1package integration 2 3import ( 4 "github.com/aliyun/alibaba-cloud-sdk-go/services/ram" 5 "github.com/aliyun/alibaba-cloud-sdk-go/services/sts" 6 7 "fmt" 8 "os" 9 "strings" 10) 11 12var role_doc = `{ 13 "Statement": [{ 14 "Action": "sts:AssumeRole", 15 "Effect": "Allow", 16 "Principal": { 17 "RAM": [ 18 "acs:ram::%s:root" 19 ] 20 } 21 }], 22 "Version": "1" 23 }` 24 25var ( 26 travisValue = strings.Split(os.Getenv("TRAVIS_JOB_NUMBER"), ".") 27 username = "test-go-user" + travisValue[len(travisValue)-1] 28 rolename = "test-go-role" + travisValue[len(travisValue)-1] 29 rolearn = fmt.Sprintf("acs:ram::%s:role/%s", os.Getenv("USER_ID"), rolename) 30) 31 32func createRole(userid string) (string, string, error) { 33 listRequest := ram.CreateListRolesRequest() 34 listRequest.Scheme = "HTTPS" 35 client, err := ram.NewClientWithAccessKey(os.Getenv("REGION_ID"), os.Getenv("ACCESS_KEY_ID"), os.Getenv("ACCESS_KEY_SECRET")) 36 if err != nil { 37 return "", "", err 38 } 39 listResponse, err := client.ListRoles(listRequest) 40 if err != nil { 41 return "", "", err 42 } 43 for _, role := range listResponse.Roles.Role { 44 if strings.ToLower(role.RoleName) == rolename { 45 return role.RoleName, role.Arn, nil 46 } 47 } 48 createRequest := ram.CreateCreateRoleRequest() 49 createRequest.Scheme = "HTTPS" 50 createRequest.RoleName = rolename 51 createRequest.AssumeRolePolicyDocument = fmt.Sprintf(role_doc, userid) 52 res, err := client.CreateRole(createRequest) 53 if err != nil { 54 return "", "", err 55 } 56 return res.Role.RoleName, res.Role.Arn, nil 57} 58 59func createUser() error { 60 listRequest := ram.CreateListUsersRequest() 61 listRequest.Scheme = "HTTPS" 62 client, err := ram.NewClientWithAccessKey(os.Getenv("REGION_ID"), os.Getenv("ACCESS_KEY_ID"), os.Getenv("ACCESS_KEY_SECRET")) 63 if err != nil { 64 return err 65 } 66 listResponse, err := client.ListUsers(listRequest) 67 if err != nil { 68 return err 69 } 70 for _, user := range listResponse.Users.User { 71 if user.UserName == username { 72 return nil 73 } 74 } 75 createRequest := ram.CreateCreateUserRequest() 76 createRequest.Scheme = "HTTPS" 77 createRequest.UserName = username 78 _, err = client.CreateUser(createRequest) 79 if err != nil { 80 return err 81 } 82 return nil 83} 84 85func createAttachPolicyToUser() error { 86 listRequest := ram.CreateListPoliciesForUserRequest() 87 listRequest.UserName = username 88 listRequest.Scheme = "HTTPS" 89 client, err := ram.NewClientWithAccessKey(os.Getenv("REGION_ID"), os.Getenv("ACCESS_KEY_ID"), os.Getenv("ACCESS_KEY_SECRET")) 90 if err != nil { 91 return err 92 } 93 listResponse, err := client.ListPoliciesForUser(listRequest) 94 if err != nil { 95 return err 96 } 97 for _, policy := range listResponse.Policies.Policy { 98 if policy.PolicyName == "AliyunSTSAssumeRoleAccess" { 99 return nil 100 } 101 } 102 createRequest := ram.CreateAttachPolicyToUserRequest() 103 createRequest.Scheme = "HTTPS" 104 createRequest.PolicyName = "AliyunSTSAssumeRoleAccess" 105 createRequest.UserName = username 106 createRequest.PolicyType = "System" 107 _, err = client.AttachPolicyToUser(createRequest) 108 if err != nil { 109 return err 110 } 111 return nil 112} 113 114func createAttachPolicyToRole() error { 115 listRequest := ram.CreateListPoliciesForRoleRequest() 116 listRequest.RoleName = rolename 117 listRequest.Scheme = "HTTPS" 118 client, err := ram.NewClientWithAccessKey(os.Getenv("REGION_ID"), os.Getenv("ACCESS_KEY_ID"), os.Getenv("ACCESS_KEY_SECRET")) 119 if err != nil { 120 return err 121 } 122 listResponse, err := client.ListPoliciesForRole(listRequest) 123 if err != nil { 124 return err 125 } 126 for _, policy := range listResponse.Policies.Policy { 127 if policy.PolicyName == "AdministratorAccess" { 128 return nil 129 } 130 } 131 createRequest := ram.CreateAttachPolicyToRoleRequest() 132 createRequest.Scheme = "HTTPS" 133 createRequest.PolicyName = "AdministratorAccess" 134 createRequest.RoleName = rolename 135 createRequest.PolicyType = "System" 136 _, err = client.AttachPolicyToRole(createRequest) 137 if err != nil { 138 return err 139 } 140 return nil 141} 142 143func createAccessKey() (string, string, error) { 144 client, err := ram.NewClientWithAccessKey(os.Getenv("REGION_ID"), os.Getenv("ACCESS_KEY_ID"), os.Getenv("ACCESS_KEY_SECRET")) 145 if err != nil { 146 return "", "", err 147 } 148 listrequest := ram.CreateListAccessKeysRequest() 149 listrequest.UserName = username 150 listrequest.Scheme = "HTTPS" 151 listresponse, err := client.ListAccessKeys(listrequest) 152 if err != nil { 153 return "", "", err 154 } 155 if listresponse.AccessKeys.AccessKey != nil { 156 if len(listresponse.AccessKeys.AccessKey) >= 2 { 157 accesskey := listresponse.AccessKeys.AccessKey[0] 158 deleterequest := ram.CreateDeleteAccessKeyRequest() 159 deleterequest.UserAccessKeyId = accesskey.AccessKeyId 160 deleterequest.UserName = username 161 deleterequest.Scheme = "HTTPS" 162 _, err := client.DeleteAccessKey(deleterequest) 163 if err != nil { 164 return "", "", err 165 } 166 } 167 } 168 request := ram.CreateCreateAccessKeyRequest() 169 request.Scheme = "HTTPS" 170 request.UserName = username 171 response, err := client.CreateAccessKey(request) 172 if err != nil { 173 return "", "", err 174 } 175 176 return response.AccessKey.AccessKeyId, response.AccessKey.AccessKeySecret, nil 177} 178 179func createAssumeRole() (*sts.AssumeRoleResponse, error) { 180 err := createUser() 181 if err != nil { 182 return nil, err 183 } 184 _, _, err = createRole(os.Getenv("USER_ID")) 185 if err != nil { 186 return nil, err 187 } 188 err = createAttachPolicyToUser() 189 if err != nil { 190 return nil, err 191 } 192 subaccesskeyid, subaccesskeysecret, err := createAccessKey() 193 if err != nil { 194 return nil, err 195 } 196 request := sts.CreateAssumeRoleRequest() 197 request.RoleArn = rolearn 198 request.RoleSessionName = "alice_test" 199 request.Scheme = "HTTPS" 200 client, err := sts.NewClientWithAccessKey(os.Getenv("REGION_ID"), subaccesskeyid, subaccesskeysecret) 201 response, err := client.AssumeRole(request) 202 if err != nil { 203 return nil, err 204 } 205 return response, nil 206} 207