def handler(event, context): logger = logging.getLogger() evt_lst = json.loads(event) logger.info("Handling event: %s", evt_lst) creds = context.credentials sts_token_credential = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token) fnf_client = client.AcsClient(region_id=context.region, credential=sts_token_credential) request = StartExecutionRequest.StartExecutionRequest() request.set_FlowName(os.environ["FLOW_NAME"]) evt = evt_lst["events"][0] key = evt["oss"]["object"]["key"] input = { "src_bucket": evt["oss"]["bucket"]["name"], "dest_bucket": os.environ['DEST_BUCKET'], "key": key, "total_size": evt["oss"]["object"]["size"] } request.set_Input(json.dumps(input)) execution_name = re.sub(r"[^a-zA-Z0-9-_]", "_", key) + "-" + evt["responseElements"]["requestId"] request.set_ExecutionName(execution_name) logger.info("Starting flow execution: %s", execution_name) # TODO: swallow ExecutionAlreadyExists error return fnf_client.do_action_with_exception(request)
def handler(event, context): creds = context.credentials sts_token_credential = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token) evt = json.loads(event) content = evt.get("content") ecsInstanceId = content.get("ecsInstanceId") regionId = evt.get("regionId") global clt clt = client.AcsClient(region_id=regionId, credential=sts_token_credential) name = evt.get("name") name = name.lower() if name in [ 'Instance:SystemFailure.Reboot:Executed'.lower(), "Instance:InstanceFailure.Reboot:Executed".lower() ]: request = DescribeDisksRequest() request.add_query_param("RegionId", regionId) request.set_InstanceId(ecsInstanceId) response = _send_request(request) disks = response.get('Disks').get('Disk', []) for disk in disks: diskId = disk["DiskId"] SnapshotId = create_ecs_snap_by_id(diskId) LOGGER.info("Create ecs snap sucess, ecs id = %s , disk id = %s ", ecsInstanceId, diskId)
def test_rpc_common_request_with_sts_token(self): # create AssumeRole request ,Acquire a temporary ak request = AssumeRoleRequest() # the role must exist # FIXME : the RoleArn must according to user's setting request.set_RoleArn("acs:ram::1988236124481530:role/testrole") request.set_RoleSessionName("alice_test") sub_client = self.init_sub_client() response = sub_client.do_action_with_exception(request) response = self.get_dict_response(response) credentials = response.get("Credentials") # Using temporary AK + STS for authentication sts_token_credential = StsTokenCredential( credentials.get("AccessKeyId"), credentials.get("AccessKeySecret"), credentials.get("SecurityToken") ) acs_client = AcsClient( region_id="me-east-1", credential=sts_token_credential) # the common request request = CommonRequest( domain="ecs.aliyuncs.com", version="2014-05-26", action_name="DescribeRegions") response = acs_client.do_action_with_exception(request) ret = self.get_dict_response(response) self.assertTrue(ret.get("Regions")) self.assertTrue(ret.get("RequestId"))
def make_request(self, action, params=None): conn = client.AcsClient(self.acs_access_key_id, self.acs_secret_access_key, self.region, user_agent=self.user_agent) if self.security_token: sts_token_credential = StsTokenCredential(self.access_key, self.secret_key, self.security_token) conn = client.AcsClient(region_id=self.region, user_agent=self.user_agent, credential=sts_token_credential) if not conn: footmark.log.error('%s %s' % ('Null AcsClient ', conn)) raise self.FootmarkClientError('Null AcsClient ', conn) timeout = 200 delay = 3 while timeout > 0: try: request = self.import_request(action) request.set_accept_format('json') if params and isinstance(params, dict): for k, v in list(params.items()): if hasattr(request, k): getattr(request, k)(v) else: request.add_query_param(k[4:], v) return conn.do_action_with_exception(request) except Exception as e: if str(e.error_code) == "SDK.ServerUnreachable" \ or str(e.message).__contains__("SDK.ServerUnreachable") \ or str(e.message).__contains__("Unable to connect server: timed out"): time.sleep(delay) timeout -= delay continue raise e return None
