tessl/pypi-aliyun-python-sdk-core
The core module of Aliyun Python SDK providing authentication, request handling, and API communication for Alibaba Cloud services.
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
authentication.mddocs/
Authentication & Credentials
Multiple authentication methods supporting various credential types for secure access to Alibaba Cloud services. The SDK provides flexible authentication options including access keys, STS tokens, RAM roles, and RSA key pairs.
Capabilities
Access Key Authentication
Basic authentication using permanent access key credentials for long-term access to Alibaba Cloud services.
class AccessKeyCredential:
def __init__(self, access_key_id, access_key_secret):
"""
Initialize access key credential for basic authentication.
Parameters:
- access_key_id (str): Access key ID from Alibaba Cloud console
- access_key_secret (str): Access key secret from Alibaba Cloud console
"""
self.access_key_id = access_key_id
self.access_key_secret = access_key_secretSTS Token Authentication
Temporary authentication using Security Token Service (STS) tokens for short-term, limited-privilege access.
class StsTokenCredential:
def __init__(self, sts_access_key_id, sts_access_key_secret, sts_token):
"""
Initialize STS token credential for temporary authentication.
Parameters:
- sts_access_key_id (str): Temporary access key ID from STS
- sts_access_key_secret (str): Temporary access key secret from STS
- sts_token (str): Security token from STS
"""
self.sts_access_key_id = sts_access_key_id
self.sts_access_key_secret = sts_access_key_secret
self.sts_token = sts_tokenRAM Role ARN Authentication
Authentication using RAM (Resource Access Management) role assumption for cross-account or delegated access.
class RamRoleArnCredential:
def __init__(self, sts_access_key_id, sts_access_key_secret, role_arn, session_role_name):
"""
Initialize RAM role ARN credential for role-based authentication.
Parameters:
- sts_access_key_id (str): STS access key ID for role assumption
- sts_access_key_secret (str): STS access key secret for role assumption
- role_arn (str): ARN of the RAM role to assume
- session_role_name (str): Session name for the assumed role
"""
self.sts_access_key_id = sts_access_key_id
self.sts_access_key_secret = sts_access_key_secret
self.role_arn = role_arn
self.session_role_name = session_role_nameECS RAM Role Authentication
Authentication using ECS instance RAM roles for applications running on Alibaba Cloud ECS instances.
class EcsRamRoleCredential:
def __init__(self, role_name):
"""
Initialize ECS RAM role credential for instance-based authentication.
Parameters:
- role_name (str): Name of the RAM role attached to the ECS instance
"""
self.role_name = role_nameRSA Key Pair Authentication
Authentication using RSA key pairs for enhanced security in specific scenarios.
class RsaKeyPairCredential:
def __init__(self, public_key_id, private_key, session_period=3600):
"""
Initialize RSA key pair credential for public-key authentication.
Parameters:
- public_key_id (str): ID of the uploaded RSA public key
- private_key (str): RSA private key content (PEM format)
- session_period (int): Session duration in seconds, defaults to 3600
"""
self.public_key_id = public_key_id
self.private_key = private_key
self.session_period = session_periodAuthentication Signers
Internal signer classes that handle the cryptographic signing process for different authentication methods.
class AccessKeySigner:
"""Signer for access key authentication."""
class StsTokenSigner:
"""Signer for STS token authentication."""
class RamRoleArnSigner:
"""Signer for RAM role ARN authentication."""
class EcsRamRoleSigner:
"""Signer for ECS RAM role authentication."""
class RsaKeyPairSigner:
"""Signer for RSA key pair authentication."""Signer Factory
Factory class for creating appropriate signers based on credential types.
class SignerFactory:
@staticmethod
def create_signer(credential, region_id=None):
"""
Create appropriate signer based on credential type.
Parameters:
- credential: Credential object (AccessKeyCredential, StsTokenCredential, etc.)
