def test_ecs_ram_role_signer(self, mock_urlopen): credential = EcsRamRoleCredential("role") signer = EcsRamRoleSigner(credential) request = RpcRequest("product", "version", "action_name") res = Mock() res.read.return_value = ensure_bytes('{"Code": "Success","AccessKeyId":"access_key_id",\ "AccessKeySecret":"access_key_secret","Expiration":3600,\ "SecurityToken": "security_token"}') mock_urlopen.return_value = res headers, url = signer.sign('cn-hangzhou', request) mock_urlopen.assert_called_once_with( 'http://100.100.100.200/latest/meta-data/ram/security-credentials/role') self.assertEqual(request.get_query_params().get( "SecurityToken"), 'security_token') # self.assertEqual(url, '/?SignatureVersion=1.0&Format=None" # "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou" # "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1" # "&Version=version&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D" # "&Action=action_name&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=') request = RoaRequest("product", "version", "action_name", uri_pattern="/") request.set_method('get') self.assertIsNone(request.get_headers().get("x-acs-security-token")) headers, url = signer.sign('cn-hangzhou', request) self.assertEqual(request.get_headers().get( "x-acs-security-token"), 'security_token')
def test_ecs_ram_role(self): # push ecs from aliyunsdkcore.auth.credentials import EcsRamRoleCredential ecs_ram_role_credential = EcsRamRoleCredential("TestRole") acs_client = AcsClient(region_id="cn-hangzhou", credential=ecs_ram_role_credential) request = DescribeRegionsRequest() response = acs_client.do_action_with_exception(request)
def _prepare_kms(self): if not ((self.region_id and self.kms_ak and self.kms_secret) or (self.region_id and self.ram_role_name)): return False if not self.kms_client: if self.ram_role_name: self.kms_client = AcsClient(region_id=self.region_id, credential=EcsRamRoleCredential(self.ram_role_name)) else: self.kms_client = AcsClient(ak=self.kms_ak, secret=self.kms_secret, region_id=self.region_id) return True
def test_ecs_ram_role_signer_unsuccess(self, mock_urlopen): credential = EcsRamRoleCredential("role") signer = EcsRamRoleSigner(credential) request = RpcRequest("product", "version", "action_name") res = Mock() res.read.return_value = ensure_bytes('{"Code": "400"}') mock_urlopen.return_value = res with self.assertRaises(ServerException) as ex: signer.sign('cn-hangzhou', request) self.assertEqual( "refresh Ecs sts token err, code is 400", ex.exception.message)
def main(): conn = None device_opt = [ "port", "no_password", "region", "access_key", "secret_key", "ram_role" ] atexit.register(atexit_handler) define_new_opts() all_opt["power_timeout"]["default"] = "60" options = check_input(device_opt, process_input(device_opt)) docs = {} docs["shortdesc"] = "Fence agent for Aliyun (Aliyun Web Services)" docs["longdesc"] = "fence_aliyun is an I/O Fencing agent for Aliyun" docs["vendorurl"] = "http://www.aliyun.com" show_docs(options, docs) run_delay(options) if "--region" in options: region = options["--region"] if "--access-key" in options and "--secret-key" in options: access_key = options["--access-key"] secret_key = options["--secret-key"] conn = client.AcsClient(access_key, secret_key, region) elif "--ram-role" in options: ram_role = options["--ram-role"] role = EcsRamRoleCredential(ram_role) conn = client.AcsClient(region_id=region, credential=role) else: fail_usage( "Failed: User credentials are not set. Please set the Access Key and the Secret Key, or configure the RAM role." ) # Use intranet endpoint to access ECS service try: region_provider.modify_point('Ecs', region, 'ecs.%s.aliyuncs.com' % region) except Exception as e: logging.warn( "Failed: failed to modify endpoint to 'ecs.%s.aliyuncs.com': %s" % (region, e)) # Operate the fencing device result = fence_action(conn, options, set_power_status, get_power_status, get_nodes_list) sys.exit(result)
