-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #83 from AlibabaCloudLandingZone/solution-IDaaS-sy…
…nchronization/0.0.1 solution-IDaaS-synchronization/0.0.1
- Loading branch information
Showing
2 changed files
with
42 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| # 基于函数计算实现从IdP到IDaaS的人员定时同步方案 | ||
|
|
||
| 本方案通过函数计算定时调用IDaaS同步的OpenAPI,来实现按照自定义周期进行人员自动从IdP到IDaaS同步。通过FC函数角色和RAM角色关联,使用STS Token访问云资源,避免了将访问密钥硬编码在代码中,从而消除AK泄露的风险。临时凭证(STS Token)的使用有效解决了永久凭证(AK/SK)可能带来的安全风险问题。 本方案提供Python代码示例,客户能够快速完成函数计算部署,减少开发和部署的复杂度。 | ||
|
|
||
| ## 如何运行 | ||
| 该示例代码需要在FC函数中执行,请确保选择Python作为FC函数的运行环境。 | ||
| 请您选择您的SDK类型对应的示例代码,复制代码后上传至函数计算运行即可。 | ||
| 需要配置以下环境变量: | ||
| {'IDAAS_EIAM_ENDPOINT', | ||
| 'INSTANCE_ID', | ||
| 'TARGET_ID', | ||
| 'TARGET_TYPE' | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| # -*- coding: utf-8 -*- | ||
| import logging | ||
| import json | ||
| import os | ||
| import sys | ||
|
|
||
| from typing import List | ||
|
|
||
| from alibabacloud_eiam20211201.client import Client as Eiam20211201Client | ||
| from alibabacloud_eiam20211201 import models as eiam_20211201_models | ||
| from alibabacloud_tea_util import models as util_models | ||
| from alibabacloud_credentials.client import Client as CredClient | ||
| from alibabacloud_tea_openapi.models import Config | ||
|
|
||
| def handler(event, context): | ||
| creds = context.credentials | ||
| config = Config(access_key_id=creds.access_key_id,access_key_secret=creds.access_key_secret,security_token=creds.security_token) | ||
| config.endpoint = os.environ['IDAAS_EIAM_ENDPOINT'] | ||
| client = Eiam20211201Client(config) | ||
|
|
||
| run_synchronization_job_request = eiam_20211201_models.RunSynchronizationJobRequest( | ||
| instance_id=os.environ['INSTANCE_ID'], | ||
| target_id=os.environ['TARGET_ID'], | ||
| target_type=os.environ['TARGET_TYPE'] | ||
| ) | ||
| runtime = util_models.RuntimeOptions() | ||
| response = client.run_synchronization_job_with_options(run_synchronization_job_request, runtime) | ||
|
|
||
| return(str(response.to_map())) |