tessl/pypi-tencentcloud-sdk-python-common
Common utilities and core components for Tencent Cloud SDK for Python, providing credential management, HTTP clients, authentication, error handling, and foundational classes required by all Tencent Cloud service SDKs
credential-management.mddocs/
Credential Management
Multiple credential providers supporting various authentication methods including static credentials, environment variables, configuration files, instance roles, STS temporary credentials, and OIDC tokens. The credential chain automatically tries different providers in order for flexible deployment scenarios.
Capabilities
Basic Credentials
Static credential management with secret ID and secret key, optionally including temporary session tokens for enhanced security.
class Credential:
def __init__(self, secret_id: str, secret_key: str, token: str = None):
"""
Create basic credentials.
Args:
secret_id (str): The secret ID of your credential
secret_key (str): The secret key of your credential
token (str, optional): Federation token for temporary credentials
Raises:
TencentCloudSDKException: If secret_id or secret_key is empty or contains spaces
"""
@property
def secretId(self) -> str: ...
@property
def secretKey(self) -> str: ...
@property
def secret_id(self) -> str: ...
@property
def secret_key(self) -> str: ...
def get_credential_info(self) -> tuple[str, str, str]:
"""
Get credential information.
Returns:
tuple: (secret_id, secret_key, token)
"""CVM Instance Role Credentials
Automatic credential management via CVM instance roles, retrieving temporary credentials from the instance metadata service.
class CVMRoleCredential:
def __init__(self, role_name: str = None):
"""
Create CVM role credentials.
Args:
role_name (str, optional): Role name, auto-discovered if not provided
"""
@property
def secretId(self) -> str: ...
@property
def secretKey(self) -> str: ...
@property
def secret_id(self) -> str: ...
@property
def secret_key(self) -> str: ...
@property
def token(self) -> str: ...
def get_role_name(self) -> str:
"""
Get the role name, auto-discovering if not set.
Returns:
str: The role name
Raises:
TencentCloudSDKException: If role discovery fails
"""
def update_credential(self) -> None:
"""Update credentials from metadata service."""
def get_credential(self):
"""
Get credential object if valid.
Returns:
CVMRoleCredential or None: Self if credentials are valid, None otherwise
"""
def get_credential_info(self) -> tuple[str, str, str]:
"""
Get credential information with automatic refresh.
Returns:
tuple: (secret_id, secret_key, token)
"""STS Assume Role Credentials
STS temporary credential management for role assumption with configurable duration and automatic renewal.
class STSAssumeRoleCredential:
def __init__(self, secret_id: str, secret_key: str, role_arn: str,
role_session_name: str, duration_seconds: int = 7200,
endpoint: str = None):
"""
Create STS assume role credentials.
Args:
secret_id (str): Long-term secret ID
secret_key (str): Long-term secret key
role_arn (str): Role ARN to assume
role_session_name (str): Session name for the role
duration_seconds (int): Credential validity period (default: 7200, max: 43200)
endpoint (str, optional): Custom STS endpoint
"""
@property
def secretId(self) -> str: ...
@property
def secretKey(self) -> str: ...
@property
def secret_id(self) -> str: ...
@property
def secret_key(self) -> str: ...
@property
def token(self) -> str: ...
def get_credential_info(self) -> tuple[str, str, str]:
"""
Get credential information with automatic refresh.
Returns:
tuple: (secret_id, secret_key, token)
"""
def get_sts_tmp_role_arn(self) -> None:
"""Request new temporary credentials from STS."""Environment Variable Credentials
Credential provider that reads from environment variables TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY.
class EnvironmentVariableCredential:
def get_credential(self):
"""
Get credentials from environment variables.
Returns:
Credential or None: Credential object if environment variables are set, None otherwise
"""Profile Credentials
Credential provider that reads from configuration files at ~/.tencentcloud/credentials or /etc/tencentcloud/credentials.
class ProfileCredential:
def get_credential(self):
"""
Get credentials from configuration file.
Returns:
Credential or None: Credential object if config file exists and is valid, None otherwise
"""Default Credential Provider
Chain credential provider that tries multiple credential sources in order: environment variables, configuration files, CVM roles, and TKE OIDC roles.
class DefaultCredentialProvider:
def __init__(self):
"""Create default credential provider chain."""
def get_credential(self):
"""
Get credentials using provider chain.
Returns:
Credential: First valid credential found
Raises:
TencentCloudSDKException: If no valid credentials found
"""
def get_credentials(self):
"""Alias for get_credential()."""OIDC Role ARN Credentials
OIDC role-based credential management for identity provider integration with automatic token refresh.
class OIDCRoleArnCredential:
def __init__(self, region: str, provider_id: str, web_identity_token: str,
role_arn: str, role_session_name: str, duration_seconds: int = 7200,
endpoint: str = None):
"""
Create OIDC role credentials.
Args:
region (str): Region for AssumeRoleWithWebIdentity call
provider_id (str): Identity provider name
web_identity_token (str): OIDC token from IdP
role_arn (str): Role ARN to assume
role_session_name (str): Session name
duration_seconds (int): Credential validity period (default: 7200, max: 43200)
endpoint (str, optional): Custom STS endpoint
"""
@property
def secretId(self) -> str: ...
@property
def secretKey(self) -> str: ...
@property
def secret_id(self) -> str: ...
@property
def secret_key(self) -> str: ...
@property
def token(self) -> str: ...
@property
def endpoint(self) -> str: ...
@endpoint.setter
def endpoint(self, endpoint: str) -> None: ...
def get_credential_info(self) -> tuple[str, str, str]:
"""
Get credential information with automatic refresh.
Returns:
tuple: (secret_id, secret_key, token)
"""
def refresh(self) -> None:
"""Refresh credentials from OIDC provider."""TKE OIDC Provider
Specialized OIDC provider for Tencent Kubernetes Engine (TKE) environments that automatically configures from environment variables.
class DefaultTkeOIDCRoleArnProvider:
def get_credential(self):
"""
Get TKE OIDC credentials from environment.
Returns:
OIDCRoleArnCredential: Configured OIDC credential
Raises:
EnvironmentError: If required TKE environment variables are missing
"""
def get_credentials(self):
"""Alias for get_credential()."""Usage Examples
Basic Credentials
from tencentcloud.common.credential import Credential
# Create basic credentials
cred = Credential("your-secret-id", "your-secret-key")
# With temporary token
cred_with_token = Credential("secret-id", "secret-key", "session-token")Automatic Credential Chain
from tencentcloud.common.credential import DefaultCredentialProvider
# Use automatic credential discovery
provider = DefaultCredentialProvider()
try:
cred = provider.get_credentials()
print("Found credentials")
except Exception as e:
print(f"No credentials found: {e}")CVM Instance Roles
from tencentcloud.common.credential import CVMRoleCredential
# Use CVM instance role (auto-discover role name)
cred = CVMRoleCredential()
# Use specific role name
cred = CVMRoleCredential("MyInstanceRole")STS Temporary Credentials
from tencentcloud.common.credential import STSAssumeRoleCredential
# Create STS credentials
cred = STSAssumeRoleCredential(
secret_id="long-term-secret-id",
secret_key="long-term-secret-key",
role_arn="qcs::cam::uin/123456789:role/MyRole",
role_session_name="MySession",
duration_seconds=3600 # 1 hour
)Install with Tessl CLI
npx tessl i tessl/pypi-tencentcloud-sdk-python-common