def test_ecs_ram_role_signer(self):
credential = RamRoleArnCredential(
"sts_access_key_id", "sts_access_key_secret", "role_arn", "session_role_name")
signer = RamRoleArnSigner(credential, self.do_action_200)
self.assertEqual("session_role_name",
signer._credential.session_role_name)
credential = RamRoleArnCredential(
"sts_access_key_id", "sts_access_key_secret", "role_arn", "")
signer2 = RamRoleArnSigner(credential, None)
self.assertTrue(
signer2._credential.session_role_name.startswith("aliyun-python-sdk-"))
request = RpcRequest("product", "version", "action_name")
headers, url = signer.sign('cn-hangzhou', request)
self.assertEqual(request.get_query_params().get(
"SecurityToken"), 'security_token')
# # self.assertEqual(url, '/?SignatureVersion=1.0&Format=None"
# "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou"
# "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1&Version=version"
# "&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D&Action=action_name"
# "&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=')
request = RoaRequest("product", "version",
"action_name", uri_pattern="/")
request.set_method('get')
self.assertIsNone(request.get_headers().get("x-acs-security-token"))
headers, url = signer.sign('cn-hangzhou', request)
self.assertEqual(request.get_headers().get(
"x-acs-security-token"), 'security_token')
request = RpcRequest("product", "version", "action_name")
signer3 = RamRoleArnSigner(credential, self.do_action_400)
with self.assertRaises(ServerException) as ex:
signer3.sign('cn-hangzhou', request)
self.assertEqual(
"refresh session token failed, server return: XXXX", ex.exception.message)
def __get_secret_value(self, secret_name):
get_secret_request = RpcRequest('Kms', '2016-01-20', 'GetSecretValue',
'kms')
get_secret_request._protocol_type = "https"
get_secret_request.add_query_param('SecretName', secret_name)
get_secret_request.add_query_param('VersionStage', self.stage)
get_secret_request.add_query_param('FetchExtendedConfig', True)
get_secret_request.set_accept_format("JSON")
try:
get_secret_resp = self.secret_client.get_secret_value(
get_secret_request)
resp_json = json.loads(get_secret_resp.decode(encoding="utf-8"))
except ClientException as e:
get_logger().error("action:get_secret_value", exc_info=True)
if judge_need_recovery_exception(e):
try:
secret_info = self.cache_hook.recovery_get_secret(
secret_name)
if secret_info is not None:
return secret_info
else:
raise e
except ClientException:
get_logger().error("action:recovery_get_secret",
exc_info=True)
raise e
else:
raise e
return convert_json_to_secret_info(resp_json)
def test_rsa_key_pair_signer_other_exception(self):
public_key_path = os.path.join(os.path.dirname(
__file__), "..", "..", "fixtures", "id_rsa.pub")
public_key_id = open(public_key_path).read()
private_key_path = os.path.join(os.path.dirname(
__file__), "..", "..", "fixtures", "id_rsa")
private_key_id = open(private_key_path).read()
# ok
credential = RsaKeyPairCredential(
public_key_id, private_key_id, session_period=3600)
signer = RsaKeyPairSigner(credential, "region_id")
# for rpc
request = RpcRequest("product", "version", "action_name")
self.assertIsNone(request.get_query_params().get("SecurityToken"))
signer._sts_client = Mock()
do_action = Mock()
do_action.side_effect = ServerException(
"BOOM", "msg")
signer._sts_client.do_action_with_exception = do_action
with self.assertRaises(ServerException) as se:
signer.sign('cn-hangzhou', request)
self.assertEqual("BOOM", se.exception.error_code)
