def _get_provider_by_profile(self, profile):
def _get_value(key):
if key not in profile:
raise PartialCredentialsException(provider='profile',
cred_var=key)
return profile[key]
if profile:
type_ = profile.get('type')
if not type_:
type_ = 'access_key' # use access_key for default type
if type_ == 'access_key':
return StaticCredentialsProvider(
AccessKeyCredentials(
_get_value('access_key_id'),
_get_value('access_key_secret'),
))
elif type_ == 'ecs_ram_role':
return InstanceProfileCredentialsProvider(
_get_value('role_name'))
elif type_ == 'ram_role_arn':
return RamRoleCredentialsProvider(
self.client_config,
AccessKeyCredentials(
_get_value('access_key_id'),
_get_value('access_key_secret'),
),
_get_value('role_arn'),
role_session_name=_get_value('role_session_name'))
elif type_ == 'bearer_token':
return StaticCredentialsProvider(
BearerTokenCredentials(_get_value('bearer_token'), ))
elif type_ == 'rsa_key_pair':
raise ClientException(
msg="RSA Key Pair credentials are not supported.")
elif type_ == 'sts_token':
return StaticCredentialsProvider(
SecurityCredentials(
_get_value('access_key_id'),
_get_value('access_key_secret'),
_get_value('security_token'),
))
else:
raise Exception(
"Unexpected credentials type: {}".format(type_))
def test_rpc_assume_role_request_with_sts_token(self):
self._create_default_ram_user()
# self._attach_default_policy()
self._create_access_key()
self._create_default_ram_role()
acs_client = ClientConfig(region_id=self.region_id)
ram_role_arn_credential = RamRoleCredentialsProvider(
acs_client,
AccessKeyCredentials(self.ram_user_access_key_id,
self.ram_user_access_key_secret),
self.ram_role_arn, "alice_test")
client = AlibabaCloudClient(acs_client, ram_role_arn_credential)
client.product_code = "Ecs"
client.api_version = "2014-05-26"
client.location_service_code = 'ecs'
client.location_endpoint_type = "openAPI"
api_request = APIRequest('DescribeRegions', 'GET', 'https', 'RPC')
response = client._handle_request(api_request)
response_credentials = response.http_request.credentials
self.assertTrue(response_credentials.access_key_id.startswith("STS."))
response = response.http_response.content
ret = self.get_dict_response(response)
self.assertTrue(ret.get("Regions"))
self.assertTrue(ret.get("RequestId"))
def test_roa_assume_role_request_with_sts_token(self):
self._create_default_ram_user()
# self._attach_default_policy()
self._create_access_key()
self._create_default_ram_role()
roa_client = ClientConfig(region_id=self.region_id)
ram_role_arn_credential = RamRoleCredentialsProvider(
roa_client,
AccessKeyCredentials(self.ram_user_access_key_id,
self.ram_user_access_key_secret),
self.ram_role_arn, "alice_test")
client = AlibabaCloudClient(roa_client, ram_role_arn_credential)
client.product_code = "ROS"
client.api_version = "2015-09-01"
client.location_service_code = 'ros'
client.location_endpoint_type = "openAPI"
api_request = APIRequest('DescribeResourceTypes', 'GET', 'https',
'ROA')
api_request.uri_pattern = '/resource_types'
api_request.path_params = None
response = client._handle_request(api_request)
response_credentials = response.http_request.credentials
self.assertTrue(response_credentials.access_key_id.startswith("STS."))
response = response.http_response.content
ret = self.get_dict_response(response)
self.assertTrue(ret.get("ResourceTypes"))
def test_call_request_with_client_env_priority(self):
self._create_default_ram_user()
self._create_access_key()
self._create_default_ram_role()
ram_role_arn_credential = RamRoleCredentialsProvider(
self.client_config,
AccessKeyCredentials(self.ram_user_access_key_id,
self.ram_user_access_key_secret),
self.ram_role_arn, "alice_test")
client = AlibabaCloudClient(self.client_config,
ram_role_arn_credential)
client.product_code = "Ecs"
client.api_version = "2014-05-26"
client.location_service_code = 'ecs'
client.location_endpoint_type = "openAPI"
api_request = APIRequest('DescribeRegions', 'GET', 'https', 'RPC')
os.environ["ALIBABA_CLOUD_ACCESS_KEY_ID"] = self.access_key_id
os.environ["ALIBABA_CLOUD_ACCESS_KEY_SECRET"] = self.access_key_secret
response = client._handle_request(api_request)
response_credential = response.http_request.credentials
self.assertTrue(response_credential.access_key_id.startswith("STS."))
