def handler(event, context):
logger = logging.getLogger()
evt_lst = json.loads(event)
logger.info("Handling event: %s", evt_lst)
creds = context.credentials
sts_token_credential = StsTokenCredential(creds.access_key_id,
creds.access_key_secret,
creds.security_token)
fnf_client = client.AcsClient(region_id=context.region,
credential=sts_token_credential)
request = StartExecutionRequest.StartExecutionRequest()
request.set_FlowName(os.environ["FLOW_NAME"])
evt = evt_lst["events"][0]
key = evt["oss"]["object"]["key"]
input = {
"src_bucket": evt["oss"]["bucket"]["name"],
"dest_bucket": os.environ['DEST_BUCKET'],
"key": key,
"total_size": evt["oss"]["object"]["size"]
}
request.set_Input(json.dumps(input))
execution_name = re.sub(r"[^a-zA-Z0-9-_]", "_",
key) + "-" + evt["responseElements"]["requestId"]
request.set_ExecutionName(execution_name)
logger.info("Starting flow execution: %s", execution_name)
# TODO: swallow ExecutionAlreadyExists error
return fnf_client.do_action_with_exception(request)
def handler(event, context):
creds = context.credentials
sts_token_credential = StsTokenCredential(creds.access_key_id,
creds.access_key_secret,
creds.security_token)
evt = json.loads(event)
content = evt.get("content")
ecsInstanceId = content.get("ecsInstanceId")
regionId = evt.get("regionId")
global clt
clt = client.AcsClient(region_id=regionId, credential=sts_token_credential)
name = evt.get("name")
name = name.lower()
if name in [
'Instance:SystemFailure.Reboot:Executed'.lower(),
"Instance:InstanceFailure.Reboot:Executed".lower()
]:
request = DescribeDisksRequest()
request.add_query_param("RegionId", regionId)
request.set_InstanceId(ecsInstanceId)
response = _send_request(request)
disks = response.get('Disks').get('Disk', [])
for disk in disks:
diskId = disk["DiskId"]
SnapshotId = create_ecs_snap_by_id(diskId)
LOGGER.info("Create ecs snap sucess, ecs id = %s , disk id = %s ",
ecsInstanceId, diskId)
def test_rpc_common_request_with_sts_token(self):
# create AssumeRole request ,Acquire a temporary ak
request = AssumeRoleRequest()
# the role must exist
# FIXME : the RoleArn must according to user's setting
request.set_RoleArn("acs:ram::1988236124481530:role/testrole")
request.set_RoleSessionName("alice_test")
sub_client = self.init_sub_client()
response = sub_client.do_action_with_exception(request)
response = self.get_dict_response(response)
credentials = response.get("Credentials")
# Using temporary AK + STS for authentication
sts_token_credential = StsTokenCredential(
credentials.get("AccessKeyId"),
credentials.get("AccessKeySecret"),
credentials.get("SecurityToken")
)
acs_client = AcsClient(
region_id="me-east-1",
credential=sts_token_credential)
# the common request
request = CommonRequest(
domain="ecs.aliyuncs.com",
version="2014-05-26",
action_name="DescribeRegions")
response = acs_client.do_action_with_exception(request)
ret = self.get_dict_response(response)
self.assertTrue(ret.get("Regions"))
self.assertTrue(ret.get("RequestId"))
def make_request(self, action, params=None):
conn = client.AcsClient(self.acs_access_key_id, self.acs_secret_access_key, self.region, user_agent=self.user_agent)
if self.security_token:
sts_token_credential = StsTokenCredential(self.access_key, self.secret_key, self.security_token)
conn = client.AcsClient(region_id=self.region, user_agent=self.user_agent, credential=sts_token_credential)
if not conn:
footmark.log.error('%s %s' % ('Null AcsClient ', conn))
raise self.FootmarkClientError('Null AcsClient ', conn)
timeout = 200
delay = 3
while timeout > 0:
try:
request = self.import_request(action)
request.set_accept_format('json')
if params and isinstance(params, dict):
for k, v in list(params.items()):
if hasattr(request, k):
getattr(request, k)(v)
else:
request.add_query_param(k[4:], v)
return conn.do_action_with_exception(request)
except Exception as e:
if str(e.error_code) == "SDK.ServerUnreachable" \
or str(e.message).__contains__("SDK.ServerUnreachable") \
or str(e.message).__contains__("Unable to connect server: timed out"):
time.sleep(delay)
timeout -= delay
continue
raise e
return None
def handler(event, context):
evt = json.loads(event)
evt = evt["events"]
oss_bucket_name = evt[0]["oss"]["bucket"]["name"]
object_key = evt[0]["oss"]["object"]["key"]
creds = context.credentials
sts_token_credential = StsTokenCredential(creds.access_key_id,
creds.access_key_secret,
creds.security_token)
client = AcsClient(region_id=context.region,
credential=sts_token_credential)
