def get_signer(cred, region_id, do_action_api, debug=False): if cred['ak'] is not None and cred['secret'] is not None: access_key_credential = credentials.AccessKeyCredential(cred['ak'], cred['secret']) return access_key_signer.AccessKeySigner(access_key_credential) elif os.environ.get('ALIYUN_ACCESS_KEY_ID') is not None and os.environ.get('ALIYUN_ACCESS_KEY_SECRET') is not None: access_key_credential = credentials.AccessKeyCredential(os.environ.get('ALIYUN_ACCESS_KEY_ID'), os.environ.get('ALIYUN_ACCESS_KEY_SECRET')) return access_key_signer.AccessKeySigner(access_key_credential) elif cred['credential'] is not None: credential = cred['credential'] if isinstance(credential, credentials.AccessKeyCredential): return access_key_signer.AccessKeySigner(credential) elif isinstance(credential, credentials.StsTokenCredential): return sts_token_signer.StsTokenSigner(credential) elif isinstance(credential, credentials.RamRoleArnCredential): return ram_role_arn_signer.RamRoleArnSigner(credential, do_action_api) elif isinstance(credential, credentials.EcsRamRoleCredential): return ecs_ram_role_singer.EcsRamRoleSigner(credential) elif isinstance(credential, credentials.RsaKeyPairCredential): return rsa_key_pair_signer.RsaKeyPairSigner(credential, region_id, debug) elif cred['public_key_id'] is not None and cred['private_key'] is not None: logging.info("'AcsClient(regionId, pub_key_id, pri_key)' is deprecated") rsa_key_pair_credential = credentials.RsaKeyPairCredential(cred['public_key_id'], cred['private_key'], cred['session_period'], region_id, debug) return rsa_key_pair_signer.RsaKeyPairSigner(rsa_key_pair_credential) else: raise exceptions.ClientException(error_code.SDK_INVALID_CREDENTIAL, error_msg.get_msg('SDK_INVALID_CREDENTIAL'))
def load_credentials_properties(file_name): if file_name is None or file_name == "": file_name = const.DEFAULT_CONFIG_NAME config_dict = config_utils.Properties(file_name).get_properties() credential = None region_info_list = [] secret_name_list = [] if config_dict is not None and len(config_dict) > 0: credentials_type = config_dict.get(env_const.ENV_CREDENTIALS_TYPE_KEY) access_key_id = config_dict.get(env_const.ENV_CREDENTIALS_ACCESS_KEY_ID_KEY) access_secret = config_dict.get(env_const.ENV_CREDENTIALS_ACCESS_SECRET_KEY) check_config_param(credentials_type, env_const.ENV_CREDENTIALS_TYPE_KEY) region_ids = config_dict.get(env_const.ENV_CACHE_CLIENT_REGION_ID_KEY) check_config_param(region_ids, env_const.ENV_CACHE_CLIENT_REGION_ID_KEY) try: region_dict_list = json.loads(region_ids) for region_dict in region_dict_list: region_info_list.append(RegionInfo( None if region_dict.get( env_const.ENV_REGION_REGION_ID_NAME_KEY) == '' else region_dict.get( env_const.ENV_REGION_REGION_ID_NAME_KEY), region_dict.get(env_const.ENV_REGION_VPC_NAME_KEY), None if region_dict.get( env_const.ENV_REGION_ENDPOINT_NAME_KEY) == '' else region_dict.get( env_const.ENV_REGION_ENDPOINT_NAME_KEY))) except Exception: raise ValueError( ("config param.get(%s) is illegal" % env_const.ENV_CACHE_CLIENT_REGION_ID_KEY)) if credentials_type == "ak": check_config_param(access_key_id, env_const.ENV_CREDENTIALS_ACCESS_KEY_ID_KEY) check_config_param(access_secret, env_const.ENV_CREDENTIALS_ACCESS_SECRET_KEY) credential = credentials.AccessKeyCredential(access_key_id, access_secret) elif credentials_type == "token": access_token_id = config_dict.get(env_const.ENV_CREDENTIALS_ACCESS_TOKEN_ID_KEY) access_token = config_dict.get(env_const.ENV_CREDENTIALS_ACCESS_TOKEN_KEY) check_config_param(access_token_id, env_const.ENV_CREDENTIALS_ACCESS_TOKEN_ID_KEY) check_config_param(access_token, env_const.ENV_CREDENTIALS_ACCESS_TOKEN_KEY) credential = credentials.AccessKeyCredential(access_token_id, access_token) elif credentials_type == "ram_role" or credentials_type == "sts": role_session_name = config_dict.get(env_const.ENV_CREDENTIALS_ROLE_SESSION_NAME_KEY) role_arn = config_dict.get(env_const.ENV_CREDENTIALS_ROLE_ARN_KEY) check_config_param(access_key_id, env_const.ENV_CREDENTIALS_ACCESS_KEY_ID_KEY) check_config_param(access_secret, env_const.ENV_CREDENTIALS_ACCESS_SECRET_KEY) check_config_param(role_session_name, env_const.ENV_CREDENTIALS_ROLE_SESSION_NAME_KEY) check_config_param(role_arn, env_const.ENV_CREDENTIALS_ROLE_ARN_KEY) credential = credentials.RamRoleArnCredential(access_key_id, access_secret, role_arn, role_session_name) elif credentials_type == "ecs_ram_role": role_name = config_dict.get(env_const.ENV_CREDENTIALS_ROLE_NAME_KEY) check_config_param(role_name, env_const.ENV_CREDENTIALS_ROLE_NAME_KEY) credential = credentials.EcsRamRoleCredential(role_name) elif credentials_type == "client_key": client_key_path = config_dict.get(env_const.EnvClientKeyPrivateKeyPathNameKey) check_config_param(client_key_path, env_const.EnvClientKeyPrivateKeyPathNameKey) password = client_key_utils.get_password(config_dict) cred, signer = client_key_utils.load_rsa_key_pair_credential_and_client_key_signer( client_key_path, password) credential = ClientKeyCredential(signer, cred) else: raise ValueError(("config param.get(%s) is illegal" % env_const.ENV_CREDENTIALS_TYPE_KEY)) secret_names = config_dict.get(const.PROPERTIES_SECRET_NAMES_KEY) if secret_names != "" and secret_names is not None: secret_name_list.extend(secret_names.split(",")) credential_properties = CredentialsProperties(credential, secret_name_list, region_info_list, config_dict) return credential_properties return None
def __init_env(self): env_dict = os.environ if self.credential is None: credentials_type = env_dict.get( env_const.ENV_CREDENTIALS_TYPE_KEY) check_evn_param(credentials_type, env_const.ENV_CREDENTIALS_TYPE_KEY) access_key_id = env_dict.get( env_const.ENV_CREDENTIALS_ACCESS_KEY_ID_KEY) access_secret = env_dict.get( env_const.ENV_CREDENTIALS_ACCESS_SECRET_KEY) if credentials_type == "ak": check_evn_param( access_key_id, env_const.ENV_CREDENTIALS_ACCESS_KEY_ID_KEY) check_evn_param( access_secret, env_const.ENV_CREDENTIALS_ACCESS_SECRET_KEY) self.credential = credentials.AccessKeyCredential( access_key_id, access_secret) elif credentials_type == "token": access_token_id = env_dict.get( env_const.ENV_CREDENTIALS_ACCESS_TOKEN_ID_KEY) access_token = env_dict.get( env_const.ENV_CREDENTIALS_ACCESS_TOKEN_KEY) check_evn_param(access_token_id, env_const.ENV_CREDENTIALS_ACCESS_TOKEN_KEY) check_evn_param( access_token, env_const.ENV_CREDENTIALS_ACCESS_TOKEN_ID_KEY) self.credential = credentials.AccessKeyCredential( access_token_id, access_token) elif credentials_type == "ram_role" or credentials_type == "sts": role_session_name = env_dict.get( env_const.ENV_CREDENTIALS_ROLE_SESSION_NAME_KEY) role_arn = env_dict.get( env_const.ENV_CREDENTIALS_ROLE_ARN_KEY) check_evn_param( access_key_id, env_const.ENV_CREDENTIALS_ACCESS_KEY_ID_KEY) check_evn_param( access_secret, env_const.ENV_CREDENTIALS_ACCESS_SECRET_KEY) check_evn_param( role_session_name, env_const.ENV_CREDENTIALS_ROLE_SESSION_NAME_KEY) check_evn_param(role_arn, env_const.ENV_CREDENTIALS_ROLE_ARN_KEY) self.credential = credentials.RamRoleArnCredential( access_key_id, access_secret, role_arn, role_session_name) elif credentials_type == "ecs_ram_role": role_name = env_dict.get( env_const.ENV_CREDENTIALS_ROLE_NAME_KEY) check_evn_param(role_name, env_const.ENV_CREDENTIALS_ROLE_NAME_KEY) self.credential = credentials.EcsRamRoleCredential( role_name) elif credentials_type == "client_key": client_key_path = env_dict.get( env_const.EnvClientKeyPrivateKeyPathNameKey) check_evn_param( client_key_path, env_const.EnvClientKeyPrivateKeyPathNameKey) password = client_key_utils.get_password(env_dict) credential, signer = client_key_utils.load_rsa_key_pair_credential_and_client_key_signer( client_key_path, password) self.credential = ClientKeyCredential(signer, credential) else: raise ValueError(("env param.get(%s) is illegal" % env_const.ENV_CREDENTIALS_TYPE_KEY)) if self.credential is not None: if len(self.region_info_list) == 0: region_json = env_dict.get( env_const.ENV_CACHE_CLIENT_REGION_ID_KEY) check_evn_param( region_json, env_const.ENV_CACHE_CLIENT_REGION_ID_KEY) try: region_dict_list = json.loads(region_json) for region_dict in region_dict_list: self.region_info_list.append( RegionInfo( None if region_dict.get( env_const. ENV_REGION_REGION_ID_NAME_KEY) == '' else region_dict.get( env_const. ENV_REGION_REGION_ID_NAME_KEY), region_dict.get( env_const.ENV_REGION_VPC_NAME_KEY), None if region_dict.get( env_const. ENV_REGION_ENDPOINT_NAME_KEY) == '' else region_dict.get( env_const. ENV_REGION_ENDPOINT_NAME_KEY))) except Exception: raise ValueError( ("env param.get(%s) is illegal" % env_const.ENV_CACHE_CLIENT_REGION_ID_KEY))
def with_access_key(self, access_key_id, access_key_secret): """指定ak sk信息""" self.credential = credentials.AccessKeyCredential( access_key_id, access_key_secret) return self
def with_token(self, token_id, token): """指定token信息""" self.credential = credentials.AccessKeyCredential(token_id, token) return self