def get_signer(cred, region_id, do_action_api, debug=False):
if cred['ak'] is not None and cred['secret'] is not None:
access_key_credential = credentials.AccessKeyCredential(cred['ak'], cred['secret'])
return access_key_signer.AccessKeySigner(access_key_credential)
elif os.environ.get('ALIYUN_ACCESS_KEY_ID') is not None and os.environ.get('ALIYUN_ACCESS_KEY_SECRET') is not None:
access_key_credential = credentials.AccessKeyCredential(os.environ.get('ALIYUN_ACCESS_KEY_ID'),
os.environ.get('ALIYUN_ACCESS_KEY_SECRET'))
return access_key_signer.AccessKeySigner(access_key_credential)
elif cred['credential'] is not None:
credential = cred['credential']
if isinstance(credential, credentials.AccessKeyCredential):
return access_key_signer.AccessKeySigner(credential)
elif isinstance(credential, credentials.StsTokenCredential):
return sts_token_signer.StsTokenSigner(credential)
elif isinstance(credential, credentials.RamRoleArnCredential):
return ram_role_arn_signer.RamRoleArnSigner(credential, do_action_api)
elif isinstance(credential, credentials.EcsRamRoleCredential):
return ecs_ram_role_singer.EcsRamRoleSigner(credential)
elif isinstance(credential, credentials.RsaKeyPairCredential):
return rsa_key_pair_signer.RsaKeyPairSigner(credential, region_id, debug)
elif cred['public_key_id'] is not None and cred['private_key'] is not None:
logging.info("'AcsClient(regionId, pub_key_id, pri_key)' is deprecated")
rsa_key_pair_credential = credentials.RsaKeyPairCredential(cred['public_key_id'], cred['private_key'],
cred['session_period'], region_id, debug)
return rsa_key_pair_signer.RsaKeyPairSigner(rsa_key_pair_credential)
else:
raise exceptions.ClientException(error_code.SDK_INVALID_CREDENTIAL,
error_msg.get_msg('SDK_INVALID_CREDENTIAL'))
def load_credentials_properties(file_name):
if file_name is None or file_name == "":
file_name = const.DEFAULT_CONFIG_NAME
config_dict = config_utils.Properties(file_name).get_properties()
credential = None
region_info_list = []
secret_name_list = []
if config_dict is not None and len(config_dict) > 0:
credentials_type = config_dict.get(env_const.ENV_CREDENTIALS_TYPE_KEY)
access_key_id = config_dict.get(env_const.ENV_CREDENTIALS_ACCESS_KEY_ID_KEY)
access_secret = config_dict.get(env_const.ENV_CREDENTIALS_ACCESS_SECRET_KEY)
check_config_param(credentials_type, env_const.ENV_CREDENTIALS_TYPE_KEY)
region_ids = config_dict.get(env_const.ENV_CACHE_CLIENT_REGION_ID_KEY)
check_config_param(region_ids, env_const.ENV_CACHE_CLIENT_REGION_ID_KEY)
try:
region_dict_list = json.loads(region_ids)
for region_dict in region_dict_list:
region_info_list.append(RegionInfo(
None if region_dict.get(
env_const.ENV_REGION_REGION_ID_NAME_KEY) == '' else region_dict.get(
env_const.ENV_REGION_REGION_ID_NAME_KEY),
region_dict.get(env_const.ENV_REGION_VPC_NAME_KEY),
None if region_dict.get(
env_const.ENV_REGION_ENDPOINT_NAME_KEY) == '' else region_dict.get(
env_const.ENV_REGION_ENDPOINT_NAME_KEY)))
except Exception:
raise ValueError(
("config param.get(%s) is illegal" % env_const.ENV_CACHE_CLIENT_REGION_ID_KEY))
if credentials_type == "ak":
check_config_param(access_key_id, env_const.ENV_CREDENTIALS_ACCESS_KEY_ID_KEY)
check_config_param(access_secret, env_const.ENV_CREDENTIALS_ACCESS_SECRET_KEY)
credential = credentials.AccessKeyCredential(access_key_id, access_secret)
elif credentials_type == "token":
access_token_id = config_dict.get(env_const.ENV_CREDENTIALS_ACCESS_TOKEN_ID_KEY)
access_token = config_dict.get(env_const.ENV_CREDENTIALS_ACCESS_TOKEN_KEY)
check_config_param(access_token_id, env_const.ENV_CREDENTIALS_ACCESS_TOKEN_ID_KEY)
check_config_param(access_token, env_const.ENV_CREDENTIALS_ACCESS_TOKEN_KEY)
credential = credentials.AccessKeyCredential(access_token_id, access_token)
elif credentials_type == "ram_role" or credentials_type == "sts":
role_session_name = config_dict.get(env_const.ENV_CREDENTIALS_ROLE_SESSION_NAME_KEY)
role_arn = config_dict.get(env_const.ENV_CREDENTIALS_ROLE_ARN_KEY)
check_config_param(access_key_id, env_const.ENV_CREDENTIALS_ACCESS_KEY_ID_KEY)
check_config_param(access_secret, env_const.ENV_CREDENTIALS_ACCESS_SECRET_KEY)
check_config_param(role_session_name, env_const.ENV_CREDENTIALS_ROLE_SESSION_NAME_KEY)
check_config_param(role_arn, env_const.ENV_CREDENTIALS_ROLE_ARN_KEY)
credential = credentials.RamRoleArnCredential(access_key_id, access_secret,
role_arn, role_session_name)
elif credentials_type == "ecs_ram_role":
role_name = config_dict.get(env_const.ENV_CREDENTIALS_ROLE_NAME_KEY)