input = {
"oss_bucket_name": oss_bucket_name,
"video_key": object_key,
"output_prefix": OUTPUT_DST,
"segment_time_seconds": 25 # 视频 25 s 一个分片
}
try:
request = StartExecutionRequest.StartExecutionRequest()
request.set_FlowName(FLOW_NAME)
request.set_Input(json.dumps(input))
return client.do_action_with_exception(request)
except ServerException as e:
LOGGER.info(e.get_request_id())
return "ok"
def test_call_rpc_request_with_sts_token(self):
client = self.init_sub_client()
self._create_default_ram_role()
request = AssumeRoleRequest()
request.set_RoleArn(self.ram_role_arn)
request.set_RoleSessionName(self.default_role_session_name)
response = client.do_action_with_exception(request)
response = self.get_dict_response(response)
credentials = response.get("Credentials")
# Using temporary AK + STS for authentication
sts_token_credential = StsTokenCredential(
credentials.get("AccessKeyId"), credentials.get("AccessKeySecret"),
credentials.get("SecurityToken"))
acs_client = AcsClient(region_id=self.region_id,
credential=sts_token_credential)
request = DescribeRegionsRequest()
url = self.get_http_request(acs_client, request)
self.assertTrue(url.find("AccessKeyId=STS."))
response = acs_client.do_action_with_exception(request)
ret = self.get_dict_response(response)
self._delete_default_ram_role()
self._delete_access_key()
self.assertTrue(ret.get("Regions"))
self.assertTrue(ret.get("RequestId"))
def test_sts_token_signer(self):
credential = StsTokenCredential('sts_access_key_id',
'sts_access_key_secret', 'sts_token')
signer = StsTokenSigner(credential)
# for rpc
request = RpcRequest("product", "version", "action_name")
self.assertIsNone(request.get_query_params().get("SecurityToken"))
headers, url = signer.sign('cn-hangzhou', request)
self.assertDictEqual(
request.get_headers(), {
'x-acs-action': 'action_name',
'x-acs-version': 'version',
'x-sdk-invoke-type': 'normal'
})
self.assertEqual(request.get_query_params().get("SecurityToken"),
'sts_token')
# self.assertEqual(url, "/?SignatureVersion=1.0&Format=None"
# "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou"
# "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1&Version=version"
# "&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D&Action=action_name"
# "&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=')
request = RoaRequest("product",
"version",
"action_name",
uri_pattern="/")
request.set_method('get')
self.assertIsNone(request.get_headers().get("x-acs-security-token"))
headers, url = signer.sign('cn-hangzhou', request)
self.assertEqual(request.get_headers().get("x-acs-security-token"),
'sts_token')
def test_rpc_common_request_with_sts_token(self):
sub_client = self.init_sub_client()
self._create_default_ram_role()
self._attach_default_policy()
request = AssumeRoleRequest()
request.set_RoleArn(self.ram_role_arn)
request.set_RoleSessionName(self.default_role_session_name)
response = sub_client.do_action_with_exception(request)
response = self.get_dict_response(response)
credentials = response.get("Credentials")
# Using temporary AK + STS for authentication
sts_token_credential = StsTokenCredential(
credentials.get("AccessKeyId"), credentials.get("AccessKeySecret"),
credentials.get("SecurityToken"))
acs_client = AcsClient(region_id="me-east-1",
credential=sts_token_credential)
# the common request
request = CommonRequest(domain="ecs.aliyuncs.com",
version="2014-05-26",
action_name="DescribeRegions")
response = acs_client.do_action_with_exception(request)
ret = self.get_dict_response(response)
self.assertTrue(ret.get("Regions"))
self.assertTrue(ret.get("RequestId"))
def test_call_rpc_request_with_sts_token(self):
# create AssumeRole request ,Acquire a temporary ak
request = AssumeRoleRequest()
# the role must exist
# FIXME : the RoleArn must according to user's setting
request.set_RoleArn("acs:ram::1988236124481530:role/testrole")
request.set_RoleSessionName("alice_test")
client = self.init_sub_client()
response = client.do_action_with_exception(request)
response = self.get_dict_response(response)
credentials = response.get("Credentials")
# Using temporary AK + STS for authentication
sts_token_credential = StsTokenCredential(
credentials.get("AccessKeyId"), credentials.get("AccessKeySecret"),
credentials.get("SecurityToken"))
acs_client = AcsClient(region_id="me-east-1",
credential=sts_token_credential)
request = DescribeRegionsRequest()
url = self.get_http_request(acs_client, request)
self.assertTrue(url.find("AccessKeyId=STS."))