def handler(event, context): evt = json.loads(event) evt = evt["events"] oss_bucket_name = evt[0]["oss"]["bucket"]["name"] object_key = evt[0]["oss"]["object"]["key"] creds = context.credentials sts_token_credential = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token) client = AcsClient(region_id=context.region, credential=sts_token_credential) input = { "oss_bucket_name": oss_bucket_name, "video_key": object_key, "output_prefix": OUTPUT_DST, "segment_time_seconds": 25 # 视频 25 s 一个分片 } try: request = StartExecutionRequest.StartExecutionRequest() request.set_FlowName(FLOW_NAME) request.set_Input(json.dumps(input)) return client.do_action_with_exception(request) except ServerException as e: LOGGER.info(e.get_request_id()) return "ok"
def test_call_rpc_request_with_sts_token(self): client = self.init_sub_client() self._create_default_ram_role() request = AssumeRoleRequest() request.set_RoleArn(self.ram_role_arn) request.set_RoleSessionName(self.default_role_session_name) response = client.do_action_with_exception(request) response = self.get_dict_response(response) credentials = response.get("Credentials") # Using temporary AK + STS for authentication sts_token_credential = StsTokenCredential( credentials.get("AccessKeyId"), credentials.get("AccessKeySecret"), credentials.get("SecurityToken")) acs_client = AcsClient(region_id=self.region_id, credential=sts_token_credential) request = DescribeRegionsRequest() url = self.get_http_request(acs_client, request) self.assertTrue(url.find("AccessKeyId=STS.")) response = acs_client.do_action_with_exception(request) ret = self.get_dict_response(response) self._delete_default_ram_role() self._delete_access_key() self.assertTrue(ret.get("Regions")) self.assertTrue(ret.get("RequestId"))
def test_sts_token_signer(self): credential = StsTokenCredential('sts_access_key_id', 'sts_access_key_secret', 'sts_token') signer = StsTokenSigner(credential) # for rpc request = RpcRequest("product", "version", "action_name") self.assertIsNone(request.get_query_params().get("SecurityToken")) headers, url = signer.sign('cn-hangzhou', request) self.assertDictEqual( request.get_headers(), { 'x-acs-action': 'action_name', 'x-acs-version': 'version', 'x-sdk-invoke-type': 'normal' }) self.assertEqual(request.get_query_params().get("SecurityToken"), 'sts_token') # self.assertEqual(url, "/?SignatureVersion=1.0&Format=None" # "&Timestamp=2018-12-02T11%3A03%3A01Z&RegionId=cn-hangzhou" # "&AccessKeyId=access_key_id&SignatureMethod=HMAC-SHA1&Version=version" # "&Signature=AmdeJh1ZOW6PgwM3%2BROhEnbKII4%3D&Action=action_name" # "&SignatureNonce=d5e6e832-7f95-4f26-9e28-017f735721f8&SignatureType=') request = RoaRequest("product", "version", "action_name", uri_pattern="/") request.set_method('get') self.assertIsNone(request.get_headers().get("x-acs-security-token")) headers, url = signer.sign('cn-hangzhou', request) self.assertEqual(request.get_headers().get("x-acs-security-token"), 'sts_token')
def test_rpc_common_request_with_sts_token(self): sub_client = self.init_sub_client() self._create_default_ram_role() self._attach_default_policy() request = AssumeRoleRequest() request.set_RoleArn(self.ram_role_arn) request.set_RoleSessionName(self.default_role_session_name) response = sub_client.do_action_with_exception(request) response = self.get_dict_response(response) credentials = response.get("Credentials") # Using temporary AK + STS for authentication sts_token_credential = StsTokenCredential( credentials.get("AccessKeyId"), credentials.get("AccessKeySecret"), credentials.get("SecurityToken")) acs_client = AcsClient(region_id="me-east-1", credential=sts_token_credential) # the common request request = CommonRequest(domain="ecs.aliyuncs.com", version="2014-05-26", action_name="DescribeRegions") response = acs_client.do_action_with_exception(request) ret = self.get_dict_response(response) self.assertTrue(ret.get("Regions")) self.assertTrue(ret.get("RequestId"))
