def test_ecs_ram_role_signer(self): credential = RamRoleArnCredential( "sts_access_key_id", "sts_access_key_secret", "role_arn", "session_role_name") signer = RamRoleArnSigner(credential, self.do_action_200) self.assertEqual("session_role_name", signer._credential.session_role_name) credential = RamRoleArnCredential( "sts_access_key_id", "sts_access_key_secret", "role_arn", "") signer2 = RamRoleArnSigner(credential, None) self.assertTrue( signer2._credential.session_role_name.startswith("aliyun-python-sdk-")) request = RpcRequest("product", "version", "action_name") headers, url = signer.sign('cn-hangzhou', request) self.assertEqual(request.get_query_params().get( "SecurityToken"), 'security_token') # # self.assertEqual(url, '/?SignatureVersion=1.0&Format=None" # "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou" # "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1&Version=version" # "&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D&Action=action_name" # "&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=') request = RoaRequest("product", "version", "action_name", uri_pattern="/") request.set_method('get') self.assertIsNone(request.get_headers().get("x-acs-security-token")) headers, url = signer.sign('cn-hangzhou', request) self.assertEqual(request.get_headers().get( "x-acs-security-token"), 'security_token') request = RpcRequest("product", "version", "action_name") signer3 = RamRoleArnSigner(credential, self.do_action_400) with self.assertRaises(ServerException) as ex: signer3.sign('cn-hangzhou', request) self.assertEqual( "refresh session token failed, server return: XXXX", ex.exception.message)
def __get_secret_value(self, secret_name): get_secret_request = RpcRequest('Kms', '2016-01-20', 'GetSecretValue', 'kms') get_secret_request._protocol_type = "https" get_secret_request.add_query_param('SecretName', secret_name) get_secret_request.add_query_param('VersionStage', self.stage) get_secret_request.add_query_param('FetchExtendedConfig', True) get_secret_request.set_accept_format("JSON") try: get_secret_resp = self.secret_client.get_secret_value( get_secret_request) resp_json = json.loads(get_secret_resp.decode(encoding="utf-8")) except ClientException as e: get_logger().error("action:get_secret_value", exc_info=True) if judge_need_recovery_exception(e): try: secret_info = self.cache_hook.recovery_get_secret( secret_name) if secret_info is not None: return secret_info else: raise e except ClientException: get_logger().error("action:recovery_get_secret", exc_info=True) raise e else: raise e return convert_json_to_secret_info(resp_json)
def test_rsa_key_pair_signer_other_exception(self): public_key_path = os.path.join(os.path.dirname( __file__), "..", "..", "fixtures", "id_rsa.pub") public_key_id = open(public_key_path).read() private_key_path = os.path.join(os.path.dirname( __file__), "..", "..", "fixtures", "id_rsa") private_key_id = open(private_key_path).read() # ok credential = RsaKeyPairCredential( public_key_id, private_key_id, session_period=3600) signer = RsaKeyPairSigner(credential, "region_id") # for rpc request = RpcRequest("product", "version", "action_name") self.assertIsNone(request.get_query_params().get("SecurityToken")) signer._sts_client = Mock() do_action = Mock() do_action.side_effect = ServerException( "BOOM", "msg") signer._sts_client.do_action_with_exception = do_action with self.assertRaises(ServerException) as se: signer.sign('cn-hangzhou', request) self.assertEqual("BOOM", se.exception.error_code) self.assertEqual( "msg", se.exception.message)
def test_resolve_endpoint3(self): request = RpcRequest('Ecs', '2014-05-26', 'DescribeRegions', 'ecs') request.set_accept_format('JSON') client.region_provider.add_endpoint("Ecs", 'cn-zhangjiakou', 'ecs.cn-zhangjiakou123.aliyuncs.com') endpoint = self.acs_client._resolve_endpoint(request) print(endpoint) assert endpoint == 'ecs.cn-zhangjiakou123.aliyuncs.com'