response = acs_client.do_action_with_exception(request)
ret = self.get_dict_response(response)
self.assertTrue(ret.get("Regions"))
self.assertTrue(ret.get("RequestId"))
def handler(event, context):
evt = json.loads(event)
if 'taskToken' not in evt:
return '{"status": "callback failed", "message": "no taskToken in inputs."}'
creds = context.credentials
sts_token_credential = StsTokenCredential(creds.access_key_id,
creds.access_key_secret,
creds.security_token)
fnf_cli = client.AcsClient(region_id=context.region,
credential=sts_token_credential)
""" this shows how to report task failed with error and cause.
try:
res = report_task_failed(fnf_cli, task_token=evt["taskToken"], error=seed, cause="random error triggered")
except ServerException as e:
return '{"status": "child callback failed: %s"}' % e
"""
time.sleep(random.randint(10, 20))
try:
res = report_task_succeded(
fnf_cli,
task_token=evt["taskToken"],
output='{"status":"report task with token: %s"}' %
evt["taskToken"])
except ServerException as e:
return '{"status": "callback failed: %s"}' % e
return '{"status": "callback succeeded"}'
def handler(event, context):
logger = logging.getLogger()
logger.info('hello world')
creds = context.credentials
sts_token_credential = StsTokenCredential(creds.accessKeyId,
creds.accessKeySecret,
creds.securityToken)
#logger.info('creds.accessKeyId '+creds.accessKeyId)
#logger.info('creds.accessKeySecret '+creds.accessKeySecret)
#logger.info('creds.securityToken '+creds.securityToken)
client = AcsClient(credential=sts_token_credential)
#Regions in which vms should be decribed and checked if they belong to default SG
regions = ['cn-beijing', 'cn-shanghai', 'ap-southeast-1']
#regions = ['cn-shanghai']
toMerge = []
for eachReg in regions:
request = CommonRequest()
request.set_accept_format('json')
request.set_domain('ecs.aliyuncs.com')
request.set_method('GET')
request.set_protocol_type('https')
request.set_version('2014-05-26')
request.set_action_name('DescribeInstances')
request.add_query_param('RegionId', eachReg)
try:
response = client.do_action(request)
except ServerException as e:
print(e.get_http_status(), e.get_error_code(), e.get_error_msg())
raise e
vms = str(response, encoding='utf-8')
vmsJson = json.loads(vms)
instances = vmsJson['Instances']['Instance']
#instancesJson = json.loads(instances)
for instance in instances:
zoneid = instance['ZoneId']
instanceId = instance['InstanceId']
instanceName = instance['InstanceName']
#logger.info('zoneid '+str(zoneid))
logger.info('instanceName ' + str(instanceName) + str(' from ') +
str(eachReg))
#logger.info('tempInstances '+str(tempInstances))
#toMerge.extend(tempInstances)
#instances=json.dumps(toMerge)
return 'hello world'
def __init__(self, access_key_id, access_key_secret, security_token,
region):
local = bool(os.getenv('local', ""))
if local:
acs_creds = AccessKeyCredential(access_key_id, access_key_secret)
self.endpoint = 'kms.{}.aliyuncs.com'.format(region)
else:
acs_creds = StsTokenCredential(access_key_id, access_key_secret,
security_token)
self.endpoint = 'kms-vpc.{}.aliyuncs.com'.format(region)
self.clt = client.AcsClient(region_id=region, credential=acs_creds)
def make_request_new(self, params):
if not params:
raise Exception("Request parameters should not be empty.")