self.assertEqual(
"msg", se.exception.message)
def test_resolve_endpoint3(self):
request = RpcRequest('Ecs', '2014-05-26', 'DescribeRegions', 'ecs')
request.set_accept_format('JSON')
client.region_provider.add_endpoint("Ecs", 'cn-zhangjiakou', 'ecs.cn-zhangjiakou123.aliyuncs.com')
endpoint = self.acs_client._resolve_endpoint(request)
print(endpoint)
assert endpoint == 'ecs.cn-zhangjiakou123.aliyuncs.com'
def test_sts_token_signer(self):
credential = StsTokenCredential('sts_access_key_id',
'sts_access_key_secret', 'sts_token')
signer = StsTokenSigner(credential)
# for rpc
request = RpcRequest("product", "version", "action_name")
self.assertIsNone(request.get_query_params().get("SecurityToken"))
headers, url = signer.sign('cn-hangzhou', request)
self.assertDictEqual(
request.get_headers(), {
'x-acs-action': 'action_name',
'x-acs-version': 'version',
'x-sdk-invoke-type': 'normal'
})
self.assertEqual(request.get_query_params().get("SecurityToken"),
'sts_token')
# self.assertEqual(url, "/?SignatureVersion=1.0&Format=None"
# "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou"
# "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1&Version=version"
# "&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D&Action=action_name"
# "&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=')
request = RoaRequest("product",
"version",
"action_name",
uri_pattern="/")
request.set_method('get')
self.assertIsNone(request.get_headers().get("x-acs-security-token"))
headers, url = signer.sign('cn-hangzhou', request)
self.assertEqual(request.get_headers().get("x-acs-security-token"),
'sts_token')
def test_ecs_ram_role_signer(self, mock_urlopen):
credential = EcsRamRoleCredential("role")
signer = EcsRamRoleSigner(credential)
request = RpcRequest("product", "version", "action_name")
res = Mock()
res.read.return_value = ensure_bytes('{"Code": "Success","AccessKeyId":"access_key_id",\
"AccessKeySecret":"access_key_secret","Expiration":3600,\
"SecurityToken": "security_token"}')
mock_urlopen.return_value = res
headers, url = signer.sign('cn-hangzhou', request)
mock_urlopen.assert_called_once_with(
'http://100.100.100.200/latest/meta-data/ram/security-credentials/role')
self.assertEqual(request.get_query_params().get(
"SecurityToken"), 'security_token')
# self.assertEqual(url, '/?SignatureVersion=1.0&Format=None"
# "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou"
# "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1"
# "&Version=version&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D"
# "&Action=action_name&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=')
request = RoaRequest("product", "version",
"action_name", uri_pattern="/")
request.set_method('get')
self.assertIsNone(request.get_headers().get("x-acs-security-token"))
headers, url = signer.sign('cn-hangzhou', request)
self.assertEqual(request.get_headers().get(
"x-acs-security-token"), 'security_token')
def test_rpc_request_get_url(self, mock_get_iso_8061_date, mock_get_uuid):
mock_get_iso_8061_date.return_value = "2018-12-04T04:03:12Z"
mock_get_uuid.return_value = "7e1c7d12-7551-4856-8abb-1938ccac6bcc"
# url
r = RpcRequest("product", "version", "action_name")
url = r.get_url("regionid", "accesskeyid", "secret")
mock_get_iso_8061_date.assert_called_once_with()
mock_get_uuid.assert_called_once_with()
self.assertEqual(
url,
"/?SignatureVersion=1.0&Format=None&Timestamp=7e1c7d12-7551-4856-8abb-1938ccac6bcc&RegionId=regionid&AccessKeyId=accesskeyid&SignatureMethod=HMAC-SHA1&Version=version&Signature=Ej4GsaOI7FJyN00E5OpDHHCx2vk%3D&Action=action_name&SignatureNonce=2018-12-04T04%3A03%3A12Z&SignatureType="