def test_sts_token_signer(self): credential = StsTokenCredential('sts_access_key_id', 'sts_access_key_secret', 'sts_token') signer = StsTokenSigner(credential) # for rpc request = RpcRequest("product", "version", "action_name") self.assertIsNone(request.get_query_params().get("SecurityToken")) headers, url = signer.sign('cn-hangzhou', request) self.assertDictEqual( request.get_headers(), { 'x-acs-action': 'action_name', 'x-acs-version': 'version', 'x-sdk-invoke-type': 'normal' }) self.assertEqual(request.get_query_params().get("SecurityToken"), 'sts_token') # self.assertEqual(url, "/?SignatureVersion=1.0&Format=None" # "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou" # "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1&Version=version" # "&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D&Action=action_name" # "&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=') request = RoaRequest("product", "version", "action_name", uri_pattern="/") request.set_method('get') self.assertIsNone(request.get_headers().get("x-acs-security-token")) headers, url = signer.sign('cn-hangzhou', request) self.assertEqual(request.get_headers().get("x-acs-security-token"), 'sts_token')
def test_ecs_ram_role_signer(self, mock_urlopen): credential = EcsRamRoleCredential("role") signer = EcsRamRoleSigner(credential) request = RpcRequest("product", "version", "action_name") res = Mock() res.read.return_value = ensure_bytes('{"Code": "Success","AccessKeyId":"access_key_id",\ "AccessKeySecret":"access_key_secret","Expiration":3600,\ "SecurityToken": "security_token"}') mock_urlopen.return_value = res headers, url = signer.sign('cn-hangzhou', request) mock_urlopen.assert_called_once_with( 'http://100.100.100.200/latest/meta-data/ram/security-credentials/role') self.assertEqual(request.get_query_params().get( "SecurityToken"), 'security_token') # self.assertEqual(url, '/?SignatureVersion=1.0&Format=None" # "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou" # "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1" # "&Version=version&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D" # "&Action=action_name&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=') request = RoaRequest("product", "version", "action_name", uri_pattern="/") request.set_method('get') self.assertIsNone(request.get_headers().get("x-acs-security-token")) headers, url = signer.sign('cn-hangzhou', request) self.assertEqual(request.get_headers().get( "x-acs-security-token"), 'security_token')
def test_rpc_request_get_url(self, mock_get_iso_8061_date, mock_get_uuid): mock_get_iso_8061_date.return_value = "2018-12-04T04:03:12Z" mock_get_uuid.return_value = "7e1c7d12-7551-4856-8abb-1938ccac6bcc" # url r = RpcRequest("product", "version", "action_name") url = r.get_url("regionid", "accesskeyid", "secret") mock_get_iso_8061_date.assert_called_once_with() mock_get_uuid.assert_called_once_with() self.assertEqual( url, "/?SignatureVersion=1.0&Format=None&Timestamp=7e1c7d12-7551-4856-8abb-1938ccac6bcc&RegionId=regionid&AccessKeyId=accesskeyid&SignatureMethod=HMAC-SHA1&Version=version&Signature=Ej4GsaOI7FJyN00E5OpDHHCx2vk%3D&Action=action_name&SignatureNonce=2018-12-04T04%3A03%3A12Z&SignatureType=" ) # with none query params r.set_query_params(None) url = r.get_url("regionid", "accesskeyid", "secret") self.assertEqual( url, "/?SignatureVersion=1.0&Format=None&Timestamp=7e1c7d12-7551-4856-8abb-1938ccac6bcc&RegionId=regionid&AccessKeyId=accesskeyid&SignatureMethod=HMAC-SHA1&Version=version&Signature=Ej4GsaOI7FJyN00E5OpDHHCx2vk%3D&Action=action_name&SignatureNonce=2018-12-04T04%3A03%3A12Z&SignatureType=" ) # with region id key r.set_query_params({'RegionId': 'regionid'}) url = r.get_url("regionid", "accesskeyid", "secret") self.assertEqual( url, "/?SignatureVersion=1.0&Format=None&Timestamp=7e1c7d12-7551-4856-8abb-1938ccac6bcc&RegionId=regionid&AccessKeyId=accesskeyid&SignatureMethod=HMAC-SHA1&Version=version&Signature=Ej4GsaOI7FJyN00E5OpDHHCx2vk%3D&Action=action_name&SignatureNonce=2018-12-04T04%3A03%3A12Z&SignatureType=" )
def test_default_protocol_type(self): self.assertEqual(get_default_protocol_type(), "http") set_default_protocol_type("https") self.assertEqual(get_default_protocol_type(), "https") with self.assertRaises(ClientException) as ex: set_default_protocol_type("WSS") self.assertEqual(ex.exception.error_code, "SDK.InvalidParams") self.assertEqual(ex.exception.message, "Invalid 'protocol_type', should be 'http' or 'https'") set_default_protocol_type("http") r = RpcRequest("product", "version", "action_name") self.assertEqual(r.get_protocol_type(), 'http') r = RpcRequest("product", "version", "action_name", protocol='https') self.assertEqual(r.get_protocol_type(), 'https') r = RpcRequest("product", "version", "action_name", protocol='http') self.assertEqual(r.get_protocol_type(), 'http')
