def _create_credential(self, turl=None):
tea_request = TeaRequest()
tea_request.query = {
'Action': 'GenerateSessionAccessKey',
'Format': 'JSON',
'Version': '2015-04-01',
'DurationSeconds': str(self.duration_seconds),
'AccessKeyId': self.access_key_id,
'RegionId': self.region_id,
}
str_to_sign = ph.compose_string_to_sign('GET', tea_request.query)
signature = ph.sign_string(str_to_sign, self.access_key_id + '&')
tea_request.query['Signature'] = signature
tea_request.protocol = 'https'
tea_request.headers['host'] = turl if turl else 'sts.aliyuncs.com'
# request
response = TeaCore.do_action(tea_request)
if response.status_code == 200:
dic = json.loads(response.body.decode('utf-8'))
if "SessionAccessKey" in dic:
cre = dic.get("SessionAccessKey")
time_array = time.strptime(cre.get("Expiration"),
"%Y-%m-%dT%H:%M:%SZ")
expiration = calendar.timegm(time_array)
return credentials.RsaKeyPairCredential(
cre.get("SessionAccessKeyId"),
cre.get("SessionAccessKeySecret"), expiration, self)
raise CredentialException(response.body.decode('utf-8'))
async def _create_credentials_async(self, turl=None):
# 获取credential 先实现签名用工具类
tea_request = TeaRequest()
tea_request.query = {
'Action': 'AssumeRole',
'Format': 'JSON',
'Version': '2015-04-01',
'DurationSeconds': str(self.duration_seconds),
'RoleArn': self.role_arn,
'AccessKeyId': self.access_key_id,
'RegionId': self.region_id,
'RoleSessionName': self.role_session_name
}
if self.policy is not None:
tea_request.query["Policy"] = self.policy
string_to_sign = ph.compose_string_to_sign("GET", tea_request.query)
signature = ph.sign_string(string_to_sign,
self.access_key_secret + "&")
tea_request.query["Signature"] = signature
tea_request.protocol = 'https'
tea_request.headers['host'] = turl if turl else 'sts.aliyuncs.com'
# request
response = await TeaCore.async_do_action(tea_request)
if response.status_code == 200:
dic = json.loads(response.body.decode('utf-8'))
if "Credentials" in dic:
cre = dic.get("Credentials")
# 先转换为时间数组
time_array = time.strptime(cre.get("Expiration"),
"%Y-%m-%dT%H:%M:%SZ")
# 转换为时间戳
expiration = calendar.timegm(time_array)
return credentials.RamRoleArnCredential(
cre.get("AccessKeyId"), cre.get("AccessKeySecret"),
cre.get("SecurityToken"), expiration, self)
raise CredentialException(response.body.decode('utf-8'))
def test_compose_string_to_sign(test):
method, queries = 'GET', {}
string_to_sign = parameter_helper.compose_string_to_sign(method, queries)
test.assertEqual('GET&%2F&', string_to_sign)