English | [简体中文](./README_CN.md)

Huawei Cloud Python Software Development Kit (Python SDK)

The Huawei Cloud Python SDK allows you to easily work with Huawei Cloud services such as Elastic Compute Service (ECS) and Virtual Private Cloud (VPC) without the need to handle API related tasks. This document introduces how to obtain and use Huawei Cloud Python SDK. ## Requirements - To use Huawei Cloud Python SDK, you must have Huawei Cloud account as well as the Access Key and Secret Key of the Huawei Cloud account. You can create an Access Key in the Huawei Cloud console. For more information, see [My Credentials](https://support.huaweicloud.com/en-us/usermanual-ca/en-us_topic_0046606340.html). - To use Huawei Cloud Python SDK to access the APIs of specific service, please make sure you do have activated the service in [Huawei Cloud console](https://console.huaweicloud.com/?locale=en-us) if needed. - Huawei Cloud Python SDK requires **Python 3.3** or later, run command `python --version` to check the version of Python. ## Install Python SDK You could use **pip** or **source code** to install dependencies. ### Individual Cloud Service Take using VPC SDK for example, you need to install `huaweicloudsdkcore` library and `huaweicloudsdkvpc` library: - Use python pip ``` bash # Install the VPC management library pip install huaweicloudsdkvpc ``` - Install from source code ``` bash # Install the VPC management library cd huaweicloudsdkvpc-${version} python setup.py install ``` ### Cloud Service Collection Package You can install `huaweicloudsdkall`, which will install all SDK supported service packages: - Use python pip ``` bash pip install huaweicloudsdkall ``` - Install from source code ``` bash cd huaweicloudsdkall-${version} python setup.py install ``` ## Code example - The following example shows how to query a list of VPC in a specific region, you need to substitute your real `{Service}Client` for `VpcClient` in actual use. - Substitute the values for `{your ak string}`, `{your sk string}`, `{your endpoint string}` and `{your project id}`. ``` python # coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkcore.http.http_config import HttpConfig # import specified service library huaweicloudsdk{service}, take vpc for example from huaweicloudsdkvpc.v2 import * def list_vpc(client): try: request = ListVpcsRequest(limit=1) response = client.list_vpcs(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) if __name__ == "__main__": ak = "{your ak string}" sk = "{your sk string}" endpoint = "{your endpoint}" project_id = "{your project id}" config = HttpConfig.get_default_config() config.ignore_ssl_verification = True credentials = BasicCredentials(ak, sk, project_id) vpc_client = VpcClient.new_builder() \ .with_http_config(config) \ .with_credentials(credentials) \ .with_endpoint(endpoint) \ .build() list_vpc(vpc_client) ``` ## Changelog Detailed changes for each released version are documented in the [CHANGELOG.md](https://github.com/huaweicloud/huaweicloud-sdk-python-v3/blob/master/CHANGELOG.md). ## User Manual [:top:](#huawei-cloud-python-software-development-kit-python-sdk) * [1. Client Configuration](#1-client-configuration-top) * [1.1 Default Configuration](#11-default-configuration-top) * [1.2 Network Proxy](#12-network-proxy-top) * [1.3 Connection](#13-connection-top) * [1.4 SSL Certification](#14-ssl-certification-top) * [2. Credentials Configuration](#2-credentials-configuration-top) * [2.1 Use Permanent AK&SK](#21-use-permanent-aksk-top) * [2.2 Use Temporary AK&SK](#22-use-temporary-aksk-top) * [3. Client Initialization](#3-client-initialization-top) * [3.1 Initialize the client with specified Endpoint](#31-initialize-the-serviceclient-with-specified-endpoint-top) * [3.2 Initialize the client with specified Region (Recommended)](#32-initialize-the-serviceclient-with-specified-region-recommended-top) * [3.3 Custom Configuration](#33-custom-configuration-top) * [3.3.1 IAM endpoint configuration](#331-iam-endpoint-configuration-top) * [3.3.2 Region configuration](#332-region-configuration-top) * [4. Send Requests and Handle Responses](#4-send-requests-and-handle-responses-top) * [4.1 