId" xml:"AccountId"`
|
||||
UserId string `json:"UserId" xml:"UserId"`
|
||||
RoleId string `json:"RoleId" xml:"RoleId"`
|
||||
Arn string `json:"Arn" xml:"Arn"`
|
||||
IdentityType string `json:"IdentityType" xml:"IdentityType"`
|
||||
PrincipalId string `json:"PrincipalId" xml:"PrincipalId"`
|
||||
RequestId string `json:"RequestId" xml:"RequestId"`
|
||||
}
|
||||
|
||||
// CreateGetCallerIdentityRequest creates a request to invoke GetCallerIdentity API
|
||||
func CreateGetCallerIdentityRequest() (request *GetCallerIdentityRequest) {
|
||||
request = &GetCallerIdentityRequest{
|
||||
RpcRequest: &requests.RpcRequest{},
|
||||
}
|
||||
request.InitWithApiInfo("Sts", "2015-04-01", "GetCallerIdentity", "sts", "openAPI")
|
||||
return
|
||||
}
|
||||
|
||||
// CreateGetCallerIdentityResponse creates a response to parse from GetCallerIdentity response
|
||||
func CreateGetCallerIdentityResponse() (response *GetCallerIdentityResponse) {
|
||||
response = &GetCallerIdentityResponse{
|
||||
BaseResponse: &responses.BaseResponse{},
|
||||
}
|
||||
return
|
||||
}
|
22
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/struct_assumed_role_user.go
generated
vendored
Normal file
22
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/struct_assumed_role_user.go
generated
vendored
Normal file
|
@ -0,0 +1,22 @@
|
|||
package sts
|
||||
|
||||
//Licensed under the Apache License, Version 2.0 (the "License");
|
||||
//you may not use this file except in compliance with the License.
|
||||
//You may obtain a copy of the License at
|
||||
//
|
||||
//http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
//Unless required by applicable law or agreed to in writing, software
|
||||
//distributed under the License is distributed on an "AS IS" BASIS,
|
||||
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
//See the License for the specific language governing permissions and
|
||||
//limitations under the License.
|
||||
//
|
||||
// Code generated by Alibaba Cloud SDK Code Generator.
|
||||
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
|
||||
|
||||
// AssumedRoleUser is a nested struct in sts response
|
||||
type AssumedRoleUser struct {
|
||||
Arn string `json:"Arn" xml:"Arn"`
|
||||
AssumedRoleId string `json:"AssumedRoleId" xml:"AssumedRoleId"`
|
||||
}
|
24
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/struct_credentials.go
generated
vendored
Normal file
24
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/struct_credentials.go
generated
vendored
Normal file
|
@ -0,0 +1,24 @@
|
|||
package sts
|
||||
|
||||
//Licensed under the Apache License, Version 2.0 (the "License");
|
||||
//you may not use this file except in compliance with the License.
|
||||
//You may obtain a copy of the License at
|
||||
//
|
||||
//http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
//Unless required by applicable law or agreed to in writing, software
|
||||
//distributed under the License is distributed on an "AS IS" BASIS,
|
||||
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
//See the License for the specific language governing permissions and
|
||||
//limitations under the License.
|
||||
//
|
||||
// Code generated by Alibaba Cloud SDK Code Generator.
|
||||
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
|
||||
|
||||
// Credentials is a nested struct in sts response
|
||||
type Credentials struct {
|
||||
SecurityToken string `json:"SecurityToken" xml:"SecurityToken"`
|
||||
AccessKeySecret string `json:"AccessKeySecret" xml:"AccessKeySecret"`
|
||||
AccessKeyId string `json:"AccessKeyId" xml:"AccessKeyId"`
|
||||
Expiration string `json:"Expiration" xml:"Expiration"`
|
||||
}
|
23
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/struct_session_access_key.go
generated
vendored
Normal file
23
vendor/github.com/aliyun/alibaba-cloud-sdk-go/services/sts/struct_session_access_key.go
generated
vendored
Normal file
|
@ -0,0 +1,23 @@
|
|||
package sts
|
||||
|
||||
//Licensed under the Apache License, Version 2.0 (the "License");
|
||||
//you may not use this file except in compliance with the License.
|
||||
//You may obtain a copy of the License at
|
||||
//
|
||||
//http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
//Unless required by applicable law or agreed to in writing, software
|
||||
//distributed under the License is distributed on an "AS IS" BASIS,
|
||||
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
//See the License for the specific language governing permissions and
|
||||
//limitations under the License.
|
||||
//
|
||||
// Code generated by Alibaba Cloud SDK Code Generator.
|
||||
// Changes may cause incorrect behavior and will be lost if the code is regenerated.
