alicloud_oss_bucket listBucket failed in RamRoleArn mode

[QiXingchuan]

Describe the bug
The query for oss buckets will have errors like this when use RamRoleArn mode

listBucket failed with panic \n'access_key' or 'profile' must be set in the connection configuration.

Steampipe version (steampipe -v)
Steampipe v1.0.0

Plugin version (steampipe plugin list)
hub.steampipe.io/plugins/turbot/alicloud@latest | 1.0.0

To reproduce

• config

connection "alicloud_sandbox" {
  plugin = "alicloud"
  regions = ["cn-shanghai"]
  profile = "syncer-test"
}

# .aliyun/config.json
{
	"current": "default",
	"profiles": [
		{
			"name": "syncer-test",
			"mode": "RamRoleArn",
			"access_key_id": "xxx",
			"access_key_secret": "xxx",
			"sts_token": "",
			"sts_region": "",
			"ram_role_name": "syncer-test",
			"ram_role_arn": "acs:ram::xxx:role/syncer-test",
			"ram_session_name": "syncer-test",
			"source_profile": "",
			"private_key": "",
			"key_pair_name": "",
			"expired_seconds": 0,
			"verified": "",
			"region_id": "cn-shanghai",
			"output_format": "json",
			"language": "en",
			"site": "",
			"retry_timeout": 0,
			"connect_timeout": 0,
			"retry_count": 0,
			"process_command": "",
			"credentials_uri": "",
			"oidc_provider_arn": "",
			"oidc_token_file": ""
		}
	],
	"meta_path": ""
}

• steampipe service start
• steampipe query
• Execute query like select * from alicloud_sandbox.alicloud_oss_bucket

Expected behavior
The error should not happen and should show the resource info

Additional context
It seems that the OSS SDK v1 doesn't support the use of the profile

[ParthaI]

Hello @QiXingchuan,

I’m sorry to hear you’re encountering issues.

We cannot use acceleration endpoints to list buckets. Transfer acceleration is supported only for subdomains that contain a specific bucket name. The subdomains are in the format of https://BucketName.oss-accelerate.aliyuncs.com. However, domain names that are used in requests to list buckets do not contain bucket names. An example domain name that can be used in such requests is https://oss-cn-hangzhou.aliyuncs.com. Doc Ref: https://www.alibabacloud.com/help/en/oss/user-guide/list-buckets-11

Based on the SDK documentation, the supported authentication methods for listing buckets are Access Key and Secret Access Key. Unfortunately, profile-based authentication is not supported. SDK ref: https://github.com/aliyun/aliyun-oss-go-sdk/blob/master/oss/client.go#L43

Could you please confirm whether you can list the buckets successfully using the RamRoleArn profile?

If it works, we can submit a feature request to the Alicloud SDK team to add support for profile-based authentication.

Thank you!

[QiXingchuan]

Hi @ParthaI. I can only use AKSK to get the OSS info by Steampipe. The RamRoleArn profile doesn't work for me.
If the SDK can support profile-based authentication, it will be better. The SDK has a v2 version, are there any plans to use it?

[ParthaI]

Ah, it seems we might have missed the SDK V2 version, which includes additional authentication modules. We will take a closer look at it.

For future reference, here is the SDK V2 package reference: https://github.com/aliyun/alibabacloud-oss-go-sdk-v2.

Thanks, @QiXingchuan