首页 发现 帮助
登录
rainbow
/
config-manage
关注 6
点赞 0
派生 0
文件 工单管理 0 合并请求 0 Wiki
分支: master
分支列表 标签列表
config-manage
/
app
/
Http
/
Controllers
/
OssController.php

OssController.php 2.1 KB
永久链接 文件历史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 
  1. <?php
    2. 

  2. 

  3. namespace App\Http\Controllers;
    4. 

  4. use AliCloud\Core\Profile\DefaultProfile;
    5. 

  5. use AliCloud\Core\DefaultAcsClient;
    6. 

  6. use AliCloud\Core\Exception\ServerException;
    7. 

  7. use AliCloud\Core\Exception\ClientException;
    8. 

  8. use AliCloud\STS\AssumeRoleRequest;
    9. 

  9. 

  10. class OssController extends Controller
    11. 

  11. {
    12. 

  12.     public function getSts()
    13. 

  13.     {
    14. 

  14.         $regionID = "cn-zhangjiakou";
    15. 

  15.         $endpoint = "sts.cn-zhangjiakou.aliyuncs.com";
    16. 

  16.         DefaultProfile::addEndpoint($regionID, $regionID, "Sts", $endpoint);
    17. 

  17.         $iClientProfile = DefaultProfile::getProfile($regionID, 'LTAIG3B3vMgxdnGg', 'EJY6vwMje1npqZYmIwrmUWlVTiVW18');
    18. 

  18.         $client = new DefaultAcsClient($iClientProfile);
    19. 

  19.         // 指定角色ARN
    20. 

  20.         $roleArn = "acs:ram::1211062998797452:role/ramoss-sts";
    21. 

  21.         // 在扮演角色时,添加一个权限策略,进一步限制角色的权限
    22. 

  22.         // 以下权限策略表示拥有可以读取所有OSS的只读权限
    23. 

  23. $policy = <<<POLICY
    24. 

  24.         {
    25. 

  25.           "Statement": [
    26. 

  26.             {
    27. 

  27.               "Action": [
    28. 

  28.                 "oss:Get*",
    29. 

  29.                 "oss:List*"
    30. 

  30.               ],
    31. 

  31.               "Effect": "Allow",
    32. 

  32.               "Resource": "*"
    33. 

  33.             }
    34. 

  34.           ],
    35. 

  35.           "Version": "1"
    36. 

  36.         }
    37. 

  37. POLICY;
    38. 

  38.         $request = new AssumeRoleRequest();
    39. 

  39.         // RoleSessionName即临时身份的会话名称,用于区分不同的临时身份
    40. 

  40.         $request->setRoleSessionName("alice");
    41. 

  41.         $request->setRoleArn($roleArn);
    42. 

  42.         $request->setPolicy($policy);
    43. 

  43.         $request->setDurationSeconds(3600);
    44. 

  44.         try {
    45. 

  45.             $response = $client->getAcsResponse($request);
    46. 

  46.             $result['region'] = $regionID;
    47. 

  47.             $result['accessKeyId'] = $response->Credentials->AccessKeyId;
    48. 

  48.             $result['accessKeySecret'] = $response->Credentials->AccessKeySecret;
    49. 

  49.             $result['stsToken'] = $response->Credentials->SecurityToken;
    50. 

  50.             $result['bucket'] = 'uptoyo';
    51. 

  51.             return $result;
    52. 

  52.         } catch (ServerException $e) {
    53. 

  53.             return $this->response->error($e->getMessage(), 500);
    54. 

  54.         } catch (ClientException $e) {
    55. 

  55.             return $this->response->error($e->getMessage(), 500);
    56. 

  56.         }
    57. 

  57.     }
    58. 

  58. }
    59. 

  59.