如何使用RDS for MySQL API实现批量授权数据库

MySQL
问题描述

如何使用非交互的方式给已存在的某个用户授权所有数据库的权限

解决方案

1.查看当前的实例id, 需要授权的新用户

本次示例的实例id为rds-mysql-h735ea38885fc0783, 新用户名为demoapi image image

2.调用ListDatabases和GrantAccountPrivilege接口实现批量授权,示例代码如下

参考代码替换对应的InstanceID,AccountName,AccessKey,SecretKey

import sys, os, base64, datetime, hashlib, hmac
import requests,json # pip install requests

# ************* REQUEST VALUES *************
method = 'POST'
host = 'open.volcengineapi.com'
region = 'cn-beijing'
endpoint = 'https://open.volcengineapi.com'


def sign(key, msg):
    return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()


def getSignatureKey(key, dateStamp, regionName, serviceName):
    kDate = sign(key.encode('utf-8'), dateStamp)
    kRegion = sign(kDate, regionName)
    kService = sign(kRegion, serviceName)
    kSigning = sign(kService, 'request')
    return kSigning


def formatParameters(parameters):
    request_parameters_init = ''
    for key in sorted(parameters):
        request_parameters_init += key + '=' + parameters[key] + '&'
    request_parameters = request_parameters_init[:-1]
    return request_parameters


def sigv4(access_key, secret_key, service, request_parameters,request_playload):
    if access_key is None or secret_key is None:
        print('No access key is available.')
        sys.exit()

    print("playload data is :"+request_playload)
    print(type(request_playload))

    t = datetime.datetime.utcnow()
    current_date = t.strftime('%Y%m%dT%H%M%SZ')
    # current_date = '20210818T095729Z'
    datestamp = t.strftime('%Y%m%d')  # Date w/o time, used in credential scope

    canonical_uri = '/'

    canonical_querystring = request_parameters

    signed_headers = 'content-type;host;x-content-sha256;x-date'



    payload_hash = hashlib.sha256(request_playload.encode('utf-8')).hexdigest()

    content_type = 'application/json'

    canonical_headers = 'content-type:' + content_type + '\n' + 'host:' + host + '\n' + 'x-content-sha256:' + payload_hash + '\n' + 'x-date:' + current_date + '\n'
    canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash



    algorithm = 'HMAC-SHA256'
    credential_scope = datestamp + '/' + region + '/' + service + '/' + 'request'
    string_to_sign = algorithm + '\n' + current_date + '\n' + credential_scope + '\n' + hashlib.sha256(
        canonical_request.encode('utf-8')).hexdigest()
    print("signStr is:"+string_to_sign)

    signing_key = getSignatureKey(secret_key, datestamp, region, service)
    print("signing_key:",signing_key)
    signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest()
    print("signature:"+signature)

    authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature
    print("Authorizaiton的头部信息:"+authorization_header)
    headers = {'X-Date': current_date,
               'Authorization': authorization_header,
               'X-Content-Sha256': payload_hash,
               'Content-Type': content_type,
               'X-Amz-Date': '20180614T114308Z'
               }
    print(headers)

    # ************* SEND THE REQUEST *************
    request_url = endpoint + '?' + canonical_querystring


    print('Request URL = ' + request_url)
    r = requests.post(request_url, data=request_playload,headers=headers)

  
    print('Response code: %d\n' % r.status_code)
    parsed = json.loads(r.text)
    print(json.dumps(parsed, indent=4, sort_keys=True))
    return parsed

def get_databases_list(database_result):
    databases = database_result['Result']['Datas']
    for database in databases:
        database_list.append(database["DBName"])
    return database_list

if __name__ == "__main__":

   #存database的列表
    database_list=[]

    #自定义ak,sk, service,需要替成在自己的ak和sk
    access_key = '$ak'
    secret_key = '$sk'
    service = 'rds_mysql'
    #post请求参数, 需要替换成自己的实例id,示例中为rds-mysql-h735ea38885fc0783
    request_playload = '{'
    request_playload += '"InstanceId" : "rds-mysql-h735ea38885fc0783",'
    request_playload += '"Offset" : 0,'
    request_playload += '"Limit" : 10,'
    request_playload += '"InstanceStatus" : "Running"'
    request_playload += '}'

    list_databases_parameters = {
        'Action': 'ListDatabases',
        'Version': '2018-01-01',
    }

    formatted_parameters = formatParameters(list_databases_parameters)
    database_result=sigv4(access_key, secret_key, service, formatted_parameters,request_playload)

    database_list=get_databases_list(database_result)