)
# with none query params
r.set_query_params(None)
url = r.get_url("regionid", "accesskeyid", "secret")
self.assertEqual(
url,
"/?SignatureVersion=1.0&Format=None&Timestamp=7e1c7d12-7551-4856-8abb-1938ccac6bcc&RegionId=regionid&AccessKeyId=accesskeyid&SignatureMethod=HMAC-SHA1&Version=version&Signature=Ej4GsaOI7FJyN00E5OpDHHCx2vk%3D&Action=action_name&SignatureNonce=2018-12-04T04%3A03%3A12Z&SignatureType="
)
# with region id key
r.set_query_params({'RegionId': 'regionid'})
url = r.get_url("regionid", "accesskeyid", "secret")
self.assertEqual(
url,
"/?SignatureVersion=1.0&Format=None&Timestamp=7e1c7d12-7551-4856-8abb-1938ccac6bcc&RegionId=regionid&AccessKeyId=accesskeyid&SignatureMethod=HMAC-SHA1&Version=version&Signature=Ej4GsaOI7FJyN00E5OpDHHCx2vk%3D&Action=action_name&SignatureNonce=2018-12-04T04%3A03%3A12Z&SignatureType="
)
def test_default_protocol_type(self):
self.assertEqual(get_default_protocol_type(), "http")
set_default_protocol_type("https")
self.assertEqual(get_default_protocol_type(), "https")
with self.assertRaises(ClientException) as ex:
set_default_protocol_type("WSS")
self.assertEqual(ex.exception.error_code, "SDK.InvalidParams")
self.assertEqual(ex.exception.message,
"Invalid 'protocol_type', should be 'http' or 'https'")
set_default_protocol_type("http")
r = RpcRequest("product", "version", "action_name")
self.assertEqual(r.get_protocol_type(), 'http')
r = RpcRequest("product", "version", "action_name", protocol='https')
self.assertEqual(r.get_protocol_type(), 'https')
r = RpcRequest("product", "version", "action_name", protocol='http')
self.assertEqual(r.get_protocol_type(), 'http')
def Domain_Record(self, RR, Type, Value):
request = RpcRequest('Alidns', '2015-01-09', 'UpdateDomainRecord')
request.add_query_param("RecordId", '3645564013972480')
request.add_query_param("RR", RR)
request.add_query_param("Type", Type)
request.add_query_param("Value", Value)
request.set_accept_format('json')
response = self._send_request(request)
return response
def get_reslut(self, type, domain=None, PageNumber=1):
try:
clt = client.AcsClient(self.AccessKeyId, self.AccessKeySecret,
'cn-shanghai')
if type == "domain":
request = RpcRequest('Alidns', '2015-01-09', 'DescribeDomains')
request.add_query_param("PageSize", 100)
else:
request = RpcRequest('Alidns', '2015-01-09',
'DescribeDomainRecords')
request.add_query_param("DomainName", domain)
request.add_query_param("PageSize", 500)
request.add_query_param("PageNumber", PageNumber)
request.set_accept_format('json')
json_response = json.loads(clt.do_action_with_exception(request))
except:
json_response = None
return json_response
def _getSubDomain(self, args):
logger.info('fetching subdomain')
if not self.attrsNotNone(args, 'host', 'domain'):
raise Exception('Invalid request')
req = RpcRequest('Alidns', '2015-01-09', 'DescribeSubDomainRecords')
req.add_query_param('SubDomain', '.'.join([args.host, args.domain]))
# req.add_query_param('Type', getattr(args, 'type') or 'A')
res = self.do(req)
return res
def _deleteRecord(self, args):
logger.info('deleting record')
if not self.attrsNotNone(args, 'id'):
raise Exception('Invalid request')
req = RpcRequest('Alidns', '2015-01-09', 'DeleteDomainRecord')
req.add_query_param('RecordId', args.id)
res = self.do(req)
return res
def _listSubDomain(self, args):
logger.info('listing domain records')
if not self.attrsNotNone(args, 'domain'):
raise Exception('Invalid request')
