2019-12-03 10:45

# -*- coding: utf-8 -*- import logging, time, json from aliyunsdkcore import client from aliyunsdkram.request.v20150501.CreateAccessKeyRequest import CreateAccessKeyRequest from aliyunsdkram.request.v20150501.DeleteAccessKeyRequest import DeleteAccessKeyRequest from aliyunsdkkms.request.v20160120.EncryptRequest import EncryptRequest from aliyunsdkkms.request.v20160120.DecryptRequest import DecryptRequest from aliyunsdkcore.auth.credentials import StsTokenCredential # ak Encrypt content AK_CiphertextBlob = "NmQyY2ZhODMtMTlhYS00MTNjLTlmZjAtZTQxYTFiYWVmMzZmM1B1NXhTZENCNXVWd1dhdTNMWVRvb3V6dU9QcVVlMXRBQUFBQUFBQUFBQ3gwZTkzeGhDdHVzMWhDUCtZeVVuMWlobzlCa3VxMlErOXFHWWdXXXHELLwL1NSZTFvUURYSW9lak5Hak1lMnF0R2I1TWUxMEJiYmkzVnBwZHlrWGYzc3kyK2tQbGlKb2lHQ3lrZUdieHN2eXZwSVYzN2Qyd1cydz09" USER_NAME = "ls-test" # sub-account name LOGGER = logging.getLogger() def handler(event, context):   creds = context.credentials   sts_token_credential = StsTokenCredential(creds.access_key_id, creds.access_key_secret, creds.security_token)   # this demo ecs and function in same region, if not in same region, you need change region_id to your ecs instance's region_id   clt = client.AcsClient(region_id=context.region, credential=sts_token_credential)   request = DecryptRequest()   request.set_CiphertextBlob(AK_CiphertextBlob)   response = _send_request(clt, request)   ak_info = json.loads(response.get("Plaintext","{}"))   if not ak_info:     return "KMS Decrypt ERROR"   ak_id = ak_info["ak_id"]   ak_secret = ak_info["ak_secret"]   LOGGER.info("Decrypt sucessfully with key id: {}".format(response.get("KeyId","{}")))   clt2 = client.AcsClient(ak_id, ak_secret, context.region)   request = CreateAccessKeyRequest()   request.set_UserName(USER_NAME) # 给子账号ls-test创建AK   response = _send_request(clt2, request)   create_ak_id = response.get("AccessKey",{}).get("AccessKeyId")   if not create_ak_id:     return   LOGGER.info("create ak {} sucess!".format(create_ak_id))      time.sleep(10)      request = DeleteAccessKeyRequest()   request.set_UserName(USER_NAME)     request.set_UserAccessKeyId(create_ak_id)   response = _send_request(clt2, request)   LOGGER.info("delete ak {} sucess!".format(create_ak_id))      return "OK"    # send open api request def _send_request(clt, request):     request.set_accept_format('json')     try:         response_str = clt.do_action_with_exception(request)         LOGGER.debug(response_str)         response_detail = json.loads(response_str)         return response_detail     except Exception as e:         LOGGER.error(e)

# -*- coding: utf-8 -*- import os, logging, time, json from aliyunsdkcore import client from aliyunsdkram.request.v20150501.CreateAccessKeyRequest import CreateAccessKeyRequest from aliyunsdkram.request.v20150501.DeleteAccessKeyRequest import DeleteAccessKeyRequest USER_NAME = "ls-test" # sub-account name LOGGER = logging.getLogger() def handler(event, context):   ak_id = os.environ['AK_ID']   ak_secret = os.environ['AK_SECRET']   clt = client.AcsClient(ak_id, ak_secret, context.region)   request = CreateAccessKeyRequest()   request.set_UserName(USER_NAME) # 给子账号USER_NAME创建AK   response = _send_request(clt, request)   create_ak_id = response.get("AccessKey", "").get("AccessKeyId")   if not create_ak_id:     return   LOGGER.info("create ak {} sucess!".format(create_ak_id))      time.sleep(5)      request = DeleteAccessKeyRequest()   request.set_UserName(USER_NAME)     request.set_UserAccessKeyId(create_ak_id)   resp