This topic describes how to use CloudSSO SDK for Python to call the GetServiceStatus operation to check whether CloudSSO is activated.
Step 1: View the API documentation
To check whether CloudSSO is activated, call the GetServiceStatus operation. For more information, see List of operations by function. For more information about the information and permissions that are required to call this operation, see GetServiceStatus.
Step 2: Create a RAM user and grant permissions to the RAM user
The AccessKey pair of an Alibaba Cloud account has the same full management permissions as the Alibaba Cloud account. You cannot impose limits such as limits on source IP addresses and time periods of requests on the AccessKey pair. If the AccessKey pair is leaked, critical risks may arise. We recommend that you create a Resource Access Management (RAM) user and grant permissions to the RAM user. This way, you can use the AccessKey pair of the RAM user to call operations.
Log on to the RAM console with an Alibaba Cloud account.
Create a RAM user.
Set the Access Mode parameter to OpenAPI Access. The system creates an AccessKey ID and AccessKey secret for the RAM user.
For more information, see Create a RAM user.
(Optional) Create a custom policy.
If the system policies do not meet your business requirements, you can create custom policies.
For more information, see Create a custom policy.
Grant permissions to the RAM user.
You can attach a specific system policy or custom policy to the RAM user. In this example, the system policy AliyunCloudSSOFullAccess that is used to manage CloudSSO is attached to the RAM user.
For more information, see Grant permissions to RAM users.
Step 3: Call an operation
Prepare a Python environment
Download and install Python 3.
After you install Python 3, enter python --version in the terminal to check the version of Python 3.
Configure environment variables
In this example, environment variables are configured to manage the AccessKey pair and prevent security risks that are caused by hard-coding the AccessKey pair into your business code.
Linux and macOS
Replace
<access_key_id>and<access_key_secret>in the following command with your actual AccessKey ID and AccessKey secret.
export ALIBABA_CLOUD_ACCESS_KEY_ID=<access_key_id>
export ALIBABA_CLOUD_ACCESS_KEY_SECRET=<access_key_secret>Windows
Create the following system environment variables: ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET. Set the ALIBABA_CLOUD_ACCESS_KEY_ID variable to your actual AccessKey ID and the ALIBABA_CLOUD_ACCESS_KEY_SECRET variable to your actual AccessKey secret. Then, restart the Windows operating system.
Install dependencies
pip install alibabacloud_credentials
pip install alibabacloud_cloudsso20210515==1.0.2
pip install alibabacloud_tea_consoleDownload the sample code
Call the GetServiceStatus operation in OpenAPI Explorer.
Enter the request parameters and click Initiate Call to check whether the debugging is successful.
In this example, no request parameters are required.
On the Python tab of the SDK Sample Code tab, click Download Project to download the sample code package of CloudSSO SDK for Python.
Decompress the sample code package on your computer and access the alibabacloud_sample directory.
Run the sample code
Run the following command:
python sample.pyThe following command output is displayed:
{
"headers": {
"date": "Thu, 13 Jul 2023 08:04:35 GMT",
"content-type": "application/json;charset=utf-8",
"content-length": "151",
"connection": "keep-alive",
"keep-alive": "timeout=25",
"access-control-allow-origin": "*",
"access-control-expose-headers": "*",
"x-acs-request-id": "0E144D0A-B869-5451-AD12-16B56576****",
"x-acs-trace-id": "202b7b433bc249690b8efc7b2070****",
"etag": "1m1nrhLTvQdwdhKVR9B2****"
},
"statusCode": 200,
"body": {
"RequestId": "0E144D0A-B869-5451-AD12-16B56576****",
"ServiceStatus": {
"AccountId": "151266687691****",
"RegionsInUse": ["cn-shanghai"],
"Status": "Enabled"
}
}
}