def _get_provider_by_profile(self, profile): def _get_value(key): if key not in profile: raise PartialCredentialsException(provider='profile', cred_var=key) return profile[key] if profile: type_ = profile.get('type') if not type_: type_ = 'access_key' # use access_key for default type if type_ == 'access_key': return StaticCredentialsProvider( AccessKeyCredentials( _get_value('access_key_id'), _get_value('access_key_secret'), )) elif type_ == 'ecs_ram_role': return InstanceProfileCredentialsProvider( _get_value('role_name')) elif type_ == 'ram_role_arn': return RamRoleCredentialsProvider( self.client_config, AccessKeyCredentials( _get_value('access_key_id'), _get_value('access_key_secret'), ), _get_value('role_arn'), role_session_name=_get_value('role_session_name')) elif type_ == 'bearer_token': return StaticCredentialsProvider( BearerTokenCredentials(_get_value('bearer_token'), )) elif type_ == 'rsa_key_pair': raise ClientException( msg="RSA Key Pair credentials are not supported.") elif type_ == 'sts_token': return StaticCredentialsProvider( SecurityCredentials( _get_value('access_key_id'), _get_value('access_key_secret'), _get_value('security_token'), )) else: raise Exception( "Unexpected credentials type: {}".format(type_))
def test_rpc_assume_role_request_with_sts_token(self): self._create_default_ram_user() # self._attach_default_policy() self._create_access_key() self._create_default_ram_role() acs_client = ClientConfig(region_id=self.region_id) ram_role_arn_credential = RamRoleCredentialsProvider( acs_client, AccessKeyCredentials(self.ram_user_access_key_id, self.ram_user_access_key_secret), self.ram_role_arn, "alice_test") client = AlibabaCloudClient(acs_client, ram_role_arn_credential) client.product_code = "Ecs" client.api_version = "2014-05-26" client.location_service_code = 'ecs' client.location_endpoint_type = "openAPI" api_request = APIRequest('DescribeRegions', 'GET', 'https', 'RPC') response = client._handle_request(api_request) response_credentials = response.http_request.credentials self.assertTrue(response_credentials.access_key_id.startswith("STS.")) response = response.http_response.content ret = self.get_dict_response(response) self.assertTrue(ret.get("Regions")) self.assertTrue(ret.get("RequestId"))
def test_roa_assume_role_request_with_sts_token(self): self._create_default_ram_user() # self._attach_default_policy() self._create_access_key() self._create_default_ram_role() roa_client = ClientConfig(region_id=self.region_id) ram_role_arn_credential = RamRoleCredentialsProvider( roa_client, AccessKeyCredentials(self.ram_user_access_key_id, self.ram_user_access_key_secret), self.ram_role_arn, "alice_test") client = AlibabaCloudClient(roa_client, ram_role_arn_credential) client.product_code = "ROS" client.api_version = "2015-09-01" client.location_service_code = 'ros' client.location_endpoint_type = "openAPI" api_request = APIRequest('DescribeResourceTypes', 'GET', 'https', 'ROA') api_request.uri_pattern = '/resource_types' api_request.path_params = None response = client._handle_request(api_request) response_credentials = response.http_request.credentials self.assertTrue(response_credentials.access_key_id.startswith("STS.")) response = response.http_response.content ret = self.get_dict_response(response) self.assertTrue(ret.get("ResourceTypes"))
def test_call_request_with_client_env_priority(self): self._create_default_ram_user() self._create_access_key() self._create_default_ram_role() ram_role_arn_credential = RamRoleCredentialsProvider( self.client_config, AccessKeyCredentials(self.ram_user_access_key_id, self.ram_user_access_key_secret), self.ram_role_arn, "alice_test") client = AlibabaCloudClient(self.client_config, ram_role_arn_credential) client.product_code = "Ecs" client.api_version = "2014-05-26" client.location_service_code = 'ecs' client.location_endpoint_type = "openAPI" api_request = APIRequest('DescribeRegions', 'GET', 'https', 'RPC') os.environ["ALIBABA_CLOUD_ACCESS_KEY_ID"] = self.access_key_id os.environ["ALIBABA_CLOUD_ACCESS_KEY_SECRET"] = self.access_key_secret response = client._handle_request(api_request) response_credential = response.http_request.credentials self.assertTrue(response_credential.access_key_id.startswith("STS.")) response = response.http_response.content ret = self.get_dict_response(response) self.assertTrue(ret.get("Regions")) self.assertTrue(ret.get("RequestId"))
def init_credentials_provider(self): from alibabacloud.credentials import AccessKeyCredentials credentials = AccessKeyCredentials(self.access_key_id, self.access_key_secret) from alibabacloud.credentials.provider import StaticCredentialsProvider credentials_provider = StaticCredentialsProvider(credentials) return credentials_provider
def my_credentials_provider(): from alibabacloud.credentials import AccessKeyCredentials credentials = AccessKeyCredentials(self.access_key_id, 'BadAccessKeySecret') from alibabacloud.credentials.provider import StaticCredentialsProvider credentials_provider = StaticCredentialsProvider(credentials) return credentials_provider
def init_credentials_provider(): from alibabacloud.credentials import AccessKeyCredentials credentials = AccessKeyCredentials( access_key_id=self.access_key_id, access_key_secret="BadAccessKeySecret") from alibabacloud.credentials.provider import StaticCredentialsProvider credentials_provider = StaticCredentialsProvider(credentials) return credentials_provider
def init_sub_client_config(self): self._create_default_ram_user() # self._attach_default_policy() self._create_access_key() sub_client_config = ClientConfig(region_id=self.region_id, connection_timeout=120) credentials = AccessKeyCredentials(self.ram_user_access_key_id, self.ram_user_access_key_secret, ) from alibabacloud.credentials.provider import StaticCredentialsProvider sub_credentials_provider = StaticCredentialsProvider(credentials) return sub_client_config, sub_credentials_provider
def __init__(self): CachedCredentialsProvider.__init__(self) if self.ENV_NAME_FOR_ACCESS_KEY_ID in os.environ: access_key_id = os.environ.get(self.ENV_NAME_FOR_ACCESS_KEY_ID) if not access_key_id: raise PartialCredentialsException( provider='env', cred_var=self.ENV_NAME_FOR_ACCESS_KEY_ID) access_key_secret = os.environ.get( self.ENV_NAME_FOR_ACCESS_KEY_SECRET) if not access_key_secret: raise PartialCredentialsException( provider='env', cred_var=self.ENV_NAME_FOR_ACCESS_KEY_SECRET) # context.client.logger.info('Found credentials in environment variables.') self._cached_credentials = AccessKeyCredentials( access_key_id=access_key_id, access_key_secret=access_key_secret)
def get_client(service_name, api_version=None, region_id=None, endpoint=None, access_key_id=None, access_key_secret=None, credentials_provider=None, retry_policy=None, endpoint_resolver=None, config=None): """ 获取 `Alibaba Cloud Python SDK` 某个产品某个Version的client :param service_name: 产品的product_code,比如Ecs :type service_name: str :param api_version: 产品的version,格式:2018-06-09 :type api_version: str :param region_id: 参照 `可用区 <https://help.aliyun.com/document_detail/40654.html>`_ :type region_id: str :param endpoint: 自定义的endpoint,不经过endpoint的解析流程 :type endpoint: str :param access_key_id: 秘钥AccessKeyID :type access_key_id: str :param access_key_secret: 秘钥AccessKeySecret :type access_key_secret: str :param credentials_provider: 自定义的credentials_provider,如果用户自定义 credentials_provider,使用用户自定义的 :type credentials_provider: 一个具备provide接口的对象 :param retry_policy: 用户自定义的重试策略 :type retry_policy: :param endpoint_resolver: 用户自定义的endpoint_resolver,如果用户自定义 endpoint_resolver,使用用户自定义的 :type endpoint_resolver: 一个具备resolve接口的对象 :param config: 如果用户自定义ClientConfig,使用用户自定义的,否则初始化一个ClientConfig。 如果用户在 `get_client()` 指定region_id ,则会覆盖config当中的region_id :type config: ClientConfig :return: client :rtype: AlibabaCloudClient """ module_name, client_name = _prepare_module( service_name, api_version) # ecs_20180909, EcsClient if region_id is not None and config: config.region_id = region_id if endpoint is not None and config: config.endpoint = endpoint client_config = config if config else ClientConfig(region_id=region_id, endpoint=endpoint) try: client_module = __import__( '.'.join(['alibabacloud', 'clients', module_name]), globals(), locals(), ['clients', module_name], 0) except ImportError: raise NoModuleException(name='.'.join(module_name)) if credentials_provider is not None: custom_credentials_provider = credentials_provider elif access_key_id and access_key_secret: custom_credentials_provider = StaticCredentialsProvider( AccessKeyCredentials(access_key_id, access_key_secret)) else: custom_credentials_provider = DefaultChainedCredentialsProvider( client_config) return getattr(client_module, client_name)( client_config, retry_policy=retry_policy, credentials_provider=custom_credentials_provider, endpoint_resolver=endpoint_resolver)