def test_call_rpc_request_with_sts_token(self): # create AssumeRole request ,Acquire a temporary ak request = AssumeRoleRequest() # the role must exist # FIXME : the RoleArn must according to user's setting request.set_RoleArn("acs:ram::1988236124481530:role/testrole") request.set_RoleSessionName("alice_test") client = self.init_sub_client() response = client.do_action_with_exception(request) response = self.get_dict_response(response) credentials = response.get("Credentials") # Using temporary AK + STS for authentication sts_token_credential = StsTokenCredential( credentials.get("AccessKeyId"), credentials.get("AccessKeySecret"), credentials.get("SecurityToken")) acs_client = AcsClient(region_id="me-east-1", credential=sts_token_credential) request = DescribeRegionsRequest() url = self.get_http_request(acs_client, request) self.assertTrue(url.find("AccessKeyId=STS.")) response = acs_client.do_action_with_exception(request) ret = self.get_dict_response(response) self.assertTrue(ret.get("Regions")) self.assertTrue(ret.get("RequestId"))
def handler(event, context): evt = json.loads(event) if 'taskToken' not in evt: return '{"status": "callback failed", "message": "no taskToken in inputs."}' creds = context.credentials sts_token_credential = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token) fnf_cli = client.AcsClient(region_id=context.region, credential=sts_token_credential) """ this shows how to report task failed with error and cause. try: res = report_task_failed(fnf_cli, task_token=evt["taskToken"], error=seed, cause="random error triggered") except ServerException as e: return '{"status": "child callback failed: %s"}' % e """ time.sleep(random.randint(10, 20)) try: res = report_task_succeded( fnf_cli, task_token=evt["taskToken"], output='{"status":"report task with token: %s"}' % evt["taskToken"]) except ServerException as e: return '{"status": "callback failed: %s"}' % e return '{"status": "callback succeeded"}'
def handler(event, context): logger = logging.getLogger() logger.info('hello world') creds = context.credentials sts_token_credential = StsTokenCredential(creds.accessKeyId, creds.accessKeySecret, creds.securityToken) #logger.info('creds.accessKeyId '+creds.accessKeyId) #logger.info('creds.accessKeySecret '+creds.accessKeySecret) #logger.info('creds.securityToken '+creds.securityToken) client = AcsClient(credential=sts_token_credential) #Regions in which vms should be decribed and checked if they belong to default SG regions = ['cn-beijing', 'cn-shanghai', 'ap-southeast-1'] #regions = ['cn-shanghai'] toMerge = [] for eachReg in regions: request = CommonRequest() request.set_accept_format('json') request.set_domain('ecs.aliyuncs.com') request.set_method('GET') request.set_protocol_type('https') request.set_version('2014-05-26') request.set_action_name('DescribeInstances') request.add_query_param('RegionId', eachReg) try: response = client.do_action(request) except ServerException as e: print(e.get_http_status(), e.get_error_code(), e.get_error_msg()) raise e vms = str(response, encoding='utf-8') vmsJson = json.loads(vms) instances = vmsJson['Instances']['Instance'] #instancesJson = json.loads(instances) for instance in instances: zoneid = instance['ZoneId'] instanceId = instance['InstanceId'] instanceName = instance['InstanceName'] #logger.info('zoneid '+str(zoneid)) logger.info('instanceName ' + str(instanceName) + str(' from ') + str(eachReg)) #logger.info('tempInstances '+str(tempInstances)) #toMerge.extend(tempInstances) #instances=json.dumps(toMerge) return 'hello world'
