yunion.io/x/cloudmux@v0.3.10-0-alpha.1/pkg/multicloud/apsara/ramimage.go (about) 1 // Copyright 2019 Yunion 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package apsara 16 17 import ( 18 "yunion.io/x/cloudmux/pkg/cloudprovider" 19 ) 20 21 const ( 22 ApsaraECSImageImportRole = "ApsaraECSImageImportDefaultRole" 23 ApsaraECSImageImportRoleDocument = `{ 24 "Statement": [ 25 { 26 "Action": "sts:AssumeRole", 27 "Effect": "Allow", 28 "Principal": { 29 "Service": [ 30 "ecs.apsaracs.com" 31 ] 32 } 33 } 34 ], 35 "Version": "1" 36 }` 37 38 ApsaraECSImageImportRolePolicyType = "System" 39 ApsaraECSImageImportRolePolicy = "ApsaraECSImageImportRolePolicy" 40 ApsaraECSImageImportRolePolicyDocument = `{ 41 "Version": "1", 42 "Statement": [ 43 { 44 "Action": [ 45 "oss:GetObject", 46 "oss:GetBucketLocation" 47 ], 48 "Resource": "*", 49 "Effect": "Allow" 50 } 51 ] 52 }` 53 ) 54 55 func (self *SApsaraClient) EnableImageImport() error { 56 _, err := self.GetRole(ApsaraECSImageImportRole) 57 if err != nil { 58 if err != cloudprovider.ErrNotFound { 59 return err 60 } 61 _, err = self.CreateRole(ApsaraECSImageImportRole, 62 ApsaraECSImageImportRoleDocument, 63 "Allow Import External Image from OSS") 64 if err != nil { 65 return err 66 } 67 } 68 69 _, err = self.GetPolicy(ApsaraECSImageImportRolePolicyType, ApsaraECSImageImportRolePolicy) 70 if err != nil { 71 /*if err != cloudprovider.ErrNotFound { 72 return err 73 } 74 _, err = self.createPolicy(ApsaraECSImageImportRolePolicy, 75 ApsaraECSImageImportRolePolicyDocument, 76 "Allow Import External Image policy") 77 if err != nil { 78 return err 79 }*/ 80 return err 81 } 82 83 policies, err := self.ListPoliciesForRole(ApsaraECSImageImportRole) 84 if err != nil { 85 return err 86 } 87 for i := 0; i < len(policies); i += 1 { 88 if policies[i].PolicyType == ApsaraECSImageImportRolePolicyType && 89 policies[i].PolicyName == ApsaraECSImageImportRolePolicy { 90 return nil // find policy 91 } 92 } 93 94 err = self.AttachPolicy2Role(ApsaraECSImageImportRolePolicyType, ApsaraECSImageImportRolePolicy, ApsaraECSImageImportRole) 95 if err != nil { 96 return err 97 } 98 99 return nil 100 } 101 102 const ( 103 ApsaraECSImageExportRole = "ApsaraECSImageExportDefaultRole" 104 ApsaraECSImageExportRoleDocument = `{ 105 "Statement": [ 106 { 107 "Action": "sts:AssumeRole", 108 "Effect": "Allow", 109 "Principal": { 110 "Service": [ 111 "ecs.apsaracs.com" 112 ] 113 } 114 } 115 ], 116 "Version": "1" 117 }` 118 119 ApsaraEmptyRoleDocument = `{ 120 "Statement": [ 121 { 122 "Action": "sts:AssumeRole", 123 "Effect": "Allow", 124 "Principal": { 125 "Service": [ 126 "ecs.apsaracs.com" 127 ] 128 } 129 } 130 ], 131 "Version": "1" 132 }` 133 134 ApsaraECSImageExportRolePolicyType = "System" 135 ApsaraECSImageExportRolePolicy = "ApsaraECSImageExportRolePolicy" 136 ApsaraECSImageExportRolePolicyDocument = `{ 137 "Version": "1", 138 "Statement": [ 139 { 140 "Action": [ 141 "oss:GetObject", 142 "oss:PutObject", 143 "oss:DeleteObject", 144 "oss:GetBucketLocation", 145 "oss:AbortMultipartUpload", 146 "oss:ListMultipartUploads", 147 "oss:ListParts" 148 ], 149 "Resource": "*", 150 "Effect": "Allow" 151 } 152 ] 153 }` 154 ) 155 156 func (self *SApsaraClient) EnableImageExport() error { 157 _, err := self.GetRole(ApsaraECSImageExportRole) 158 if err != nil { 159 if err != cloudprovider.ErrNotFound { 160 return err 161 } 162 _, err = self.CreateRole(ApsaraECSImageExportRole, 163 ApsaraECSImageExportRoleDocument, 164 "Allow Export Import to OSS") 165 if err != nil { 166 return err 167 } 168 } 169 170 _, err = self.GetPolicy(ApsaraECSImageExportRolePolicyType, ApsaraECSImageExportRolePolicy) 171 if err != nil { 172 /*if err != cloudprovider.ErrNotFound { 173 return err 174 } 175 _, err = self.createPolicy(ApsaraECSImageImportRolePolicy, 176 ApsaraECSImageImportRolePolicyDocument, 177 "Allow Import External Image policy") 178 if err != nil { 179 return err 180 }*/ 181 return err 182 } 183 184 policies, err := self.ListPoliciesForRole(ApsaraECSImageExportRole) 185 if err != nil { 186 return err 187 } 188 for i := 0; i < len(policies); i += 1 { 189 if policies[i].PolicyType == ApsaraECSImageExportRolePolicyType && 190 policies[i].PolicyName == ApsaraECSImageExportRolePolicy { 191 return nil // find policy 192 } 193 } 194 195 err = self.AttachPolicy2Role(ApsaraECSImageExportRolePolicyType, ApsaraECSImageExportRolePolicy, ApsaraECSImageExportRole) 196 if err != nil { 197 return err 198 } 199 200 return nil 201 }