Skip to content

Commit

Permalink
feat(services/oss): support role_arn and oidc_provider_arn (#5063)
Browse files Browse the repository at this point in the history
Signed-off-by: tison <[email protected]>
  • Loading branch information
tisonkun authored Aug 27, 2024
1 parent 89074f0 commit ed79a63
Show file tree
Hide file tree
Showing 3 changed files with 105 additions and 5 deletions.
19 changes: 15 additions & 4 deletions bin/ofs/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

69 changes: 69 additions & 0 deletions core/src/services/oss/backend.rs
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,54 @@ impl OssBuilder {
self.config.allow_anonymous = true;
self
}

/// Set role_arn for this backend.
///
/// If `role_arn` is set, we will use already known config as source
/// credential to assume role with `role_arn`.
pub fn role_arn(mut self, role_arn: &str) -> Self {
if !role_arn.is_empty() {
self.config.role_arn = Some(role_arn.to_string())
}

self
}

/// Set role_session_name for this backend.
pub fn role_session_name(mut self, role_session_name: &str) -> Self {
if !role_session_name.is_empty() {
self.config.role_session_name = Some(role_session_name.to_string())
}

self
}

/// Set oidc_provider_arn for this backend.
pub fn oidc_provider_arn(mut self, oidc_provider_arn: &str) -> Self {
if !oidc_provider_arn.is_empty() {
self.config.oidc_provider_arn = Some(oidc_provider_arn.to_string())
}

self
}

/// Set oidc_token_file for this backend.
pub fn oidc_token_file(mut self, oidc_token_file: &str) -> Self {
if !oidc_token_file.is_empty() {
self.config.oidc_token_file = Some(oidc_token_file.to_string())
}

self
}

/// Set sts_endpoint for this backend.
pub fn sts_endpoint(mut self, sts_endpoint: &str) -> Self {
if !sts_endpoint.is_empty() {
self.config.sts_endpoint = Some(sts_endpoint.to_string())
}

self
}
}

impl Builder for OssBuilder {
Expand Down Expand Up @@ -303,6 +351,27 @@ impl Builder for OssBuilder {
cfg.access_key_secret = Some(v);
}

if let Some(v) = self.config.role_arn {
cfg.role_arn = Some(v);
}

// override default role_session_name if set
if let Some(v) = self.config.role_session_name {
cfg.role_session_name = v;
}

if let Some(v) = self.config.oidc_provider_arn {
cfg.oidc_provider_arn = Some(v);
}

if let Some(v) = self.config.oidc_token_file {
cfg.oidc_token_file = Some(v);
}

if let Some(v) = self.config.sts_endpoint {
cfg.sts_endpoint = Some(v);
}

let client = if let Some(client) = self.http_client {
client
} else {
Expand Down
22 changes: 21 additions & 1 deletion core/src/services/oss/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,28 @@ pub struct OssConfig {
pub access_key_id: Option<String>,
/// Access key secret for oss.
pub access_key_secret: Option<String>,
/// batch_max_operations
/// The size of max batch operations.
pub batch_max_operations: Option<usize>,
/// If `role_arn` is set, we will use already known config as source
/// credential to assume role with `role_arn`.
pub role_arn: Option<String>,
/// role_session_name for this backend.
pub role_session_name: Option<String>,
/// `oidc_provider_arn` will be loaded from
///
/// - this field if it's `is_some`
/// - env value: [`ALIBABA_CLOUD_OIDC_PROVIDER_ARN`]
pub oidc_provider_arn: Option<String>,
/// `oidc_token_file` will be loaded from
///
/// - this field if it's `is_some`
/// - env value: [`ALIBABA_CLOUD_OIDC_TOKEN_FILE`]
pub oidc_token_file: Option<String>,
/// `sts_endpoint` will be loaded from
///
/// - this field if it's `is_some`
/// - env value: [`ALIBABA_CLOUD_STS_ENDPOINT`]
pub sts_endpoint: Option<String>,
}

impl Debug for OssConfig {
Expand Down

0 comments on commit ed79a63

Please sign in to comment.