Creates a pair of static username and password. If you access an ApsaraMQ for RabbitMQ broker from an open source RabbitMQ client, you must use a pair of username and password for authentication. You can access the ApsaraMQ for RabbitMQ broker only after the authentication is passed. ApsaraMQ for RabbitMQ allows you to generate usernames and passwords by using AccessKey pairs provided by Alibaba Cloud Resource Access Management (RAM).
Operation description
Background information
If you access an ApsaraMQ for RabbitMQ broker from an open source RabbitMQ client, you must use a pair of username and password for authentication. You can access the ApsaraMQ for RabbitMQ broker only after the authentication is passed. ApsaraMQ for RabbitMQ allows you to generate usernames and passwords by using AccessKey pairs provided by Alibaba Cloud RAM.
Precautions
- The ApsaraMQ for RabbitMQ instance for which you want to create a pair of static username and password must be in the Running state.
- You can use an AccessKey pair to create only one pair of static username and password for an ApsaraMQ for RabbitMQ instance.
- If you want to update an existing pair of static username and password, you must delete the existing pair and create another pair.
Sample code on how to generate a username
The value of the userName parameter in the request is a Base64-encoded string that is generated by using the instance ID and AccessKey ID. The following sample code provides an example on how to generate a username:
public class Base64Utils {
public static final Charset UTF8 = Charset.forName("UTF-8");
/\*\*
* Decode the Base64 string.
\* @param str
\* @return
\*/
public static String decode(String str) {
return new String(Base64.getDecoder().decode(str.getBytes(UTF8)), UTF8);
}
/\*\*
* Encode the instance ID and AccessKey ID into a Base64 string.
\* @param bytes = "2" + ":" + "{instanceId}" + ":" + "{ak}"
\* @return
\*/
public static String encode(String bytes) {
return new String(Base64.getEncoder().encode(bytes.getBytes(UTF8)), UTF8);
}
public static void main(String[] args) {
String example = "this is a example";
System.out.println(encode(example));
System.out.println(decode(encode(example)));
}
}
Sample code on how to generate a signature
The system uses the encryption algorithm to generate the values of the signature and secretSign parameters in the request based on the timestamp that indicates when the specified static username is created and the AccessKey ID. The following sample code provides an example on how to generate the values of the signature and secretSign parameters:
public static String hamcsha1(byte[] data, byte[] key) throws NoSuchAlgorithmException, InvalidKeyException {
SecretKeySpec signingKey = new SecretKeySpec(key, "HmacSHA1");
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(signingKey);
return byte2hex(mac.doFinal(data));
}
public static String byte2hex(byte[] b) {
StringBuilder hs = new StringBuilder();
String stmp;
for (int n = 0; b != null && n < b.length; n++) {
stmp = Integer.toHexString(b[n] & 0XFF);
if (stmp.length() == 1) {
hs.append('0');
}
hs.append(stmp);
}
return hs.toString().toUpperCase();
}
// If value1 is the timestamp that indicates when the static username is created and value2 is the AccessKey ID, the value of the secretSign parameter is generated. If value1 is the AccessKey ID, value2 is the timestamp that indicates when the static username is created, the value of the signature parameter is generated.
public static void main(String[] args) throws InvalidKeyException, NoSuchAlgorithmException {
String value1 = "XXX";
String value2 = "XXX";
System.out.println(hamcsha1(value1.getBytes(), value2.getBytes()));
}
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action
policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resources
is used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
Operation | Access level | Resource type | Condition key | Associated operation |
---|---|---|---|---|
amqp:FetchStaticAccount | create | *Instance acs:amqp:{#regionId}:{#accountId}:/instances/{#instanceId} |
|
|
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
instanceId | string | Yes | The ID of the instance for which you want to create a pair of static username and password. | amqp-cn-********* |
accountAccessKey | string | Yes | The AccessKey ID of your Alibaba Cloud account or RAM user. For information about how to obtain an AccessKey pair, see Create an AccessKey pair. Note
If you use the pair of static username and password that is created by using the Accesskey pair of a RAM user to access ApsaraMQ for RabbitMQ to send and receive messages, make sure that the RAM user is granted the required permissions. For more information, see RAM policies.
| LTAI5t8be*******tEJ6vfo |
userName | string | Yes | The static username that you want to create. The value of this parameter is a Base64-encoded string that is generated based on the instance ID and AccessKey ID. For more information, see the "Sample code on how to generate a username" section of this topic. | MjphbXFwLWNuLXp***********************Q4YmVNbVZNMWVSWnRFSjZ2Zm8= |
signature | string | Yes | The signature. The system generates a static password based on the signature in the request, the AccessKey secret signature, and the username. The system uses the HMAC-SHA1 algorithm to generate the signature based on the timestamp that indicates when the username is created and the AccessKey ID. For more information, see the "Sample code on how to generate a signature" section of this topic. | 22c2d7d1769cb53c5a6d9213248e2de524c4f799 |
createTimestamp | long | Yes | The timestamp that indicates when the password is created. Unit: milliseconds. Note
This timestamp is specified by you and is used to generate a static password. The timestamp is not the timestamp that indicates when the system generates the password.
| 1671175303522 |
secretSign | string | Yes | The AccessKey secret signature. The system generates a static password based on the signature in the request, the AccessKey secret signature, and the username. The system uses the HMAC-SHA1 algorithm to generate the AccessKey secret signature based on the timestamp that indicates when the username is created and the AccessKey ID. For more information, see the "Sample code on how to generate a signature" section of this topic. | 4c1a6367ce4c4255e9617326f9133ac6359533f6 |
Response parameters
Examples
Sample success responses
JSON
format
{
"RequestId": "92385FD2-624A-48C9-8FB5-753F2AFA***",
"Code": 200,
"Message": "operation success",
"Success": true,
"Data": {
"AccessKey": "LTAI5***********eRZtEJ6vfo\n",
"Password": "NEMxQTYzNjdDRTVDNDI1NUU5NjE3**************1MzNGODoxNjcxMTc1MzEzNTIy",
"CreateTimeStamp": 1671175303522,
"InstanceId": "amqp-cn-*********",
"MasterUId": 0,
"UserName": "MjphbXFwLWNuLXVxbTJ6cjc2djAwMzpMVEFJNX*******ZNMWVSWnRFSjZ2Zm8="
}
}
Error codes
For a list of error codes, visit the Service error codes.