check_config_param(role_name, env_const.ENV_CREDENTIALS_ROLE_NAME_KEY)
credential = credentials.EcsRamRoleCredential(role_name)
elif credentials_type == "client_key":
client_key_path = config_dict.get(env_const.EnvClientKeyPrivateKeyPathNameKey)
check_config_param(client_key_path, env_const.EnvClientKeyPrivateKeyPathNameKey)
password = client_key_utils.get_password(config_dict)
cred, signer = client_key_utils.load_rsa_key_pair_credential_and_client_key_signer(
client_key_path, password)
credential = ClientKeyCredential(signer, cred)
else:
raise ValueError(("config param.get(%s) is illegal" % env_const.ENV_CREDENTIALS_TYPE_KEY))
secret_names = config_dict.get(const.PROPERTIES_SECRET_NAMES_KEY)
if secret_names != "" and secret_names is not None:
secret_name_list.extend(secret_names.split(","))
credential_properties = CredentialsProperties(credential, secret_name_list, region_info_list, config_dict)
return credential_properties
return None
def __init_env(self):
env_dict = os.environ
if self.credential is None:
credentials_type = env_dict.get(
env_const.ENV_CREDENTIALS_TYPE_KEY)
check_evn_param(credentials_type,
env_const.ENV_CREDENTIALS_TYPE_KEY)
access_key_id = env_dict.get(
env_const.ENV_CREDENTIALS_ACCESS_KEY_ID_KEY)
access_secret = env_dict.get(
env_const.ENV_CREDENTIALS_ACCESS_SECRET_KEY)
if credentials_type == "ak":
check_evn_param(
access_key_id,
env_const.ENV_CREDENTIALS_ACCESS_KEY_ID_KEY)
check_evn_param(
access_secret,
env_const.ENV_CREDENTIALS_ACCESS_SECRET_KEY)
self.credential = credentials.AccessKeyCredential(
access_key_id, access_secret)
elif credentials_type == "token":
access_token_id = env_dict.get(
env_const.ENV_CREDENTIALS_ACCESS_TOKEN_ID_KEY)
access_token = env_dict.get(
env_const.ENV_CREDENTIALS_ACCESS_TOKEN_KEY)
check_evn_param(access_token_id,
env_const.ENV_CREDENTIALS_ACCESS_TOKEN_KEY)
check_evn_param(
access_token,
env_const.ENV_CREDENTIALS_ACCESS_TOKEN_ID_KEY)
self.credential = credentials.AccessKeyCredential(
access_token_id, access_token)
elif credentials_type == "ram_role" or credentials_type == "sts":
role_session_name = env_dict.get(
env_const.ENV_CREDENTIALS_ROLE_SESSION_NAME_KEY)
role_arn = env_dict.get(
env_const.ENV_CREDENTIALS_ROLE_ARN_KEY)
check_evn_param(
access_key_id,
env_const.ENV_CREDENTIALS_ACCESS_KEY_ID_KEY)
check_evn_param(
access_secret,
env_const.ENV_CREDENTIALS_ACCESS_SECRET_KEY)
check_evn_param(
role_session_name,
env_const.ENV_CREDENTIALS_ROLE_SESSION_NAME_KEY)
check_evn_param(role_arn,
env_const.ENV_CREDENTIALS_ROLE_ARN_KEY)
self.credential = credentials.RamRoleArnCredential(
access_key_id, access_secret, role_arn,
role_session_name)
elif credentials_type == "ecs_ram_role":
role_name = env_dict.get(
env_const.ENV_CREDENTIALS_ROLE_NAME_KEY)
check_evn_param(role_name,
env_const.ENV_CREDENTIALS_ROLE_NAME_KEY)
self.credential = credentials.EcsRamRoleCredential(
role_name)
elif credentials_type == "client_key":
client_key_path = env_dict.get(
env_const.EnvClientKeyPrivateKeyPathNameKey)
check_evn_param(
client_key_path,
env_const.EnvClientKeyPrivateKeyPathNameKey)
password = client_key_utils.get_password(env_dict)
credential, signer = client_key_utils.load_rsa_key_pair_credential_and_client_key_signer(
client_key_path, password)
self.credential = ClientKeyCredential(signer, credential)
else:
raise ValueError(("env param.get(%s) is illegal" %
env_const.ENV_CREDENTIALS_TYPE_KEY))
if self.credential is not None:
if len(self.region_info_list) == 0:
region_json = env_dict.get(
env_const.ENV_CACHE_CLIENT_REGION_ID_KEY)
check_evn_param(
region_json,
env_const.ENV_CACHE_CLIENT_REGION_ID_KEY)
try:
region_dict_list = json.loads(region_json)
for region_dict in region_dict_list:
self.region_info_list.append(
RegionInfo(
None if region_dict.get(
env_const.
ENV_REGION_REGION_ID_NAME_KEY)
== '' else region_dict.get(
env_const.
ENV_REGION_REGION_ID_NAME_KEY),
region_dict.get(
env_const.ENV_REGION_VPC_NAME_KEY),
None if region_dict.get(
env_const.
ENV_REGION_ENDPOINT_NAME_KEY) == ''
else region_dict.get(
env_const.
ENV_REGION_ENDPOINT_NAME_KEY)))
except Exception:
raise ValueError(
("env param.get(%s) is illegal" %
env_const.ENV_CACHE_CLIENT_REGION_ID_KEY))
def with_access_key(self, access_key_id, access_key_secret):
"""指定ak sk信息"""
self.credential = credentials.AccessKeyCredential(
access_key_id, access_key_secret)
return self
def with_token(self, token_id, token):
"""指定token信息"""
self.credential = credentials.AccessKeyCredential(token_id, token)
return self