def test_ecs_ram_role_signer(self):
credential = RamRoleArnCredential(
"sts_access_key_id", "sts_access_key_secret", "role_arn", "session_role_name")
signer = RamRoleArnSigner(credential, self.do_action_200)
self.assertEqual("session_role_name",
signer._credential.session_role_name)
credential = RamRoleArnCredential(
"sts_access_key_id", "sts_access_key_secret", "role_arn", "")
signer2 = RamRoleArnSigner(credential, None)
self.assertTrue(
signer2._credential.session_role_name.startswith("aliyun-python-sdk-"))
request = RpcRequest("product", "version", "action_name")
headers, url = signer.sign('cn-hangzhou', request)
self.assertEqual(request.get_query_params().get(
"SecurityToken"), 'security_token')
# # self.assertEqual(url, '/?SignatureVersion=1.0&Format=None"
# "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou"
# "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1&Version=version"
# "&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D&Action=action_name"
# "&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=')
request = RoaRequest("product", "version",
"action_name", uri_pattern="/")
request.set_method('get')
self.assertIsNone(request.get_headers().get("x-acs-security-token"))
headers, url = signer.sign('cn-hangzhou', request)
self.assertEqual(request.get_headers().get(
"x-acs-security-token"), 'security_token')
request = RpcRequest("product", "version", "action_name")
signer3 = RamRoleArnSigner(credential, self.do_action_400)
with self.assertRaises(ServerException) as ex:
signer3.sign('cn-hangzhou', request)
self.assertEqual(
"refresh session token failed, server return: XXXX", ex.exception.message)
def setup_class(cls):
# ignore https credential
ssl._DEFAULT_CIPHERS = 'ALL'
if hasattr(ssl, '_create_unverified_context'):
ssl._create_default_https_context = ssl._create_unverified_context
cf = configparser.ConfigParser()
config_file = os.path.expanduser('~') + "/aliyun-sdk.ini"
cf.read(config_file)
access_key_id = cf.get('sdk_test_auth_ram_role_arn_credential',
'access_key_id')
access_key_secret = cf.get('sdk_test_auth_ram_role_arn_credential',
'access_key_secret')
role_arn = cf.get('sdk_test_auth_ram_role_arn_credential', 'role_arn')
session_role_name = 'python-sdk-test'
region_provider.modify_point('Sts', 'cn-hangzhou', 'sts.aliyuncs.com')
ram_role_arn_credential = RamRoleArnCredential(access_key_id,
access_key_secret,
role_arn,
session_role_name)
cls.acs_client = AcsClient(region_id='cn-hangzhou',
credential=ram_role_arn_credential)
assert cls.acs_client
def test_RamRoleArnCredential(self):
c = RamRoleArnCredential("sts_access_key_id", "sts_access_key_secret",
"role_arn", "session_role_name")
self.assertEqual("sts_access_key_id", c.sts_access_key_id)
self.assertEqual("sts_access_key_secret", c.sts_access_key_secret)
self.assertEqual("role_arn", c.role_arn)
self.assertEqual("session_role_name", c.session_role_name)
def test_call_roa_request_with_sts_token(self):
from aliyunsdkcore.auth.credentials import RamRoleArnCredential
# FIXME : the RoleArn must according to user's setting
ram_role_arn_credential = RamRoleArnCredential(
self.sub_access_key_id, self.sub_access_key_secret,
"acs:ram::1988236124481530:role/testrole", "alice_test")
acs_client = AcsClient(region_id="cn-hangzhou",
credential=ram_role_arn_credential)
request = DescribeRegionsRequest()
url = self.get_http_request(acs_client, request)
self.assertTrue(url.find("AccessKeyId=STS."))
response = acs_client.do_action_with_exception(request)
ret = self.get_dict_response(response)
self.assertTrue(ret.get("Regions"))
self.assertTrue(ret.get("RequestId"))
def test_call_roa_request_with_sts_token(self):
from aliyunsdkcore.auth.credentials import RamRoleArnCredential
self._create_default_ram_user()
self._attach_default_policy()
self._create_access_key()
self._create_default_ram_role()
ram_role_arn_credential = RamRoleArnCredential(
self.ram_user_access_key_id, self.ram_user_access_key_secret,
self.ram_role_arn, "alice_test")
acs_client = AcsClient(region_id="cn-hangzhou",
credential=ram_role_arn_credential)
request = DescribeRegionsRequest()
url = self.get_http_request(acs_client, request)
self.assertTrue(url.find("AccessKeyId=STS."))
response = acs_client.do_action_with_exception(request)
ret = self.get_dict_response(response)
self.assertTrue(ret.get("Regions"))
self.assertTrue(ret.get("RequestId"))
def __init__(self):
self.ram_role_arn_credential = RamRoleArnCredential(
'******', '*****', '*****', '****')
self.acs_client = AcsClient(region_id='cn-beijing',
credential=self.ram_role_arn_credential)