Skip to content

Commit

Permalink
example: add oss-java-sdk
Browse files Browse the repository at this point in the history
  • Loading branch information
@mozillazg
mozillazg committed May 19, 2023
1 parent e90768a commit 874de6d
Show file tree
Hide file tree
Showing 11 changed files with 392 additions and 73 deletions.
2 changes: 1 addition & 1 deletion examples/rrsa/java-sdk/deploy.yaml
View file
Expand Up @@ -27,6 +27,6 @@ spec:
serviceAccountName: demo-sa
restartPolicy: Never
containers:
- image: registry.cn-hangzhou.aliyuncs.com/acs/ack-ram-tool:1.0.0-rrsa-example-java
- image: registry.cn-hangzhou.aliyuncs.com/acs/ack-ram-tool:0.13.2-rrsa-example-java
imagePullPolicy: "Always"
name: test
6 changes: 0 additions & 6 deletions examples/rrsa/java-sdk/pom.xml
View file
Expand Up @@ -21,12 +21,6 @@
<version>0.2.10</version>
</dependency>

<dependency>
<groupId>com.aliyun.oss</groupId>
<artifactId>aliyun-sdk-oss</artifactId>
<version>3.16.1</version>
</dependency>

</dependencies>

<properties>
Expand Down
64 changes: 2 additions & 62 deletions examples/rrsa/java-sdk/src/main/java/com/alibabacloud/Demo.java
View file
Expand Up @@ -5,13 +5,6 @@
import com.aliyun.cs20151215.models.DescribeClustersRequest;
import com.aliyun.cs20151215.models.DescribeClustersResponse;

// only for oss sdk
import com.aliyun.oss.ClientBuilderConfiguration;
import com.aliyun.oss.OSS;
import com.aliyun.oss.common.auth.*;
import com.aliyun.oss.OSSClientBuilder;
import com.aliyun.oss.model.Bucket;

import java.util.List;

class TestOpenAPISDK {
Expand All @@ -35,57 +28,11 @@ public void CallAPI(com.aliyun.credentials.Client cred) throws Exception {
}
}

class OSSCredentialProvider implements CredentialsProvider {

private final com.aliyun.credentials.Client cred;

public OSSCredentialProvider(com.aliyun.credentials.Client cred) {
this.cred = cred;
}

public void setCredentials(Credentials creds) {
}

@Override
public Credentials getCredentials() {
String ak = cred.getAccessKeyId();
String sk = cred.getAccessKeySecret();
String token = cred.getSecurityToken();
return new DefaultCredentials(ak, sk, token);
}
}

class TestOSSSDK {

public void CallAPI(com.aliyun.credentials.Client cred) throws Exception {
// new provider
OSSCredentialProvider provider = new OSSCredentialProvider(cred);
String endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
// new client config
ClientBuilderConfiguration conf = new ClientBuilderConfiguration();

// init client
OSS ossClient = new OSSClientBuilder().build(endpoint, provider, conf);

// call api
List<Bucket> buckets = ossClient.listBuckets();
System.out.println("call oss.listBuckets via oidc token success:\n");
for (Bucket bucket : buckets) {
System.out.println(" - " + bucket.getName());
}
System.out.println();

ossClient.shutdown();
}

}


public class Demo {

public static void main(String[] args) throws Exception {
// 两种方式都可以
com.aliyun.credentials.Client cred = new Client();
com.aliyun.credentials.Client cred = new com.aliyun.credentials.Client();
// or
// com.aliyun.credentials.Client cred = newOidcCred();

Expand All @@ -96,13 +43,6 @@ public static void main(String[] args) throws Exception {
TestOpenAPISDK openapiSdk = new TestOpenAPISDK();
openapiSdk.CallAPI(cred);

