in solution/solution-access-analyzer-external-access/fc/java/src/main/java/org/example/Main.java [29:71]
public void handleRequest(InputStream inputStream, OutputStream outputStream, Context context) throws IOException {
FunctionComputeLogger logger = context.getLogger();
ByteArrayOutputStream result = new ByteArrayOutputStream();
byte[] buffer = new byte[1024];
for (int length; (length = inputStream.read(buffer)) != -1; ) {
result.write(buffer, 0, length);
}
String event = result.toString(StandardCharsets.UTF_8.name());
logger.error(event);
MessageData messageData = JSON.parseObject(event, MessageData.class);
// get credentials from context
com.aliyun.fc.runtime.Credentials creds = context.getExecutionCredentials();
// cross account
DefaultProfile profile = DefaultProfile.getProfile(System.getenv("REGION"), creds.getAccessKeyId(),
creds.getAccessKeySecret(), creds.getSecurityToken());
IAcsClient client = new DefaultAcsClient(profile);
AssumeRoleRequest request = new AssumeRoleRequest();
request.setRoleArn(String.format("acs:ram::%s:role/%s", messageData.getResourceOwnerAccountId(), System.getenv("ASSUME_ROLE_NAME")));
request.setRoleSessionName("AccessAnalyzer");
try {
AssumeRoleResponse response = client.getAcsResponse(request);
ClientBuilderConfiguration configuration = new ClientBuilderConfiguration();
configuration.setSignatureVersion(SignVersion.V4);
String[] resourceArns = messageData.getResourceArn().split(":");
String ossRegion = resourceArns[2];
String ossBucket = resourceArns[4];
OSS ossClient = OSSClientBuilder.create()
.endpoint(String.format("https://%s.aliyuncs.com", ossRegion))
.credentialsProvider(new DefaultCredentialProvider(response.getCredentials().getAccessKeyId(), response.getCredentials().getAccessKeySecret(), response.getCredentials().getSecurityToken()))
.clientConfiguration(configuration)
.region(ossRegion.replace("oss-", ""))
.build();
ossClient.putBucketPublicAccessBlock(new PutBucketPublicAccessBlockRequest(ossBucket, true));
} catch (Exception e) {
logger.error(e.getMessage());
}
}