记录一下生成sts临时令牌的过程:
package main
import (
"fmt"
"github.com/aliyun/alibaba-cloud-sdk-go/services/sts"
)
// regionID 是 cn-beijing / cn-shenzhen 这类型的,目前具体支持哪几种还没找到,根据自己的oss区域可以尝试一下
const regionID = "cn-beijing"
// RAM创建在右上角用户->访问控制中->用户->生成appID及appSecret->授权 AliyunSTSAssumeRoleAccess
// 一定是RAM的appID及appSecret,而不是主账号的,两个账号的还是挺像的,要注意,一定是要确认是RAM用户的
const ramAppID = "xxx"
const ramAppSecret = "xxx"
// 创建角色->默认配置->复制arn
const apn = "xxx"
// 权限管理->权限策略管理->创建权限->权限内容(内容如下)->回到角色,把创建好的权限授权给角色
/*
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:PutObject"
],
"Resource": [
"acs:oss:*:*:bucketname/",
"acs:oss:*:*:bucketname/*"
]
}
]
}
*/
// 随便填一个名字
const sessionName = "oss-session"
// ststoken
func main() {
client, err := sts.NewClientWithAccessKey(regionID, ramAppID, ramAppSecret)
request := sts.CreateAssumeRoleRequest()
request.Scheme = "https"
request.RoleArn = apn
request.RoleSessionName = sessionName
response, err := client.AssumeRole(request)
if err != nil {
fmt.Print(err.Error())
}
fmt.Printf("response is %#v\n", response)
}
结果如下:
&sts.AssumeRoleResponse
{
BaseResponse:(*responses.BaseResponse)(0xc000068700),
RequestId:"xxx",
AssumedRoleUser:sts.AssumedRoleUser {
AssumedRoleId:"xxx",
Arn:"acs:ram::xxx"
},
Credentials:sts.Credentials {
AccessKeySecret:"xxx",
Expiration:"2021-08-22T03:57:13Z",
AccessKeyId:"xxx",
SecurityToken:"xxx"
}
}
后续就能够对接相应的其他接口了。