Home Explore Help
Sign In
rainbow
/
config-service
Watch 6
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: b7aa170a92
Branches Tags
config-service
/
app
/
Http
/
Controllers
/
OssController.php

OssController.php 2.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. <?php
    2. 

  2. 

  3. namespace App\Http\Controllers;
    4. 

  4. use AliCloud\Core\Profile\DefaultProfile;
    5. 

  5. use AliCloud\Core\DefaultAcsClient;
    6. 

  6. use AliCloud\Core\Exception\ServerException;
    7. 

  7. use AliCloud\Core\Exception\ClientException;
    8. 

  8. use AliCloud\STS\AssumeRoleRequest;
    9. 

  9. 

  10. class OssController extends Controller
    11. 

  11. {
    12. 

  12.     public function getSts()
    13. 

  13.     {
    14. 

  14.         $regionID = "cn-zhangjiakou";
    15. 

  15.         $endpoint = "sts.cn-zhangjiakou.aliyuncs.com";
    16. 

  16.         DefaultProfile::addEndpoint($regionID, $regionID, "Sts", $endpoint);
    17. 

  17.         $iClientProfile = DefaultProfile::getProfile($regionID, 'LTAIG3B3vMgxdnGg', 'EJY6vwMje1npqZYmIwrmUWlVTiVW18');
    18. 

  18.         $client = new DefaultAcsClient($iClientProfile);
    19. 

  19.         // 指定角色ARN
    20. 

  20.         $roleArn = "acs:ram::1211062998797452:role/ramoss-sts";
    21. 

  21.         // 在扮演角色时,添加一个权限策略,进一步限制角色的权限
    22. 

  22.         // 以下权限策略表示拥有可以读取所有OSS的只读权限
    23. 

  23. $policy = <<<POLICY
    24. 

  24.         {
    25. 

  25.           "Statement": [
    26. 

  26.             {
    27. 

  27.               "Action": [
    28. 

  28.                 "oss:Get*",
    29. 

  29.                 "oss:List*",
    30. 

  30.                 "oss:Put*"
    31. 

  31.               ],
    32. 

  32.               "Effect": "Allow",
    33. 

  33.               "Resource": "*"
    34. 

  34.             }
    35. 

  35.           ],
    36. 

  36.           "Version": "1"
    37. 

  37.         }
    38. 

  38. POLICY;
    39. 

  39.         $request = new AssumeRoleRequest();
    40. 

  40.         // RoleSessionName即临时身份的会话名称,用于区分不同的临时身份
    41. 

  41.         $request->setRoleSessionName("alice");
    42. 

  42.         $request->setRoleArn($roleArn);
    43. 

  43.         $request->setPolicy($policy);
    44. 

  44.         $request->setDurationSeconds(3600);
    45. 

  45.         try {
    46. 

  46.             $response = $client->getAcsResponse($request);
    47. 

  47.             $result['region'] = $regionID;
    48. 

  48.             $result['accessKeyId'] = $response->Credentials->AccessKeyId;
    49. 

  49.             $result['accessKeySecret'] = $response->Credentials->AccessKeySecret;
    50. 

  50.             $result['stsToken'] = $response->Credentials->SecurityToken;
    51. 

  51.             $result['bucket'] = 'uptoyo';
    52. 

  52.             return $this->jsonSuccess($result);
    53. 

  53.         } catch (ServerException $e) {
    54. 

  54.             return jsonError($e->getMessage());
    55. 

  55.         } catch (ClientException $e) {
    56. 

  56.             return jsonError($e->getMessage());
    57. 

  57.         }
    58. 

  58.     }
    59. 

  59. }
    60. 

  60.