Skip to content

Commit

Permalink
Merge pull request #10 from iiiusky/feature/support-stsToken
Browse files Browse the repository at this point in the history
Feature/support sts token
  • Loading branch information
iiiusky authored May 13, 2021
2 parents 0b08618 + 585e40e commit 0c7d1f9
Show file tree
Hide file tree
Showing 8 changed files with 160 additions and 48 deletions.
21 changes: 16 additions & 5 deletions README.MD
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,24 @@ Available Commands:
sg 安全组操作,当前命令支持地域ID设置.
Flags:
-a, --ak string 阿里云 AccessKey
-h, --help help for AliCloud-Tools
--regions 显示所有地域信息
-r, --rid string 阿里云 地域ID,在其他支持rid的子命令中,如果设置了地域ID,则只显示指定区域的信息,否则为全部.
-s, --sk string 阿里云 SecretKey
-a, --ak string 阿里云 AccessKey
-h, --help help for AliCloud-Tools
--regions 显示所有地域信息
-r, --rid string 阿里云 地域ID,在其他支持rid的子命令中,如果设置了地域ID,则只显示指定区域的信息,否则为全部.
--sak string 阿里云 STS AccessKey
-s, --sk string 阿里云 SecretKey
--ssk string 阿里云 STS SecretKey
--sts 启用STSToken模式
--token string 阿里云 STS Session Token
-v, --verbose 显示详细的执行过程
```

# 关于使用STSToken

**如果需要使用STSToken,则需要指定sak\ssk\token\sts 四个选项。** ,如下图所示
![regions](./img/stsToken.png)


## 查看所有地域信息
```
./AliCloud-Tools -a <AccessKey> -s <SecretKey> --regions
Expand Down
30 changes: 27 additions & 3 deletions cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,11 @@ import (
var accessKey string
var secretKey string
var regionId string
var stsAccessKey string
var stsSecretKey string
var stsToken string
var verbose bool
var useSTS bool
var showRegions bool

// rootCmd represents the base command when called without any subcommands
Expand All @@ -37,13 +42,25 @@ var rootCmd = &cobra.Command{
if cmd.Use == "version" {
return nil
}
common.Verbose = verbose

if accessKey == "" || secretKey == "" {
if (accessKey == "" || secretKey == "") && useSTS == false {
return errors.New("请设置ak以及sk的值")
}

common.AccessKey = accessKey
common.SecretKey = secretKey
if useSTS && (stsAccessKey == "" || stsSecretKey == "" || stsToken == "") {
return errors.New("请设置stsAccessKey、stsSecretKey、stsToken的值")
}

if useSTS {
common.STSAccessKey = stsAccessKey
common.STSSecretKey = stsSecretKey
common.STSToken = stsToken
common.UseSTS = useSTS
} else {
common.AccessKey = accessKey
common.SecretKey = secretKey
}

if !common.InitEcsRegions() {
return errors.New("ak、sk验证失败.")
Expand Down Expand Up @@ -73,5 +90,12 @@ func init() {
rootCmd.Flags().BoolVar(&showRegions, "regions", false, "显示所有地域信息")
rootCmd.PersistentFlags().StringVarP(&accessKey, "ak", "a", "", "阿里云 AccessKey")
rootCmd.PersistentFlags().StringVarP(&secretKey, "sk", "s", "", "阿里云 SecretKey")

rootCmd.PersistentFlags().StringVar(&stsAccessKey, "sak", "", "阿里云 STS AccessKey")
rootCmd.PersistentFlags().StringVar(&stsSecretKey, "ssk", "", "阿里云 STS SecretKey")
rootCmd.PersistentFlags().StringVar(&stsToken, "token", "", "阿里云 STS Session Token")
rootCmd.PersistentFlags().BoolVar(&useSTS, "sts", false, "启用STSToken模式")

rootCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "v", false, "显示详细的执行过程")
rootCmd.PersistentFlags().StringVarP(&regionId, "rid", "r", "", "阿里云 地域ID,在其他支持rid的子命令中,如果设置了地域ID,则只显示指定区域的信息,否则为全部.")
}
31 changes: 28 additions & 3 deletions common/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,38 +17,63 @@ limitations under the License.
package common

import (
"encoding/json"
"fmt"
"github.com/aliyun/alibaba-cloud-sdk-go/services/ecs"
"github.com/bndr/gotabulate"
)

var AccessKey string
var SecretKey string
var STSAccessKey string
var STSSecretKey string
var STSToken string
var UseSTS bool
var Verbose bool
var ECSRegions []ecs.Region
var APPVersion string

