Access Key

ZStack私有云 Access Key(包括Access Key ID和Access Key Secret)是云平台授权第三方用户调用ZStack私有云 API来访问其云资源的安全凭证,需严格保密。

Access Key是ZStack私有云对API请求进行安全验证的关键因子,请妥善保管。如果某些Access Key出现泄漏风险,建议及时删除该Access Key并生成新的替代Access Key。

创建Access Key

私有云主菜单,点击平台管理 > Access Key,弹出Access Key管理界面,点击生成Access Key,将生成一个Access Key。

Access Key支持的操作

  • 启用:启用当前Access Key
  • 停用:停用当前Access Key
  • 删除:删除当前Access Key
  • 搜索:搜索已创建的Access Key

注意事项

  • admin/平台管理员可以创建多个Access Key,租户(普通账户/项目成员)可以创建两个Access Key;
  • admin/平台管理员可以随时启用、停用或者删除自己创建的Access Key以及租户创建的Access Key;
  • 租户可以随时启用、停用或者删除自己创建的Access Key;
  • Access Key具有该创建者完全的权限。

第三方平台使用Access Key调用ZStack API

创建Access Key后,第三方平台可以使用Access Key调用ZStack私有云API,方法如下:
  • SDK方式:
    以创建云主机(CreateVmInstance)为例,使用Access Key调用ZStack私有云API时,需输入accessKeyIdaccessKeySecret,示例如下:
    • Java SDK
      CreateVmInstanceAction action = new CreateVmInstanceAction();
action.name = "vm1";
action.instanceOfferingUuid = "ae97ced44efc3314b8f7798972b4ba1a";
action.imageUuid = "da119f7906513eccabf271991c35a65e";
action.l3NetworkUuids = asList("cc0e4c5e77df3af68e59668e7f9e06c5");
action.dataDiskOfferingUuids = asList("19d22d051b063d379a2816daaf431838","905d94a6abb5398fa1995f6398e3f6fc");
action.clusterUuid = "a0468dc645223f67bd0f2ab95276bbae";
action.description = "this is a vm";
action.strategy = "InstantStart";
action.accessKeyId = "Fnxc7KIQAdGTvXfx8OjC";
action.accessKeySecret = "Do0AJUGVPrT9iJZlc1QOtk7kzEusYidyqJxSmKOb";
CreateVmInstanceAction.Result res = action.call();
    • Python SDK
      CreateVmInstanceAction action = CreateVmInstanceAction()
action.name = "vm1"
action.instanceOfferingUuid = "ae97ced44efc3314b8f7798972b4ba1a"
action.imageUuid = "da119f7906513eccabf271991c35a65e"
action.l3NetworkUuids = [cc0e4c5e77df3af68e59668e7f9e06c5]
action.dataDiskOfferingUuids = [19d22d051b063d379a2816daaf431838, 905d94a6abb5398fa1995f6398e3f6fc]
action.clusterUuid = "a0468dc645223f67bd0f2ab95276bbae"
action.description = "this is a vm"
action.strategy = "InstantStart"
action.accessKeyId = "Fnxc7KIQAdGTvXfx8OjC"
action.accessKeySecret = "Do0AJUGVPrT9iJZlc1QOtk7kzEusYidyqJxSmKOb"
CreateVmInstanceAction.Result res = action.call()
  • 直接调用ZStack私有云 Restful API方式:
    1. 创建Access Key:
      CreateAccessKey accountUuid=dff4fb9bbff14e97a67ab894c7b8c528 userUuid=dff4fb9bbff14e97a67ab894c7b8c528
{
    "inventory": {
        "AccessKeyID": "N3Tf05yXZUmSjCf6mYIB",
        "AccessKeySecret": "XAlrsYvswmnEV3X1KWNs1WfZHD6aBIIphmI0rX9S",
        "accountUuid": "dff4fb9bbff14e97a67ab894c7b8c528",
        "createDate": "Sep 6, 2018 1:50:06 PM",
        "lastOpDate": "Sep 6, 2018 1:50:06 PM",
        "userUuid": "dff4fb9bbff14e97a67ab894c7b8c528",
        "uuid": "ae353717ca7b4182bb87fb5d010235e8"
    },
    "success": true
}
    2. 生成date
      python get_time.py
Thu, 06 Sep 2018 13:54:10 CST
      import datetime
import time
 
date = time.time()
#EEE, dd MMM yyyy HH:mm:ss z
str = datetime.datetime.fromtimestamp(date).strftime('%a, %d %b %Y %H:%M:%S CST')
print str
      Note: 时间格式必须为EEE, dd MMM yyyy HH:mm:ss zzz
    3. 生成digest
      # python get_accesskey.py "N3Tf05yXZUmSjCf6mYIB" "XAlrsYvswmnEV3X1KWNs1WfZHD6aBIIphmI0rX9S" \
"GET" "" "application/x-www-form-urlencoded" "Thu, 06 Sep 2018 13:54:10 CST" "/v1/vm-instances"
args: Namespace(Content_MD5='', Content_Type='application/x-www-form-urlencoded', \
acesskey_id='N3Tf05yXZUmSjCf6mYIB', acesskey_secret='XAlrsYvswmnEV3X1KWNs1WfZHD6aBIIphmI0rX9S', \
date='Thu, 06 Sep 2018 13:54:10 CST', method='GET', uri='/v1/vm-instances')
Signature: S3vm7u7/+n+sIQe72lgia08I30U=
Authoration ZStack N3Tf05yXZUmSjCf6mYIB:S3vm7u7/+n+sIQe72lgia08I30U=
      #/usr/bin/python
import base64
import hmac
import sha
import argparse
from hashlib import sha1
 
parser = argparse.ArgumentParser(description='calculate zstack access key digit.')
parser.add_argument('acesskey_id')
parser.add_argument('acesskey_secret')
parser.add_argument('method')
parser.add_argument('date')
parser.add_argument('uri')
 
args = parser.parse_args()
 
print "args: %s" % args
h = hmac.new(args.acesskey_secret, args.method + "\n"
                                    + args.date + "\n"
                                    + args.uri, sha1)
Signature = base64.b64encode(h.digest())
print "Signature: %s" % Signature
print "Authoration %s" % ("ZStack " + args.acesskey_id + ":" + Signature)
    4. 发送请求
      curl -H "Authorization:ZStack N3Tf05yXZUmSjCf6mYIB:S3vm7u7/+n+sIQe72lgia08I30U=" \
-H "Content-Type:application/x-www-form-urlencoded" \
-H "Date:Thu, 06 Sep 2018 13:54:10 CST" \
-X GET http://172.20.11.134:8080/zstack/v1/vm-instances