Expand description
Aliyun OSS signing implementation for reqsign.
This crate provides signing support for Alibaba Cloud Object Storage Service (OSS), enabling secure authentication for all OSS operations.
§Overview
Aliyun OSS uses a custom signing algorithm based on HMAC-SHA1. This crate implements the complete signing process along with credential loading from various sources including environment variables, configuration files, and STS tokens.
§Quick Start
use reqsign_aliyun_oss::{RequestSigner, DefaultCredentialProvider, StaticCredentialProvider};
use reqsign_core::{Context, Signer, Result};
use reqsign_file_read_tokio::TokioFileRead;
use reqsign_http_send_reqwest::ReqwestHttpSend;
#[tokio::main]
async fn main() -> Result<()> {
// Create context
let ctx = Context::new()
.with_file_read(TokioFileRead::default())
.with_http_send(ReqwestHttpSend::default());
// Create credential loader - uses environment variables by default
let loader = DefaultCredentialProvider::new();
// Or use static credentials
// let loader = StaticCredentialProvider::new(
// "your-access-key-id",
// "your-access-key-secret",
// );
// Create request builder
let builder = RequestSigner::new("bucket");
// Create the signer
let signer = Signer::new(ctx, loader, builder);
// Sign requests
let mut req = http::Request::get("https://bucket.oss-cn-beijing.aliyuncs.com/object.txt")
.body(())
.unwrap()
.into_parts()
.0;
signer.sign(&mut req, None).await?;
Ok(())
}§Credential Sources
§Environment Variables
export ALIBABA_CLOUD_ACCESS_KEY_ID=your-access-key-id
export ALIBABA_CLOUD_ACCESS_KEY_SECRET=your-access-key-secret
export ALIBABA_CLOUD_SECURITY_TOKEN=your-sts-token # Optional, for STS§Configuration File
The crate can load credentials from the Aliyun CLI configuration file
(typically ~/.aliyun/config.json).
§ECS RAM Role
When running on Alibaba Cloud ECS instances with RAM roles attached, credentials are automatically obtained from the metadata service.
§OSS Operations
§Object Operations
// Get object
let req = Request::get("https://bucket.oss-cn-beijing.aliyuncs.com/object.txt")
.body(())
.unwrap();
// Put object
let req = Request::put("https://bucket.oss-cn-beijing.aliyuncs.com/object.txt")
.header("Content-Type", "text/plain")
.body(b"Hello, OSS!")
.unwrap();
// Delete object
let req = Request::delete("https://bucket.oss-cn-beijing.aliyuncs.com/object.txt")
.body(())
.unwrap();§Bucket Operations
// List objects
let req = Request::get("https://bucket.oss-cn-beijing.aliyuncs.com/?prefix=photos/")
.body(())
.unwrap();
// Get bucket info
let req = Request::get("https://bucket.oss-cn-beijing.aliyuncs.com/?bucketInfo")
.body(())
.unwrap();§Advanced Features
§STS AssumeRole
use reqsign_aliyun_oss::AssumeRoleWithOidcCredentialProvider;
// Use environment variables
// Set ALIBABA_CLOUD_ROLE_ARN, ALIBABA_CLOUD_OIDC_PROVIDER_ARN, ALIBABA_CLOUD_OIDC_TOKEN_FILE
let loader = AssumeRoleWithOidcCredentialProvider::new();§Custom Endpoints
// Internal endpoint (VPC)
let req = Request::get("https://bucket.oss-cn-beijing-internal.aliyuncs.com/object.txt")
.body(())
.unwrap();
// Accelerate endpoint
let req = Request::get("https://bucket.oss-accelerate.aliyuncs.com/object.txt")
.body(())
.unwrap();§Examples
Check out the examples directory:
Structs§
- Assume
Role With Oidc Credential Provider - AssumeRoleWithOidcCredentialProvider loads credential via assume role with OIDC.
- Credential
- Credential that holds the access_key and secret_key.
- Default
Credential Provider - DefaultCredentialProvider is a loader that will try to load credential via default chains.
- Default
Credential Provider Builder - Builder for
DefaultCredentialProvider. - EnvCredential
Provider - EnvCredentialProvider loads Aliyun credentials from environment variables.
- Request
Signer - RequestSigner for Aliyun OSS signature.
- Static
Credential Provider - StaticCredentialProvider provides static Aliyun credentials.