conn = client.AcsClient(self.acs_access_key_id,
self.acs_secret_access_key,
self.region,
user_agent=self.user_agent)
if self.security_token:
sts_token_credential = StsTokenCredential(self.access_key,
self.secret_key,
self.security_token)
conn = client.AcsClient(region_id=self.region,
user_agent=self.user_agent,
credential=sts_token_credential)
if not conn:
footmark.log.error('%s %s' % ('Null AcsClient ', conn))
raise self.FootmarkClientError('Null AcsClient ', conn)
timeout = 200
delay = 3
if not isinstance(params, dict):
raise Exception(
"Invalid request parameters: {0} should be a dict.".format(
params))
if not params.get('Action', params.get('action')):
raise Exception("'Action' is required for this request.")
while timeout > 0:
request = self.import_request(
params.get('Action', params.get('action')))
request.set_accept_format('json')
try:
for k, v in params.items():
if hasattr(request, k):
getattr(request, k)(v)
else:
request.add_query_param(k[4:], v)
return conn.do_action_with_exception(request)
except ServerException as e:
if str(e.error_code) == "SDK.ServerUnreachable" \
or str(e.message).__contains__("SDK.ServerUnreachable") \
or str(e.message).__contains__("Unable to connect server: timed out"):
time.sleep(delay)
timeout -= delay
continue
raise e
except Exception as e:
raise e
return None
def handler(event, context):
logger = logging.getLogger()
evt_lst = json.loads(event)
logger.info("Handling event: %s", evt_lst)
fnf_client = clients.get('fnf_client')
if fnf_client is None:
creds = context.credentials
sts_token_credential = StsTokenCredential(creds.access_key_id,
creds.access_key_secret,
creds.security_token)
fnf_client = client.AcsClient(region_id=context.region,
credential=sts_token_credential)
clients['fnf_client'] = fnf_client
request = StartExecutionRequest.StartExecutionRequest()
request.set_FlowName(os.environ["FLOW_NAME"])
evt = evt_lst["events"][0]
key = evt["oss"]["object"]["key"]
dest_access_role = os.environ.get("DEST_ACCESS_ROLE")
dest_access_role = '' if not dest_access_role or dest_access_role == 'None' else dest_access_role
input = {
"src_bucket": evt["oss"]["bucket"]["name"],
"dest_oss_endpoint": os.environ['DEST_OSS_ENDPOINT'],
"dest_bucket": os.environ['DEST_BUCKET'],
"dest_access_role": dest_access_role,
"key": key,
"total_size": evt["oss"]["object"]["size"]
}
request.set_Input(json.dumps(input))
execution_name = re.sub(r"[^a-zA-Z0-9-_]", "_",
key) + "-" + evt["responseElements"]["requestId"]
request.set_ExecutionName(execution_name)
logger.info("Starting flow execution: %s", execution_name)
try:
resp = fnf_client.do_action_with_exception(request)
return resp
except ServerException as e:
# https://help.aliyun.com/document_detail/122628.html
if e.get_error_code() == 'ExecutionAlreadyExists':
logger.warn("Execution %s already exists", execution_name)
return {}
else:
logger.error("Failed to call fnf due to server exception: %s", e)
raise e
def handler(event, context):
logger = logging.getLogger()
evt = json.loads(event)
logger.info("Handling event: %s", evt)
creds = context.credentials
local = bool(os.getenv('local', ""))
if (local):
acs_creds = AccessKeyCredential(creds.access_key_id,
creds.access_key_secret)
endpoint = "%s.fnf.aliyuncs.com" % context.region
else:
acs_creds = StsTokenCredential(creds.access_key_id,
creds.access_key_secret,
creds.security_token)
endpoint = "%s-internal.fnf.aliyuncs.com" % context.region
fnf_client = client.AcsClient(region_id=context.region,
credential=acs_creds)
request = StartExecutionRequest.StartExecutionRequest()
request.set_FlowName(os.environ["FLOW_NAME"])
request.set_endpoint(endpoint)
input = {
