Merge pull request #83 from AlibabaCloudLandingZone/solution-IDaaS-synchronization/0.0.1

wibud · web-flow · commit a4a64bbd5a9f · 2024-11-27T14:56:04.000+08:00
solution-IDaaS-synchronization/0.0.1
diff --git a/solution/solution-IDaaS-synchronization/README.md b/solution/solution-IDaaS-synchronization/README.md
@@ -0,0 +1,13 @@
+# 基于函数计算实现从IdP到IDaaS的人员定时同步方案
+
+本方案通过函数计算定时调用IDaaS同步的OpenAPI，来实现按照自定义周期进行人员自动从IdP到IDaaS同步。通过FC函数角色和RAM角色关联，使用STS Token访问云资源，避免了将访问密钥硬编码在代码中，从而消除AK泄露的风险。临时凭证（STS Token）的使用有效解决了永久凭证（AK/SK）可能带来的安全风险问题。 本方案提供Python代码示例，客户能够快速完成函数计算部署，减少开发和部署的复杂度。
+
+## 如何运行
+该示例代码需要在FC函数中执行，请确保选择Python作为FC函数的运行环境。
+请您选择您的SDK类型对应的示例代码，复制代码后上传至函数计算运行即可。
+需要配置以下环境变量：
+{'IDAAS_EIAM_ENDPOINT',
+  'INSTANCE_ID',
+  'TARGET_ID',
+  'TARGET_TYPE'
+ }
diff --git a/solution/solution-IDaaS-synchronization/index.py b/solution/solution-IDaaS-synchronization/index.py
@@ -0,0 +1,29 @@
+# -*- coding: utf-8 -*-
+import logging
+import json
+import os
+import sys
+
+from typing import List
+
+from alibabacloud_eiam20211201.client import Client as Eiam20211201Client
+from alibabacloud_eiam20211201 import models as eiam_20211201_models
+from alibabacloud_tea_util import models as util_models
+from alibabacloud_credentials.client import Client as CredClient
+from alibabacloud_tea_openapi.models import Config
+
+def handler(event, context):
+    creds = context.credentials
+    config = Config(access_key_id=creds.access_key_id,access_key_secret=creds.access_key_secret,security_token=creds.security_token)
+    config.endpoint = os.environ['IDAAS_EIAM_ENDPOINT']
+    client = Eiam20211201Client(config)
+
+    run_synchronization_job_request = eiam_20211201_models.RunSynchronizationJobRequest(
+            instance_id=os.environ['INSTANCE_ID'],
+            target_id=os.environ['TARGET_ID'],
+            target_type=os.environ['TARGET_TYPE']
+        )
+    runtime = util_models.RuntimeOptions()
+    response = client.run_synchronization_job_with_options(run_synchronization_job_request, runtime)
+
+    return(str(response.to_map()))