Exceptions](#41-exceptions-top) * [4.2 Get Response Object](#42-get-response-object-top) * [5. Use Asynchronous Client](#5-use-asynchronous-client-top) * [6. Troubleshooting](#6-troubleshooting-top) * [6.1 Access Log](#61-access-log-top) * [6.2 Original HTTP Listener](#62-original-http-listener-top) * [7. Upload and download files](#7-upload-and-download-files-top) ### 1. Client Configuration [:top:](#user-manual-top) #### 1.1 Default Configuration [:top:](#user-manual-top) ``` python # Use default configuration config = HttpConfig.get_default_config() ``` #### 1.2 Network Proxy [:top:](#user-manual-top) ``` python # Use Proxy if needed config.proxy_protocol = 'http' config.proxy_host = 'proxy.huaweicloud.com' config.proxy_port = 80 config.proxy_user = 'username' config.proxy_password = 'password' ``` #### 1.3 Connection [:top:](#user-manual-top) ``` python # The default connection timeout is 60 seconds, the default read timeout is 120 seconds. You could specify a unified timeout by using config.timeout=timeout, or specify timeout separately config.timeout=(connect timeout, read timeout) config.timeout = 120 ``` #### 1.4 SSL Certification [:top:](#user-manual-top) ``` python # Skip ssl certifaction checking while using https protocol if needed config.ignore_ssl_verification = True # Server ca certification if needed config.ssl_ca_cert = ssl_ca_cert ``` ### 2. Credentials Configuration [:top:](#user-manual-top) There are two types of Huawei Cloud services, `regional` services and `global` services. Global services contain BSS, DevStar, EPS, IAM, RMS, TMS. For `regional` services' authentication, projectId is required to initialize BasicCredentials. For `global` services' authentication, domainId is required to initialize GlobalCredentials. **Parameter description**: - `ak` is the access key ID for your account. - `sk` is the secret access key for your account. - `project_id` is the ID of your project depending on your region which you want to operate. - `domain_id` is the account ID of Huawei Cloud. - `security_token` is the security token when using temporary AK/SK. #### 2.1 Use Permanent AK&SK [:top:](#user-manual-top) ``` python # Regional services basic_credentials = BasicCredentials(ak, sk, project_id) # Global services global_credentials = GlobalCredentials(ak, sk, domain_id) ``` **Notice**: - project_id/domain_id supports **automatic acquisition** in version `3.0.26-beta` or later, if you want to use this feature, you need to provide the ak and sk of your account and the id of the region, and then build your client instance with method `with_region()`, detailed example could refer to [3.2 Initialize the client with specified Region](#32-initialize-the-serviceclient-with-specified-region-recommended-top) . #### 2.2 Use Temporary AK&SK [:top:](#user-manual-top) It's required to obtain temporary access key, security key and security token first, which could be obtained through permanent access key and security key or through an agency. Obtaining a temporary access key token through permanent access key and security key, you could refer to document: https://support.huaweicloud.com/en-us/api-iam/iam_04_0002.html . The API mentioned in the document above corresponds to the method of `CreateTemporaryAccessKeyByToken` in IAM SDK. Obtaining a temporary access key and security token through an agency, you could refer to document: https://support.huaweicloud.com/en-us/api-iam/iam_04_0101.html . The API mentioned in the document above corresponds to the method of `CreateTemporaryAccessKeyByAgency` in IAM SDK. ``` python # Regional services basic_credentials = BasicCredentials(ak, sk, project_id).with_security_token(security_token) # Global services global_credentials = GlobalCredentials(ak, sk, domain_id).with_security_token(security_token) ``` ### 3. Client Initialization [:top:](#user-manual-top) There are two ways to initialize the {Service}Client, you could choose one you preferred. #### 3.1 Initialize the {Service}Client with specified Endpoint [:top:](#user-manual-top) ``` python # Specify the endpoint, take the endpoint of VPC service in region of cn-north-4 for example endpoint = "https://vpc.cn-north-4.myhuaweicloud.com" # Initialize the credentials, you should provide project_id or domain_id in this way, take initializing BasicCredentials for example basic_credentials = BasicCredentials(ak, sk, project_id) # Initialize specified service client instance, take initializing the regional service VPC's VpcClient for example client = VpcClient.new_builder() \ .with_http_config(config) \ .with_credentials(basic_credentials) \ .with_endpoint(endpoint) \ .build() ``` **where:** - `endpoint` varies by services and regions, see [Regions and Endpoints](https://developer.huaweicloud.com/intl/en-us/endpoint) to obtain correct endpoint. - When you meet some trouble in getting projectId using the specified region way, you could use this way instead. #### 3.2 Initialize the {Service}Client with specified Region **(Recommended)** [:top:](#user-manual-top) ``` python # dependency for region module from huaweicloudsdkiam.v3.region.iam_region import IamRegion # Initialize the credentials, project_id or domain_id could be unassigned in this situation, take initializing GlobalCredentials for example global_credentials = GlobalCredentials(ak, sk) # initialize specified service client instance, take initializing the global service IAM's IamClient for example client = IamClient.new_builder() \ .with_http_config(config) \ .with_credentials(global_credentials) \ .with_region(IamRegion.CN_NORTH_4) \ .build() ``` **Notice:** - If you use {Service}Region to initialize {Service}Client, project_id/domain_id supports automatic acquisition, you don't need to configure it when initializing Credentials. - Multiple ProjectId situation is **not supported**. - Supported region list: af-south-1, ap-southeast-1, ap-southeast-2, ap-southeast-3, cn-east-2, cn-east-3, cn-north-1, cn-north-4, cn-south-1, cn-southwest-2, ru-northwest-2. You may get exception such as `Unsupported regionId` if your region don't in the list above. **Comparison of the two ways:** | Initialization | Advantages | Disadvantage | | :---- | :---- | :---- | | Specified Endpoint | The API can be invoked successfully once it has been published in the environment. | You need to prepare projectId and endpoint yourself. | Specified Region | No need for projectId and endpoint, it supports automatic acquisition if you configure it in the right way. | The supported services and regions are limited. #### 3.3 Custom Configuration **Notice:** Supported since v0.0.92 ##### 3.3.1 IAM endpoint configuration Automatically acquiring projectId/domainId will invoke the [KeystoneListProjects](https://apiexplorer.developer.huaweicloud.com/apiexplorer/doc?product=IAM&api=KeystoneListProjects) /[KeystoneListAuthDomains](https://apiexplorer.developer.huaweicloud.com/apiexplorer/doc?product=IAM&api=KeystoneListAuthDomains) interface of IAM service. The default iam enpoint is `https://iam.myhuaweicloud.com`, you can modify the endpoint in the following two ways: ###### 3.3.1.1 Global scope This configuration takes effect globally, specified by environment variable `HUAWEICLOUD_SDK_IAM_ENDPOINT` ``` //linux export HUAWEICLOUD_SDK_IAM_ENDPOINT=https://iam.cn-north-4.myhuaweicloud.com //windows set HUAWEICLOUD_SDK_IAM_ENDPOINT=https://iam.cn-north-4.myhuaweicloud.com ``` ###### 3.3.1.2 Credentials scope This configuration is only valid for a credential, and it will override the global configuration ```python from huaweicloudsdkcore.auth.credentials import BasicCredentials iam_endpoint = "https://iam.cn-north-4.myhuaweicloud.com" credentials = BasicCredentials(ak, sk).with_iam_endpoint(iam_endpoint) ``` ##### 3.3.2 Region configuration ###### 3.3.2.1 Environment variable Specified by environment variable, the format is `HUAWEICLOUD_SDK_REGION_{SERIVCE_NAME}_{REGION_ID}={endpoint}` Notice: the name of environment variable is UPPER-CASE, replacing hyphens with underscores. ``` // Take ECS and IoTDA services as examples // linux export HUAWEICLOUD_SDK_REGION_ECS_CN_NORTH_99=https://ecs.cn-north-99.myhuaweicloud.com export HUAWEICLOUD_SDK_REGION_IOTDA_AP_SOUTHEAST_10=https://iotda.ap-southwest-10.myhuaweicloud.com // windows set HUAWEICLOUD_SDK_REGION_ECS_CN_NORTH_99=https://ecs.cn-north-99.myhuaweicloud.com