def Domain_Record(self, RR, Type, Value): request = RpcRequest('Alidns', '2015-01-09', 'UpdateDomainRecord') request.add_query_param("RecordId", '3645564013972480') request.add_query_param("RR", RR) request.add_query_param("Type", Type) request.add_query_param("Value", Value) request.set_accept_format('json') response = self._send_request(request) return response
def get_reslut(self, type, domain=None, PageNumber=1): try: clt = client.AcsClient(self.AccessKeyId, self.AccessKeySecret, 'cn-shanghai') if type == "domain": request = RpcRequest('Alidns', '2015-01-09', 'DescribeDomains') request.add_query_param("PageSize", 100) else: request = RpcRequest('Alidns', '2015-01-09', 'DescribeDomainRecords') request.add_query_param("DomainName", domain) request.add_query_param("PageSize", 500) request.add_query_param("PageNumber", PageNumber) request.set_accept_format('json') json_response = json.loads(clt.do_action_with_exception(request)) except: json_response = None return json_response
def _getSubDomain(self, args): logger.info('fetching subdomain') if not self.attrsNotNone(args, 'host', 'domain'): raise Exception('Invalid request') req = RpcRequest('Alidns', '2015-01-09', 'DescribeSubDomainRecords') req.add_query_param('SubDomain', '.'.join([args.host, args.domain])) # req.add_query_param('Type', getattr(args, 'type') or 'A') res = self.do(req) return res
def _deleteRecord(self, args): logger.info('deleting record') if not self.attrsNotNone(args, 'id'): raise Exception('Invalid request') req = RpcRequest('Alidns', '2015-01-09', 'DeleteDomainRecord') req.add_query_param('RecordId', args.id) res = self.do(req) return res
def _listSubDomain(self, args): logger.info('listing domain records') if not self.attrsNotNone(args, 'domain'): raise Exception('Invalid request') req = RpcRequest('Alidns', '2015-01-09', 'DescribeDomainRecords') req.add_query_param('DomainName', args.domain) # req.add_query_param('Type', getattr(args, 'type') or 'A') res = self.do(req) return res
def update_record(record_id, domain_record, record_value): req = RpcRequest(PROD, VERSION, 'UpdateDomainRecord', 'JSON') req.add_query_param('RecordId', record_id) req.add_query_param('RR', domain_record) req.add_query_param('Type', RECORD_TYPE) req.add_query_param('Value', record_value) req.add_query_param('TTL', TTL) resp = json.loads(client.do_action(req)) return resp['RecordId']
def getDNSrecords(): global product, version, accesskey, accesspasswd clt = client.AcsClient(accesskey, accesspasswd, 'cn-hangzhou') # request=RpcRequest('Alidns', '2015-01-09', 'DescribeDomainRecords') # request.add_query_param("DomainName","wiki.leo.com") request = RpcRequest('Alidns', '2015-01-09', 'DescribeSubDomainRecords') request.add_query_param("SubDomain", "intranet.xxx.com") request.set_accept_format('json') response = clt.do_action(request) return eval(response.replace('false', '0'))
def add_record(domain_record, record_value): req = RpcRequest(PROD, VERSION, 'AddDomainRecord', 'JSON') req.add_query_param('DomainName', DOMAIN_NAME) req.add_query_param('RR', domain_record) req.add_query_param('Type', RECORD_TYPE) req.add_query_param('Value', record_value) req.add_query_param('TTL', TTL) resp = json.loads(client.do_action(req)) return resp['RecordId']
def get_secret_value(self, get_secret_value_req): futures = [] finished = [] if self.signer is not None and isinstance(self.signer, ClientKeySigner): get_secret_value_req._signer = sha_hmac256 for i in range(len(self.region_info_list)): if i == 0: try: return self.__get_secret_value( self.region_info_list[i], get_secret_value_req) except ClientException as e: get_logger().error("action:__get_secret_value", exc_info=True) if not judge_need_recovery_exception(e): raise e get_secret_request = RpcRequest( get_secret_value_req._product, get_secret_value_req._version, get_secret_value_req._action_name, get_secret_value_req._location_service_code, signer=get_secret_value_req._signer) get_secret_request._protocol_type = get_secret_value_req._protocol_type get_secret_request.add_query_param( 'SecretName', get_secret_value_req.get_query_params().get('SecretName')) get_secret_request.add_query_param( 'VersionStage', get_secret_value_req.get_query_params().get( 'VersionStage')) get_secret_request.add_query_param( 'FetchExtendedConfig', get_secret_value_req.get_query_params().get( 'FetchExtendedConfig')) future = self.pool.submit(self.