apache · Xuanwo · Aug 27, 2024 · Aug 27, 2024
@@ -241,6 +241,54 @@ impl OssBuilder {
         self.config.allow_anonymous = true;
         self
     }
+
+    /// Set role_arn for this backend.
+    ///
+    /// If `role_arn` is set, we will use already known config as source
+    /// credential to assume role with `role_arn`.
+    pub fn role_arn(mut self, role_arn: &str) -> Self {
+        if !role_arn.is_empty() {
+            self.config.role_arn = Some(role_arn.to_string())
+        }
+
+        self
+    }
+
+    /// Set role_session_name for this backend.
+    pub fn role_session_name(mut self, role_session_name: &str) -> Self {
+        if !role_session_name.is_empty() {
+            self.config.role_session_name = Some(role_session_name.to_string())
+        }
+
+        self
+    }
+
+    /// Set oidc_provider_arn for this backend.
+    pub fn oidc_provider_arn(mut self, oidc_provider_arn: &str) -> Self {
+        if !oidc_provider_arn.is_empty() {
+            self.config.oidc_provider_arn = Some(oidc_provider_arn.to_string())
+        }
+
+        self
+    }
+
+    /// Set oidc_token_file for this backend.
+    pub fn oidc_token_file(mut self, oidc_token_file: &str) -> Self {
+        if !oidc_token_file.is_empty() {
+            self.config.oidc_token_file = Some(oidc_token_file.to_string())
+        }
+
+        self
+    }
+
+    /// Set sts_endpoint for this backend.
+    pub fn sts_endpoint(mut self, sts_endpoint: &str) -> Self {
+        if !sts_endpoint.is_empty() {
+            self.config.sts_endpoint = Some(sts_endpoint.to_string())
+        }
+
+        self
+    }
 }
 
 impl Builder for OssBuilder {
@@ -303,6 +351,27 @@ impl Builder for OssBuilder {
             cfg.access_key_secret = Some(v);
         }
 
+        if let Some(v) = self.config.role_arn {
+            cfg.role_arn = Some(v);
+        }
+
+        // override default role_session_name if set
+        if let Some(v) = self.config.role_session_name {
+            cfg.role_session_name = v;
+        }
+
+        if let Some(v) = self.config.oidc_provider_arn {
+            cfg.oidc_provider_arn = Some(v);
+        }
+
+        if let Some(v) = self.config.oidc_token_file {
+            cfg.oidc_token_file = Some(v);
+        }
+
+        if let Some(v) = self.config.sts_endpoint {
+            cfg.sts_endpoint = Some(v);
+        }
+
         let client = if let Some(client) = self.http_client {
             client
         } else {

@@ -46,8 +46,28 @@ pub struct OssConfig {
     pub access_key_id: Option<String>,
     /// Access key secret for oss.
     pub access_key_secret: Option<String>,
-    /// batch_max_operations
+    /// The size of max batch operations.
     pub batch_max_operations: Option<usize>,
+    /// If `role_arn` is set, we will use already known config as source
+    /// credential to assume role with `role_arn`.
+    pub role_arn: Option<String>,
+    /// role_session_name for this backend.
+    pub role_session_name: Option<String>,
+    /// `oidc_provider_arn` will be loaded from
+    ///
+    /// - this field if it's `is_some`
+    /// - env value: [`ALIBABA_CLOUD_OIDC_PROVIDER_ARN`]
+    pub oidc_provider_arn: Option<String>,
+    /// `oidc_token_file` will be loaded from
+    ///
+    /// - this field if it's `is_some`
+    /// - env value: [`ALIBABA_CLOUD_OIDC_TOKEN_FILE`]
+    pub oidc_token_file: Option<String>,
+    /// `sts_endpoint` will be loaded from
+    ///
+    /// - this field if it's `is_some`
+    /// - env value: [`ALIBABA_CLOUD_STS_ENDPOINT`]
+    pub sts_endpoint: Option<String>,
 }
 
 impl Debug for OssConfig {