Documentation
¶
Index ¶
Constants ¶
View Source
const (
//STSEndpoint is default sts server address
STSEndpoint = "https://sts.aliyuncs.com"
)
Variables ¶
View Source
var ARNRegexp = regexp.MustCompile(`^acs:ram::\d+:role\/?(\w+|-|\/|\.)*$`)
ARNRegexp is the regex to check that the base ARN is valid, see https://help.aliyun.com/document_detail/28628.html.
Functions ¶
func GetBaseArn ¶
GetBaseArn get the base ARN from metadata service.
func GetInstanceRAMRole ¶
GetInstanceRAMRole get instance RAM role from metadata service.
func IsValidBaseARN ¶
IsValidBaseARN validates that the base ARN is valid.
Types ¶
type AlibabaCloudConfig ¶
type AlibabaCloudConfig struct {
RegionID string `json:"regionId" yaml:"regionId"`
AccessKeyID string `json:"accessKeyId" yaml:"accessKeyId"`
AccessKeySecret string `json:"accessKeySecret" yaml:"accessKeySecret"`
VPCID string `json:"vpcId" yaml:"vpcId"`
RoleName string `json:"-" yaml:"-"` // For ECS RAM role only
StsToken string `json:"-" yaml:"-"`
ExpireTime time.Time `json:"-" yaml:"-"`
}
AlibabaCloudConfig define metadata struct return from metadata API
func GetCloudConfigFromMetaServer ¶
func GetCloudConfigFromMetaServer() (*AlibabaCloudConfig, error)
GetCloudConfigFromMetaServer return the credentials and instance config from ECS metadata server
type Client ¶
type Client struct {
BaseARN string
Endpoint string
Region string
AccessKey string
AccessSecret string
STSAccessKey string
STSAccessSecret string
STSToken string
BaseRoleName string
}
Client represents an RAM client.
func NewClient ¶
func NewClient(acssessKey, accessSecret, baseARN string, config *AlibabaCloudConfig) *Client
NewClient returns a new STS client.
func (*Client) AssumeRole ¶
func (ram *Client) AssumeRole(roleARN, remoteIP string, sessionTTL time.Duration) (*Credentials, error)
AssumeRole returns an RAM role Credentials using Alibaba Cloud STS.
Source Files
Click to show internal directories.
Click to hide internal directories.