__retry_get_secret_value, get_secret_request, self.region_info_list[i], finished) futures.append(future) try: if wait(futures, self.request_waiting_time, return_when=FIRST_COMPLETED): for future in futures: if not future.done(): future.cancel() else: return future.result() except Exception as e: get_logger().error("action:__retry_get_secret_value_task", exc_info=True) raise e finally: finished.append(True) raise ClientException(error_code.SDK_HTTP_ERROR, "refreshSecretTask fail")
def setDNSrecord(record, ip): global product, version, accesskey, accesspassw clt = client.AcsClient(accesskey, accesspasswd, 'cn-hangzhou') request = RpcRequest('Alidns', '2015-01-09', 'UpdateDomainRecord') request.add_query_param("RecordId", record['RecordId']) request.add_query_param("RR", record['RR']) request.add_query_param("Type", record['Type']) request.add_query_param("Value", ip) request.set_accept_format('json') response = clt.do_action(request) print response
def test_http_proxy(self): client = AcsClient("id", "aks", region_id='cn-hangzhou', proxy={'http': 'http://127.0.0.1:8080'}) request = RpcRequest('sts', '2020', 'test') try: client.do_action_with_exception(request) except ClientException as e: self.assertEqual(e.get_error_code(), 'SDK.HttpError') self.assertIn('Cannot connect to proxy', e.message)
def test_accesskey_signer(self): credential = AccessKeyCredential('access_key_id', 'access_key_secret') signer = AccessKeySigner(credential) request = RpcRequest("product", "version", "action_name") headers, url = signer.sign('cn-hangzhou', request) self.assertDictEqual( request.get_headers(), { 'x-acs-action': 'action_name', 'x-acs-version': 'version', 'x-sdk-invoke-type': 'normal' })
def _deleteSubDomain(self, args): logger.info('deleting subdomain') if not self.attrsNotNone(args, 'host', 'domain'): raise Exception('Invalid request') req = RpcRequest('Alidns', '2015-01-09', 'DeleteSubDomainRecords') req.add_query_param('DomainName', args.domain) req.add_query_param('RR', args.host) # req.add_query_param('Type', getattr(args, 'type') or 'A') res = self.do(req) return res
def test_ecs_ram_role_signer_unsuccess(self, mock_urlopen): credential = EcsRamRoleCredential("role") signer = EcsRamRoleSigner(credential) request = RpcRequest("product", "version", "action_name") res = Mock() res.read.return_value = ensure_bytes('{"Code": "400"}') mock_urlopen.return_value = res with self.assertRaises(ServerException) as ex: signer.sign('cn-hangzhou', request) self.assertEqual( "refresh Ecs sts token err, code is 400", ex.exception.message)
def _addRecord(self, args): logger.info('adding record') if not self.attrsNotNone(args, 'host', 'domain', 'value'): raise Exception('Invalid request') req = RpcRequest('Alidns', '2015-01-09', 'AddDomainRecord') req.add_query_param('DomainName', args.domain) req.add_query_param('RR', args.host) req.add_query_param('Value', args.value) req.add_query_param('Type', getattr(args, 'type') or 'A') res = self.do(req) return res
def get_dns_records(domain): """ DescribeDomainRecords """ access_key_id, access_key_secret = get_access() clt = client.AcsClient(access_key_id, access_key_secret, "cn-hangzhou") request = RpcRequest("Alidns", "2015-01-09", "DescribeDomainRecords") request.add_query_param("DomainName", domain) request.set_accept_format("json") response = clt.do_action_with_exception(request) response_json = json.loads(response.decode()) return response_json
def set_dns_records(record, ip, oldip): """ UpdateDomainRecord """ access_key_id, access_key_secret = get_access() clt = client.AcsClient(access_key_id, access_key_secret, "cn-hangzhou") request = RpcRequest("Alidns", "2015-01-09", "UpdateDomainRecord") request.add_query_param("RecordId", record["RecordId"]) request.add_query_param("RR", record["RR"]) request.add_query_param("Type", record["Type"]) request.add_query_param("Value", ip) response = clt.do_action_with_exception(request) logger.info("{} old:{} new:{}".format(response.decode(), oldip, ip))
