什么是函数计算应用示例2 - 授权函数访问其他云服务资源

接下来学习理解如何在函数计算中使用RAM(访问控制)来访问自己的阿里云资源，这边以函数访问对象存储OSS为例，通过函数将一个字符串写入位于oss bucket的文件中， 然后再将从这个文件中读取的数据做为函数的返回值返回给用户。通过该示例，您将了解：

1. 访问控制(RAM)相关概念
2. 对象存储(OSS)相关概念
3. 通过RAM授权函数访问OSS资源的相关步骤

本示例假定函数代码存放于“code”目录，首先请开通对象存储OSS和访问控制RAM
在oss的控制台，创建自己的bucket，如下图：

编写代码


在当前目录下创建名为 code 的目录，在 code 目录下创建“fc_oss.js” 文件，实现名为 “handler” 的 nodejs 事件处理函数(注意，代码中的oss中的bucket名字改成自己的bucket名字)。nodejspython

1. [backcolor=transparent]'use strict'[backcolor=transparent];
2. [backcolor=transparent]var[backcolor=transparent] oss [backcolor=transparent]=[backcolor=transparent] [backcolor=transparent]require[backcolor=transparent]([backcolor=transparent]'ali-oss'[backcolor=transparent]).[backcolor=transparent]Wrapper[backcolor=transparent];
4. [backcolor=transparent]module[backcolor=transparent].[backcolor=transparent]exports[backcolor=transparent].[backcolor=transparent]handler [backcolor=transparent]=[backcolor=transparent] [backcolor=transparent]function[backcolor=transparent]([backcolor=transparent]event[backcolor=transparent],[backcolor=transparent] context[backcolor=transparent],[backcolor=transparent] callback[backcolor=transparent])[backcolor=transparent] [backcolor=transparent]{
5. [backcolor=transparent]    console[backcolor=transparent].[backcolor=transparent]log[backcolor=transparent]([backcolor=transparent]'Received event:'[backcolor=transparent],[backcolor=transparent] [backcolor=transparent]event[backcolor=transparent].[backcolor=transparent]toString[backcolor=transparent]());
6. [backcolor=transparent]    [backcolor=transparent]// Create oss client
7. [backcolor=transparent]    [backcolor=transparent]var[backcolor=transparent] ossclient [backcolor=transparent]=[backcolor=transparent] [backcolor=transparent]new[backcolor=transparent] oss [backcolor=transparent]({
8. [backcolor=transparent]        [backcolor=transparent]// Credentials can be retrieved from context
9. [backcolor=transparent]        accessKeyId[backcolor=transparent]:[backcolor=transparent] context[backcolor=transparent].[backcolor=transparent]credentials[backcolor=transparent].[backcolor=transparent]accessKeyId[backcolor=transparent],
10. [backcolor=transparent]        accessKeySecret[backcolor=transparent]:[backcolor=transparent] context[backcolor=transparent].[backcolor=transparent]credentials[backcolor=transparent].[backcolor=transparent]accessKeySecret[backcolor=transparent],
11. [backcolor=transparent]        stsToken[backcolor=transparent]:[backcolor=transparent] context[backcolor=transparent].[backcolor=transparent]credentials[backcolor=transparent].[backcolor=transparent]securityToken[backcolor=transparent],
12. [backcolor=transparent]        region[backcolor=transparent]:[backcolor=transparent] [backcolor=transparent]'oss-cn-shanghai'[backcolor=transparent],
13. [backcolor=transparent]        bucket[backcolor=transparent]:[backcolor=transparent] [backcolor=transparent]'ls-oss-test'[backcolor=transparent],[backcolor=transparent] [backcolor=transparent]// your bucket
14. [backcolor=transparent]    [backcolor=transparent]});
16. [backcolor=transparent]    ossclient[backcolor=transparent].[backcolor=transparent]put[backcolor=transparent]([backcolor=transparent]'remote.txt'[backcolor=transparent],[backcolor=transparent] [backcolor=transparent]new[backcolor=transparent] [backcolor=transparent]Buffer[backcolor=transparent]([backcolor=transparent]'fc write '[backcolor=transparent] [backcolor=transparent]+[backcolor=transparent] [backcolor=transparent]event[backcolor=transparent].[backcolor=transparent]toString[backcolor=transparent]()[backcolor=transparent] [backcolor=transparent]+[backcolor=transparent] [backcolor=transparent]' in oss bucket'[backcolor=transparent])).[backcolor=transparent] [backcolor=transparent]then[backcolor=transparent]([backcolor=transparent]function[backcolor=transparent]([backcolor=transparent]res[backcolor=transparent])[backcolor=transparent] [backcolor=transparent]{
17. [backcolor=transparent]            [backcolor=transparent]return[backcolor=transparent] ossclient[backcolor=transparent].[backcolor=transparent]get[backcolor=transparent]([backcolor=transparent]'remote.txt'[backcolor=transparent]);
18. [backcolor=transparent]        [backcolor=transparent]}).[backcolor=transparent]then[backcolor=transparent]([backcolor=transparent]function[backcolor=transparent]([backcolor=transparent]res[backcolor=transparent])[backcolor=transparent] [backcolor=transparent]{
19. [backcolor=transparent]            callback[backcolor=transparent]([backcolor=transparent]null[backcolor=transparent],[backcolor=transparent] res[backcolor=transparent].[backcolor=transparent]content[backcolor=transparent]);
20. [backcolor=transparent]        [backcolor=transparent]}).[backcolor=transparent]catch[backcolor=transparent]([backcolor=transparent]function[backcolor=transparent]([backcolor=transparent]err[backcolor=transparent])[backcolor=transparent] [backcolor=transparent]{
21. [backcolor=transparent]            callback[backcolor=transparent]([backcolor=transparent]err[backcolor=transparent]);
22. [backcolor=transparent]        [backcolor=transparent]});
23. [backcolor=transparent]};

