迁移赋值ak，sk，token的地方到验签，并且备注好所有的参数名字

Author: yikefan

SDK_Integration_zh.md

@@ -151,6 +151,7 @@ STS AssumeRole（Security Token Service）是火山引擎提供的临时访问
 支持`configuration`级别全局配置和接口级别的运行时参数设置`RuntimeOption`;`RuntimeOption`设置会覆盖`configuration`全局配置。  
 
 **代码示例：**
+
 ```python
 from __future__ import print_function
 import volcenginesdkcore
@@ -165,11 +166,16 @@ if __name__ == '__main__':
 
     # 这里是使用STS ASSUMEROLE角色的方式
     configuration.credential_provider = StsCredentialProvider(
-        ak="Your ak",
-        sk="Your sk",
-        role_name="Your role name",
-        account_id="Your account id",
-        region="cn-beijing"
+        ak="Your ak",  # 必填，子账号的ak
+        sk="Your sk",  # 必填，子账号的sk
+        role_name="Your role name",  # 必填，子账号的角色TRN，如trn:iam::2110400000:role/role123  ,此处填写role123
+        account_id="Your account id",  # 必填，子账号的角色TRN，如trn:iam::2110400000:role/role123  ,此处填写2110400000
+        duration_seconds=3600,  # 非必填，有效期默认3600秒
+        scheme="https",  # 非必填，域名前缀，默认https
+        host="sts.volcengineapi.com",  # 非必填，请求域名，默认sts.volcengineapi.com
+        region="cn-beijing",  # 非必填，请求服务器区域地址，默认cn-north-1
+        timeout=30,  # 非必填，请求超时时间，默认30秒
+        expired_buffer_seconds=60 #非必填，session有效期前多久过期，剩余时间小于这个设置就要请求新的token了，默认60秒
     )
 
     # set default configuration
@@ -205,6 +211,7 @@ STS AssumeRoleOIDC（Security Token Service）是火山引擎提供的临时访
 支持`configuration`级别全局配置和接口级别的运行时参数设置`RuntimeOption`;`RuntimeOption`设置会覆盖`configuration`全局配置。  
 
 **代码示例：**
+
 ```python
 # Example Code generated by Beijing Volcanoengine Technology.
 from __future__ import print_function
@@ -220,10 +227,15 @@ if __name__ == '__main__':
 
     # 这里是使用STS ASSUMEROLE_OIDC角色的方式
     configuration.credential_provider = StsOidcCredentialProvider(
-        role_name="your role name",
-        account_id="your account id",
-        oidc_token="your oidc token",
-        region="cn-beijing"
+        role_name="Your role name",  # 必填，账号的角色TRN，如trn:iam::2110400000:role/role123  ,此处填写role123
+        account_id="Your account id",  # 必填，账号的角色TRN，如trn:iam::2110400000:role/role123  ,此处填写2110400000
+        oidc_token="your oidc token",  # 必填，生成的oidcToken，如ey********
+        duration_seconds=3600,  # 非必填，有效期默认3600秒
+        scheme="https",  # 非必填，域名前缀，默认https
+        host="sts.volcengineapi.com",  # 非必填，请求域名，默认sts.volcengineapi.com
+        region="cn-beijing",  # 非必填，请求服务器区域地址，默认cn-north-1
+        timeout=30,  # 非必填，请求超时时间，默认30秒
+        expired_buffer_seconds=60  # 非必填，session有效期前多久过期，剩余时间小于这个设置就要请求新的token了，默认60秒
     )
 
     # set default configuration
@@ -275,11 +287,16 @@ if __name__ == '__main__':
 
     # 这里是使用STS ASSUMEROLE_SAML角色的方式
     configuration.credential_provider = StsSamlCredentialProvider(
-        role_name="your role name",
-        provider_name="your provider name",
-        account_id="your account id",
-        saml_resp="your saml resp",
-        region="cn-beijing"
+        role_name="Your role name",  # 必填，账号的角色TRN，如trn:iam::2110400000:role/role123,此处填写role123
+        account_id="Your account id",  # 必填，账号的角色TRN，如trn:iam::2110400000:saml-provider/role123,此处填写2110400000
+        provider_name="your provider name",# 必填，认证provider的TRN，如trn:iam::2110400000:saml-provider/provider123,此处填写provider123
+        saml_resp="your saml resp",  # 必填，认证获取到的SAML的断言
+        duration_seconds=3600,  # 非必填，有效期默认3600秒
+        scheme="https",  # 非必填，域名前缀，默认https
+        host="sts.volcengineapi.com",  # 非必填，请求域名，默认sts.volcengineapi.com
+        region="cn-beijing",  # 非必填，请求服务器区域地址，默认cn-north-1
+        timeout=30,  # 非必填，请求超时时间，默认30秒
+        expired_buffer_seconds=60  # 非必填，session有效期前多久过期，剩余时间小于这个设置就要请求新的token了，默认60秒
     )
 