def make_request_new(self, params): if not params: raise Exception("Request parameters should not be empty.") conn = None if self.acs_access_key_id and self.acs_secret_access_key: conn = client.AcsClient(self.acs_access_key_id, self.acs_secret_access_key, self.region, user_agent=self.user_agent) if self.security_token: sts_token_credential = StsTokenCredential(self.access_key, self.secret_key, self.security_token) conn = client.AcsClient(region_id=self.region, user_agent=self.user_agent, credential=sts_token_credential) else: if self.ecs_role_name: ecs_ram_role_credential = EcsRamRoleCredential(self.ecs_role_name) conn = client.AcsClient(region_id=self.region, user_agent=self.user_agent, credential=ecs_ram_role_credential) if not conn: footmark.log.error('%s %s' % ('Null AcsClient ', conn)) raise self.FootmarkClientError('Null AcsClient ', conn) timeout = 200 delay = 3 if not isinstance(params, dict): raise Exception("Invalid request parameters: {0} should be a dict.".format(params)) if not params.get('Action', params.get('action')): raise Exception("'Action' is required for this request.") while timeout > 0: request = self.import_request(params.get('Action', params.get('action'))) request.set_accept_format('json') try: for k, v in list(params.items()): if hasattr(request, k): getattr(request, k)(v) else: request.add_query_param(k[4:], v) return conn.do_action_with_exception(request) except ServerException as e: if str(e.error_code) == "SDK.ServerUnreachable" \ or str(e.message).__contains__("SDK.ServerUnreachable") \ or str(e.message).__contains__("Unable to connect server: timed out"): time.sleep(delay) timeout -= delay continue raise e except Exception as e: raise e return None
def main(): conn = None device_opt = [ "port", "no_password", "region", "access_key", "secret_key", "ram_role" ] atexit.register(atexit_handler) define_new_opts() all_opt["power_timeout"]["default"] = "60" options = check_input(device_opt, process_input(device_opt)) docs = {} docs["shortdesc"] = "Fence agent for Aliyun (Aliyun Web Services)" docs["longdesc"] = "fence_aliyun is an I/O Fencing agent for Aliyun" docs["vendorurl"] = "http://www.aliyun.com" show_docs(options, docs) run_delay(options) if "--region" in options: region = options["--region"] if "--access-key" in options and "--secret-key" in options: access_key = options["--access-key"] secret_key = options["--secret-key"] conn = client.AcsClient(access_key, secret_key, region) elif "--ram-role" in options: ram_role = options["--ram-role"] _check_role(ram_role) role = EcsRamRoleCredential(ram_role) conn = client.AcsClient(region_id=region, credential=role) region_provider.modify_point('Ecs', region, 'ecs.%s.aliyuncs.com' % region) # Operate the fencing device result = fence_action(conn, options, set_power_status, get_power_status, get_nodes_list) sys.exit(result)
import sys if (len(sys.argv) != 4): print("usage: " + sys.argv[0] + " zone_id reverse_zone_id role_name") exit(1) else: zone_id = sys.argv[1] reverse_zone_id = sys.argv[2] role_name = sys.argv[3] print("hostname=" + hostname) print("ip=" + ip) print("record=" + record) print("zone_id=" + zone_id) print("reverse_zone_id=" + reverse_zone_id) credential = EcsRamRoleCredential(role_name) client = AcsClient(credential=credential) # get zone name from zone_id request = DescribeZoneInfoRequest() request.set_accept_format('json') request.set_ZoneId(zone_id) response = client.do_action_with_exception(request) import json json = json.loads(response) domain_name = json["ZoneName"] print("domain_name=" + domain_name) request = AddZoneRecordRequest() request.set_accept_format('json')
def test_EcsRamRoleCredential(self): c = EcsRamRoleCredential("role_name") self.assertEqual("role_name", c.role_name)