1. [backcolor=transparent]# -*- coding: utf-8 -*-
2. [backcolor=transparent]import[backcolor=transparent] time[backcolor=transparent],[backcolor=transparent] os
3. [backcolor=transparent]import[backcolor=transparent] oss2
5. [backcolor=transparent]def[backcolor=transparent] handler[backcolor=transparent]([backcolor=transparent]event[backcolor=transparent],[backcolor=transparent] context[backcolor=transparent]):
6. [backcolor=transparent]    endpoint[backcolor=transparent]=[backcolor=transparent]'oss-cn-shanghai.aliyuncs.com'
7. [backcolor=transparent]    creds [backcolor=transparent]=[backcolor=transparent] context[backcolor=transparent].[backcolor=transparent]credentials
8. [backcolor=transparent]    auth [backcolor=transparent]=[backcolor=transparent] oss2[backcolor=transparent].[backcolor=transparent]StsAuth[backcolor=transparent]([backcolor=transparent]creds[backcolor=transparent].[backcolor=transparent]access_key_id[backcolor=transparent],
9. [backcolor=transparent]                        creds[backcolor=transparent].[backcolor=transparent]access_key_secret[backcolor=transparent],
10. [backcolor=transparent]                        creds[backcolor=transparent].[backcolor=transparent]security_token[backcolor=transparent])
12. [backcolor=transparent]    bucket [backcolor=transparent]=[backcolor=transparent] oss2[backcolor=transparent].[backcolor=transparent]Bucket[backcolor=transparent]([backcolor=transparent]auth[backcolor=transparent],[backcolor=transparent] endpoint[backcolor=transparent],[backcolor=transparent] [backcolor=transparent]'ls-oss-test'[backcolor=transparent])[backcolor=transparent] [backcolor=transparent]# your bucket
13. [backcolor=transparent]    bucket[backcolor=transparent].[backcolor=transparent]put_object[backcolor=transparent]([backcolor=transparent]'remote.txt'[backcolor=transparent] [backcolor=transparent],[backcolor=transparent] [backcolor=transparent]'fc write '[backcolor=transparent]  [backcolor=transparent]+[backcolor=transparent] [backcolor=transparent]event[backcolor=transparent]  [backcolor=transparent]+[backcolor=transparent] [backcolor=transparent]' into oss bucket'[backcolor=transparent])
14. [backcolor=transparent]    remote_stream [backcolor=transparent]=[backcolor=transparent] bucket[backcolor=transparent].[backcolor=transparent]get_object[backcolor=transparent]([backcolor=transparent]'remote.txt'[backcolor=transparent])
16. [backcolor=transparent]    [backcolor=transparent]return[backcolor=transparent] remote_stream[backcolor=transparent].[backcolor=transparent]read[backcolor=transparent]()