// test oss sdk (https://github.com/aliyun/aliyun-oss-java-sdk) use rrsa oidc token
if (System.getenv("TEST_OSS_SDK") != null && System.getenv("TEST_OSS_SDK").equals("true")) {
System.out.println("\n");
System.out.println("test oss sdk use rrsa oidc token");
TestOSSSDK osssdk = new TestOSSSDK();
osssdk.CallAPI(cred);
}
}

static com.aliyun.credentials.Client newOidcCred() throws Exception {
Expand All @@ -113,6 +53,6 @@ static com.aliyun.credentials.Client newOidcCred() throws Exception {
credConf.oidcProviderArn = System.getenv("ALIBABA_CLOUD_OIDC_PROVIDER_ARN");
credConf.oidcTokenFilePath = System.getenv("ALIBABA_CLOUD_OIDC_TOKEN_FILE");
credConf.roleSessionName = "test-rrsa-oidc-token";
return new Client(credConf);
return new com.aliyun.credentials.Client(credConf);
}
}
14 changes: 10 additions & 4 deletions examples/rrsa/java-sdk/test.sh
View file
Expand Up @@ -5,6 +5,8 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" > /dev/null && pwd )"
CLUSTER_ID="$1"
KUBECONFIG_PATH="${SCRIPT_DIR}/kubeconfig"
NAMESPACE="rrsa-demo-java-sdk"
ROLE_NAME="test-rrsa-demo"
POLICY_NAME="test-cs-describe-clusters"

trap cleanup EXIT

Expand All @@ -27,13 +29,15 @@ function install_helper() {
function setup_role() {
bar_tip "setup ram role"

aliyun ram CreatePolicy --PolicyName cs-describe-clusters --PolicyDocument '{
aliyun ram DeletePolicy --PolicyName ${POLICY_NAME} || true
aliyun ram CreatePolicy --PolicyName ${POLICY_NAME} --PolicyDocument '{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cs:DescribeClusters"
"cs:DescribeClusters",
"cs:GetClusters"
],
"Resource": [
"*"
Expand All @@ -46,15 +50,16 @@ function setup_role() {
ack-ram-tool rrsa associate-role --cluster-id "${CLUSTER_ID}" \
--namespace "${NAMESPACE}" \
--service-account demo-sa \
--role-name test-rrsa-demo \
--role-name ${ROLE_NAME} \
--create-role-if-not-exist \
--attach-custom-policy cs-describe-clusters
--attach-custom-policy ${POLICY_NAME}
}

function deploy_demo() {
bar_tip "deploy demo"

ack-ram-tool credential-plugin get-kubeconfig --cluster-id "${CLUSTER_ID}" > ${KUBECONFIG_PATH}
kubectl --kubeconfig ${KUBECONFIG_PATH} delete -f "${SCRIPT_DIR}/deploy.yaml"
kubectl --kubeconfig ${KUBECONFIG_PATH} apply -f "${SCRIPT_DIR}/deploy.yaml"
}

Expand All @@ -70,6 +75,7 @@ function cleanup() {
bar_tip "cleanup"

rm ${KUBECONFIG_PATH}
aliyun ram DetachPolicyFromRole --RoleName ${ROLE_NAME} --PolicyName ${POLICY_NAME} --PolicyType Custom || true

set -e
}
Expand Down
4 changes: 4 additions & 0 deletions examples/rrsa/oss-java-sdk/.gitignore
View file
@@ -0,0 +1,4 @@
.idea/
out/
/target/
*.iml
16 changes: 16 additions & 0 deletions examples/rrsa/oss-java-sdk/Dockerfile
View file
@@ -0,0 +1,16 @@
FROM maven:3.8.7-openjdk-18-slim as builder
# TARGETPLATFORM

WORKDIR /app
COPY src/main/java/com/alibabacloud/Demo.java ./src/main/java/com/alibabacloud/
COPY pom.xml ./
RUN mvn package


FROM openjdk:18-slim-buster

WORKDIR /app

COPY --from=builder /app/target/demo-1.0-SNAPSHOT-jar-with-dependencies.jar ./

CMD java -jar ./demo-1.0-SNAPSHOT-jar-with-dependencies.jar
68 changes: 68 additions & 0 deletions examples/rrsa/oss-java-sdk/README.md
View file
@@ -0,0 +1,68 @@
# java-sdk

