From a85a1c1a8318d3d60c6c44cdc9684f4ca02078e6 Mon Sep 17 00:00:00 2001 From: congyi <15605187270@163.com> Date: Fri, 28 Jun 2024 11:16:13 +0800 Subject: [PATCH 1/6] support define sts endpoint for oss --- src/aliyun/config.rs | 9 +++++++++ src/aliyun/constants.rs | 1 + src/aliyun/credential.rs | 5 ++++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/aliyun/config.rs b/src/aliyun/config.rs index 6432e75e..db596b4d 100644 --- a/src/aliyun/config.rs +++ b/src/aliyun/config.rs @@ -40,6 +40,11 @@ pub struct Config { /// - this field if it's `is_some` /// - env value: [`ALIBABA_CLOUD_OIDC_TOKEN_FILE`] pub oidc_token_file: Option, + /// `sts_endpoint` will be loaded from + /// + /// - this field if it's `is_some` + /// - env value: [`ALIBABA_CLOUD_STS_ENDPOINT`] + pub sts_endpoint: Option, } impl Default for Config { @@ -52,6 +57,7 @@ impl Default for Config { role_session_name: "resign".to_string(), oidc_provider_arn: None, oidc_token_file: None, + sts_endpoint: None, } } } @@ -79,6 +85,9 @@ impl Config { if let Some(v) = envs.get(ALIBABA_CLOUD_OIDC_TOKEN_FILE) { self.oidc_token_file.get_or_insert(v.clone()); } + if let Some(v) = envs.get(ALIBABA_CLOUD_STS_ENDPOINT) { + self.sts_endpoint.get_or_insert(v.clone()); + } self } diff --git a/src/aliyun/constants.rs b/src/aliyun/constants.rs index 31c59aa7..90de2f75 100644 --- a/src/aliyun/constants.rs +++ b/src/aliyun/constants.rs @@ -5,3 +5,4 @@ pub const ALIBABA_CLOUD_SECURITY_TOKEN: &str = "ALIBABA_CLOUD_SECURITY_TOKEN"; pub const ALIBABA_CLOUD_ROLE_ARN: &str = "ALIBABA_CLOUD_ROLE_ARN"; pub const ALIBABA_CLOUD_OIDC_PROVIDER_ARN: &str = "ALIBABA_CLOUD_OIDC_PROVIDER_ARN"; pub const ALIBABA_CLOUD_OIDC_TOKEN_FILE: &str = "ALIBABA_CLOUD_OIDC_TOKEN_FILE"; +pub const ALIBABA_CLOUD_STS_ENDPOINT: &str = "ALIBABA_CLOUD_STS_ENDPOINT"; diff --git a/src/aliyun/credential.rs b/src/aliyun/credential.rs index 3efebbac..cbb630cc 100644 --- a/src/aliyun/credential.rs +++ b/src/aliyun/credential.rs @@ -138,8 +138,11 @@ impl Loader { let role_session_name = &self.config.role_session_name; // Construct request to Aliyun STS Service. - let url = format!("https://sts.aliyuncs.com/?Action=AssumeRoleWithOIDC&OIDCProviderArn={}&RoleArn={}&RoleSessionName={}&Format=JSON&Version=2015-04-01&Timestamp={}&OIDCToken={}", provider_arn, role_arn, role_session_name, format_rfc3339(now()), token); + let url = match self.config.sts_endpoint{ + Some(definde_sts_endpoint) => format!("https://{}/?Action=AssumeRoleWithOIDC&OIDCProviderArn={}&RoleArn={}&RoleSessionName={}&Format=JSON&Version=2015-04-01&Timestamp={}&OIDCToken={}", definde_sts_endpoint,provider_arn, role_arn, role_session_name, format_rfc3339(now()), token), + None => format!("https://sts.aliyuncs.com/?Action=AssumeRoleWithOIDC&OIDCProviderArn={}&RoleArn={}&RoleSessionName={}&Format=JSON&Version=2015-04-01&Timestamp={}&OIDCToken={}", provider_arn, role_arn, role_session_name, format_rfc3339(now()), token), + }; let req = self.client.get(&url).header( http::header::CONTENT_TYPE.as_str(), "application/x-www-form-urlencoded", From 19bdea2e019a5bc5d80439148064093de34b501a Mon Sep 17 00:00:00 2001 From: congyi <15605187270@163.com> Date: Fri, 28 Jun 2024 11:19:23 +0800 Subject: [PATCH 2/6] minor --- src/aliyun/credential.