在阿里云进行授权划分的步骤有
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了在阿里云进行授权划分的步骤有相关的知识,希望对你有一定的参考价值。
参考技术A 在阿里云进行授权划分的步骤有:1、开发者需要拼接一个授权的URL,将此URL生成二维码。
2、用户打开手机支付宝钱包的扫一扫功能,扫描上述的二维码,扫描成功会跳出一个授权页面,用户点击授权。
3、用户点击授权之后,第一步中,开发者提供的redirect-uri地址会接收到auth-code、app-id、scope等参数。
4、开发者再通过获取到的auth-code来换取authtoken。
5、用获取到的auth-token访问获取用户信息的接口,以此来获取用户信息。
Terraform 管理阿里云 VPC
创建阿里云 RAM 子用户,并进行授权
注意,需要将我们生成的 AccessKey
保存至本地
配置环境变量
定义的环境变量必须以 TF_VAR
开头,这样就被 terraform 在读取环境变量时就认为是他自己的环境变量
虽然也可以写在配置文件中明文保存,但是强烈不建议这样用,一旦配置文件泄露,便有非常大的风险。
# 第一种方式,需要去掉 main.tf 中的变量,直接全空即可,此变量是官方默认提供变量,不需要加 TF_VAR
export ALICLOUD_ACCESS_KEY="LTA**************<strong>"
export ALICLOUD_SECRET_KEY="Hp</strong>**************"
export ALICLOUD_REGION="cn-beijing"
# 第二种方式,下边定义阿里云 provider 用的是第二种
export TF_VAR_access_key="LTA**************<strong>"
export TF_VAR_secret_key="Hp</strong>**************"
export TF_VAR_region="cn-beijing"
定义阿里云 provider
version.tf 定义 terraform 版本信息
# versions.tf
// 定义 terraform 的 版本信息
terraform
required_version = ">= 1.1.0"
required_providers
alicloud =
source = "aliyun/alicloud"
version = "1.162.0"
variables.tf 定义相关变量
# variables.tf
// 定义的变量会从环境变量中取值
// 分别对应 ALICLOUD_ACCESS_KEY, ALICLOUD_SECRET_KEY, ALICLOUD_REGION
variable "access_key"
type = string
variable "secret_key"
type = string
variable "region"
type = string
main.tf 定义阿里云登录信息
# main.tf
// 阿里云登录信息,采用的是环境变量
provider "alicloud"
# Configuration options
access_key = var.access_key
secret_key = var.secret_key
region = var.region
alicloud_vpc.tf 定义 vpc 相关配置
# alicloud_vpc.tf
// 创建 VPC 专有网络
resource "alicloud_vpc" "vpc"
vpc_name = "tf_test_foo"
cidr_block = "172.96.0.0/12"
// 创建 Vswitch 交换机
resource "alicloud_vswitch" "vsw"
vpc_id = alicloud_vpc.vpc.id
cidr_block = "172.96.0.0/21"
zone_id = "cn-beijing-b"
alicloud_security_group.tf 定义安全组相关配置
# alicloud_security_group.tf
// 创建 安全组 group
resource "alicloud_security_group" "group"
name = "demo-group"
vpc_id = alicloud_vpc.vpc.id
security_group_type = "normal"
// 定义安全组规则,放开 22 端口
resource "alicloud_security_group_rule" "allow_22_tcp"
type = "ingress"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "22/22"
priority = 1
security_group_id = alicloud_security_group.group.id
cidr_ip = "0.0.0.0/0"
# 相关文件的目录结构
.
