我也是从13年才正式开始接触阿里云的,在2014年才开始用,当时可能有些自动化的需求一直使用aliyuncli,但是效率太低,而且记得当时有些地方使用不方便,所以自己就写了个简单的通用SDK。最近发现用阿里云的朋友越来越多,今天分享给大家,这里以负载均衡服务为例子。
阿里云API核心:拼接请求参数把“Access Key ID”放到请求参数里面“相当于用户名”,把url的参数用“Access Key Secret”进行sha1混淆加密生成签名,把签名追加入请求参数。这样这个签名就可以保证参数的完整和安全不可逆转。
我尝试用图片流程还原了整个API的请求过程,大家可以参考这个过程进行API调用:
首先API是通过http/https进行访问的,以GET请求为例,
1. 参数内分为:user_param,公共参数,url编码参数并拼接成url使用的参数形式。
2. 这里详细说下签名的获取方法:url使用的参数形式添加HTTPmethod“&”拼接后,使用“Access Key Secret”为salt调用hashlib.sha1算法加密,然后使用base64编码使用生成签名
3.把访问服务的"http协议"+"域名"+"参数"+"签名"=请求地址
下面是我要分享的自己写的代码,欢迎各位拍砖QQ:850900633
https://github.com/bashhu/blog/blob/master/test/aliyun_api_sdk_v2.py
# coding=utf-8 """ __created__ = 2017/6/9 17:33 __author__ = 'baishaohua' # @Site : https://github.com/bashhu """ import os, sys import hashlib import hmac import base64 import urllib import time import uuid import requests def get_iso8601_time(): '''返回iso8601格式的时间''' TIME_ZONE = "GMT" FORMAT_ISO8601 = "%Y-%m-%dT%H:%M:%SZ" return time.strftime(FORMAT_ISO8601, time.gmtime()) def get_uuid():'''返回uuid'''return str(uuid.uuid4()) def get_parameters(user_param, Action, AccessKeyId, Version): ''' 拼接参数字典 user_param: {"RegionId":"cn-beijing", "LoadBalancerName":"test-node1", "AddressType":"intranet", "VSwitchId":"vsw-2zevjlczuvp2mkhhch12x"} Action操作例如:CreateLoadBalancer AccessKeyId:access key IDVersion: 接口的版本''' parameters = {} parameters['HTTPMethod'] = 'GET' parameters['AccessKeyId'] = AccessKeyId parameters['Format'] = 'json' parameters['Version'] = Version parameters['SignatureMethod'] = 'HMAC-SHA1' parameters['Timestamp'] = get_iso8601_time() parameters['SignatureVersion'] = '1.0' parameters['SignatureNonce'] = get_uuid() parameters['Action'] = Action for (k, v) in sorted(user_param.items()): parameters[k] = v return parameters def get_param(parameters): '''把公共参数拼接成字符串''' param_str = '' for (k, v) in sorted(parameters.items()): param_str += "&" + urllib.quote(k, safe='') + "=" + urllib.quote(v, safe='') param_str = param_str[1:] return param_str def get_StringToSign(parameters, param_str): '''拼接生成签名的字符串''' StringToSign = parameters['HTTPMethod'] + "&%2F&" + urllib.quote(param_str, safe='') return StringToSign def get_signature(StringToSign, AccessKeySecret): '''构建签名''' h = hmac.new(AccessKeySecret, StringToSign, hashlib.sha1) signature = base64.encodestring(h.digest()).strip() return signature def build_request(server_url, param_str, signature, AccessKeySecret): '''拼接url并进行请求''' Signature = "Signature=" + urllib.quote(signature) param = param_str + "&" + Signature request_url = server_url + param s = requests.get(request_url) print s.content def get_regions(server_url, Action, user_param, AccessKeySecret, AccessKeyId, Version): '''对请求进行模块 server_url: slb.aliyun.com Action = 'DescribeRegions' AccessKeySecret, AccessKeyId:也就是ak user_param = {'LoadBalancerId': 'lb-2zekxu2elibyexxoo9hlw'} Version:例如slb的版本是2014-05-15,每个服务都不相同 ''' server_url = 'https://' + server_url + '/?' AccessKeySecret = AccessKeySecret AccessKeyId = AccessKeyId parameters = get_parameters(user_param, Action, AccessKeyId, Version) param_str = get_param(parameters) StringToSign = get_StringToSign(parameters, param_str) signature = get_signature(StringToSign, AccessKeySecret + '&') build_request(server_url, param_str, signature, AccessKeySecret) ''' #create slb Action = 'CreateLoadBalancer' user_param = {"RegionId":"cn-beijing", "LoadBalancerName":"test-node1", "AddressType":"intranet", "VSwitchId":"vsw-2zevjlczuvp2mkhhch12x"} server_url = 'slb.aliyuncs.com' Version = '2014-05-15' AccessKeySecret='xxx' AccessKeyId='xxxx' get_regions(server_url, Action, user_param, AccessKeySecret, AccessKeyId, Version) #create user Action = 'CreateUser' user_param = {"UserName":"new.nginxs.net", "DisplayName":"xxxxx", "Email":"xxxx@126.com", "Comments":"测试用户"} server_url = 'ram.aliyuncs.com' AccessKeySecret='xxx' AccessKeyId='xxx' Version = '2015-05-01' get_regions(server_url, Action, user_param, AccessKeySecret, AccessKeyId, Version) '''
防爬虫:http://new.nginxs.net
http://nginxs.blog.51cto.com/
下期预告=》【STS使用SDK临时授权】