set HUAWEICLOUD_SDK_REGION_IOTDA_AP_SOUTHEAST_10=https://iotda.ap-southwest-10.myhuaweicloud.com ``` ###### 3.3.2.2 Profile The profile will be read from the user's home directory by default, linux`~/.huaweicloud/regions.yaml`,windows`C:\Users\USER_NAME\.huaweicloud\regions.yaml`,the default file may not exist, but if the file exists and the content format is incorrect, an exception will be thrown for parsing errors. The path to the profile can be modified by configuring the environment variable `HUAWEICLOUD_SDK_REGIONS_FILE`, like `HUAWEICLOUD_SDK_REGIONS_FILE=/tmp/my_regions.yml` The file content format is as follows: ```yaml # Serivce name is case-insensitive ECS: - id: 'cn-north-10' endpoint: 'https://ecs.cn-north-10.myhuaweicloud.com' - id: 'cn-north-11' endpoint: 'https://ecs.cn-north-11.myhuaweicloud.com' IoTDA: - id: 'ap-southwest-9' endpoint: 'https://iotda.ap-southwest-9.myhuaweicloud.com' ``` ###### 3.3.2.3 Region supply chain The default order is **environment variables -> profile -> region defined in SDK**, if the region is not found in the above ways, an exception will be thrown. ```python from huaweicloudsdkecs.v2.region.ecs_region import EcsRegion region1 = EcsRegion.value_of("cn-north-10") region2 = EcsRegion.value_of("cn-north-11") ``` ### 4. Send Requests and Handle Responses [:top:](#user-manual-top) ``` python # Initialize a request and print response, take interface of ListVpcs for example request = ListVpcsRequest(limit=1) response = client.list_vpcs(request) print(response) ``` #### 4.1 Exceptions [:top:](#user-manual-top) | Level 1 | Notice | Level 2 | Notice | | :---- | :---- | :---- | :---- | | ConnectionException | Connection error | HostUnreachableException | Host is not reachable | | | | SslHandShakeException | SSL certification error | | RequestTimeoutException | Request timeout | CallTimeoutException | timeout for single request | | | | RetryOutageException | no response after retrying | | ServiceResponseException | service response error | ServerResponseException | server inner error, http status code: [500,] | | | | ClientRequestException | invalid request, http status code: [400? 500) | ``` python # handle exceptions try: request = ListVpcsRequest(limit=1) response = client.list_vpcs(request) print(response) except exception.ServiceResponseException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) ``` #### 4.2 Get Response Object [:top:](#user-manual-top) The default response format of each request is `json string`, if you want to obtain the response object, the Python SDK supports using method `to_json_object()` to get it. ``` python request = ListVpcsRequest(limit=1) # original response json string response = client.list_vpcs(request) print(response) # response object response_obj = response.to_json_object() print(response_obj["vpcs"]) ``` **Notice:** This method is only supported in version `3.0.34-rc` or later. ### 5. Use Asynchronous Client [:top:](#user-manual-top) ``` python # Initialize asynchronous client, take VpcAsyncClient for example client = VpcAsyncClient.new_builder() \ .with_http_config(config) \ .with_credentials(basic_credentials) \ .with_endpoint(endpoint) \ .build() # send asynchronous request request = ListVpcsRequest(limit=1) response = client.list_vpcs_async(request) # get asynchronous response print(response.result()) ``` ### 6. Troubleshooting [:top:](#user-manual-top) SDK supports `Access` log and `Debug` log which could be configured manually. #### 6.1 Access Log [:top:](#user-manual-top) SDK supports print access log which could be enabled by manual configuration, the log could be output to the console or specified files. For example: ``` python # Initialize specified service client instance, take VpcClient for example client = VpcClient.new_builder() \ .with_http_config(config) \ .with_credentials(basic_credentials) \ .with_endpoint(endpoint) \ .with_file_log(path="test.log", log_level=logging.INFO) \ # Write log files .with_stream_log(log_level=logging.INFO) \ # Write log to console .build() ``` **where:** - `with_file_log`: - `path` means log file path. - `log_level` means log