// 初始化区域信息表
// InitEcsRegions 初始化区域信息表
func InitEcsRegions() bool {
client, err := ecs.NewClientWithAccessKey("cn-hangzhou", AccessKey, SecretKey)
client, err := GetEcsClient("cn-hangzhou")
request := ecs.CreateDescribeRegionsRequest()
request.Scheme = "https"

if Verbose {
requestByte, _ := json.Marshal(request)
fmt.Println(fmt.Sprintf("\r\n InitEcsRegions request is: %s", string(requestByte)))
}

if err != nil {
Logger().Error(fmt.Sprintf("【初始化区域信息表】创建客户端发生异常,异常信息为 %s", err.Error()))
return false
}

response, err := client.DescribeRegions(request)

if err != nil {
Logger().Error(fmt.Sprintf("【初始化区域信息表】创建获取区域信息请求发生异常,异常信息为 %s", err.Error()))
return false
}

if Verbose {
fmt.Println(fmt.Sprintf("\r\n InitEcsRegions response is: %s", response.String()))
}

ECSRegions = response.Regions.Region
return true
}

// 显示地域信息
// GetEcsClient 获取ECS 客户端
func GetEcsClient(regionId string) (*ecs.Client, error) {
if UseSTS {
return ecs.NewClientWithStsToken(regionId, STSAccessKey, STSSecretKey, STSToken)
} else {
return ecs.NewClientWithAccessKey(regionId, AccessKey, SecretKey)
}
}

// ShowRegions 显示地域信息
func ShowRegions() {
var dates [][]string
count := 0
Expand Down
28 changes: 19 additions & 9 deletions core/ecs.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ limitations under the License.
package core

import (
"encoding/json"
"fmt"
"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
"github.com/aliyun/alibaba-cloud-sdk-go/services/ecs"
Expand All @@ -25,9 +26,9 @@ import (
"strings"
)

// 获取指定区域的所有实例列表
// GetRegionInstances 获取指定区域的所有实例列表
func GetRegionInstances(regionId string) (instances []ecs.Instance) {
client, err := ecs.NewClientWithAccessKey(regionId, common.AccessKey, common.SecretKey)
client, err := common.GetEcsClient(regionId)
if err != nil {
common.Logger().Error(fmt.Sprintf("【获取指定区域的所有实例列表】创建客户端发生异常,异常信息为 %s", err.Error()))
return
Expand Down Expand Up @@ -55,7 +56,7 @@ func GetRegionInstances(regionId string) (instances []ecs.Instance) {
return instances
}

// 获取所有实例
// GetAllInstances 获取所有实例
func GetAllInstances(regionId string, printInfo bool) (instances []ecs.Instance) {
for _, region := range common.ECSRegions {
if regionId != "" && regionId != region.RegionId {
Expand All @@ -77,7 +78,7 @@ func GetAllInstances(regionId string, printInfo bool) (instances []ecs.Instance)
return instances
}

// 查询单个实例
// QuerySingleInstance 查询单个实例
func QuerySingleInstance(regionId string, instanceId string) (instances ecs.Instance) {
if regionId == "" {
for _, region := range common.ECSRegions {
Expand All @@ -99,9 +100,9 @@ func QuerySingleInstance(regionId string, instanceId string) (instances ecs.Inst
return instances
}

// 执行命令
// EcsRunCommand 执行命令
func EcsRunCommand(regionId, scriptType, commandContent string, instanceId string) bool {
client, err := ecs.NewClientWithAccessKey(regionId, common.AccessKey, common.SecretKey)
client, err := common.GetEcsClient(regionId)
if err != nil {
common.Logger().Error(fmt.Sprintf("【执行命令】创建客户端发生异常,异常信息为 %s", err.Error()))
return false
Expand All @@ -113,19 +114,28 @@ func EcsRunCommand(regionId, scriptType, commandContent string, instanceId strin
request.CommandContent = commandContent
request.InstanceId = &[]string{instanceId}

if common.Verbose {
requestByte, _ := json.Marshal(request)
fmt.Println(fmt.Sprintf("\r\n EcsRunCommand request is: %s", string(requestByte)))
}