req = RpcRequest('Alidns', '2015-01-09', 'DescribeDomainRecords')
req.add_query_param('DomainName', args.domain)
# req.add_query_param('Type', getattr(args, 'type') or 'A')
res = self.do(req)
return res
def update_record(record_id, domain_record, record_value):
req = RpcRequest(PROD, VERSION, 'UpdateDomainRecord', 'JSON')
req.add_query_param('RecordId', record_id)
req.add_query_param('RR', domain_record)
req.add_query_param('Type', RECORD_TYPE)
req.add_query_param('Value', record_value)
req.add_query_param('TTL', TTL)
resp = json.loads(client.do_action(req))
return resp['RecordId']
def getDNSrecords():
global product, version, accesskey, accesspasswd
clt = client.AcsClient(accesskey, accesspasswd, 'cn-hangzhou')
# request=RpcRequest('Alidns', '2015-01-09', 'DescribeDomainRecords')
# request.add_query_param("DomainName","wiki.leo.com")
request = RpcRequest('Alidns', '2015-01-09', 'DescribeSubDomainRecords')
request.add_query_param("SubDomain", "intranet.xxx.com")
request.set_accept_format('json')
response = clt.do_action(request)
return eval(response.replace('false', '0'))
def add_record(domain_record, record_value):
req = RpcRequest(PROD, VERSION, 'AddDomainRecord', 'JSON')
req.add_query_param('DomainName', DOMAIN_NAME)
req.add_query_param('RR', domain_record)
req.add_query_param('Type', RECORD_TYPE)
req.add_query_param('Value', record_value)
req.add_query_param('TTL', TTL)
resp = json.loads(client.do_action(req))
return resp['RecordId']
def get_secret_value(self, get_secret_value_req):
futures = []
finished = []
if self.signer is not None and isinstance(self.signer,
ClientKeySigner):
get_secret_value_req._signer = sha_hmac256
for i in range(len(self.region_info_list)):
if i == 0:
try:
return self.__get_secret_value(
self.region_info_list[i], get_secret_value_req)
except ClientException as e:
get_logger().error("action:__get_secret_value",
exc_info=True)
if not judge_need_recovery_exception(e):
raise e
get_secret_request = RpcRequest(
get_secret_value_req._product,
get_secret_value_req._version,
get_secret_value_req._action_name,
get_secret_value_req._location_service_code,
signer=get_secret_value_req._signer)
get_secret_request._protocol_type = get_secret_value_req._protocol_type
get_secret_request.add_query_param(
'SecretName',
get_secret_value_req.get_query_params().get('SecretName'))
get_secret_request.add_query_param(
'VersionStage',
get_secret_value_req.get_query_params().get(
'VersionStage'))
get_secret_request.add_query_param(
'FetchExtendedConfig',
get_secret_value_req.get_query_params().get(
'FetchExtendedConfig'))
future = self.pool.submit(self.__retry_get_secret_value,
get_secret_request,
self.region_info_list[i], finished)
futures.append(future)
try:
if wait(futures,
self.request_waiting_time,
return_when=FIRST_COMPLETED):
for future in futures:
if not future.done():
future.cancel()
else:
return future.result()
except Exception as e:
get_logger().error("action:__retry_get_secret_value_task",
exc_info=True)
raise e
finally:
finished.append(True)
raise ClientException(error_code.SDK_HTTP_ERROR,
"refreshSecretTask fail")
def setDNSrecord(record, ip):
global product, version, accesskey, accesspassw
clt = client.AcsClient(accesskey, accesspasswd, 'cn-hangzhou')
request = RpcRequest('Alidns', '2015-01-09', 'UpdateDomainRecord')
request.add_query_param("RecordId", record['RecordId'])
request.add_query_param("RR", record['RR'])
request.add_query_param("Type", record['Type'])
request.add_query_param("Value", ip)
request.set_accept_format('json')