level, default is INFO. - `max_bytes` means size of single log file, the default value is 10485760 bytes. - `backup_count` means count of log file, the default value is 5. - `with_stream_log`: - `stream` means stream object, the default value is sys.stdout. - `log_level` means log level, the default value is INFO. After enabled log, the SDK will print the access log by default, every request will be recorded to the console like: ``` text 2020-06-16 10:44:02,019 4568 HuaweiCloud-SDK http_handler.py 28 INFO "GET https://vpc.cn-north-1.myhuaweicloud.com/v1/0904f9e1f100d2932f94c01f9aa1cfd7/vpcs" 200 11 0:00:00.543430 b5c927ffdab8401e772e70aa49972037 ``` The format of access log is: ``` python %(asctime)s %(thread)d %(name)s %(filename)s %(lineno)d %(levelname)s %(message)s ``` #### 6.2 Original HTTP Listener [:top:](#user-manual-top) In some situation, you may need to debug your http requests, original http request and response information will be needed. The SDK provides a listener function to obtain the original encrypted http request and response information. > :warning: Warning: The original http log information is used in debugging stage only, please do not print the original http header or body in the production environment. These log information is not encrypted and contains sensitive data such as the password of your ECS virtual machine, or the password of your IAM user account, etc. When the response body is binary content, the body will be printed as "***" without detailed information. ``` python import logging from huaweicloudsdkcore.http.http_handler import HttpHandler def response_handler(**kwargs): logger = kwargs.get("logger") response = kwargs.get("response") request = response.request base = "> Request %s %s HTTP/1.1" % (request.method, request.path_url) + "\n" if len(request.headers) != 0: base = base + "> Headers:" + "\n" for each in request.headers: base = base + " %s : %s" % (each, request.headers[each]) + "\n" base = base + "> Body: %s" % request.body + "\n\n" base = base + "< Response HTTP/1.1 %s " % response.status_code + "\n" if len(response.headers) != 0: base = base + "< Headers:" + "\n" for each in response.headers: base = base + " %s : %s" % (each, response.headers[each],) + "\n" base = base + "< Body: %s" % response.content logger.debug(base) if __name__ == "__main__": client = VpcClient.new_builder() \ .with_http_config(config) \ .with_credentials(basic_credentials) \ .with_stream_log(log_level=logging.DEBUG) \ .with_http_handler(HttpHandler().add_response_handler(response_handler)) \ .with_endpoint(endpoint) \ .build() ``` **Notice:** HttpHandler supports method `add_request_handler` and `add_response_handler`. ### 7. Upload and download files [:top:](#user-manual-top) Take the interface `CreateImageWatermark` of the service `Data Security Center` as an example, this interface needs to upload an image file and return the watermarked image file stream: ```python # coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkcore.http.http_config import HttpConfig from huaweicloudsdkcore.http.formdata import FormFile from huaweicloudsdkdsc.v1 import * def create_image_watermark(client): try: request = CreateImageWatermarkRequest() # Open the file in mode "rb", create a Formfile object. image_file = FormFile(open("demo.jpg", "rb")) body = CreateImageWatermarkRequestBody(file=image_file, blind_watermark="test_watermark") request.body = body response = client.create_image_watermark(request) image_file.close() # Define the method of downloading files. def save(stream): with open("result.jpg", "wb") as f: f.write(stream.content) # Download the file. response.consume_download_stream(save) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) if __name__ == "__main__": ak = "{your ak string}" sk = "{your sk string}" endpoint = "{your endpoint}" project_id = "{your project id}" config = HttpConfig.get_default_config() config.ignore_ssl_verification = True credentials = BasicCredentials(ak, sk, project_id) dsc_client = DscClient.new_builder() \ .with_http_config(config) \ .with_credentials(credentials) \ .with_endpoint(endpoint) \ .build() create_image_watermark(dsc_client) ```