全部產品
Search
文件中心

CloudOps Orchestration Service:ACS-OSS-PutBucketReferer

更新時間:Sep 06, 2024

模板名稱

ACS-OSS-PutBucketReferer 設定儲存空間防盜鏈

立即執行

模板描述

設定儲存空間防盜鏈

模板類型

自動化

所有者

Alibaba Cloud

輸入參數

參數名稱

描述

類型

是否必填

預設值

約束

bucketName

OSS bucket 名稱

String

regionId

地區ID

String

{{ ACS::RegionId }}

allowEmptyReferer

指定是否允許Referer欄位為空白的請求訪問

String

true

refererList

儲存Referer訪問白名單的網址

List

[]

OOSAssumeRole

OOS扮演的RAM角色

String

""

輸出參數

參數名稱

描述

類型

refererInfo

Json

執行此模板需要的權限原則

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "oss:GetBucketReferer",
                "oss:PutBucketReferer"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

詳情

ACS-OSS-PutBucketReferer詳情

模板內容

FormatVersion: OOS-2019-06-01
Description:
  en: Put the bucket referer
  zh-cn: 設定儲存空間防盜鏈
  name-en: ACS-OSS-PutBucketReferer
  name-zh-cn: 設定儲存空間防盜鏈
  categories:
    - security
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
      zh-cn: 地區ID
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  bucketName:
    Label:
      en: BucketName
      zh-cn: OSS bucket 名稱
    Type: String
  allowEmptyReferer:
    Description:
      en: Specify whether to allow access to requests whose Referer field is empty
      zh-cn: 指定是否允許Referer欄位為空白的請求訪問
    Type: String
    Default: 'true'
    AllowedValues:
      - 'true'
      - 'false'
  refererList:
    Description:
      en: for example:[http://www.aliyun.com, https://www.aliyun.com]
      zh-cn: 例如:[http://www.aliyun.com, https://www.aliyun.com]
    Label:
      en: Save Referer Access Whitelist URL
      zh-cn: 儲存Referer訪問白名單的網址
    Type: List
    Default: []
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: OOS扮演的RAM角色
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: convertXmlParameters
    Action: 'ACS::ECS::SMCConversionConstantByJqScript'
    Description:
      en: Automatically make bucket referer configuration
      zh-cn: 自動產生儲存空間防盜鏈規則
    Properties:
      parameter: '{{ refererList }}'
      jqScript:
        - '. [] | split("[") | join("") | split("]") | join("") | split("\"") | join("") |split(",") | map(. | .="<Referer>"+.+"</Referer>") as $item| $item | join("") as $itemList | "<RefererConfiguration><AllowEmptyReferer>{{ allowEmptyReferer }}</AllowEmptyReferer><RefererList>"+$itemList+"</RefererList>" as $refererList |$refererList'
        - .
    Outputs:
      xmlValues:
        Type: String
        ValueSelector: firstValue
  - Name: putBucketReferer
    Action: 'ACS::ExecuteAPI'
    Description:
      en: 'Enable the bucket referer'
      zh-cn: 開啟儲存空間防盜鏈
    Properties:
      Service: OSS
      API: PutBucketReferer
      Method: PUT
      URI: '?referer'
      Headers:
        Content-MD5: ""
        Content-Type: application/xml
      Parameters:
        BucketName: '{{ bucketName }}'
        RegionId: '{{ regionId }}'
      Body: '<?xml version="1.0" encoding="UTF-8"?>{{ convertXmlParameters.xmlValues }}</RefererConfiguration>'
  - Name: waitBucketRefererNoRefererList
    Action: 'ACS::WaitFor'
    Description:
      en: Wait for the bucket referer modification to complete when referer is allowed to be empty
      zh-cn: 等待儲存空間防盜鏈允許為空白時修改完成
    When:
      'Fn::Equals':
        - '{{ refererList }}'
        - []
    OnSuccess: 'ACS::END'
    Properties:
      Service: OSS
      API: GetBucketReferer
      Method: GET
      URI: '?referer'
      Headers: {}
      Parameters:
        BucketName: '{{ bucketName }}'
        RegionId: '{{ regionId }}'
      DesiredValues:
        - '{{ allowEmptyReferer }}'
      PropertySelector: '.RefererConfiguration.AllowEmptyReferer'
  - Name: waitBucketReferer
    Action: 'ACS::WaitFor'
    Description:
      en: Wait for the bucket referer modification to complete
      zh-cn: 等待儲存空間防盜鏈修改完成
    Properties:
      Service: OSS
      API: GetBucketReferer
      Method: GET
      URI: '?referer'
      Headers: {}
      Parameters:
        BucketName: '{{ bucketName }}'
        RegionId: '{{ regionId }}'
      NotDesiredValues: '{{ refererList }}'
      PropertySelector: '.RefererConfiguration.RefererList.Referer-{{ refererList }}'
Outputs:
  refererInfo:
    Type: Json
    Value:
      bucketName: '{{ bucketName }}'
      allowEmptyReferer: '{{ allowEmptyReferer }}'
      refererList: '{{ refererList }}'