yunion.io/x/cloudmux@v0.3.10-0-alpha.1/pkg/multicloud/apsara/ramimage.go (about)

     1  // Copyright 2019 Yunion
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package apsara
    16  
    17  import (
    18  	"yunion.io/x/cloudmux/pkg/cloudprovider"
    19  )
    20  
    21  const (
    22  	ApsaraECSImageImportRole         = "ApsaraECSImageImportDefaultRole"
    23  	ApsaraECSImageImportRoleDocument = `{
    24  "Statement": [
    25  {
    26  "Action": "sts:AssumeRole",
    27  "Effect": "Allow",
    28  "Principal": {
    29   "Service": [
    30     "ecs.apsaracs.com"
    31   ]
    32  }
    33  }
    34  ],
    35  "Version": "1"
    36  }`
    37  
    38  	ApsaraECSImageImportRolePolicyType     = "System"
    39  	ApsaraECSImageImportRolePolicy         = "ApsaraECSImageImportRolePolicy"
    40  	ApsaraECSImageImportRolePolicyDocument = `{
    41  "Version": "1",
    42  "Statement": [
    43  {
    44  "Action": [
    45   "oss:GetObject",
    46   "oss:GetBucketLocation"
    47  ],
    48  "Resource": "*",
    49  "Effect": "Allow"
    50  }
    51  ]
    52  }`
    53  )
    54  
    55  func (self *SApsaraClient) EnableImageImport() error {
    56  	_, err := self.GetRole(ApsaraECSImageImportRole)
    57  	if err != nil {
    58  		if err != cloudprovider.ErrNotFound {
    59  			return err
    60  		}
    61  		_, err = self.CreateRole(ApsaraECSImageImportRole,
    62  			ApsaraECSImageImportRoleDocument,
    63  			"Allow Import External Image from OSS")
    64  		if err != nil {
    65  			return err
    66  		}
    67  	}
    68  
    69  	_, err = self.GetPolicy(ApsaraECSImageImportRolePolicyType, ApsaraECSImageImportRolePolicy)
    70  	if err != nil {
    71  		/*if err != cloudprovider.ErrNotFound {
    72  			return err
    73  		}
    74  		_, err = self.createPolicy(ApsaraECSImageImportRolePolicy,
    75  			ApsaraECSImageImportRolePolicyDocument,
    76  			"Allow Import External Image policy")
    77  		if err != nil {
    78  			return err
    79  		}*/
    80  		return err
    81  	}
    82  
    83  	policies, err := self.ListPoliciesForRole(ApsaraECSImageImportRole)
    84  	if err != nil {
    85  		return err
    86  	}
    87  	for i := 0; i < len(policies); i += 1 {
    88  		if policies[i].PolicyType == ApsaraECSImageImportRolePolicyType &&
    89  			policies[i].PolicyName == ApsaraECSImageImportRolePolicy {
    90  			return nil // find policy
    91  		}
    92  	}
    93  
    94  	err = self.AttachPolicy2Role(ApsaraECSImageImportRolePolicyType, ApsaraECSImageImportRolePolicy, ApsaraECSImageImportRole)
    95  	if err != nil {
    96  		return err
    97  	}
    98  
    99  	return nil
   100  }
   101  
   102  const (
   103  	ApsaraECSImageExportRole         = "ApsaraECSImageExportDefaultRole"
   104  	ApsaraECSImageExportRoleDocument = `{
   105     "Statement": [
   106       {
   107         "Action": "sts:AssumeRole",
   108         "Effect": "Allow",
   109         "Principal": {
   110           "Service": [
   111             "ecs.apsaracs.com"
   112           ]
   113         }
   114       }
   115     ],
   116     "Version": "1"
   117  }`
   118  
   119  	ApsaraEmptyRoleDocument = `{
   120     "Statement": [
   121       {
   122         "Action": "sts:AssumeRole",
   123         "Effect": "Allow",
   124         "Principal": {
   125           "Service": [
   126             "ecs.apsaracs.com"
   127           ]
   128         }
   129       }
   130     ],
   131     "Version": "1"
   132  }`
   133  
   134  	ApsaraECSImageExportRolePolicyType     = "System"
   135  	ApsaraECSImageExportRolePolicy         = "ApsaraECSImageExportRolePolicy"
   136  	ApsaraECSImageExportRolePolicyDocument = `{
   137     "Version": "1",
   138     "Statement": [
   139       {
   140         "Action": [
   141           "oss:GetObject",
   142           "oss:PutObject",
   143           "oss:DeleteObject",
   144           "oss:GetBucketLocation",
   145           "oss:AbortMultipartUpload",
   146           "oss:ListMultipartUploads",
   147           "oss:ListParts"
   148         ],
   149         "Resource": "*",
   150         "Effect": "Allow"
   151       }
   152     ]
   153   }`
   154  )
   155  
   156  func (self *SApsaraClient) EnableImageExport() error {
   157  	_, err := self.GetRole(ApsaraECSImageExportRole)
   158  	if err != nil {
   159  		if err != cloudprovider.ErrNotFound {
   160  			return err
   161  		}
   162  		_, err = self.CreateRole(ApsaraECSImageExportRole,
   163  			ApsaraECSImageExportRoleDocument,
   164  			"Allow Export Import to OSS")
   165  		if err != nil {
   166  			return err
   167  		}
   168  	}
   169  
   170  	_, err = self.GetPolicy(ApsaraECSImageExportRolePolicyType, ApsaraECSImageExportRolePolicy)
   171  	if err != nil {
   172  		/*if err != cloudprovider.ErrNotFound {
   173  			return err
   174  		}
   175  		_, err = self.createPolicy(ApsaraECSImageImportRolePolicy,
   176  			ApsaraECSImageImportRolePolicyDocument,
   177  			"Allow Import External Image policy")
   178  		if err != nil {
   179  			return err
   180  		}*/
   181  		return err
   182  	}
   183  
   184  	policies, err := self.ListPoliciesForRole(ApsaraECSImageExportRole)
   185  	if err != nil {
   186  		return err
   187  	}
   188  	for i := 0; i < len(policies); i += 1 {
   189  		if policies[i].PolicyType == ApsaraECSImageExportRolePolicyType &&
   190  			policies[i].PolicyName == ApsaraECSImageExportRolePolicy {
   191  			return nil // find policy
   192  		}
   193  	}
   194  
   195  	err = self.AttachPolicy2Role(ApsaraECSImageExportRolePolicyType, ApsaraECSImageExportRolePolicy, ApsaraECSImageExportRole)
   196  	if err != nil {
   197  		return err
   198  	}
   199  
   200  	return nil
   201  }