前言
继续记录一篇关于云厂商sdk认证的文章
按照官方文档说明
腾讯云同样支持多种凭证管理
按照与前两篇逻辑尽量贴近统一的原则
还是按照之前的结构进行认证
不过文章中提到的环境变量是没有使用的
直接上代码
代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
class QcloudApi:
def __init__(self, account='',key=None, secret=None, profile='', role='relo_name'):
cred = None
self.secret_id = None
self.secret_key = None
if profile:
cred = credential.ProfileCredential().get_credential()
if not cred:
cred = credential.CVMRoleCredential().get_credential()
if key and secret:
cred = credential.Credential(key, secret)
if cred is None:
raise Exception('必须提供profile或者secret密钥信息')
self.cred = cred
if account:
self.__assume_role('ap-beijing', account, role)
def __assume_role(self, region, account, role='role_name'):
endpoint = 'sts.tencentcloudapi.com'
try:
client_profile = self.__generate_client_profile(endpoint)
client = sts_client.StsClient(self.cred, region, client_profile)
req = sts_models.AssumeRoleRequest()
params = {
"RoleArn": "qcs::cam::uin/%s:roleName/%s" % (account, role),
"RoleSessionName": "to-%s" % account
}
req.from_json_string(json.dumps(params))
# 返回的resp是一个AssumeRoleResponse的实例,与请求对象对应
resp = client.AssumeRole(req)
self.secret_id = resp.Credentials.TmpSecretId
self.secret_key = resp.Credentials.TmpSecretKey
token = resp.Credentials.Token
self.cred = credential.Credential(self.secret_id, self.secret_key, token)
except Exception as e:
print(e)
调用方法
1
2
3
4
5
6
7
8
9
10
q = QcloudApi()
key = ''
sec = ''
# 下面是切换账号的一些方法 进行assume role的操作在有account的参数时执行
# 前提是必须进行了授权 a账号有切换到b账号的权限 同时b账号允许a账号进行切换
# 但是腾讯云的角色切换这部分功能还并不是很完善
q = QcloudApi(key=key, secret=sec)
q = QcloudApi(account='xxxxxx')
q = QcloudApi(account='xxxxxx', role='test')
q = QcloudApi(account='xxxxxx', key=key, secret=sec, role='test')
参考
Q:594934249
—我是超小弟·一名不务专业的秃头运维—
github:github:chaoxiaodi
微信公众号:老骥不伏枥只是近黄昏