response = clt.do_action(request)
print response
def test_http_proxy(self):
client = AcsClient("id",
"aks",
region_id='cn-hangzhou',
proxy={'http': 'http://127.0.0.1:8080'})
request = RpcRequest('sts', '2020', 'test')
try:
client.do_action_with_exception(request)
except ClientException as e:
self.assertEqual(e.get_error_code(), 'SDK.HttpError')
self.assertIn('Cannot connect to proxy', e.message)
def test_accesskey_signer(self):
credential = AccessKeyCredential('access_key_id', 'access_key_secret')
signer = AccessKeySigner(credential)
request = RpcRequest("product", "version", "action_name")
headers, url = signer.sign('cn-hangzhou', request)
self.assertDictEqual(
request.get_headers(), {
'x-acs-action': 'action_name',
'x-acs-version': 'version',
'x-sdk-invoke-type': 'normal'
})
def _deleteSubDomain(self, args):
logger.info('deleting subdomain')
if not self.attrsNotNone(args, 'host', 'domain'):
raise Exception('Invalid request')
req = RpcRequest('Alidns', '2015-01-09', 'DeleteSubDomainRecords')
req.add_query_param('DomainName', args.domain)
req.add_query_param('RR', args.host)
# req.add_query_param('Type', getattr(args, 'type') or 'A')
res = self.do(req)
return res
def test_ecs_ram_role_signer_unsuccess(self, mock_urlopen):
credential = EcsRamRoleCredential("role")
signer = EcsRamRoleSigner(credential)
request = RpcRequest("product", "version", "action_name")
res = Mock()
res.read.return_value = ensure_bytes('{"Code": "400"}')
mock_urlopen.return_value = res
with self.assertRaises(ServerException) as ex:
signer.sign('cn-hangzhou', request)
self.assertEqual(
"refresh Ecs sts token err, code is 400", ex.exception.message)
def _addRecord(self, args):
logger.info('adding record')
if not self.attrsNotNone(args, 'host', 'domain', 'value'):
raise Exception('Invalid request')
req = RpcRequest('Alidns', '2015-01-09', 'AddDomainRecord')
req.add_query_param('DomainName', args.domain)
req.add_query_param('RR', args.host)
req.add_query_param('Value', args.value)
req.add_query_param('Type', getattr(args, 'type') or 'A')
res = self.do(req)
return res
def get_dns_records(domain):
"""
DescribeDomainRecords
"""
access_key_id, access_key_secret = get_access()
clt = client.AcsClient(access_key_id, access_key_secret, "cn-hangzhou")
request = RpcRequest("Alidns", "2015-01-09", "DescribeDomainRecords")
request.add_query_param("DomainName", domain)
request.set_accept_format("json")
response = clt.do_action_with_exception(request)
response_json = json.loads(response.decode())
return response_json
def set_dns_records(record, ip, oldip):
"""
UpdateDomainRecord
"""
access_key_id, access_key_secret = get_access()
clt = client.AcsClient(access_key_id, access_key_secret, "cn-hangzhou")
request = RpcRequest("Alidns", "2015-01-09", "UpdateDomainRecord")
request.add_query_param("RecordId", record["RecordId"])
request.add_query_param("RR", record["RR"])
request.add_query_param("Type", record["Type"])
request.add_query_param("Value", ip)
response = clt.do_action_with_exception(request)
logger.info("{} old:{} new:{}".format(response.decode(), oldip, ip))
def get_record():
req = RpcRequest(PROD, VERSION, 'DescribeDomainRecords', 'JSON')
req.add_query_param('DomainName', DOMAIN_NAME)
resp = json.loads(client.do_action(req))
record_id = None
record_value = None
for record in resp['DomainRecords']['Record']:
if record['RR'] == DOMAIN_RECORD:
record_id = record['RecordId']
if record['Type'] != RECORD_TYPE:
raise Exception('The record is already exsits and the type not same.')
