在基于云的资源提供者上实现授权委托方式。
cloudauthz的Python项目详细描述
cloudauthz
安装
安装pypi的最新版本:
pip install cloudauthz
示例
cloudauthz可以授权对Amazon Web Services (AWS)、Microsoft Azure和Google Cloud Platform (GCP)的访问。下面给出了每个提供者的示例。
亚马逊网络服务
fromcloudauthzimport*cloudauthz=CloudAuthz()config={"id_token":" ... ","role_arn":" ... "}credentials=cloudauthz.authorize("aws",config)
credentials
对象是一个字典,如下所示:{"SecretAccessKey":" ... ","SessionToken":" ... ","Expiration":"2019-05-28T02:12:45Z","AccessKeyId":" ... "}
微软azure
fromcloudauthzimport*cloudauthz=CloudAuthz()config={"tenant_id":" ... ","client_id":" ... ","client_secret":" ... "}credentials=cloudauthz.authorize("azure",config)
credentials
对象是一个字典,如下所示:{"expiresIn":3599,"_authority":"https://login.microsoftonline.com/TENANT_ID","resource":"https://storage.azure.com/","tokenType":"Bearer","expiresOn":"2018-06-28 12:30:24.895661","isMRRT":true,"_clientId":" ... ","accessToken":" ... ",}
谷歌云平台
fromcloudauthzimport*cloudauthz=CloudAuthz()config={"project_id":"...","private_key_id":"...","private_key":"...","client_email":"...","client_id":"..."}credentials=cloudauthz.authorize("gcp",config)
credentials
对象是包含以下键的字典:{"type":"service_account","project_id":"...","private_key_id":"...","private_key":"...","client_email":"...","client_id":"...","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url":"..."}