modify comnment

add bear token; modify credentails.py; add user providerchain; modify signfactory

close UT test; del chinese

modify lint

fix credentials exceptions

fix compat

add credentials UT

Author: wallisyan

aliyun-python-sdk-core/aliyunsdkcore/auth/utils/__init__.py renamed to __init__.py

@@ -42,7 +42,8 @@
     SDK_INVALID_REQUEST='The request is not a valid AcsRequest.',
     SDK_MISSING_ENDPOINTS_FILER='Internal endpoints info is missing.',
     SDK_UNKNOWN_SERVER_ERROR="Can not parse error message from server response.",
-    SDK_INVALID_CREDENTIAL="Need a ak&secret pair or public_key_id&private_key pair to auth.",
+    SDK_INVALID_CREDENTIAL="Need a ak&secret pair or public_key_id&private_key pair or "
+                           "Credentials objects to auth.",
     SDK_INVALID_SESSION_EXPIRATION="Session expiration must between {0} and {1} seconds")
 
 

aliyun-python-sdk-core/__init__.py

@@ -33,7 +33,7 @@ def __init__(self, code, msg):
         """
 
         :param code: error code
-        :param message: error message
+        :param msg: error msg
         :return:
         """
         Exception.__init__(self)

aliyun-python-sdk-core/aliyunsdkcore/acs_exception/error_msg.py

@@ -26,7 +26,7 @@
 
 
 class AccessKeySigner(Signer):
-    def __init__(self, access_key_credential):
+    def __init__(self, access_key_credential, region_id=None, do_action_api=None, debug=None):
         self._credential = access_key_credential
 
     def sign(self, region_id, request):

aliyun-python-sdk-core/aliyunsdkcore/acs_exception/exceptions.py

@@ -0,0 +1,74 @@
+# coding:utf-8
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+#
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+import time
+import logging
+import json
+
+from aliyunsdkcore.vendored.six.moves.urllib.request import urlopen
+from aliyunsdkcore.auth.signers.signer import Signer
+from aliyunsdkcore.acs_exception.exceptions import ServerException
+
+logger = logging.getLogger(__name__)
+
+
+class BearTokenSigner(Signer):
+    # bear token
+    # https://help.aliyun.com/document_detail/69962.html?spm=a2c4g.11186623.2.15.5dad35f6MtkJkX
+    # TODO  not sure
+    def __init__(self, bear_token_credential, region_id=None, do_action_api=None, debug=None):
+        self._credential = bear_token_credential
+
+    def sign(self, region_id, request):
+        self._check_session_credential()
+        token = self._session_credential
+        # which token
+        if request.get_style() == 'RPC':
+            request.add_query_param("BearerToken", token)
+        else:
+            request.add_header("x-acs-bearer-token", token)
+        header = request.get_signed_header(region_id, None, None)
+        url = request.get_url(region_id, None, None)
+        return header, url
+
+    def _check_session_credential(self):
+        now = int(time.time())
+        if now - self._last_update_time > (self._expiration * self._REFRESH_SCALE):
+            self._refresh_session_ak_and_sk()
+
+    def _refresh_session_ak_and_sk(self):
+        import requests
+        payload = {
+            'refresh_token': self._credential.bear_token,
+            'client_id': 'client_id',  # 应用的Identifier
+            'grant_type': 'refresh_token'
+        }
+        content = requests.post("https://oauth.aliyun.com/v1/token", data=payload)
+        response = json.loads(content.text.decode('utf-8'))
+        if response.get("status_code") != "200":
+            message = 'refresh bear token err, code is ' + \
+                response.get("Code")
+            raise ServerException(
+                response.get("Code"), message, None)
+
+        self._session_credential = response.get("access_token")
+        self._expiration = response.get("expires_in")
+        self._last_update_time = int(time.time())

aliyun-python-sdk-core/aliyunsdkcore/auth/signers/access_key_signer.py

@@ -33,7 +33,7 @@
 class EcsRamRoleSigner(Signer):
     _REFRESH_SCALE = 0.8
 
-    def __init__(self, ecs_ram_role_credential):
+    def __init__(self, ecs_ram_role_credential, region_id=None, do_action_api=None, debug=None):
         self._credential = ecs_ram_role_credential
         self._last_update_time = 0
         self._expiration = 0

aliyun-python-sdk-core/aliyunsdkcore/auth/signers/bear_token_signer.py

@@ -27,8 +27,8 @@
 from aliyunsdkcore.auth.signers.access_key_signer import AccessKeySigner
 from aliyunsdkcore.acs_exception import error_code
 from aliyunsdkcore.acs_exception import exceptions
-from aliyunsdkcore.auth.credentials import RamRoleArnCredential
-from aliyunsdkcore.auth.credentials import AccessKeyCredential
+from aliyunsdkcore.credentials.credentials import RamRoleArnCredential
+from aliyunsdkcore.credentials.credentials import AccessKeyCredential
 from aliyunsdkcore.request import CommonRequest
 from aliyunsdkcore.compat import ensure_string
 
@@ -41,7 +41,7 @@ class RamRoleArnSigner(Signer):
     _RETRY_DELAY_FAST = 3
     _PRIORITY = 1
 