def __init__(self, access_key_id, access_key_secret, security_token, region): local = bool(os.getenv('local', "")) if local: acs_creds = AccessKeyCredential(access_key_id, access_key_secret) self.endpoint = 'kms.{}.aliyuncs.com'.format(region) else: acs_creds = StsTokenCredential(access_key_id, access_key_secret, security_token) self.endpoint = 'kms-vpc.{}.aliyuncs.com'.format(region) self.clt = client.AcsClient(region_id=region, credential=acs_creds)
def make_request_new(self, params): if not params: raise Exception("Request parameters should not be empty.") conn = client.AcsClient(self.acs_access_key_id, self.acs_secret_access_key, self.region, user_agent=self.user_agent) if self.security_token: sts_token_credential = StsTokenCredential(self.access_key, self.secret_key, self.security_token) conn = client.AcsClient(region_id=self.region, user_agent=self.user_agent, credential=sts_token_credential) if not conn: footmark.log.error('%s %s' % ('Null AcsClient ', conn)) raise self.FootmarkClientError('Null AcsClient ', conn) timeout = 200 delay = 3 if not isinstance(params, dict): raise Exception( "Invalid request parameters: {0} should be a dict.".format( params)) if not params.get('Action', params.get('action')): raise Exception("'Action' is required for this request.") while timeout > 0: request = self.import_request( params.get('Action', params.get('action'))) request.set_accept_format('json') try: for k, v in params.items(): if hasattr(request, k): getattr(request, k)(v) else: request.add_query_param(k[4:], v) return conn.do_action_with_exception(request) except ServerException as e: if str(e.error_code) == "SDK.ServerUnreachable" \ or str(e.message).__contains__("SDK.ServerUnreachable") \ or str(e.message).__contains__("Unable to connect server: timed out"): time.sleep(delay) timeout -= delay continue raise e except Exception as e: raise e return None
def handler(event, context): logger = logging.getLogger() evt_lst = json.loads(event) logger.info("Handling event: %s", evt_lst) fnf_client = clients.get('fnf_client') if fnf_client is None: creds = context.credentials sts_token_credential = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token) fnf_client = client.AcsClient(region_id=context.region, credential=sts_token_credential) clients['fnf_client'] = fnf_client request = StartExecutionRequest.StartExecutionRequest() request.set_FlowName(os.environ["FLOW_NAME"]) evt = evt_lst["events"][0] key = evt["oss"]["object"]["key"] dest_access_role = os.environ.get("DEST_ACCESS_ROLE") dest_access_role = '' if not dest_access_role or dest_access_role == 'None' else dest_access_role input = { "src_bucket": evt["oss"]["bucket"]["name"], "dest_oss_endpoint": os.environ['DEST_OSS_ENDPOINT'], "dest_bucket": os.environ['DEST_BUCKET'], "dest_access_role": dest_access_role, "key": key, "total_size": evt["oss"]["object"]["size"] } request.set_Input(json.dumps(input)) execution_name = re.sub(r"[^a-zA-Z0-9-_]", "_", key) + "-" + evt["responseElements"]["requestId"] request.set_ExecutionName(execution_name) logger.info("Starting flow execution: %s", execution_name) try: resp = fnf_client.do_action_with_exception(request) return resp except ServerException as e: # https://help.aliyun.com/document_detail/122628.html if e.get_error_code() == 'ExecutionAlreadyExists': logger.warn("Execution %s already exists", execution_name) return {} else: logger.error("Failed to call fnf due to server exception: %s", e) raise e