创建函数计算服务角色并授权


首先需要创建一个拥有访问oss权限的RAM角色，函数将扮演这个角色来使用oss上的资源。请执行 fcli shell 进入交互模式：

1. [backcolor=transparent]mksr fc[backcolor=transparent]-[backcolor=transparent]oss[backcolor=transparent]-[backcolor=transparent]op
2. [backcolor=transparent]mkrp fc[backcolor=transparent]-[backcolor=transparent]oss[backcolor=transparent]-[backcolor=transparent]gp [backcolor=transparent]-[backcolor=transparent]a [backcolor=transparent]'["oss:GetObject", "oss:PutObject"]'[backcolor=transparent] [backcolor=transparent]-[backcolor=transparent]r [backcolor=transparent]'"*"'
3. [backcolor=transparent]attach [backcolor=transparent]-[backcolor=transparent]p [backcolor=transparent]/[backcolor=transparent]ram[backcolor=transparent]/[backcolor=transparent]policies[backcolor=transparent]/[backcolor=transparent]fc[backcolor=transparent]-[backcolor=transparent]oss[backcolor=transparent]-[backcolor=transparent]gp [backcolor=transparent]-[backcolor=transparent]r [backcolor=transparent]/[backcolor=transparent]ram[backcolor=transparent]/[backcolor=transparent]roles[backcolor=transparent]/[backcolor=transparent]fc[backcolor=transparent]-[backcolor=transparent]oss[backcolor=transparent]-[backcolor=transparent]op
4. [backcolor=transparent]mks oss_demo [backcolor=transparent]-[backcolor=transparent]r acs[backcolor=transparent]:[backcolor=transparent]ram[backcolor=transparent]::[backcolor=transparent]12345[backcolor=transparent]:[backcolor=transparent]role[backcolor=transparent]/[backcolor=transparent]fc[backcolor=transparent]-[backcolor=transparent]oss[backcolor=transparent]-[backcolor=transparent]op

最后一条命令中的12345 改成自己阿里云的Account ID

上面四条命令的逐条解释：

1. 
   创建一个RAM角色 ：fc-oss-op
2. 
   创建一个可以读取和写入oss的策略：fc-oss-gp
3. 
   将fc-oss-gp策略赋予角色fc-oss-op，这样角色fc-oss-op就能读写oss上的资源了
4. 
   创建oss_demo服务，并把fc-oss-op作为其服务角色，oss_demo服务下所有的函数都能扮演角色fc-oss-op对oss上资源进行读取或者写入

注：在 fcli shell 模式下，所有 RAM 相关的资源都放在/ram/路径下，方便管理。如果想要更加详细了解访问控制RAM,请查阅 相关文档

创建函数


在fcli shell中执行mkf oss_demo/fc-oss -h fc_oss.handler -d code -t nodejs6，在服务 oss_demo 中创建名为 fc-oss 的函数。

调用函数


在fcli shell中执行invk oss_demo/fc-oss -s hello_oss，您应当看到输出结果为：fc write hello_oss in oss bucket, 打开oss控制台，可以在对应的bucket中看到有remote.txt文件。