odps-auth
Authenticate to Alibaba Cloud ODPS (MaxCompute)
TLDR
Add a user to the current project
Grant a set of authorities to a user
Show authorities of a user
Create a user role
Grant a set of authorities to a role
Describe authorities of a role
Grant a role to a user
SYNOPSIS
odps-auth subcommand [options]
PARAMETERS
config
Configures global default settings for the MaxCompute CLI, including default project, service endpoint, tunnel endpoint, output format, and logging level.
Syntax: odps-auth config [--project project] [--endpoint endpoint] [--tunnel-endpoint tunnel_endpoint] [--format {csv|json}] [--log-level {info|debug}]
add
Adds a new authentication profile to the configuration. This profile stores AccessKey credentials and associated project/endpoint details.
Syntax: odps-auth add -i AccessKeyId -k AccessKeySecret [-t SecurityToken] -p ProjectName -e Endpoint -n ProfileName
-i AccessKeyId: Your Alibaba Cloud AccessKey ID.
-k AccessKeySecret: Your Alibaba Cloud AccessKey Secret.
-t SecurityToken: (Optional) Your Security Token for STS authentication.
-p ProjectName: The MaxCompute project name.
-e Endpoint: The MaxCompute service endpoint.
-n ProfileName: A unique name for this profile.
list
Displays all currently configured authentication profiles, showing their names and indicating the active profile.
Syntax: odps-auth list
set-current
Activates a specified existing profile, making it the default for subsequent MaxCompute CLI operations.
Syntax: odps-auth set-current ProfileName
delete
Removes a specified authentication profile from the configuration file.
Syntax: odps-auth delete ProfileName
DESCRIPTION
odps-auth is a command-line utility used for managing authentication configurations for the Alibaba Cloud MaxCompute (formerly ODPS) Command Line Interface (CLI). It allows users to set up, switch, and delete different authentication profiles, typically using AccessKey (AK) pairs or Security Token Service (STS) tokens. This tool is essential for interacting with MaxCompute projects and resources programmatically or via the MaxCompute CLI, ensuring secure and authorized access to data processing services. It streamlines the process of managing credentials for various MaxCompute accounts or different environments within a single CLI installation, enhancing workflow efficiency and security by enabling easy switching between credentials.
CAVEATS
Security Risk: Storing AccessKey secrets directly on disk carries inherent security risks. Ensure proper file permissions and restrict access to configuration files to authorized users only.
Endpoint Mismatch: An incorrect MaxCompute service endpoint configuration can lead to connection failures or interactions with the wrong regional data center.
Profile Management: Use clear and descriptive profile names to avoid confusion, especially when managing multiple accounts or projects within the same environment.
AUTHENTICATION METHODS
odps-auth primarily supports two authentication methods:
AccessKey (AK): Uses a permanent pair of AccessKey ID and AccessKey Secret, suitable for long-term programmatic access.
STS (Security Token Service): Utilizes temporary security tokens, often generated via RAM (Resource Access Management) roles or STS API calls, providing enhanced security through time-limited credentials.
PROFILE STORAGE
Configured authentication profiles and global settings are typically stored in a configuration file within the user's home directory. The common location is ~/.maxcompute/odps_config.ini or a similar path, depending on the MaxCompute CLI installation and version. Users should ensure this file has appropriate permissions to prevent unauthorized access to sensitive credentials.
HISTORY
MaxCompute, originally known as Open Data Processing Service (ODPS), is Alibaba Cloud's proprietary big data processing platform. The odps-auth utility was developed as an integral part of the MaxCompute client tools to streamline and secure the authentication process for command-line interactions. Its evolution has focused on providing robust and flexible authentication methods, including AccessKey and STS, along with comprehensive profile management capabilities to cater to the diverse needs of users and enterprise environments requiring access to different MaxCompute projects or accounts.
SEE ALSO
odpscmd, aliyun(1)