def handler(event, context): logger = logging.getLogger() evt = json.loads(event) logger.info("Handling event: %s", evt) creds = context.credentials local = bool(os.getenv('local', "")) if (local): acs_creds = AccessKeyCredential(creds.access_key_id, creds.access_key_secret) endpoint = "%s.fnf.aliyuncs.com" % context.region else: acs_creds = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token) endpoint = "%s-internal.fnf.aliyuncs.com" % context.region fnf_client = client.AcsClient(region_id=context.region, credential=acs_creds) request = StartExecutionRequest.StartExecutionRequest() request.set_FlowName(os.environ["FLOW_NAME"]) request.set_endpoint(endpoint) input = { "src_bucket": evt["src_bucket"], "dest_bucket": evt["dest_bucket"], "prefix": evt["prefix"], "marker": evt["marker"] } request.set_Input(json.dumps(input)) execution_name = re.sub(r"[^a-zA-Z0-9-_]", "_", evt["marker"]) request.set_ExecutionName(execution_name) logger.info("Starting flow execution: %s", execution_name) try: resp = fnf_client.do_action_with_exception(request) return resp except ServerException as e: # https://help.aliyun.com/document_detail/122628.html if e.get_error_code() == 'ExecutionAlreadyExists': logger.warn("Execution %s already exists", execution_name) return {} else: logger.error("Failed to call fnf due to server exception: %s", e) raise e
def handler(event, context): logger = logging.getLogger() evt = json.loads(event) logger.info("Handling event: %s", evt) creds = context.credentials sts_token_credential = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token) fnf_client = client.AcsClient(region_id=context.region, credential=sts_token_credential) request = ReportTaskSucceededRequest.ReportTaskSucceededRequest() request.set_TaskToken(evt["taskToken"]) request.set_Output(json.dumps(evt["output"])) return fnf_client.do_action_with_exception(request)
def handler(event, context): logger = logging.getLogger() evt = json.loads(event) logger.info("Handling event: %s", evt) creds = context.credentials sts_token_credential = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token) fnf_client = client.AcsClient(region_id=context.region, credential=sts_token_credential) request = StartExecutionRequest.StartExecutionRequest() request.set_FlowName(evt["flowName"]) request.set_Input(json.dumps(evt)) execution_name = evt["executionName"] + "-" + evt["key"] request.set_ExecutionName(execution_name) logger.info("Starting flow execution: %s", execution_name) # TODO: swallow ExecutionAlreadyExists error return fnf_client.do_action_with_exception(request)
def handler(environ, start_response): global fnf_client RESP_BODY = b'{}' context = environ['fc.context'] request_uri = environ['fc.request_uri'] path = environ['PATH_INFO'] creds = context.credentials query_params = parse_qs(urlparse(request_uri).query) if fnf_client == None: sts_creds = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token) fnf_client = AcsClient(credential=sts_creds, region_id=context.region) status = '200 OK' request_method = environ['REQUEST_METHOD'] print(request_method) print(path) if request_method == 'POST' and path == '/start': request_body_size = int(environ.get('CONTENT_LENGTH', 0)) request_body = environ['wsgi.input'].read(request_body_size) print(request_body) resp_s = start_execution(fnf_client, query_params['flowName'][0], request_body, context.region) resp = json.loads(resp_s) resp_body_str = '{"executionName":"%s"}' % resp['Name'] RESP_BODY = resp_body_str.encode('utf-8') elif request_method == 'GET' and path == '/describe': resp = describe_execution(fnf_client, query_params['flowName'][0], query_params['executionName'][0], context.region) RESP_BODY = resp else: status = '404 Not Found' response_headers = [('Content-type', 'text/plain')] start_response(status, response_headers) return [RESP_BODY]
