摘要: 我也是从13年才正式开始接触阿里云的,在2014年才开始用,当时可能有些自动化的需求一直使用aliyuncli,但是效率太低,而且记得当时有些地方使用不方便,所以自己就写了个简单的通用SDK。最近发现用阿里云的朋友越来越多,今天分享给大家,这里以负载均衡服务为例子。
我也是从13年才正式开始接触阿里云的,在2014年才开始用,当时可能有些自动化的需求一直使用aliyuncli,但是效率太低,而且记得当时有些地方使用不方便,所以自己就写了个简单的通用SDK。最近发现用阿里云的朋友越来越多,今天分享给大家,这里以负载均衡服务为例子。
阿里云API核心:拼接请求参数把“Access Key ID”放到请求参数里面“相当于用户名”,把url的参数用“Access Key Secret”进行sha1混淆加密生成签名,把签名追加入请求参数。这样这个签名就可以保证参数的完整和安全不可逆转。
[公共参数参考传送门]
[签名机制传送门]
我尝试用图片流程还原了整个API的请求过程,大家可以参考这个过程进行API调用:
首先API是通过http/https进行访问的,以GET请求为例,
1. 参数内分为:user_param,公共参数,url编码参数并拼接成url使用的参数形式。
2. 这里详细说下签名的获取方法:url使用的参数形式添加HTTPmethod“&”拼接后,使用“Access Key Secret”为salt调用hashlib.sha1算法加密,然后使用base64编码使用生成签名
3.把访问服务的"http协议"+"域名"+"参数"+"签名"=请求地址
下面是我要分享的自己写的代码,欢迎各位拍砖QQ:850900633
https://github.com/bashhu/blog/blob/master/test/aliyun_api_sdk_v2.py
# coding=utf-8 """ __created__ = 2017/6/9 17:33 __author__ = \'baishaohua\' # @Site : https://github.com/bashhu """ import os, sys import hashlib import hmac import base64 import urllib import time import uuid import requests def get_iso8601_time(): \'\'\'返回iso8601格式的时间\'\'\' TIME_ZONE = "GMT" FORMAT_ISO8601 = "%Y-%m-%dT%H:%M:%SZ" return time.strftime(FORMAT_ISO8601, time.gmtime()) def get_uuid(): \'\'\'返回uuid\'\'\' return str(uuid.uuid4()) def get_parameters(user_param, Action, AccessKeyId, Version): \'\'\' 拼接参数字典 user_param: {"RegionId":"cn-beijing", "LoadBalancerName":"test-node1", "AddressType":"intranet", "VSwitchId":"vsw-2zevjlczuvp2mkhhch12x"} Action操作例如:CreateLoadBalancer AccessKeyId:access key ID Version: 接口的版本 \'\'\' parameters = {} parameters[\'HTTPMethod\'] = \'GET\' parameters[\'AccessKeyId\'] = AccessKeyId parameters[\'Format\'] = \'json\' parameters[\'Version\'] = Version parameters[\'SignatureMethod\'] = \'HMAC-SHA1\' parameters[\'Timestamp\'] = get_iso8601_time() parameters[\'SignatureVersion\'] = \'1.0\' parameters[\'SignatureNonce\'] = get_uuid() parameters[\'Action\'] = Action for (k, v) in sorted(user_param.items()): parameters[k] = v return parameters def get_param(parameters): \'\'\'把公共参数拼接成字符串\'\'\' param_str = \'\' for (k, v) in sorted(parameters.items()): param_str += "&" + urllib.quote(k, safe=\'\') + "=" + urllib.quote(v, safe=\'\') param_str = param_str[1:] return param_str def get_StringToSign(parameters, param_str): \'\'\'拼接生成签名的字符串\'\'\' StringToSign = parameters[\'HTTPMethod\'] + "&%2F&" + urllib.quote(param_str, safe=\'\') return StringToSign def get_signature(StringToSign, AccessKeySecret): \'\'\'构建签名\'\'\' h = hmac.new(AccessKeySecret, StringToSign, hashlib.sha1) signature = base64.encodestring(h.digest()).strip() return signature def build_request(server_url, param_str, signature, AccessKeySecret): \'\'\'拼接url并进行请求\'\'\' Signature = "Signature=" + urllib.quote(signature) param = param_str + "&" + Signature request_url = server_url + param s = requests.get(request_url) print s.content def get_regions(server_url, Action, user_param, AccessKeySecret, AccessKeyId, Version): \'\'\'对请求进行模块 server_url: slb.aliyun.com Action = \'DescribeRegions\' AccessKeySecret, AccessKeyId:也就是ak user_param = {\'LoadBalancerId\': \'lb-2zekxu2elibyexxoo9hlw\'} Version:例如slb的版本是2014-05-15,每个服务都不相同 \'\'\' server_url = \'https://\' + server_url + \'/?\' AccessKeySecret = AccessKeySecret AccessKeyId = AccessKeyId parameters = get_parameters(user_param, Action, AccessKeyId, Version) param_str = get_param(parameters) StringToSign = get_StringToSign(parameters, param_str) signature = get_signature(StringToSign, AccessKeySecret + \'&\') build_request(server_url, param_str, signature, AccessKeySecret) \'\'\' #create slb Action = \'CreateLoadBalancer\' user_param = {"RegionId":"cn-beijing", "LoadBalancerName":"test-node1", "AddressType":"intranet", "VSwitchId":"vsw-2zevjlczuvp2mkhhch12x"} server_url = \'slb.aliyuncs.com\' Version = \'2014-05-15\' AccessKeySecret=\'xxx\' AccessKeyId=\'xxxx\' get_regions(server_url, Action, user_param, AccessKeySecret, AccessKeyId, Version) #create user Action = \'CreateUser\' user_param = {"UserName":"new.nginxs.net", "DisplayName":"xxxxx", "Email":"xxxx@126.com", "Comments":"测试用户"} server_url = \'ram.aliyuncs.com\' AccessKeySecret=\'xxx\' AccessKeyId=\'xxx\' Version = \'2015-05-01\' get_regions(server_url, Action, user_param, AccessKeySecret, AccessKeyId, Version) \'\'\'防爬虫: