def trans_to_acs_request(self):
if not self._version:
raise exceptions.ClientException(
error_code.SDK_INVALID_PARAMS,
'common params [version] is required, cannot be empty')
if not self._action_name and not self._uri_pattern:
raise exceptions.ClientException(
error_code.SDK_INVALID_PARAMS,
'At least one of [action] and [uri_pattern] has a value')
if not self.endpoint and not self._product:
raise exceptions.ClientException(
error_code.SDK_INVALID_PARAMS,
'At least one of [domain] and [product_name] has a value')
if self._uri_pattern:
self._style = STYLE_ROA
self.request = RoaRequest(
product=self.get_product(),
version=self.get_version(),
action_name=self.get_action_name(),
location_endpoint_type=self.get_location_endpoint_type())
self.fill_params()
else:
self._style = STYLE_RPC
self.request = RpcRequest(
product=self.get_product(),
version=self.get_version(),
action_name=self.get_action_name(),
location_endpoint_type=self.get_location_endpoint_type(),
)
self.fill_params()
def trans_to_acs_request(self):
if not self._version:
raise exceptions.ClientException(error_code.SDK_INVALID_PARAMS,
'common params [version] is required, cannot be empty')
if not self._action_name and not self._uri_pattern:
raise exceptions.ClientException(error_code.SDK_INVALID_PARAMS,
'At least one of [action] and [uri_pattern] has a value')
if not self._domain and not self._product:
raise exceptions.ClientException(error_code.SDK_INVALID_PARAMS,
'At least one of [domain] and [product_name] has a value')
if self._uri_pattern:
self._style = STYLE_ROA
else:
self._style = STYLE_RPC
def __init__(self,
public_key_id,
private_key,
session_period,
region_id,
debug=False):
if not debug and session_period < self._MIN_SESSION_PERIOD or session_period > self._MAX_SESSION_PERIOD:
raise exceptions.ClientException(
error_code.SDK_INVALID_SESSION_EXPIRATION,
error_msg.get_msg('SDK_INVALID_SESSION_EXPIRATION').format(
self._MIN_SESSION_PERIOD, self._MAX_SESSION_PERIOD))
self._public_key_id = public_key_id
self._private_key = private_key
self._session_period = session_period
self._schedule_interval = session_period if debug else max(
session_period * 0.8, 5)
from aliyunsdkcore.client import AcsClient
self._sts_client = AcsClient(self._public_key_id, self._private_key,
region_id)
self._session_credential = None
self._get_session_ak_and_sk()
self._scheduler = sched.scheduler(time.time, time.sleep)
self._daemon_thread = threading.Thread(
target=self._refresh_session_ak_and_sk, args=[True, 0])
self._daemon_thread.setDaemon(True)
self._daemon_thread.start()
def get_signer(cred, region_id, do_action_api, debug=False):
if cred['ak'] is not None and cred['secret'] is not None:
access_key_credential = credentials.AccessKeyCredential(
cred['ak'], cred['secret'])
return access_key_signer.AccessKeySigner(access_key_credential)
elif cred['credential'] is not None:
credential = cred['credential']
if isinstance(credential, credentials.AccessKeyCredential):
return access_key_signer.AccessKeySigner(credential)
elif isinstance(credential, credentials.StsTokenCredential):
return sts_token_signer.StsTokenSigner(credential)
elif isinstance(credential, credentials.RamRoleArnCredential):
return ram_role_arn_signer.RamRoleArnSigner(
credential, do_action_api)
elif isinstance(credential, credentials.EcsRamRoleCredential):
return ecs_ram_role_singer.EcsRamRoleSigner(credential)
elif isinstance(credential, credentials.RsaKeyPairCredential):
return rsa_key_pair_signer.RsaKeyPairSigner(
credential, region_id, debug)
elif cred['public_key_id'] is not None and cred[
'private_key'] is not None:
logging.info(
"'AcsClient(regionId, pub_key_id, pri_key)' is deprecated")
rsa_key_pair_credential = credentials.RsaKeyPairCredential(
cred['public_key_id'], cred['private_key'],
cred['session_period'], region_id, debug)
return rsa_key_pair_signer.RsaKeyPairSigner(
rsa_key_pair_credential)
else:
raise exceptions.ClientException(
error_code.SDK_INVALID_CREDENTIAL,
error_msg.get_msg('SDK_INVALID_CREDENTIAL'))
def set_default_protocol_type(user_protocol_type):
global _default_protocol_type
if user_protocol_type == protocol_type.HTTP or user_protocol_type == protocol_type.HTTPS:
_default_protocol_type = user_protocol_type
else:
raise exceptions.ClientException(
error_code.SDK_INVALID_PARAMS,
"Invalid 'protocol_type', should be 'http' or 'https'")
def get_signer(credential, debug=False):
if credential['ak'] is not None and credential['secret'] is not None:
return SignerV1(credential['ak'], credential['secret'])
elif credential['public_key_id'] is not None and credential['private_key'] is not None:
return SignerV2(credential['public_key_id'], credential['private_key'], credential['session_period'],
credential['region_id'], debug)
else:
raise exceptions.ClientException(error_code.SDK_INVALID_CREDENTIAL,
error_msg.get_msg('SDK_INVALID_CREDENTIAL'))
def get_sign_string(source, access_secret):
if platform.system() != "Windows":
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
secret = base64.decodestring(access_secret)
key = RSA.importKey(secret)
h = SHA256.new(source)
signer = PKCS1_v1_5.new(key)
signed_bytes = signer.sign(h)
signature = base64.encodestring(signed_bytes).replace('\n', '')
return signature
else:
message = "uth type [publicKeyId] is disabled in Windows because 'pycrypto' is not supported," \
" we will resolve this soon"
raise exceptions.ClientException(error_code.SDK_NOT_SUPPORT, message)
def __init__(self, credential, region_id, debug=False):
if credential.session_period < self._MIN_SESSION_PERIOD or \
credential.session_period > self._MAX_SESSION_PERIOD:
raise exceptions.ClientException(
error_code.SDK_INVALID_SESSION_EXPIRATION,
error_msg.get_msg('SDK_INVALID_SESSION_EXPIRATION').format(
self._MIN_SESSION_PERIOD, self._MAX_SESSION_PERIOD))
credential.region_id = region_id
self._public_key_id = credential.public_key_id
self._private_key = credential.private_key
self._session_period = credential.session_period
self._last_update_time = 0
# self._schedule_interval = credential.session_period if debug \
# else max(credential.session_period * 0.8, 5)
from aliyunsdkcore.client import AcsClient
self._sts_client = AcsClient(self._public_key_id, self._private_key,
credential.region_id)
self._session_credential = None
def _get_session_ak_and_sk(self):
request = GetSessionAkRequest()
request.set_method("GET")
request.set_duration_seconds(self._session_period)
try:
response_str = self._sts_client.do_action_with_exception(request)
response = json.loads(response_str.decode('utf-8'))
session_ak = str(response.get("SessionAccessKey").get("SessionAccessKeyId"))
session_sk = str(response.get("SessionAccessKey").get("SessionAccessKeySecret"))
self._session_credential = session_ak, session_sk
except exceptions.ServerException as srv_ex:
if srv_ex.error_code == 'InvalidAccessKeyId.NotFound' or srv_ex.error_code == 'SignatureDoesNotMatch':
raise exceptions.ClientException(error_code.SDK_INVALID_CREDENTIAL,
error_msg.get_msg('SDK_INVALID_CREDENTIAL'))
else:
raise