response, err := client.RunCommand(request)

if err != nil {
common.Logger().Error(fmt.Sprintf("【执行命令】创建执行命令请求发生异常,异常信息为 %s", err.Error()))
return false
}

if common.Verbose {
fmt.Println(fmt.Sprintf("\r\n EcsRunCommand response is: %s", response.String()))
}

return response.IsSuccess()
}

// 检测云助手安装情况
// CheckCloudAssistantStatus 检测云助手安装情况
func CheckCloudAssistantStatus(regionId, instanceId string) bool {
client, err := ecs.NewClientWithAccessKey(regionId, common.AccessKey, common.SecretKey)
client, err := common.GetEcsClient(regionId)
if err != nil {
common.Logger().Error(fmt.Sprintf("【检测云助手安装情况】创建客户端发生异常,异常信息为 %s", err.Error()))
return false
Expand All @@ -148,7 +158,7 @@ func CheckCloudAssistantStatus(regionId, instanceId string) bool {
return true
}

// 显示传入的实例列表具体信息
// ShowInstancesInfo 显示传入的实例列表具体信息
func ShowInstancesInfo(instances []ecs.Instance, isRunner bool) {
for _, instance := range instances {
if isRunner && instance.Status != "Running" {
Expand Down
14 changes: 7 additions & 7 deletions core/sg.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,9 @@ import (
"github.com/iiiusky/alicloud-tools/common"
)

// 获取安全组信息
// GetEcsSecurityGroupInfo 获取安全组信息
func GetEcsSecurityGroupInfo(regionId, securityGroupId string) ecs.DescribeSecurityGroupAttributeResponse {
client, err := ecs.NewClientWithAccessKey(regionId, common.AccessKey, common.SecretKey)
client, err := common.GetEcsClient(regionId)
if err != nil {
common.Logger().Error(fmt.Sprintf("【获取安全组信息】创建客户端发生异常,异常信息为 %s", err.Error()))
return ecs.DescribeSecurityGroupAttributeResponse{}
Expand All @@ -44,9 +44,9 @@ func GetEcsSecurityGroupInfo(regionId, securityGroupId string) ecs.DescribeSecur
}
}

// 添加指定安全组ID的端口策略
// AddSecurityGroupPolicy 添加指定安全组ID的端口策略
func AddSecurityGroupPolicy(regionId, securityGroupId, ipProtocol, portRange, cidrIp string) bool {
client, err := ecs.NewClientWithAccessKey(regionId, common.AccessKey, common.SecretKey)
client, err := common.GetEcsClient(regionId)
if err != nil {
common.Logger().Error(fmt.Sprintf("【添加指定安全组ID的端口策略】创建客户端发生异常,异常信息为 %s", err.Error()))
return false
Expand Down Expand Up @@ -84,9 +84,9 @@ func AddSecurityGroupPolicy(regionId, securityGroupId, ipProtocol, portRange, ci
return responseEg.IsSuccess() && response.IsSuccess()
}

// 删除指定安全组ID的端口
// RemoveSecurityGroupPolicy 删除指定安全组ID的端口
func RemoveSecurityGroupPolicy(regionId, securityGroupId, ipProtocol, portRange, cidrIp string) bool {
client, err := ecs.NewClientWithAccessKey(regionId, common.AccessKey, common.SecretKey)
client, err := common.GetEcsClient(regionId)
if err != nil {
common.Logger().Error(fmt.Sprintf("【删除指定安全组ID的端口】创建客户端发生异常,异常信息为 %s", err.Error()))
return false
Expand Down Expand Up @@ -123,7 +123,7 @@ func RemoveSecurityGroupPolicy(regionId, securityGroupId, ipProtocol, portRange,
return responseEg.IsSuccess() && response.IsSuccess()
}

// 显示ecs安全组的信息
// ShowEcsSecurityGroupInfo 显示ecs安全组的信息
func ShowEcsSecurityGroupInfo(securityGroup ecs.DescribeSecurityGroupAttributeResponse) {
fmt.Printf("安全组ID: %s \t 安全组名称: %s \t安全组描述: %s \t 策略条数:%d\n", securityGroup.SecurityGroupId,
securityGroup.SecurityGroupName, securityGroup.Description, len(securityGroup.Permissions.Permission))
Expand Down
Loading

0 comments on commit 0c7d1f9

Please sign in to comment.