"src_bucket": evt["src_bucket"],
"dest_bucket": evt["dest_bucket"],
"prefix": evt["prefix"],
"marker": evt["marker"]
}
request.set_Input(json.dumps(input))
execution_name = re.sub(r"[^a-zA-Z0-9-_]", "_", evt["marker"])
request.set_ExecutionName(execution_name)
logger.info("Starting flow execution: %s", execution_name)
try:
resp = fnf_client.do_action_with_exception(request)
return resp
except ServerException as e:
# https://help.aliyun.com/document_detail/122628.html
if e.get_error_code() == 'ExecutionAlreadyExists':
logger.warn("Execution %s already exists", execution_name)
return {}
else:
logger.error("Failed to call fnf due to server exception: %s", e)
raise e
def handler(event, context):
logger = logging.getLogger()
evt = json.loads(event)
logger.info("Handling event: %s", evt)
creds = context.credentials
sts_token_credential = StsTokenCredential(creds.access_key_id,
creds.access_key_secret,
creds.security_token)
fnf_client = client.AcsClient(region_id=context.region,
credential=sts_token_credential)
request = ReportTaskSucceededRequest.ReportTaskSucceededRequest()
request.set_TaskToken(evt["taskToken"])
request.set_Output(json.dumps(evt["output"]))
return fnf_client.do_action_with_exception(request)
def handler(event, context):
logger = logging.getLogger()
evt = json.loads(event)
logger.info("Handling event: %s", evt)
creds = context.credentials
sts_token_credential = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token)
fnf_client = client.AcsClient(region_id=context.region, credential=sts_token_credential)
request = StartExecutionRequest.StartExecutionRequest()
request.set_FlowName(evt["flowName"])
request.set_Input(json.dumps(evt))
execution_name = evt["executionName"] + "-" + evt["key"]
request.set_ExecutionName(execution_name)
logger.info("Starting flow execution: %s", execution_name)
# TODO: swallow ExecutionAlreadyExists error
return fnf_client.do_action_with_exception(request)
def handler(environ, start_response):
global fnf_client
RESP_BODY = b'{}'
context = environ['fc.context']
request_uri = environ['fc.request_uri']
path = environ['PATH_INFO']
creds = context.credentials
query_params = parse_qs(urlparse(request_uri).query)
if fnf_client == None:
sts_creds = StsTokenCredential(creds.access_key_id,
creds.access_key_secret,
creds.security_token)
fnf_client = AcsClient(credential=sts_creds, region_id=context.region)
status = '200 OK'
request_method = environ['REQUEST_METHOD']
print(request_method)
print(path)
if request_method == 'POST' and path == '/start':
request_body_size = int(environ.get('CONTENT_LENGTH', 0))
request_body = environ['wsgi.input'].read(request_body_size)
print(request_body)
resp_s = start_execution(fnf_client, query_params['flowName'][0],
request_body, context.region)
resp = json.loads(resp_s)
resp_body_str = '{"executionName":"%s"}' % resp['Name']
RESP_BODY = resp_body_str.encode('utf-8')
elif request_method == 'GET' and path == '/describe':
resp = describe_execution(fnf_client, query_params['flowName'][0],
query_params['executionName'][0],
context.region)
RESP_BODY = resp
else:
status = '404 Not Found'
response_headers = [('Content-type', 'text/plain')]
start_response(status, response_headers)
return [RESP_BODY]
def handler(event, context):
logger = logging.getLogger()
evt = json.loads(event)
logger.info("Handling event: %s", evt)
creds = context.credentials
endpoint = '{}-internal.fnf.aliyuncs.com'.format(context.region)
if creds.security_token != None:
sts_creds = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token)
fnf_client = AcsClient(credential=sts_creds, region_id=context.region)
else:
