feat:ram role

oss/client.go

@@ -4,7 +4,9 @@ package oss
 
 import (
 	"bytes"
+	"encoding/json"
 	"encoding/xml"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -78,6 +80,46 @@ func New(endpoint, accessKeyID, accessKeySecret string, options ...ClientOption)
 	return client, err
 }
 
+// NewRamRole creates a new client. Dynamic identity management and authorization for cloud applications
+// docs https://help.aliyun.com/document_detail/93746.html
+func NewRamRole(endpoint, roleName string, options ...ClientOption) (*Client, error) {
+	client, err := New(endpoint, "", "", options...)
+	if err != nil {
+		return nil, err
+	}
+
+	toUrl := client.Conn.url.getURL("", "", "").String() + "/latest/meta-data/ram/security-credentials/" + roleName
+
+	get, err := client.Conn.client.Get(toUrl)
+	if err != nil {
+		return nil, err
+	}
+	defer get.Body.Close()
+
+	all, err := ioutil.ReadAll(get.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	var ramRole RamRole
+	if err = json.Unmarshal(all, &ramRole); err != nil {
+		return nil, err
+	}
+
+	if ramRole.Code != "Success" {
+		return nil, errors.New("get ecs ram role code not is success")
+	}
+
+	if ramRole.AccessKeyId == "" || ramRole.AccessKeySecret == "" {
+		return nil, errors.New("get ecs ram role AccessKeyId AccessKeySecret is empty")
+	}
+	client.Config.AccessKeyID = ramRole.AccessKeyId
+	client.Config.AccessKeySecret = ramRole.AccessKeySecret
+	client.Config.SecurityToken = ramRole.SecurityToken
+
+	return client, err
+}
+
 // SetRegion set region for client
 //
 // region    the region, such as cn-hangzhou

oss/ram_role_type.go

@@ -0,0 +1,12 @@
+package oss
+
+import "time"
+
+type RamRole struct {
+	AccessKeyId     string    `json:"AccessKeyId"`
+	AccessKeySecret string    `json:"AccessKeySecret"`
+	SecurityToken   string    `json:"SecurityToken"`
+	Code            string    `json:"Code"`
+	Expiration      time.Time `json:"Expiration"`
+	LastUpdated     time.Time `json:"LastUpdated"`
+}