-    def __init__(self, credential, do_action_api):
+    def __init__(self, credential, region_id=None, do_action_api=None, debug=None):
         if isinstance(credential, RamRoleArnCredential):
             self._credential = credential
             self._doAction = do_action_api

aliyun-python-sdk-core/aliyunsdkcore/auth/signers/ecs_ram_role_signer.py

@@ -18,7 +18,7 @@ class RsaKeyPairSigner(Signer):
     _MIN_SESSION_PERIOD = 900
     _MAX_SESSION_PERIOD = 3600
 
-    def __init__(self, credential, region_id, debug=False):
+    def __init__(self, credential, region_id=None, do_action_api=None, debug=None):
         if credential.session_period < self._MIN_SESSION_PERIOD or \
            credential.session_period > self._MAX_SESSION_PERIOD:
             raise exceptions.ClientException(

aliyun-python-sdk-core/aliyunsdkcore/auth/signers/ram_role_arn_signer.py

@@ -1,50 +1,32 @@
 # coding:utf-8
 
-import logging
-import os
 from aliyunsdkcore.acs_exception import error_msg
 from aliyunsdkcore.acs_exception import error_code
 from aliyunsdkcore.acs_exception import exceptions
-from aliyunsdkcore.auth import credentials
+from aliyunsdkcore.credentials.credentials import AccessKeyCredential, StsTokenCredential, \
+    RamRoleArnCredential, EcsRamRoleCredential, RsaKeyPairCredential, BearTokenCredential
 from aliyunsdkcore.auth.signers import access_key_signer
 from aliyunsdkcore.auth.signers import sts_token_signer
 from aliyunsdkcore.auth.signers import ram_role_arn_signer
 from aliyunsdkcore.auth.signers import ecs_ram_role_signer
 from aliyunsdkcore.auth.signers import rsa_key_pair_signer
+from aliyunsdkcore.auth.signers import bear_token_signer
 
 
 class SignerFactory(object):
     @staticmethod
-    def get_signer(cred, region_id, do_action_api, debug=False):
-        if cred.get('ak') is not None and cred.get('secret') is not None:
-            access_key_credential = credentials.AccessKeyCredential(
-                cred.get('ak'), cred.get('secret'))
-            return access_key_signer.AccessKeySigner(access_key_credential)
-        elif os.environ.get('ALIYUN_ACCESS_KEY_ID') is not None \
-                and os.environ.get('ALIYUN_ACCESS_KEY_SECRET') is not None:
-            access_key_credential = credentials.AccessKeyCredential(
-                os.environ.get('ALIYUN_ACCESS_KEY_ID'),
-                os.environ.get('ALIYUN_ACCESS_KEY_SECRET'))
-            return access_key_signer.AccessKeySigner(access_key_credential)
-        elif cred.get('credential') is not None:
-            credential = cred.get('credential')
-            if isinstance(credential, credentials.AccessKeyCredential):
-                return access_key_signer.AccessKeySigner(credential)
-            elif isinstance(credential, credentials.StsTokenCredential):
-                return sts_token_signer.StsTokenSigner(credential)
-            elif isinstance(credential, credentials.RamRoleArnCredential):
-                return ram_role_arn_signer.RamRoleArnSigner(credential, do_action_api)
-            elif isinstance(credential, credentials.EcsRamRoleCredential):
-                return ecs_ram_role_signer.EcsRamRoleSigner(credential)
-            elif isinstance(credential, credentials.RsaKeyPairCredential):
-                return rsa_key_pair_signer.RsaKeyPairSigner(credential, region_id, debug)
-        elif cred.get('public_key_id') is not None and cred.get('private_key') is not None:
-            logging.info(
-                "'AcsClient(regionId, pub_key_id, pri_key)' is deprecated")
-            rsa_key_pair_credential = credentials.RsaKeyPairCredential(cred['public_key_id'],
-                                                                       cred['private_key'],
-                                                                       cred['session_period'])
-            return rsa_key_pair_signer.RsaKeyPairSigner(rsa_key_pair_credential, region_id, debug)
-        else:
-            raise exceptions.ClientException(error_code.SDK_INVALID_CREDENTIAL,
-                                             error_msg.get_msg('SDK_INVALID_CREDENTIAL'))
+    def get_signer(credentials, region_id, do_action_api, debug=False):
+        signing_type_map = {
+            AccessKeyCredential: access_key_signer.AccessKeySigner,
+            StsTokenCredential: sts_token_signer.StsTokenSigner,
+            RamRoleArnCredential: ram_role_arn_signer.RamRoleArnSigner,
+            EcsRamRoleCredential: ecs_ram_role_signer.EcsRamRoleSigner,
+            RsaKeyPairCredential: rsa_key_pair_signer.RsaKeyPairSigner,
+            BearTokenCredential: bear_token_signer.BearTokenSigner,
+        }
+        for credential, sign_func in signing_type_map.items():
+            if isinstance(credentials, credential):
+                return sign_func(credentials, region_id=region_id, do_action_api=do_action_api,
+                                 debug=debug)
+        raise exceptions.ClientException(error_code.SDK_INVALID_CREDENTIAL,
+                                         error_msg.get_msg('SDK_INVALID_CREDENTIAL'))