# for local testing
fnf_client = AcsClient(creds.access_key_id, creds.access_key_secret, context.region)
endpoint = str.replace(endpoint, "-internal", "")
payload = evt.get('payload', '{}')
data = json.loads(payload)
logger.info(json.loads(data.get('input', '')))
request = StartExecutionRequest()
request.set_FlowName(data.get('flowName', ''))
request.set_Input(data.get('input', ''))
request.set_endpoint(endpoint)
fnf_client.do_action_with_exception(request)
def _upload_file(self, token, filename, file_or_string, cmk_id=None):
token_meta = self.introspect()
if token_meta['active'] == False:
raise BGEError('access_token has expired')
client_id = token_meta['client_id']
credentials = token.credentials
destination = token.destination
bucket_name = token.bucket
endpoint = token.endpoint
access_key_id = credentials['access_key_id']
access_key_secret = credentials['access_key_secret']
security_token = credentials['security_token']
auth = oss2.StsAuth(access_key_id, access_key_secret, security_token)
if cmk_id is not None:
region_id = token.region_id
kms_provider = oss2.AliKMSProvider(access_key_id,
access_key_secret, region_id,
cmk_id)
# NOTE 官方 oss2 处理 STS 加密上传存在 bug,等待其修复,此处做代码动态修改
sts_token_credential = StsTokenCredential(access_key_id,
access_key_secret,
security_token)
kms_provider.kms_client = AcsClient(
region_id=region_id, credential=sts_token_credential)
bucket = oss2.CryptoBucket(auth,
endpoint,
bucket_name,
crypto_provider=kms_provider)
else:
bucket = oss2.Bucket(auth, endpoint, bucket_name)
object_name = '%s/%s' % (destination, filename)
bge_open_client_id_header = 'x-oss-meta-bge-open-client-id'
custom_headers = {bge_open_client_id_header: client_id}
bucket.put_object(object_name,
file_or_string,
headers=custom_headers,
progress_callback=progress_callback)
sys.stdout.write('')
return object_name
def handler(environ, start_response):
# Get request body
try:
request_body_size = int(environ.get('CONTENT_LENGTH', 0))
except ValueError:
request_body_size = 0
request_body = environ['wsgi.input'].read(request_body_size)
print('Request body: {}'.format(request_body))
body = json.loads(request_body)
message_body_str = body['Message']
# Read MessageBody and TaskToken from message body
message_body = json.loads(message_body_str)
task_token = message_body['taskToken']
ori_message_body = message_body['messageBody']
print('Task token: {}\norigin message body: {}'.format(
task_token, ori_message_body))
# Init fnf client use sts token
context = environ['fc.context']
creds = context.credentials
sts_creds = StsTokenCredential(creds.access_key_id,
creds.access_key_secret,
creds.security_token)
fnf_client = AcsClient(credential=sts_creds, region_id=context.region)
# Report task succeeded to serverless workflow
req = ReportTaskSucceededRequest()
req.set_TaskToken(task_token)
req.set_Output('{"status": "success"}')
resp = fnf_client.do_action_with_exception(req)
print('Report task response: {}'.format(resp))
# Response to http request
status = '200 OK'
response_headers = [('Content-type', 'text/plain')]
start_response(status, response_headers)
return [b'OK']
def get_oss_client(context, endpoint, bucket, access_role=None):
creds = context.credentials
key_id, key_secret, token = creds.access_key_id, creds.access_key_secret, creds.security_token
local = bool(os.getenv('local', ""))
if access_role:
req = AssumeRoleRequest.AssumeRoleRequest()
req.set_accept_format('json')
req.set_RoleArn(access_role)
req.set_RoleSessionName('oss-copy')
if local:
acs_creds1 = AccessKeyCredential(creds.access_key_id,
creds.access_key_secret)
else:
acs_creds1 = StsTokenCredential(creds.access_key_id,
creds.access_key_secret,
creds.security_token)