response = response.http_response.content
ret = self.get_dict_response(response)
self.assertTrue(ret.get("Regions"))
self.assertTrue(ret.get("RequestId"))
def init_credentials_provider(self):
from alibabacloud.credentials import AccessKeyCredentials
credentials = AccessKeyCredentials(self.access_key_id,
self.access_key_secret)
from alibabacloud.credentials.provider import StaticCredentialsProvider
credentials_provider = StaticCredentialsProvider(credentials)
return credentials_provider
def my_credentials_provider():
from alibabacloud.credentials import AccessKeyCredentials
credentials = AccessKeyCredentials(self.access_key_id,
'BadAccessKeySecret')
from alibabacloud.credentials.provider import StaticCredentialsProvider
credentials_provider = StaticCredentialsProvider(credentials)
return credentials_provider
def init_credentials_provider():
from alibabacloud.credentials import AccessKeyCredentials
credentials = AccessKeyCredentials(
access_key_id=self.access_key_id,
access_key_secret="BadAccessKeySecret")
from alibabacloud.credentials.provider import StaticCredentialsProvider
credentials_provider = StaticCredentialsProvider(credentials)
return credentials_provider
def init_sub_client_config(self):
self._create_default_ram_user()
# self._attach_default_policy()
self._create_access_key()
sub_client_config = ClientConfig(region_id=self.region_id,
connection_timeout=120)
credentials = AccessKeyCredentials(self.ram_user_access_key_id,
self.ram_user_access_key_secret, )
from alibabacloud.credentials.provider import StaticCredentialsProvider
sub_credentials_provider = StaticCredentialsProvider(credentials)
return sub_client_config, sub_credentials_provider
def __init__(self):
CachedCredentialsProvider.__init__(self)
if self.ENV_NAME_FOR_ACCESS_KEY_ID in os.environ:
access_key_id = os.environ.get(self.ENV_NAME_FOR_ACCESS_KEY_ID)
if not access_key_id:
raise PartialCredentialsException(
provider='env', cred_var=self.ENV_NAME_FOR_ACCESS_KEY_ID)
access_key_secret = os.environ.get(
self.ENV_NAME_FOR_ACCESS_KEY_SECRET)
if not access_key_secret:
raise PartialCredentialsException(
provider='env',
cred_var=self.ENV_NAME_FOR_ACCESS_KEY_SECRET)
# context.client.logger.info('Found credentials in environment variables.')
self._cached_credentials = AccessKeyCredentials(
access_key_id=access_key_id,
access_key_secret=access_key_secret)
def get_client(service_name,
api_version=None,
region_id=None,
endpoint=None,
access_key_id=None,
access_key_secret=None,
credentials_provider=None,
retry_policy=None,
endpoint_resolver=None,
config=None):
"""
获取 `Alibaba Cloud Python SDK` 某个产品某个Version的client
:param service_name: 产品的product_code,比如Ecs
:type service_name: str
:param api_version: 产品的version,格式:2018-06-09
:type api_version: str
:param region_id: 参照 `可用区 <https://help.aliyun.com/document_detail/40654.html>`_
:type region_id: str
:param endpoint: 自定义的endpoint,不经过endpoint的解析流程
:type endpoint: str
:param access_key_id: 秘钥AccessKeyID
:type access_key_id: str
:param access_key_secret: 秘钥AccessKeySecret
:type access_key_secret: str
:param credentials_provider: 自定义的credentials_provider,如果用户自定义
credentials_provider,使用用户自定义的
:type credentials_provider: 一个具备provide接口的对象
:param retry_policy: 用户自定义的重试策略
:type retry_policy:
:param endpoint_resolver: 用户自定义的endpoint_resolver,如果用户自定义
endpoint_resolver,使用用户自定义的
:type endpoint_resolver: 一个具备resolve接口的对象
:param config: 如果用户自定义ClientConfig,使用用户自定义的,否则初始化一个ClientConfig。
如果用户在 `get_client()` 指定region_id ,则会覆盖config当中的region_id
:type config: ClientConfig
:return: client
:rtype: AlibabaCloudClient
"""
module_name, client_name = _prepare_module(
service_name, api_version) # ecs_20180909, EcsClient
if region_id is not None and config:
config.region_id = region_id
if endpoint is not None and config:
config.endpoint = endpoint
client_config = config if config else ClientConfig(region_id=region_id,
endpoint=endpoint)
try:
client_module = __import__(
'.'.join(['alibabacloud', 'clients', module_name]), globals(),
locals(), ['clients', module_name], 0)
except ImportError:
raise NoModuleException(name='.'.join(module_name))
if credentials_provider is not None:
custom_credentials_provider = credentials_provider
elif access_key_id and access_key_secret:
custom_credentials_provider = StaticCredentialsProvider(
AccessKeyCredentials(access_key_id, access_key_secret))
else:
custom_credentials_provider = DefaultChainedCredentialsProvider(
client_config)
return getattr(client_module, client_name)(
client_config,
retry_policy=retry_policy,
credentials_provider=custom_credentials_provider,
endpoint_resolver=endpoint_resolver)
