yunion.io/x/cloudmux@v0.3.10-0-alpha.1/pkg/multicloud/aliyun/ramimage.go (about) 1 // Copyright 2019 Yunion 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package aliyun 16 17 import ( 18 "yunion.io/x/pkg/errors" 19 20 "yunion.io/x/cloudmux/pkg/cloudprovider" 21 ) 22 23 const ( 24 AliyunECSImageImportRole = "AliyunECSImageImportDefaultRole" 25 AliyunECSImageImportRoleDocument = `{ 26 "Statement": [ 27 { 28 "Action": "sts:AssumeRole", 29 "Effect": "Allow", 30 "Principal": { 31 "Service": [ 32 "ecs.aliyuncs.com" 33 ] 34 } 35 } 36 ], 37 "Version": "1" 38 }` 39 40 AliyunECSImageImportRolePolicyType = "System" 41 AliyunECSImageImportRolePolicy = "AliyunECSImageImportRolePolicy" 42 AliyunECSImageImportRolePolicyDocument = `{ 43 "Version": "1", 44 "Statement": [ 45 { 46 "Action": [ 47 "oss:GetObject", 48 "oss:GetBucketLocation" 49 ], 50 "Resource": "*", 51 "Effect": "Allow" 52 } 53 ] 54 }` 55 ) 56 57 func (self *SAliyunClient) EnableImageImport() error { 58 _, err := self.GetRole(AliyunECSImageImportRole) 59 if err != nil { 60 if errors.Cause(err) != cloudprovider.ErrNotFound { 61 return err 62 } 63 _, err = self.CreateRole(AliyunECSImageImportRole, 64 AliyunECSImageImportRoleDocument, 65 "Allow Import External Image from OSS") 66 if err != nil { 67 return err 68 } 69 } 70 71 _, err = self.GetPolicy(AliyunECSImageImportRolePolicyType, AliyunECSImageImportRolePolicy) 72 if err != nil { 73 /*if err != cloudprovider.ErrNotFound { 74 return err 75 } 76 _, err = self.createPolicy(AliyunECSImageImportRolePolicy, 77 AliyunECSImageImportRolePolicyDocument, 78 "Allow Import External Image policy") 79 if err != nil { 80 return err 81 }*/ 82 return err 83 } 84 85 policies, err := self.ListPoliciesForRole(AliyunECSImageImportRole) 86 if err != nil { 87 return err 88 } 89 for i := 0; i < len(policies); i += 1 { 90 if policies[i].PolicyType == AliyunECSImageImportRolePolicyType && 91 policies[i].PolicyName == AliyunECSImageImportRolePolicy { 92 return nil // find policy 93 } 94 } 95 96 err = self.AttachPolicy2Role(AliyunECSImageImportRolePolicyType, AliyunECSImageImportRolePolicy, AliyunECSImageImportRole) 97 if err != nil { 98 return err 99 } 100 101 return nil 102 } 103 104 const ( 105 AliyunECSImageExportRole = "AliyunECSImageExportDefaultRole" 106 AliyunECSImageExportRoleDocument = `{ 107 "Statement": [ 108 { 109 "Action": "sts:AssumeRole", 110 "Effect": "Allow", 111 "Principal": { 112 "Service": [ 113 "ecs.aliyuncs.com" 114 ] 115 } 116 } 117 ], 118 "Version": "1" 119 }` 120 121 AliyunEmptyRoleDocument = `{ 122 "Statement": [ 123 { 124 "Action": "sts:AssumeRole", 125 "Effect": "Allow", 126 "Principal": { 127 "Service": [ 128 "ecs.aliyuncs.com" 129 ] 130 } 131 } 132 ], 133 "Version": "1" 134 }` 135 136 AliyunECSImageExportRolePolicyType = "System" 137 AliyunECSImageExportRolePolicy = "AliyunECSImageExportRolePolicy" 138 AliyunECSImageExportRolePolicyDocument = `{ 139 "Version": "1", 140 "Statement": [ 141 { 142 "Action": [ 143 "oss:GetObject", 144 "oss:PutObject", 145 "oss:DeleteObject", 146 "oss:GetBucketLocation", 147 "oss:AbortMultipartUpload", 148 "oss:ListMultipartUploads", 149 "oss:ListParts" 150 ], 151 "Resource": "*", 152 "Effect": "Allow" 153 } 154 ] 155 }` 156 ) 157 158 func (self *SAliyunClient) EnableImageExport() error { 159 _, err := self.GetRole(AliyunECSImageExportRole) 160 if err != nil { 161 if err != cloudprovider.ErrNotFound { 162 return err 163 } 164 _, err = self.CreateRole(AliyunECSImageExportRole, 165 AliyunECSImageExportRoleDocument, 166 "Allow Export Import to OSS") 167 if err != nil { 168 return err 169 } 170 } 171 172 _, err = self.GetPolicy(AliyunECSImageExportRolePolicyType, AliyunECSImageExportRolePolicy) 173 if err != nil { 174 /*if err != cloudprovider.ErrNotFound { 175 return err 176 } 177 _, err = self.createPolicy(AliyunECSImageImportRolePolicy, 178 AliyunECSImageImportRolePolicyDocument, 179 "Allow Import External Image policy") 180 if err != nil { 181 return err 182 }*/ 183 return err 184 } 185 186 policies, err := self.ListPoliciesForRole(AliyunECSImageExportRole) 187 if err != nil { 188 return err 189 } 190 for i := 0; i < len(policies); i += 1 { 191 if policies[i].PolicyType == AliyunECSImageExportRolePolicyType && 192 policies[i].PolicyName == AliyunECSImageExportRolePolicy { 193 return nil // find policy 194 } 195 } 196 197 err = self.AttachPolicy2Role(AliyunECSImageExportRolePolicyType, AliyunECSImageExportRolePolicy, AliyunECSImageExportRole) 198 if err != nil { 199 return err 200 } 201 202 return nil 203 }