|
||||
|
||||
// SessionAccessKey is a nested struct in sts response
|
||||
type SessionAccessKey struct {
|
||||
SessionAccessKeyId string `json:"SessionAccessKeyId" xml:"SessionAccessKeyId"`
|
||||
SessionAccessKeySecret string `json:"SessionAccessKeySecret" xml:"SessionAccessKeySecret"`
|
||||
Expiration string `json:"Expiration" xml:"Expiration"`
|
||||
}
|
|
@ -50,12 +50,13 @@ github.com/agl/ed25519/edwards25519
|
|||
# github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190329064014-6e358769c32a
|
||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk
|
||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials
|
||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests
|
||||
github.com/aliyun/alibaba-cloud-sdk-go/services/location
|
||||
github.com/aliyun/alibaba-cloud-sdk-go/services/sts
|
||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth
|
||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/provider
|
||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/endpoints
|
||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/errors
|
||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests
|
||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses
|
||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/utils
|
||||
github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/signers
|
||||
|
|
|
@ -75,8 +75,8 @@ data "terraform_remote_state" "network" {
|
|||
|
||||
The following configuration options or environment variables are supported:
|
||||
|
||||
* `access_key` - (Optional) Alicloud access key. It supports environment variables `ALICLOUD_ACCESS_KEY` and `ALICLOUD_ACCESS_KEY_ID`.
|
||||
* `secret_key` - (Optional) Alicloud secret access key. It supports environment variables `ALICLOUD_SECRET_KEY` and `ALICLOUD_ACCESS_KEY_SECRET`.
|
||||
* `access_key` - (Optional) Alibaba Cloud access key. It supports environment variables `ALICLOUD_ACCESS_KEY` and `ALICLOUD_ACCESS_KEY_ID`.
|
||||
* `secret_key` - (Optional) Alibaba Cloud secret access key. It supports environment variables `ALICLOUD_SECRET_KEY` and `ALICLOUD_ACCESS_KEY_SECRET`.
|
||||
* `security_token` - (Optional) STS access token. It supports environment variable `ALICLOUD_SECURITY_TOKEN`.
|
||||
* `region` - (Optional) The region of the OSS bucket. It supports environment variables `ALICLOUD_REGION` and `ALICLOUD_DEFAULT_REGION`.
|
||||
* `endpoint` - (Optional) A custom endpoint for the OSS API. It supports environment variables `ALICLOUD_OSS_ENDPOINT` and `OSS_ENDPOINT`.
|
||||
|
@ -90,6 +90,18 @@ The following configuration options or environment variables are supported:
|
|||
* `acl` - (Optional) [Object
|
||||
ACL](https://www.alibabacloud.com/help/doc-detail/52284.htm)
|
||||
to be applied to the state file.
|
||||
* `assume_role` - (Optional) If provided with a role ARN, will attempt to assume this role using the supplied credentials.
|
||||
|
||||
The nested `assume_role` block supports the following:
|
||||
* `role_arn` - (Required) The ARN of the role to assume. If ARN is set to an empty string, it does not perform role switching. It supports environment variable `ALICLOUD_ASSUME_ROLE_ARN`.
|
||||
Terraform executes configuration on account with provided credentials.
|
||||
|
||||
* `policy` - (Optional) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary
|
||||
security credentials. You cannot use this policy to grant permissions which exceed those of the role that is being assumed.
|
||||
|
||||
* `session_name` - (Optional) The session name to use when assuming the role. If omitted, 'terraform' is passed to the AssumeRole call as session name. It supports environment variable `ALICLOUD_ASSUME_ROLE_SESSION_NAME`.
|
||||
|
||||
* `session_expiration` - (Optional) The time after which the established session for assuming role expires. Valid value range: [900-3600] seconds. Default to 3600 (in this case Alibaba Cloud use own default value). It supports environment variable `ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION`.
|
||||
|
||||
-> **Note:** If you want to store state in the custom OSS endpoint, you can specify a environment variable `OSS_ENDPOINT`, like "oss-cn-beijing-internal.aliyuncs.com"
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ down to see all providers.
|
|||
|
||||
- [ACME](/docs/providers/acme/index.html)
|
||||
- [Akamai](/docs/providers/akamai/index.html)
|
||||
- [Alicloud](/docs/providers/alicloud/index.html)
|
||||
- [Alibaba Cloud](/docs/providers/alicloud/index.html)
|
||||
- [Archive](/docs/providers/archive/index.html)
|
||||
- [Arukas](/docs/providers/arukas/index.html)
|
||||
- [Avi Vantage](/docs/providers/avi/index.html)
|
||||
|
|
Loading…
Reference in New Issue