diff --git a/example/sts/sts.go b/example/sts/sts.go index 6caec6b..672400a 100644 --- a/example/sts/sts.go +++ b/example/sts/sts.go @@ -4,12 +4,14 @@ import ( "context" "encoding/json" "fmt" - "github.com/QcloudApi/qcloud_sign_golang" - "github.com/tencentyun/cos-go-sdk-v5" - "github.com/tencentyun/cos-go-sdk-v5/debug" "net/http" "net/url" + "os" "strings" + + "github.com/QcloudApi/qcloud_sign_golang" + "github.com/tencentyun/cos-go-sdk-v5" + "github.com/tencentyun/cos-go-sdk-v5/debug" ) // Use Qcloud api github.com/QcloudApi/qcloud_sign_golang @@ -20,6 +22,19 @@ type Credent struct { TmpSecretKey string `json:"tmpSecretKey"` } +type PolicyStatement struct { + Action []string `json:"action,omitempty"` + Effect string `json:"effect,omitempty"` + Resource []string `json:"resource,omitempty"` + Condition map[string]map[string]interface{} `json:"condition,omitempty"` +} + +type CAMPolicy struct { + Statement []PolicyStatement `json:"statement,omitempty"` + Version string `json:"version,omitempty"` + Principal map[string][]string `json:"principal,omitempty"` +} + // Data data in sts response body type Data struct { Credentials Credent `json:"credentials"` @@ -32,16 +47,43 @@ type Response struct { } func main() { - // 替换实际的 SecretId 和 SecretKey - secretID := "ak" - secretKey := "sk" + // 在环境变量中设置您的 SecretId 和 SecretKey + secretID := os.Getenv("COS_SECRETID") + secretKey := os.Getenv("COS_SECRETKEY") + appid := "1259654469" //替换成您的APPID + bucket := "test-1259654469" //替换成您的bucket,格式: // 配置 config := map[string]interface{}{"secretId": secretID, "secretKey": secretKey, "debug": false} + policy := &CAMPolicy{ + Statement: []PolicyStatement{ + PolicyStatement{ + Action: []string{ + "name/cos:PostObject", + "name/cos:PutObject", + }, + Effect: "allow", + Resource: []string{ + "qcs::cos:ap-guangzhou:uid/" + appid + ":" + bucket + "/*", + }, + }, + }, + Version: "2.0", + } + bPolicy, err := json.Marshal(policy) + if err != nil { + fmt.Print("Error.", err) + return + } + policyStr := string(bPolicy) // 请求参数 - params := map[string]interface{}{"Region": "gz", "Action": "GetFederationToken", "name": "alantong", "policy": "{\"statement\": [{\"action\": [\"name/cos:GetObject\",\"name/cos:PutObject\"],\"effect\": \"allow\",\"resource\":[\"qcs::cos:ap-guangzhou:uid/1253960454:prefix//1253960454/alangz/*\"]}],\"version\": \"2.0\"}"} - + params := map[string]interface{}{ + "Region": "gz", + "Action": "GetFederationToken", + "name": "test", + "policy": policyStr, + } // 发送请求 retData, err := QcloudApi.SendRequest("sts", params, config) if err != nil { @@ -59,7 +101,7 @@ func main() { tSk := r.Dat.Credentials.TmpSecretKey token := r.Dat.Credentials.SessionToken - u, _ := url.Parse("https://alangz-1253960454.cos.ap-guangzhou.myqcloud.com") + u, _ := url.Parse("https://" + bucket + ".cos.ap-guangzhou.myqcloud.com") b := &cos.BaseURL{BucketURL: u} c := cos.NewClient(b, &http.Client{ Transport: &cos.AuthorizationTransport{ @@ -98,4 +140,5 @@ func main() { if err != nil { panic(err) } + }