def handler(event, context): logger = logging.getLogger() evt = json.loads(event) logger.info("Handling event: %s", evt) creds = context.credentials endpoint = '{}-internal.fnf.aliyuncs.com'.format(context.region) if creds.security_token != None: sts_creds = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token) fnf_client = AcsClient(credential=sts_creds, region_id=context.region) else: # for local testing fnf_client = AcsClient(creds.access_key_id, creds.access_key_secret, context.region) endpoint = str.replace(endpoint, "-internal", "") payload = evt.get('payload', '{}') data = json.loads(payload) logger.info(json.loads(data.get('input', ''))) request = StartExecutionRequest() request.set_FlowName(data.get('flowName', '')) request.set_Input(data.get('input', '')) request.set_endpoint(endpoint) fnf_client.do_action_with_exception(request)
def _upload_file(self, token, filename, file_or_string, cmk_id=None): token_meta = self.introspect() if token_meta['active'] == False: raise BGEError('access_token has expired') client_id = token_meta['client_id'] credentials = token.credentials destination = token.destination bucket_name = token.bucket endpoint = token.endpoint access_key_id = credentials['access_key_id'] access_key_secret = credentials['access_key_secret'] security_token = credentials['security_token'] auth = oss2.StsAuth(access_key_id, access_key_secret, security_token) if cmk_id is not None: region_id = token.region_id kms_provider = oss2.AliKMSProvider(access_key_id, access_key_secret, region_id, cmk_id) # NOTE 官方 oss2 处理 STS 加密上传存在 bug,等待其修复,此处做代码动态修改 sts_token_credential = StsTokenCredential(access_key_id, access_key_secret, security_token) kms_provider.kms_client = AcsClient( region_id=region_id, credential=sts_token_credential) bucket = oss2.CryptoBucket(auth, endpoint, bucket_name, crypto_provider=kms_provider) else: bucket = oss2.Bucket(auth, endpoint, bucket_name) object_name = '%s/%s' % (destination, filename) bge_open_client_id_header = 'x-oss-meta-bge-open-client-id' custom_headers = {bge_open_client_id_header: client_id} bucket.put_object(object_name, file_or_string, headers=custom_headers, progress_callback=progress_callback) sys.stdout.write('') return object_name
def handler(environ, start_response): # Get request body try: request_body_size = int(environ.get('CONTENT_LENGTH', 0)) except ValueError: request_body_size = 0 request_body = environ['wsgi.input'].read(request_body_size) print('Request body: {}'.format(request_body)) body = json.loads(request_body) message_body_str = body['Message'] # Read MessageBody and TaskToken from message body message_body = json.loads(message_body_str) task_token = message_body['taskToken'] ori_message_body = message_body['messageBody'] print('Task token: {}\norigin message body: {}'.format( task_token, ori_message_body)) # Init fnf client use sts token context = environ['fc.context'] creds = context.credentials sts_creds = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token) fnf_client = AcsClient(credential=sts_creds, region_id=context.region) # Report task succeeded to serverless workflow req = ReportTaskSucceededRequest() req.set_TaskToken(task_token) req.set_Output('{"status": "success"}') resp = fnf_client.do_action_with_exception(req) print('Report task response: {}'.format(resp)) # Response to http request status = '200 OK' response_headers = [('Content-type', 'text/plain')] start_response(status, response_headers) return [b'OK']