- region_id (str, optional): Target region ID
Returns:
Signer: Appropriate signer instance for the credential type
"""Usage Examples
Basic Access Key Authentication
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.auth.credentials import AccessKeyCredential
# Create access key credential
credential = AccessKeyCredential(
access_key_id="LTAI4Gxxxxxxxxxxxxxxxx",
access_key_secret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
)
# Initialize client with credential
client = AcsClient(credential=credential, region_id="cn-hangzhou")STS Token Authentication
from aliyunsdkcore.auth.credentials import StsTokenCredential
# Create STS token credential (typically obtained from STS service)
credential = StsTokenCredential(
sts_access_key_id="STS.Nxxxxxxxxxxxxxxxx",
sts_access_key_secret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
sts_token="CAIS8wF1q6Ft5B2yfSjIr5D2K..." # Long STS token
)
client = AcsClient(credential=credential, region_id="cn-beijing")RAM Role ARN Authentication
from aliyunsdkcore.auth.credentials import RamRoleArnCredential
# Create RAM role ARN credential
credential = RamRoleArnCredential(
sts_access_key_id="LTAI4Gxxxxxxxxxxxxxxxx",
sts_access_key_secret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
role_arn="acs:ram::123456789012****:role/MyRole",
session_role_name="MySessionName"
)
client = AcsClient(credential=credential, region_id="cn-shanghai")ECS RAM Role Authentication
from aliyunsdkcore.auth.credentials import EcsRamRoleCredential
# Create ECS RAM role credential (for use on ECS instances)
credential = EcsRamRoleCredential(role_name="MyEcsRole")
client = AcsClient(credential=credential, region_id="cn-shenzhen")RSA Key Pair Authentication
from aliyunsdkcore.auth.credentials import RsaKeyPairCredential
# Load private key from file
with open("private_key.pem", "r") as f:
private_key = f.read()
# Create RSA key pair credential
credential = RsaKeyPairCredential(
public_key_id="your-public-key-id",
private_key=private_key,
session_period=7200 # 2 hours
)
client = AcsClient(credential=credential, region_id="cn-qingdao")Legacy Authentication (Direct Parameters)
# Direct access key parameters (legacy approach)
client = AcsClient(
ak="LTAI4Gxxxxxxxxxxxxxxxx",
secret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
region_id="cn-hangzhou"
)
# RSA key pair parameters (legacy approach)
client = AcsClient(
public_key_id="your-public-key-id",
private_key=private_key_content,
session_period=3600,
region_id="cn-hangzhou"
)Credential Validation
from aliyunsdkcore.acs_exception.exceptions import ClientException
try:
# Create client with credentials
client = AcsClient(credential=credential, region_id="cn-hangzhou")
# Test authentication with a simple request
from aliyunsdkcore.request import CommonRequest
request = CommonRequest()
request.set_domain("ecs.cn-hangzhou.aliyuncs.com")
request.set_version("2014-05-26")
request.set_action_name("DescribeRegions")
request.set_method("POST")
response = client.do_action_with_exception(request)
print("Authentication successful")
except ClientException as e:
if "InvalidAccessKeyId" in e.get_error_code():
print("Invalid access key ID")
elif "SignatureDoesNotMatch" in e.get_error_code():
print("Invalid access key secret or signature error")
else:
print(f"Authentication error: {e.get_error_msg()}")Environment-based Authentication
import os
from aliyunsdkcore.auth.credentials import AccessKeyCredential
# Load credentials from environment variables
ak = os.environ.get("ALIBABA_CLOUD_ACCESS_KEY_ID")
secret = os.environ.get("ALIBABA_CLOUD_ACCESS_KEY_SECRET")
if ak and secret:
credential = AccessKeyCredential(ak, secret)
client = AcsClient(credential=credential, region_id="cn-hangzhou")
else:
raise ValueError("Missing required environment variables")Install with Tessl CLI
npx tessl i tessl/pypi-aliyun-python-sdk-core