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aliyun/credential.rs b/src/aliyun/credential.rs index cbb630cc..c2291e4e 100644 --- a/src/aliyun/credential.rs +++ b/src/aliyun/credential.rs @@ -139,7 +139,7 @@ impl Loader { // Construct request to Aliyun STS Service. - let url = match self.config.sts_endpoint{ + let url = match &self.config.sts_endpoint{ Some(definde_sts_endpoint) => format!("https://{}/?Action=AssumeRoleWithOIDC&OIDCProviderArn={}&RoleArn={}&RoleSessionName={}&Format=JSON&Version=2015-04-01&Timestamp={}&OIDCToken={}", definde_sts_endpoint,provider_arn, role_arn, role_session_name, format_rfc3339(now()), token), None => format!("https://sts.aliyuncs.com/?Action=AssumeRoleWithOIDC&OIDCProviderArn={}&RoleArn={}&RoleSessionName={}&Format=JSON&Version=2015-04-01&Timestamp={}&OIDCToken={}", provider_arn, role_arn, role_session_name, format_rfc3339(now()), token), }; From 429bf0ad2125efce682a8f9c2b8cbdb0bc1edf7f Mon Sep 17 00:00:00 2001 From: congyi <15605187270@163.com> Date: Fri, 28 Jun 2024 11:25:26 +0800 Subject: [PATCH 3/6] minor --- src/aliyun/credential.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aliyun/credential.rs b/src/aliyun/credential.rs index c2291e4e..baf55c49 100644 --- a/src/aliyun/credential.rs +++ b/src/aliyun/credential.rs @@ -140,7 +140,7 @@ impl Loader { // Construct request to Aliyun STS Service. let url = match &self.config.sts_endpoint{ - Some(definde_sts_endpoint) => format!("https://{}/?Action=AssumeRoleWithOIDC&OIDCProviderArn={}&RoleArn={}&RoleSessionName={}&Format=JSON&Version=2015-04-01&Timestamp={}&OIDCToken={}", definde_sts_endpoint,provider_arn, role_arn, role_session_name, format_rfc3339(now()), token), + Some(definde_sts_endpoint) => format!("{}/?Action=AssumeRoleWithOIDC&OIDCProviderArn={}&RoleArn={}&RoleSessionName={}&Format=JSON&Version=2015-04-01&Timestamp={}&OIDCToken={}", definde_sts_endpoint,provider_arn, role_arn, role_session_name, format_rfc3339(now()), token), None => format!("https://sts.aliyuncs.com/?Action=AssumeRoleWithOIDC&OIDCProviderArn={}&RoleArn={}&RoleSessionName={}&Format=JSON&Version=2015-04-01&Timestamp={}&OIDCToken={}", provider_arn, role_arn, role_session_name, format_rfc3339(now()), token), }; let req = self.client.get(&url).header( From 07306bb9cd0060f91033fd7f1cf86924e872b03d Mon Sep 17 00:00:00 2001 From: congyi <15605187270@163.com> Date: Fri, 28 Jun 2024 11:34:38 +0800 Subject: [PATCH 4/6] minor --- src/aliyun/credential.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aliyun/credential.rs b/src/aliyun/credential.rs index baf55c49..8f8c1cf6 100644 --- a/src/aliyun/credential.rs +++ b/src/aliyun/credential.rs @@ -140,7 +140,7 @@ impl Loader { // Construct request to Aliyun STS Service. let url = match &self.config.sts_endpoint{ - Some(definde_sts_endpoint) => format!("{}/?Action=AssumeRoleWithOIDC&OIDCProviderArn={}&RoleArn={}&RoleSessionName={}&Format=JSON&Version=2015-04-01&Timestamp={}&OIDCToken={}", definde_sts_endpoint,provider_arn, role_arn, role_session_name, format_rfc3339(now()), token), + Some(definde_sts_endpoint) => format!