Construction request
First constructed request, that is, to which specific interface to access, what needs to provide the necessary parameters. In the configuration request (Click to view can be seen, request the necessary service for DMS is composed of the following sections
- Request URI, for example
https://dms.cn-north-1.myhuaweicloud.com/v1.0/{project_id}/queues/{quque_id}(different portions of different regions Region) - The method of the request, such as "GET", "POST"
- Request message header, is mandatory "Content-Type", defines the format of the message body, the default value of "application / json", i.e., the message body "Body" filed in Json format
- Request message body, some interfaces need some interface does not
Preparation parameters
Interface to view the specified queue ( Click to view ) an example
- 请求URI:https://dms.cn-north-1.myhuaweicloud.com/v1.0/{project_id}/queues/{quque_id}
- Request method: "GET"
- Request message body: None
- project_id: Project ID, to a unified identity authentication project based on different areas to find
- queue_id: ID to access the queue, the queue to point to open the console view
- AK / SK: secret key pair, users in a unified identity authentication security settings management functions, parameters necessary to generate the signature
Computing a signature
To AK / SK signature verification algorithm Detailed ( Click to view ) as standard, or write algorithms use SDK, used in this example is provided by the official SDK, call as follows ( Click to view )
HTTP requests
With AK = ABCDE .... WYZ and SK = 123 ... 890, for example, use the SDK to generate signatures
/*
查看指定队列
*/
url := "https://dms.cn-north-1.myhuaweicloud.com/v1.0/506d66e5/queues/bc8e-86-42-8c-4d2"
r, err := http.NewRequest(
"GET",
url,
ioutil.NopCloser(bytes.NewBuffer([]byte(""))))
/*
添加必要的 Content-Type 头
*/
r.Header.Add("content-type", "application/json")
/*
创建签名对象并签名
*/
s := sign.Signer{ Key:conf.AK, Secret:conf.SK}
s.Sign(r)s.Sign (r) method adds a header to the two requests r.Headers , one is X-Sdk-Date value is a time stamp, and the other is Authorization whose value is calculated through a predetermined manner and splicing series of strings, If the r.Headers print is
map[Authorization:[SDK-HMAC-SHA256 Access=ABCDE....WYZ, SignedHeaders=content-type;x-sdk-date, Signature=0e9d22d370b3b34b6108998c3ced1d99cdb6d813aa41b5efeb7828295bb8f7a8] Content-Type:[application/json] X-Sdk-Date:[20191105T083411Z]]All parameters are in place, sort out all or part of the requested
- Request complete URI of the: https://dms.cn-north-1.myhuaweicloud.com/v1.0/506d66e5/queues/bc8e-86-42-8c-4d2
- Request header
- Content-Type:application/json
- X-Sdk-Date:20191105T083411Z
- Authorization:SDK-HMAC-SHA256 Access=ABCDE....WYZ, SignedHeaders=content-type;x-sdk-date, Signature=0e9d22d370b3b34b6108998c3ced1d99cdb6d813aa41b5efeb7828295bb8f7a8
- Request body: the interface is no request, i.e. an empty body http protocol
Use Postman submit a request, response body follows
{
"id": "bcf28b8e-83e6-4432-870c-413e79e555d2",
"name": "huawei-dms-queue-log-test",
"description": "",
"reservation": 4320,
"created": 1559033038000,
"queue_mode": "KAFKA_HA",
"max_msg_size_byte": 524288,
"produced_messages": 2,
"eff_date": 1559033038000,
"group_count": 1,
"kafka_topic": "k-506dba42b0f146b9a6026653544f66e5-bcf28b8e-83e6-4432-870c-413e79e555d2"
}Signature comparison
Some more information has been optimized handling, shielding out the possibility of private information, how to verify the correctness of the results of it. When the URI = https://dms.cn-north-1.myhuaweicloud.com/v1.0/506dba42b0f146b9a6026653544f66e5/queues/bcf28b8e-83e6-4432-870c-413e79e555d2 , the AK = ABCDE WYZ .... , SK = 123. ..890 , the X-Sdk-a Date = 20191105T094500Z- time signature is the correct results are as follows
Authorization:
SDK-HMAC-SHA256 Access=ABCDE....WYZ, SignedHeaders=content-type;x-sdk-date, Signature=8e0cb2f284b44795eee578d3484217a929cc1d9347bc6445477322eff15f8743note
Cloud services in particular API call may involve a number of rights issues, to check all possible permissions are open, such as whether the current AK / SK corresponding user is IAM user, whether the user group to which the user is authorized to access to the DMS products . Before writing this article, we ran into problems signature always given 402, after the normal access to the account where the IAM user group gives the appropriate policy, although it is not 100% confirmed to be the cause.