Skip to main content
Version: v0.13.2

assume-role

测试使用 oidc token 扮演特定 RAM 角色。

使用示例

$ ack-ram-tool rrsa assume-role --oidc-provider-arn <oidcProviderArn> \
--role-arn <roleArn> --oidc-token-file <pathToTokenFile>

Retrieved a STS token:
AccessKeyId: STS.***
AccessKeySecret: 7UVy***
SecurityToken: CAIS***
Expiration: 2021-12-03T05:51:37Z

命令行参数

Usage:
ack-ram-tool rrsa assume-role [flags]

Flags:
-h, --help help for assume-role
-p, --oidc-provider-arn string The arn of OIDC provider
-t, --oidc-token-file string Path to OIDC token file. If value is '-', will read token from stdin
-r, --role-arn string The arn of RAM role

Global Flags:
-y, --assume-yes Automatic yes to prompts; assume "yes" as answer to all prompts and run non-interactively
--ignore-aliyun-cli-credentials don't try to parse credentials from config.json of aliyun cli
--ignore-env-credentials don't try to parse credentials from environment variables
--log-level string log level: info, debug, error (default "info")
--profile-file string Path to credential file (default: ~/.aliyun/config.json or ~/.alibabacloud/credentials)
--profile-name string using this named profile when parse credentials from config.json of aliyun cli
--region-id string The region to use (default "cn-hangzhou")

参数说明:

参数名称默认值必需参数说明
-p, --oidc-provider-arn为集群注册的 RAM 角色 SSO 供应商 ARN
-r, --role-arn被扮演的 RAM 角色的 ARN
-t, --oidc-token-fileoidc token 文件的路径。当值为 - 时支持从标准输入从读取 token(比如通过管道传递 token)