## Usage

1. Enable RRSA:

```
export CLUSTER_ID=<cluster_id>
ack-ram-tool rrsa enable --cluster-id "${CLUSTER_ID}"
```

2. Install ack-pod-identity-webhook:

```
ack-ram-tool rrsa install-helper-addon --cluster-id "${CLUSTER_ID}"
```


3. Create an RAM Policy:

```
aliyun ram CreatePolicy --PolicyName oss-list-buckets --PolicyDocument '{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"oss:ListBuckets"
],
"Resource": [
"*"
],
"Condition": {}
}
]
}'
```

4. Associate an RAM Role to the service account and attach the policy to the role:

```
ack-ram-tool rrsa associate-role --cluster-id "${CLUSTER_ID}" \
--namespace rrsa-demo-oss-java-sdk \
--service-account demo-sa \
--role-name test-rrsa-demo \
--create-role-if-not-exist \
--attach-custom-policy oss-list-buckets
```

5. Deploy demo job:

```
ack-ram-tool credential-plugin get-kubeconfig --cluster-id "${CLUSTER_ID}" > kubeconfig
kubectl --kubeconfig ./kubeconfig apply -f deploy.yaml
```

6. Get logs:

```
kubectl --kubeconfig ./kubeconfig -n rrsa-demo-oss-java-sdk wait --for=condition=complete job/demo --timeout=240s
kubectl --kubeconfig ./kubeconfig -n rrsa-demo-oss-java-sdk logs job/demo
```

Outputs:

```
```
32 changes: 32 additions & 0 deletions examples/rrsa/oss-java-sdk/deploy.yaml
View file
@@ -0,0 +1,32 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: rrsa-demo-java-sdk
labels:
pod-identity.alibabacloud.com/injection: 'on'

---
apiVersion: v1
kind: ServiceAccount
metadata:
name: demo-sa
namespace: rrsa-demo-java-sdk
annotations:
pod-identity.alibabacloud.com/role-name: test-rrsa-demo

---
apiVersion: batch/v1
kind: Job
metadata:
name: demo
namespace: rrsa-demo-java-sdk
spec:
template:
spec:
serviceAccountName: demo-sa
restartPolicy: Never
containers:
- image: registry.cn-hangzhou.aliyuncs.com/acs/ack-ram-tool:0.13.2-rrsa-example-oss-java
imagePullPolicy: "Always"
name: test
75 changes: 75 additions & 0 deletions examples/rrsa/oss-java-sdk/pom.xml
View file
@@ -0,0 +1,75 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>com.alibabacloud</groupId>
<artifactId>demo</artifactId>
<version>1.0-SNAPSHOT</version>

<dependencies>

<dependency>
<groupId>com.aliyun</groupId>
<artifactId>credentials-java</artifactId>
<version>0.2.10</version>
</dependency>

<dependency>
<groupId>com.aliyun.oss</groupId>
<artifactId>aliyun-sdk-oss</artifactId>
<version>3.16.1</version>
</dependency>

</dependencies>

<properties>
<maven.version>3.8.0</maven.version>
<maven.compiler.source>18</maven.compiler.source>
<maven.compiler.target>18</maven.compiler.target>
</properties>

<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>3.3.0</version>
<configuration>
<archive>
<manifest>
<addClasspath>true</addClasspath>
<mainClass>com.alibabacloud.Demo</mainClass>
</manifest>
</archive>
</configuration>
</plugin>

<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<version>3.4.2</version>
<configuration>
<archive>
<manifest>
<mainClass>com.alibabacloud.Demo</mainClass>
</manifest>
</archive>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
<executions>
<execution>
<id>make-assembly</id> <!-- this is used for inheritance merges -->
<phase>package</phase> <!-- bind to the packaging phase -->
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>

</project>

0 comments on commit 874de6d

Please sign in to comment.