Skip to main content

u_sdk/sts/
types.rs

1use super::Client;
2use super::ram_policy::Policy;
3use bon::Builder;
4use serde::{Deserialize, Serialize, Serializer};
5
6/// [AssumRole API](https://help.aliyun.com/zh/ram/developer-reference/api-sts-2015-04-01-assumerole)
7///
8/// 官方文档关于调用 AssumeRole 需要:
9///
10/// | 操作 | 访问级别 | 资源类型 | 条件关键字 | 关联操作 |
11/// | ---- | -------- | -------- | ---------- | -------- |
12/// | AssumeRole | get | *Role<br>acs:ram::{#accountId}:role/{#RoleName} | sts:SourceIdentity | sts:SetSourceIdentity |
13///
14/// 经过测试,这个操作的调用不需要关联操作`sts:SetSourceIdentity`,单独的`sts:AssumeRole`权限即可调用成功。
15///
16/// 而且系统的`权限策略`中,有`AliyunSTSAssumeRoleAccess`,自己也只是开启了`sts:AssumeRole`
17#[serde_with::skip_serializing_none]
18#[derive(Serialize, Builder)]
19#[serde(rename_all = "PascalCase")]
20pub struct AssumeRole<'a> {
21    #[serde(skip_serializing)]
22    #[builder(start_fn)]
23    pub(crate) client: &'a Client,
24    duration_seconds: Option<u32>,
25    // 这个字段是String类型而不是需要flatten的结构体
26    #[serde(serialize_with = "policy_as_string")]
27    policy: Option<Policy>,
28    role_arn: &'a str,
29    role_session_name: &'a str,
30    external_id: Option<&'a str>,
31    source_identity: Option<&'a str>,
32}
33
34fn policy_as_string<S>(opt: &Option<Policy>, serializer: S) -> Result<S::Ok, S::Error>
35where
36    S: Serializer,
37{
38    match opt {
39        Some(policy) => {
40            let s = serde_json::to_string(policy).map_err(serde::ser::Error::custom)?;
41            serializer.serialize_str(&s)
42        }
43        None => serializer.serialize_none(),
44    }
45}
46
47#[derive(Deserialize, Debug)]
48#[serde(rename_all = "PascalCase")]
49pub struct AssumeRoleResponse {
50    pub request_id: String,
51    pub assumed_role_user: AssumedRoleUser,
52    pub credentials: Credentials,
53    pub source_identity: Option<String>,
54}
55
56#[derive(Deserialize, Debug)]
57#[serde(rename_all = "PascalCase")]
58pub struct AssumedRoleUser {
59    pub assumed_role_id: String,
60    pub arn: String,
61}
62
63#[derive(Deserialize, Debug)]
64#[serde(rename_all = "PascalCase")]
65pub struct Credentials {
66    pub security_token: String,
67    pub expiration: String,
68    pub access_key_id: String,
69    pub access_key_secret: String,
70}