def get_record(): req = RpcRequest(PROD, VERSION, 'DescribeDomainRecords', 'JSON') req.add_query_param('DomainName', DOMAIN_NAME) resp = json.loads(client.do_action(req)) record_id = None record_value = None for record in resp['DomainRecords']['Record']: if record['RR'] == DOMAIN_RECORD: record_id = record['RecordId'] if record['Type'] != RECORD_TYPE: raise Exception('The record is already exsits and the type not same.') record_value = record['Value'] return record_id, record_value
def test_json_content_type(self): client = AcsClient("id", "aks", region_id='cn-hangzhou', port=51352) request = RpcRequest('sts', '2020', 'test') request.endpoint = 'localhost' request.set_method('POST') request.set_content_type('application/json') request.add_body_params('key', 'value') response = self.do_request(client, request) if sys.version_info.major == 2: headers = { item.split(':')[0]: item.split(':')[1] for item in response.headers.headers } else: headers = dict(response.headers._headers) self.assertEqual('application/json', headers['Content-Type'].strip('\r\n '))
def test_resolve_endpoint(self): client = AcsClient("id", "aks", region_id='', port=51352) req = RpcRequest('sts', '2020', 'test') req.endpoint = 'localhost' req.request_network = '' req.product_suffix = '' self.do_request(client, req) try: client._resolve_endpoint(req) except Exception as e: self.assertEqual("No such region ''. Please check your region ID.", e.message) client.set_region_id('cn@hangzhou') try: client._resolve_endpoint(req) except Exception as e: self.assertEqual( 'The parameter region_id not match with ^[a-zA-Z0-9_-]+$', e.message)
def send_sms(name): REGION = "cn-hangzhou" PRODUCT_NAME = "Dysmsapi" DOMAIN = "dysmsapi.aliyuncs.com" # need modify ACCESS_KEY_ID='YourKey' ACCESS_KEY_SECRET='YourSecret' TemplateParam = {"name": name} rpc_request = RpcRequest('Dysmsapi', '2017-05-25', 'SendSms') rpc_request.add_query_param('TemplateCode', 'SMS_77130046') rpc_request.add_query_param('TemplateParam', json.dumps(TemplateParam)) rpc_request.add_query_param('OutId', uuid.uuid1()) rpc_request.add_query_param('SignName', 'MKeng提醒') rpc_request.add_query_param('PhoneNumbers', '18829028766') region_provider.add_endpoint(PRODUCT_NAME, REGION, DOMAIN) acs_client = AcsClient(ACCESS_KEY_ID, ACCESS_KEY_SECRET, REGION) response = acs_client.do_action_with_exception(rpc_request) return response
def test_rsa_key_pair_signer(self): public_key_path = os.path.join(os.path.dirname( __file__), "..", "..", "fixtures", "id_rsa.pub") public_key_id = open(public_key_path).read() private_key_path = os.path.join(os.path.dirname( __file__), "..", "..", "fixtures", "id_rsa") private_key_id = open(private_key_path).read() # invalid session period with self.assertRaises(ClientException) as ce: credential = RsaKeyPairCredential( public_key_id, private_key_id, session_period=12) RsaKeyPairSigner(credential, "region_id") self.assertEqual( "Session expiration must between 900 and 3600 seconds", ce.exception.message) # ok credential = RsaKeyPairCredential( public_key_id, private_key_id, session_period=3600) signer = RsaKeyPairSigner(credential, "region_id") # for rpc request = RpcRequest("product", "version", "action_name") self.assertIsNone(request.get_query_params().get("SecurityToken")) signer._sts_client = Mock() do_action = Mock() do_action.return_value = ensure_bytes( '{"SessionAccessKey":{"SessionAccessKeyId":"session_access_key_id",' + '"SessionAccessKeySecret":"session_access_key_secret"}}') signer._sts_client.do_action_with_exception = do_action headers, url = signer.sign('cn-hangzhou', request) # self.assertEqual(url, '/?SignatureVersion=1.0&Format=None" # "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou" # "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1" # "&Version=version&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D" # "&Action=action_name&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=') # second headers, url = signer.sign('cn-hangzhou', request) # mock should update signer._last_update_time = signer._last_update_time - signer._session_period - 10 headers, url = signer.sign('cn-hangzhou', request)