("https://{}/?Action=AssumeRoleWithOIDC&OIDCProviderArn={}&RoleArn={}&RoleSessionName={}&Format=JSON&Version=2015-04-01&Timestamp={}&OIDCToken={}", definde_sts_endpoint, provider_arn, role_arn, role_session_name, format_rfc3339(now()), token), None => format!("https://sts.aliyuncs.com/?Action=AssumeRoleWithOIDC&OIDCProviderArn={}&RoleArn={}&RoleSessionName={}&Format=JSON&Version=2015-04-01&Timestamp={}&OIDCToken={}", provider_arn, role_arn, role_session_name, format_rfc3339(now()), token), }; let req = self.client.get(&url).header( From 8c0366bb8aa997d3fc7a17e1ac8952c4e4c9d428 Mon Sep 17 00:00:00 2001 From: congyi <15605187270@163.com> Date: Fri, 28 Jun 2024 14:29:31 +0800 Subject: [PATCH 5/6] resolve comment --- src/aliyun/credential.rs | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/aliyun/credential.rs b/src/aliyun/credential.rs index 8f8c1cf6..0c570f5c 100644 --- a/src/aliyun/credential.rs +++ b/src/aliyun/credential.rs @@ -138,11 +138,8 @@ impl Loader { let role_session_name = &self.config.role_session_name; // Construct request to Aliyun STS Service. + let url = format!("{}/?Action=AssumeRoleWithOIDC&OIDCProviderArn={}&RoleArn={}&RoleSessionName={}&Format=JSON&Version=2015-04-01&Timestamp={}&OIDCToken={}", self.get_sts_endpoint(), provider_arn, role_arn, role_session_name, format_rfc3339(now()), token); - let url = match &self.config.sts_endpoint{ - Some(definde_sts_endpoint) => format!("https://{}/?Action=AssumeRoleWithOIDC&OIDCProviderArn={}&RoleArn={}&RoleSessionName={}&Format=JSON&Version=2015-04-01&Timestamp={}&OIDCToken={}", definde_sts_endpoint, provider_arn, role_arn, role_session_name, format_rfc3339(now()), token), - None => format!("https://sts.aliyuncs.com/?Action=AssumeRoleWithOIDC&OIDCProviderArn={}&RoleArn={}&RoleSessionName={}&Format=JSON&Version=2015-04-01&Timestamp={}&OIDCToken={}", provider_arn, role_arn, role_session_name, format_rfc3339(now()), token), - }; let req = self.client.get(&url).header( http::header::CONTENT_TYPE.as_str(), "application/x-www-form-urlencoded", @@ -166,6 +163,13 @@ impl Loader { Ok(Some(cred)) } + + fn get_sts_endpoint(&self) -> String { + match &self.config.sts_endpoint { + Some(definde_sts_endpoint) => format!("https://{}", definde_sts_endpoint), + None => "https://sts.aliyuncs.com".to_string(), + } + } } #[derive(Default, Debug, Deserialize)] From 3a5d6d512c4b31ba9ab1954f7112bfa5bedb8cca Mon Sep 17 00:00:00 2001 From: congyi <15605187270@163.com> Date: Fri, 28 Jun 2024 15:38:00 +0800 Subject: [PATCH 6/6] typo --- src/aliyun/credential.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aliyun/credential.rs b/src/aliyun/credential.rs index 0c570f5c..2edf02b7 100644 --- a/src/aliyun/credential.rs +++ b/src/aliyun/credential.rs @@ -166,7 +166,7 @@ impl Loader { fn get_sts_endpoint(&self) -> String { match &self.config.sts_endpoint { - Some(definde_sts_endpoint) => format!("https://{}", definde_sts_endpoint), + Some(defined_sts_endpoint) => format!("https://{}", defined_sts_endpoint), None => "https://sts.aliyuncs.com".to_string(), } }