# Since the function instance runs within VPC (FC system), the endpoint has to be either public or vpc endpoint.
# Here the VPC endpoint is used because it's more secure, latency is low and no public network usage is incurred.
req.set_endpoint('sts-vpc.%s.aliyuncs.com' % (context.region))
# Create clt1 with temp credentials provided by fc context
clt = client.AcsClient(region_id=context.region, credential=acs_creds1)
body1 = clt.do_action(req)
ar_resp1 = json.loads(body1)
# Now we get another temp credentials
tmp_creds2 = ar_resp1['Credentials']
key_id, key_secret, token = tmp_creds2['AccessKeyId'], tmp_creds2[
'AccessKeySecret'], tmp_creds2['SecurityToken']
auth = oss2.StsAuth(key_id, key_secret, token)
else:
if local:
auth = oss2.Auth(key_id, key_secret)
else:
auth = oss2.StsAuth(key_id, key_secret, token)
# for local testing, use the public endpoint
endpoint = str.replace(endpoint, "-internal", "") if local else endpoint
return oss2.Bucket(auth, endpoint, bucket)
def handler(event, context):
evt = json.loads(event)
evt = evt["events"]
oss_bucket_name = evt[0]["oss"]["bucket"]["name"]
object_key = evt[0]["oss"]["object"]["key"]
creds = context.credentials
sts_token_credential = StsTokenCredential(creds.access_key_id,
creds.access_key_secret,
creds.security_token)
client = AcsClient(region_id=context.region,
credential=sts_token_credential)
dst_formats = DST_FORMATS.split(",")
dst_formats = [i.strip() for i in dst_formats]
input = {
"oss_bucket_name": oss_bucket_name,
"video_key": object_key,
"output_prefix": OUTPUT_DST,
"segment_time_seconds": int(SEG_INTERVAL),
"dst_formats": dst_formats
}
try:
request = StartExecutionRequest.StartExecutionRequest()
request.set_FlowName(FLOW_NAME)
request.set_Input(json.dumps(input))
execution_name = re.sub(r"[^a-zA-Z0-9-_]", "_",
object_key) + "-" + context.request_id
request.set_ExecutionName(execution_name)
return client.do_action_with_exception(request)
except ServerException as e:
LOGGER.info(e.get_request_id())
return "ok"
def test_StsTokenCredential(self):
c = StsTokenCredential("sts_access_key_id", "sts_access_key_secret",
"sts_token")
self.assertEqual("sts_access_key_id", c.sts_access_key_id)
self.assertEqual("sts_access_key_secret", c.sts_access_key_secret)
self.assertEqual("sts_token", c.sts_token)
def __init__(self, account_id=None, role=None, region_id="eu-central-1"):
"""
Constructor of alicloudConnect.
We will try to connect with env first, config credentials and finally with instance role.
User will use the AcsClient to deal with aliyun api.
:param account_id:
:param role:
"""
# caller will need to pass accessKey, secretKey
# if stsToken = None / or pass stsToken if it is not none.
self.__client = None
self.access_key_id = None
self.access_key_secret = None
self.region_id = region_id
self.sts_token = None
aliyun_request.set_default_protocol_type(protocol_type.HTTPS)
# each api has it's own version !
self.version_2014_05_26 = "2014-05-26"
self.version_2015_05_01 = "2015-05-01"
self.version_2015_04_01 = "2015-04-01"
# endpoint definiton by service
self.ecs_domain = "ecs.{}.aliyuncs.com".format(self.region_id)
self.sts_domain = "sts.aliyuncs.com"
self.ram_domain = "ram.aliyuncs.com"
access_key_id = ''
access_key_secret = ''
connect_with_credential = False
connect_with_role = False
config_file = path.expanduser('~') + "/.aliyun/config.json"
logging.info('Connection to Alicloud.')
if 'ALICLOUD_ACCESS_KEY' in environ:
logging.info(
'Trying to connect with credentials from environment.')
access_key_id = environ['ALICLOUD_ACCESS_KEY']
if 'ALICLOUD_SECRET_KEY' in environ:
access_key_secret = environ['ALICLOUD_SECRET_KEY']
connect_with_credential = True
self.access_key_id = access_key_id
self.access_key_secret = access_key_secret
else:
logging.info(
'Both access ALICLOUD_ACCESS_KEY and secret ALICLOUD_SECRET_KEY are mandatory.'