    grant_readonly_parameters={
        'Action':'GrantAccountPrivilege',
        'Version': '2018-01-01',
    }
    formatted_parameters = formatParameters(grant_readonly_parameters)
   # post请求参数,替换AccountName对应的值,示例中为demoapi,实例id也需要替换
    for db in database_list:
        request_playload = '{'
        request_playload += '"InstanceId" : "rds-mysql-h735ea38885fc0783",'
        request_playload += '"AccountName" : "demoapi",'
        request_playload += '"DBName" : '
        request_playload += '"'+db+'"'+','
        request_playload += '"AccountPrivilege" : "ReadOnly"'
        request_playload += '}'
        print(request_playload)
        grant_result = sigv4(access_key, secret_key, service, formatted_parameters, request_playload)

3.查看是否授权成功

image

接口参数说明

授权账号访问数据库

调用GrantAccountPrivilege接口授权账号访问数据库。

请求类型

同步请求。

请求参数

名称类型是否必选示例值描述
InstanceIdStringrds-mysql-h441603c68aaa1b7a实例ID。
AccountNameStringtest1数据库账号名称。
DBNameStringdb001需授权的数据库名称。
AccountPrivilegeStringReadWrite授权数据库权限类型,取值: ReadWrite - 读写权限 ReadOnly - 只读权限 DDLOnly - 仅DDL权限 DMLOnly - 仅DML权限

返回数据

NA。

错误码

NA。

示例

请求示例

POST /?Action=GrantAccountPrivilege&Version=2018-01-01 HTTP/1.1
Accept: application/json
Content-Type: application/json
Host: rds.volcengineapi.com
X-Amz-Date: 20180614T114308Z
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIAGMBG4SXSQQ54MQ/20180614/cn-beijing/iam/aws4_request, SignedHeaders=accept;content-type;host;x-amz-date, Signature=6a593bf5f59e7c1109fb205c739d1cff4c672fe2d251963f4d48c8701d168c36

{
    "InstanceId" : "rds-mysql-h441603c68aaa1b7a""AccountName" : "test1",
    "DBName" : "db001",
    "AccountPrivilege" : "ReadWrite"
}

正常返回示例

{
    "ResponseMetadata": {
        "RequestId": "3159d4e8-1994-447a-854e-e6b898c078a8",
        "Action": "GrantAccountPrivilege",
        "Version": "2018-01-01 ",
        "Service": "rds_mysql",
        "Region": "cn-beijing"
    },
    "Result": null
}

查询实例下的数据库信息

调用ListDatabases来查询RDS实例的数据库信息。

请求类型

同步请求。

请求参数

名称类型是否必选示例值描述
InstanceIdStringrrds-mysql-h441603c68aaa1b7aRDS实例ID。
OffsetInt320列表偏移。
LimitInt3210返回数量。
DBStatusStringCreating数据库状态。取值: Creating - 创建中 Running - 运行中 Deleting - 删除中

返回数据

名称类型示例值描述
名称类型示例值描述
TotalInt321数据库总数。
DatasArray数据库列表。
- DBInfo
- DBNameStringdb1数据库名。
- DBStatusStringRunning数据库状态。取值: Creating - 创建中 Running - 运行中 Deleting - 删除中
- CharacterSetNameutf8["10.10.10.10"]数据库字符集。
- DBDescStringdb for log数据库描述。
- AccountNamesStringuser1,user2数据库绑定的账号,逗号分隔。

错误码

HTTPCode错误码错误信息描述
400InvalidParamThe parameter XXX is invalid.参数XXX非法。

示例

请求示例

POST /?Action=ListDatabases&Version=2018-01-01 HTTP/1.1
Content-Type: application/json
...

{
    "InstanceId" : "rds-mysql-h441603c68aaa1b7a",
    "Offset" : 0,
    "Limit" : 10,
    "DBStatus" : "Running",
}

正常返回示例

{
    "ResponseMetadata" : {
        "RequestId": "540CFF28-407A-40B5-B6A5-74Bxxxxxxxxx",
        "Action": "ListDatabases",
        "Version": "2018-01-01",
        "Service": "rds_mysql",
        "Region": "cn-beijing",
    },
    "Result": {
        "Total" : 1,
        "Datas" : [
            {
                "DBName" : "db1",
                "DBStatus" : "Running",
                "CharacterSetName": "utf8",
                "DBDesc": "db for log",
                "AccountNames": "user1,user2"
            }
        ]
    }
}

如果您有其他问题,欢迎您联系火山引擎技术支持服务

0
0
0
0
评论
未登录
看完啦,登录分享一下感受吧~
暂无评论