def get_oss_client(context, endpoint, bucket, access_role=None): creds = context.credentials key_id, key_secret, token = creds.access_key_id, creds.access_key_secret, creds.security_token local = bool(os.getenv('local', "")) if access_role: req = AssumeRoleRequest.AssumeRoleRequest() req.set_accept_format('json') req.set_RoleArn(access_role) req.set_RoleSessionName('oss-copy') if local: acs_creds1 = AccessKeyCredential(creds.access_key_id, creds.access_key_secret) else: acs_creds1 = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token) # Since the function instance runs within VPC (FC system), the endpoint has to be either public or vpc endpoint. # Here the VPC endpoint is used because it's more secure, latency is low and no public network usage is incurred. req.set_endpoint('sts-vpc.%s.aliyuncs.com' % (context.region)) # Create clt1 with temp credentials provided by fc context clt = client.AcsClient(region_id=context.region, credential=acs_creds1) body1 = clt.do_action(req) ar_resp1 = json.loads(body1) # Now we get another temp credentials tmp_creds2 = ar_resp1['Credentials'] key_id, key_secret, token = tmp_creds2['AccessKeyId'], tmp_creds2[ 'AccessKeySecret'], tmp_creds2['SecurityToken'] auth = oss2.StsAuth(key_id, key_secret, token) else: if local: auth = oss2.Auth(key_id, key_secret) else: auth = oss2.StsAuth(key_id, key_secret, token) # for local testing, use the public endpoint endpoint = str.replace(endpoint, "-internal", "") if local else endpoint return oss2.Bucket(auth, endpoint, bucket)
def handler(event, context): evt = json.loads(event) evt = evt["events"] oss_bucket_name = evt[0]["oss"]["bucket"]["name"] object_key = evt[0]["oss"]["object"]["key"] creds = context.credentials sts_token_credential = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token) client = AcsClient(region_id=context.region, credential=sts_token_credential) dst_formats = DST_FORMATS.split(",") dst_formats = [i.strip() for i in dst_formats] input = { "oss_bucket_name": oss_bucket_name, "video_key": object_key, "output_prefix": OUTPUT_DST, "segment_time_seconds": int(SEG_INTERVAL), "dst_formats": dst_formats } try: request = StartExecutionRequest.StartExecutionRequest() request.set_FlowName(FLOW_NAME) request.set_Input(json.dumps(input)) execution_name = re.sub(r"[^a-zA-Z0-9-_]", "_", object_key) + "-" + context.request_id request.set_ExecutionName(execution_name) return client.do_action_with_exception(request) except ServerException as e: LOGGER.info(e.get_request_id()) return "ok"
def test_StsTokenCredential(self): c = StsTokenCredential("sts_access_key_id", "sts_access_key_secret", "sts_token") self.assertEqual("sts_access_key_id", c.sts_access_key_id) self.assertEqual("sts_access_key_secret", c.sts_access_key_secret) self.assertEqual("sts_token", c.sts_token)
def __init__(self, account_id=None, role=None, region_id="eu-central-1"): """ Constructor of alicloudConnect. We will try to connect with env first, config credentials and finally with instance role. User will use the AcsClient to deal with aliyun api. :param account_id: :param role: """ # caller will need to pass accessKey, secretKey # if stsToken = None / or pass stsToken if it is not none. self.__client = None self.access_key_id = None self.access_key_secret = None self.region_id = region_id self.sts_token = None aliyun_request.set_default_protocol_type(protocol_type.HTTPS) # each api has it's own version ! self.version_2014_05_26 = "2014-05-26" self.version_2015_05_01 = "2015-05-01" self.version_2015_04_01 = "2015-04-01" # endpoint definiton by service self.ecs_domain = "ecs.