)
elif path.exists(config_file):
logging.info('Trying to connect with config credentials.')
config = json.load(open(config_file))
access_key_id = config['profiles'][1]['access_key_id']
access_key_secret = config['profiles'][1]['access_key_secret']
region_id = config['profiles'][1]['region_id']
connect_with_credential = True
self.access_key_id = access_key_id
self.access_key_secret = access_key_secret
elif account_id is not None and role is not None:
logging.info('Trying to connect with instance role.')
response = requests.get(
'http://100.100.100.200/latest/meta-data/ram/security-credentials/%s'
% role,
timeout=5).json()
sts_access_key = response['AccessKeyId']
sts_secret_key = response['AccessKeySecret']
sts_token_session = response['SecurityToken']
self.access_key_id = sts_access_key
self.access_key_secret = sts_secret_key
connect_with_role = True
else:
logging.error('No valid connection type provided.')
try:
if connect_with_credential:
self.__client = AcsClient(access_key_id, access_key_secret,
region_id)
elif connect_with_role:
sts_token_credential = StsTokenCredential(
sts_access_key, sts_secret_key, sts_token_session)
self.sts_token = sts_token_credential
self.__client = AcsClient(region_id=self.region_id,
credential=sts_token_credential)
except Exception as e:
logging.error(e)
logging.debug(traceback.format_exc())
logging.debug(sys.exc_info()[0])
def handler(event, context):
logger = logging.getLogger()
logger.info('initializing')
ACCESS_KEY_ID = context.credentials.accessKeyId
ACCESS_KEY_SECRET = context.credentials.accessKeySecret
ACCESS_KEY_TOKEN = context.credentials.securityToken
#OSS関連初期設定
Event = json.loads(event.decode('utf-8').replace("'", '"'))
OssRegion = Event["events"][0]["region"]
BuketName = Event["events"][0]["oss"]["bucket"]["name"]
ObjectName = Event["events"][0]["oss"]["object"]["key"]
OssEndPoint = "oss-" + OssRegion + ".aliyuncs.com"
# ECS関連初期設定
InstanceIdSet = []
UserName = ""
TagName = os.environ['TAG_NAME']
# OSS
auth = oss2.StsAuth(ACCESS_KEY_ID, ACCESS_KEY_SECRET, ACCESS_KEY_TOKEN)
bucket = oss2.Bucket(auth, OssEndPoint, BuketName)
tmpdir = '/tmp/download/'
os.system("rm -rf /tmp/*")
os.mkdir(tmpdir)
# 対象ActionTrailログをOSSからダウンロード
bucket.get_object_to_file(ObjectName, tmpdir + 'trail_log.gz')
os.system("gunzip /tmp/download/trail_log.gz")
with open('/tmp/download/trail_log') as data:
OssNotification = json.load(data)
for actionTrailLog in OssNotification:
logger.info("*" * 20)
logger.info("eventName : " + actionTrailLog["eventName"])
logger.info("acsRegion : " + actionTrailLog["acsRegion"])
logger.info("*" * 20)
ECS = ["RunInstances", "CreateInstance"]
if actionTrailLog["eventName"] in ECS:
if actionTrailLog["eventName"] == "RunInstances":
InstanceIdSet = actionTrailLog["responseElements"][
"InstanceIdSets"]["InstanceIdSet"]
if actionTrailLog["eventName"] == "CreateInstance":
InstanceIdSet.append(
actionTrailLog["responseElements"]["InstanceId"])
# logger.info(InstanceIdSet)
UserName = actionTrailLog["userIdentity"]["userName"]
EcsRegion = actionTrailLog["acsRegion"]
else:
logger.info("Isn't target event !")
return 0
# ECS instanceにOwnerタグを追加
sts = StsTokenCredential(ACCESS_KEY_ID, ACCESS_KEY_SECRET,
ACCESS_KEY_TOKEN)
client = AcsClient(region_id=EcsRegion, credential=sts)
for instance in InstanceIdSet:
request = AddTagsRequest.AddTagsRequest()
request.set_ResourceType("instance")
request.set_ResourceId(instance)
Tags = [{"Key": TagName, "Value": UserName}]
request.set_Tags(Tags)
client.do_action_with_exception(request)
return 0
