public function generate($sessionName) { $iClientProfile = \DefaultProfile::getProfile("cn-hangzhou", $this->accessKeyId, $this->accessSecret); $client = new \DefaultAcsClient($iClientProfile); //进一步限制角色的使用权限 //默认设置为所有权限 if (!$this->policy) { $this->policy = ' { "Statement": [ { "Action": [ "oss:*" ], "Effect": "Allow", "Resource": "*" } ], "Version": "1" } '; } $request = new \AssumeRoleRequest(); $request->setFormat($this->format); // RoleSessionName即临时身份的会话名称,用于区分不同的临时身份 // 您可以使用您的客户的ID作为会话名称 $request->setRoleSessionName($sessionName); $request->setRoleArn($this->defaultRoleArn); $request->setPolicy($this->policy); $request->setDurationSeconds($this->durationSeconds); $response = $client->doAction($request); return $response->getBody(); }
<?php include_once '../aliyun-php-sdk-core/Config.php'; use Sts\Request\V20150401 as Sts; // 你需要操作的资源所在的region $iClientProfile = DefaultProfile::getProfile("cn-hangzhou", "<your accesskeyid>", "<your accesskeysecret>"); $client = new DefaultAcsClient($iClientProfile); // policy编写参考oss api文档授权访问章节 $policy = "{\n" . " \"Version\": \"1\",\n" . " \"Statement\": [\n" . " {\n" . " \"Effect\": \"Allow\",\n" . " \"Action\": [\n" . " \"oss:GetObject\",\n" . " \"oss:PutObject\"\n" . " ],\n" . " \"Resource\": \"acs:oss:*:*:*/*\"\n" . " }\n" . " ]\n" . " }"; $request = new Sts\GetFederationTokenRequest(); $request->setStsVersion("2015-04-01"); $request->setName("oldratlee"); $request->setPolicy($policy); $request->setDurationSeconds(3600); $response = $client->doAction($request); print_r("\r\n"); print_r($response);