{}.aliyuncs.com".format(self.region_id) self.sts_domain = "sts.aliyuncs.com" self.ram_domain = "ram.aliyuncs.com" access_key_id = '' access_key_secret = '' connect_with_credential = False connect_with_role = False config_file = path.expanduser('~') + "/.aliyun/config.json" logging.info('Connection to Alicloud.') if 'ALICLOUD_ACCESS_KEY' in environ: logging.info( 'Trying to connect with credentials from environment.') access_key_id = environ['ALICLOUD_ACCESS_KEY'] if 'ALICLOUD_SECRET_KEY' in environ: access_key_secret = environ['ALICLOUD_SECRET_KEY'] connect_with_credential = True self.access_key_id = access_key_id self.access_key_secret = access_key_secret else: logging.info( 'Both access ALICLOUD_ACCESS_KEY and secret ALICLOUD_SECRET_KEY are mandatory.' ) elif path.exists(config_file): logging.info('Trying to connect with config credentials.') config = json.load(open(config_file)) access_key_id = config['profiles'][1]['access_key_id'] access_key_secret = config['profiles'][1]['access_key_secret'] region_id = config['profiles'][1]['region_id'] connect_with_credential = True self.access_key_id = access_key_id self.access_key_secret = access_key_secret elif account_id is not None and role is not None: logging.info('Trying to connect with instance role.') response = requests.get( 'http://100.100.100.200/latest/meta-data/ram/security-credentials/%s' % role, timeout=5).json() sts_access_key = response['AccessKeyId'] sts_secret_key = response['AccessKeySecret'] sts_token_session = response['SecurityToken'] self.access_key_id = sts_access_key self.access_key_secret = sts_secret_key connect_with_role = True else: logging.error('No valid connection type provided.') try: if connect_with_credential: self.__client = AcsClient(access_key_id, access_key_secret, region_id) elif connect_with_role: sts_token_credential = StsTokenCredential( sts_access_key, sts_secret_key, sts_token_session) self.sts_token = sts_token_credential self.__client = AcsClient(region_id=self.region_id, credential=sts_token_credential) except Exception as e: logging.error(e) logging.debug(traceback.format_exc()) logging.debug(sys.exc_info()[0])
def handler(event, context): logger = logging.getLogger() logger.info('initializing') ACCESS_KEY_ID = context.credentials.accessKeyId ACCESS_KEY_SECRET = context.credentials.accessKeySecret ACCESS_KEY_TOKEN = context.credentials.securityToken #OSS関連初期設定 Event = json.loads(event.decode('utf-8').replace("'", '"')) OssRegion = Event["events"][0]["region"] BuketName = Event["events"][0]["oss"]["bucket"]["name"] ObjectName = Event["events"][0]["oss"]["object"]["key"] OssEndPoint = "oss-" + OssRegion + ".aliyuncs.com" # ECS関連初期設定 InstanceIdSet = [] UserName = "" TagName = os.environ['TAG_NAME'] # OSS auth = oss2.StsAuth(ACCESS_KEY_ID, ACCESS_KEY_SECRET, ACCESS_KEY_TOKEN) bucket = oss2.Bucket(auth, OssEndPoint, BuketName) tmpdir = '/tmp/download/' os.system("rm -rf /tmp/*") os.mkdir(tmpdir) # 対象ActionTrailログをOSSからダウンロード bucket.get_object_to_file(ObjectName, tmpdir + 'trail_log.gz') os.system("gunzip /tmp/download/trail_log.gz") with open('/tmp/download/trail_log') as data: OssNotification = json.load(data) for actionTrailLog in OssNotification: logger.info("*" * 20) logger.info("eventName : " + actionTrailLog["eventName"]) logger.info("acsRegion : " + actionTrailLog["acsRegion"]) logger.info("*" * 20) ECS = ["RunInstances", "CreateInstance"] if actionTrailLog["eventName"] in ECS: if actionTrailLog["eventName"] == "RunInstances": InstanceIdSet = actionTrailLog["responseElements"][ "InstanceIdSets"]["InstanceIdSet"] if actionTrailLog["eventName"] == "CreateInstance": InstanceIdSet.append( actionTrailLog["responseElements"]["InstanceId"]) # logger.info(InstanceIdSet) UserName = actionTrailLog["userIdentity"]["userName"] EcsRegion = actionTrailLog["acsRegion"] else: logger.info("Isn't target event !") return 0 # ECS instanceにOwnerタグを追加 sts = StsTokenCredential(ACCESS_KEY_ID, ACCESS_KEY_SECRET, ACCESS_KEY_TOKEN) client = AcsClient(region_id=EcsRegion, credential=sts) for instance in InstanceIdSet: request = AddTagsRequest.AddTagsRequest() request.set_ResourceType("instance") request.set_ResourceId(instance) Tags = [{"Key": TagName, "Value": UserName}] request.set_Tags(Tags) client.do_action_with_exception(request) return 0