├── alicloud_security_group.tf
├── alicloud_vpc.tf
├── main.tf
├── variables.tf
└── versions.tf
0 directories, 5 files
fmt 格式化代码
用于格式化代码,增强其可读性
terraform fmt
init 初始化
下载 provider 的相关插件,此命令需要连接 terraform 仓库
terraform init
init 的操作会把相关包下载到本地,此步骤时间略长
validate 校验
校验配置项中是否有报错的地方
terraform validate -json
# 输出如下结果
"format_version": "1.0",
"valid": true,
"error_count": 0,
"warning_count": 0,
"diagnostics": []
plan 预览
打印所有资源的期望状态
将期望资源的状态与当前工作目录的状态进行对比
打印当前状态与期望状态的差异,并不会实际实行
~# terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# alicloud_security_group.group will be created
+ resource "alicloud_security_group" "group"
+ id = (known after apply)
+ inner_access = (known after apply)
+ inner_access_policy = (known after apply)
+ name = "demo-group"
+ security_group_type = "normal"
+ vpc_id = (known after apply)
# alicloud_security_group_rule.allow_22_tcp will be created
+ resource "alicloud_security_group_rule" "allow_22_tcp"
+ cidr_ip = "0.0.0.0/0"
+ id = (known after apply)
+ ip_protocol = "tcp"
+ nic_type = "internet"
+ policy = "accept"
+ port_range = "22/22"
+ prefix_list_id = (known after apply)
+ priority = 1
+ security_group_id = (known after apply)
+ type = "ingress"
# alicloud_vpc.vpc will be created
+ resource "alicloud_vpc" "vpc"
+ cidr_block = "172.96.0.0/12"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ name = (known after apply)
+ resource_group_id = (known after apply)
+ route_table_id = (known after apply)
+ router_id = (known after apply)
+ router_table_id = (known after apply)
+ status = (known after apply)
+ vpc_name = "tf_test_foo"
# alicloud_vswitch.vsw will be created
+ resource "alicloud_vswitch" "vsw"
+ availability_zone = (known after apply)
+ cidr_block = "172.96.0.0/21"
+ id = (known after apply)
+ name = (known after apply)
+ status = (known after apply)
+ vpc_id = (known after apply)
+ vswitch_name = (known after apply)
+ zone_id = "cn-beijing-b"
Plan: 4 to add, 0 to change, 0 to destroy.
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didnt use the -out option to save this plan, so Terraform cant guarantee to take exactly these actions if you run "terraform
apply" now.
apply 创建资源
terraform apply
登录阿里云后进行验证
vpc 验证
vswitch 验证
安全组验证
show 查看资源申请情况
~# terraform show
# alicloud_security_group.group:
resource "alicloud_security_group" "group"
id = "sg-2zee17d94vu8k5kx99fz"
inner_access = true
inner_access_policy = "Accept"
name = "demo-group"
security_group_type = "normal"
tags =
vpc_id = "vpc-2zee4goyffxj46uz5j869"
# alicloud_security_group_rule.allow_22_tcp:
resource "alicloud_security_group_rule" "allow_22_tcp"
cidr_ip = "0.0.0.0/0"
id = "sg-2zee17d94vu8k5kx99fz:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "22/22"
priority = 1
security_group_id = "sg-2zee17d94vu8k5kx99fz"
type = "ingress"
# alicloud_vpc.vpc:
resource "alicloud_vpc" "vpc"
cidr_block = "172.96.0.0/12"
id = "vpc-2zee4goyffxj46uz5j869"
name = "tf_test_foo"
resource_group_id = "rg-acfmybfthr6yliq"
route_table_id = "vtb-2zeksbc0su4tecdy7j5er"
router_id = "vrt-2ze1lmeuaf424yol3twki"
router_table_id = "vtb-2zeksbc0su4tecdy7j5er"
secondary_cidr_blocks = []
status = "Available"
user_cidrs = []
vpc_name = "tf_test_foo"
# alicloud_vswitch.vsw:
resource "alicloud_vswitch" "vsw"
availability_zone = "cn-beijing-b"
cidr_block = "172.96.0.0/21"
id = "vsw-2zeqb015cd9hogrp6fa4a"
status以上是关于在阿里云进行授权划分的步骤有的主要内容,如果未能解决你的问题,请参考以下文章