record_value = record['Value']
return record_id, record_value
def test_json_content_type(self):
client = AcsClient("id", "aks", region_id='cn-hangzhou', port=51352)
request = RpcRequest('sts', '2020', 'test')
request.endpoint = 'localhost'
request.set_method('POST')
request.set_content_type('application/json')
request.add_body_params('key', 'value')
response = self.do_request(client, request)
if sys.version_info.major == 2:
headers = {
item.split(':')[0]: item.split(':')[1]
for item in response.headers.headers
}
else:
headers = dict(response.headers._headers)
self.assertEqual('application/json',
headers['Content-Type'].strip('\r\n '))
def test_resolve_endpoint(self):
client = AcsClient("id", "aks", region_id='', port=51352)
req = RpcRequest('sts', '2020', 'test')
req.endpoint = 'localhost'
req.request_network = ''
req.product_suffix = ''
self.do_request(client, req)
try:
client._resolve_endpoint(req)
except Exception as e:
self.assertEqual("No such region ''. Please check your region ID.",
e.message)
client.set_region_id('cn@hangzhou')
try:
client._resolve_endpoint(req)
except Exception as e:
self.assertEqual(
'The parameter region_id not match with ^[a-zA-Z0-9_-]+$',
e.message)
def send_sms(name):
REGION = "cn-hangzhou"
PRODUCT_NAME = "Dysmsapi"
DOMAIN = "dysmsapi.aliyuncs.com"
# need modify
ACCESS_KEY_ID='YourKey'
ACCESS_KEY_SECRET='YourSecret'
TemplateParam = {"name": name}
rpc_request = RpcRequest('Dysmsapi', '2017-05-25', 'SendSms')
rpc_request.add_query_param('TemplateCode', 'SMS_77130046')
rpc_request.add_query_param('TemplateParam', json.dumps(TemplateParam))
rpc_request.add_query_param('OutId', uuid.uuid1())
rpc_request.add_query_param('SignName', 'MKeng提醒')
rpc_request.add_query_param('PhoneNumbers', '18829028766')
region_provider.add_endpoint(PRODUCT_NAME, REGION, DOMAIN)
acs_client = AcsClient(ACCESS_KEY_ID, ACCESS_KEY_SECRET, REGION)
response = acs_client.do_action_with_exception(rpc_request)
return response
def test_rsa_key_pair_signer(self):
public_key_path = os.path.join(os.path.dirname(
__file__), "..", "..", "fixtures", "id_rsa.pub")
public_key_id = open(public_key_path).read()
private_key_path = os.path.join(os.path.dirname(
__file__), "..", "..", "fixtures", "id_rsa")
private_key_id = open(private_key_path).read()
# invalid session period
with self.assertRaises(ClientException) as ce:
credential = RsaKeyPairCredential(
public_key_id, private_key_id, session_period=12)
RsaKeyPairSigner(credential, "region_id")
self.assertEqual(
"Session expiration must between 900 and 3600 seconds", ce.exception.message)
# ok
credential = RsaKeyPairCredential(
public_key_id, private_key_id, session_period=3600)
signer = RsaKeyPairSigner(credential, "region_id")
# for rpc
request = RpcRequest("product", "version", "action_name")
self.assertIsNone(request.get_query_params().get("SecurityToken"))
signer._sts_client = Mock()
do_action = Mock()
do_action.return_value = ensure_bytes(
'{"SessionAccessKey":{"SessionAccessKeyId":"session_access_key_id",' +
'"SessionAccessKeySecret":"session_access_key_secret"}}')
signer._sts_client.do_action_with_exception = do_action
headers, url = signer.sign('cn-hangzhou', request)
# self.assertEqual(url, '/?SignatureVersion=1.0&Format=None"
# "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou"
# "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1"
# "&Version=version&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D"
# "&Action=action_name&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=')
# second
headers, url = signer.sign('cn-hangzhou', request)
# mock should update
signer._last_update_time = signer._last_update_time - signer._session_period - 10
headers, url = signer.sign('cn-hangzhou', request)