     # set default configuration

volcenginesdkcore/api_client.py

@@ -115,14 +115,6 @@ def __call_api(
         if self.cookie:
             header_params['Cookie'] = self.cookie
 
-        # 新增代码。处理assume_role和assume_role_oidc和assume_role_saml
-        if self.configuration.credential_provider is not None:
-            self.configuration.credential_provider.refresh()  # 这会调用 _assume_role_oidc() 方法获取临时凭证
-            credentials = self.configuration.credential_provider.retrieve()
-            self.configuration.ak = credentials.ak
-            self.configuration.sk = credentials.sk
-            self.configuration.session_token = credentials.session_token
-
         interceptor_context = InterceptorContext(request=Request(
             self.configuration,
             resource_path, method, path_params,

volcenginesdkcore/auth/providers/provider.py

@@ -23,3 +23,7 @@ def is_expired(self):
     @abc.abstractmethod
     def refresh(self):
         raise NotImplementedError()
+
+    @abc.abstractmethod
+    def get_credentials(self):
+        raise NotImplementedError()

volcenginesdkcore/auth/providers/sts_oidc_provider.py

@@ -19,8 +19,8 @@ def __init__(self, ak, sk, session_token, current_time, expired_time):
 
 
 class StsOidcCredentialProvider(Provider):
-    def __init__(self, role_name, oidc_token, account_id, duration_seconds=3600, scheme='https',
-                 host='sts.volcengineapi.com', region='cn-north-1', timeout=30, expired_buffer_seconds=60):
+    def __init__(self, role_name, account_id, oidc_token, duration_seconds=3600, scheme='https',
+                 host='sts.volcengineapi.com', region='cn-beijing', timeout=30, expired_buffer_seconds=60):
 
         self.role_name = role_name
         self.account_id = account_id
@@ -54,6 +54,10 @@ def refresh(self):
             if self.is_expired():
                 self._assume_role_oidc()
 
+    def get_credentials(self):
+        self.refresh()
+        return self.credentials
+
     def _assume_role_oidc(self):
         params = {
             'DurationSeconds': self.duration_seconds,

volcenginesdkcore/auth/providers/sts_provider.py

@@ -54,6 +54,10 @@ def refresh(self):
             if self.is_expired():
                 self._assume_role()
 
+    def get_credentials(self):
+        self.refresh()
+        return self.credentials
+
     def _assume_role(self):
         params = {
             'DurationSeconds': self.duration_seconds,

volcenginesdkcore/auth/providers/sts_saml_provider.py

@@ -19,8 +19,8 @@ def __init__(self, ak, sk, session_token, current_time, expired_time):
 
 
 class StsSamlCredentialProvider(Provider):
-    def __init__(self, role_name, provider_name, account_id, saml_resp, duration_seconds=3600, scheme='https',
-                 host='sts.volcengineapi.com', region='cn-north-1', timeout=30, expired_buffer_seconds=60):
+    def __init__(self, role_name, account_id, provider_name, saml_resp, duration_seconds=3600, scheme='https',
+                 host='sts.volcengineapi.com', region='cn-beijing', timeout=30, expired_buffer_seconds=60):
         # self.ak = ak
         # self.sk = sk
         self.role_name = role_name
@@ -56,6 +56,10 @@ def refresh(self):
             if self.is_expired():
                 self._assume_role_saml()
 
+    def get_credentials(self):
+        self.refresh()
+        return self.credentials
+
     def _assume_role_saml(self):
         params = {
             'DurationSeconds': self.duration_seconds,

volcenginesdkcore/interceptor/interceptors/request.py

@@ -61,6 +61,7 @@ def __init__(
         # retryer setting, default use global configration if value not set
         self.auto_retry = configuration.auto_retry
         self.retryer = configuration.retryer
+        self.credential_provider = configuration.credential_provider
 
         self.runtime_options = None
         if hasattr(body, '_configuration') and isinstance(body._configuration, RuntimeOption):

volcenginesdkcore/interceptor/interceptors/sign_request_interceptor.py

@@ -10,6 +10,13 @@ def name(self):
         return 'volcengine-sign-request-interceptor'
 
     def intercept(self, context):
+        # 新增代码。处理assume_role和assume_role_oidc和assume_role_saml
+        if context.request.credential_provider is not None:
+            credentials = context.request.credential_provider.get_credentials() # 这会调用 _assume_role_oidc() 方法获取临时凭证
+            context.request.ak = credentials.ak
+            context.request.sk = credentials.sk
+            context.request.session_token = credentials.session_token
+
         self.update_params_for_auth(host=context.request.host, path=context.request.true_path,
                                     method=context.request.method,
                                     headers=context.request.header_params,