tccli 3.0.1217.1__py2.py3-none-any.whl → 3.0.1219.1__py2.py3-none-any.whl

tccli/services/iap/v20240713/api.json

@@ -0,0 +1,471 @@
+{
+  "actions": {
+    "CreateIAPUserOIDCConfig": {
+      "document": "创建用户OIDC配置。只能创建一个用户OIDC身份提供商，并且创建用户OIDC配置之后会自动关闭用户SAML SSO身份提供商。",
+      "input": "CreateIAPUserOIDCConfigRequest",
+      "name": "创建IAP服务OIDC配置",
+      "output": "CreateIAPUserOIDCConfigResponse",
+      "status": "online"
+    },
+    "DescribeIAPLoginSessionDuration": {
+      "document": "查询登录会话时长",
+      "input": "DescribeIAPLoginSessionDurationRequest",
+      "name": "查询IAP的登录会话时长",
+      "output": "DescribeIAPLoginSessionDurationResponse",
+      "status": "online"
+    },
+    "DescribeIAPUserOIDCConfig": {
+      "document": "查询用户OIDC配置",
+      "input": "DescribeIAPUserOIDCConfigRequest",
+      "name": "查询IAP服务OIDC配置",
+      "output": "DescribeIAPUserOIDCConfigResponse",
+      "status": "online"
+    },
+    "DisableIAPUserSSO": {
+      "document": "禁用用户SSO",
+      "input": "DisableIAPUserSSORequest",
+      "name": "禁用IAP服务SSO",
+      "output": "DisableIAPUserSSOResponse",
+      "status": "online"
+    },
+    "ModifyIAPLoginSessionDuration": {
+      "document": "修改登录会话时长",
+      "input": "ModifyIAPLoginSessionDurationRequest",
+      "name": "修改IAP登录会话时长",
+      "output": "ModifyIAPLoginSessionDurationResponse",
+      "status": "online"
+    },
+    "UpdateIAPUserOIDCConfig": {
+      "document": "修改用户OIDC配置",
+      "input": "UpdateIAPUserOIDCConfigRequest",
+      "name": "修改IAP服务OIDC配置",
+      "output": "UpdateIAPUserOIDCConfigResponse",
+      "status": "online"
+    }
+  },
+  "metadata": {
+    "apiVersion": "2024-07-13",
+    "api_brief": "IAP服务OIDC配置管理接口",
+    "serviceNameCN": "身份识别平台",
+    "serviceShortName": "iap"
+  },
+  "objects": {
+    "CreateIAPUserOIDCConfigRequest": {
+      "document": "CreateIAPUserOIDCConfig请求参数结构体",
+      "members": [
+        {
+          "disabled": false,
+          "document": "身份提供商URL。OpenID Connect身份提供商标识。对应企业IdP提供的Openid-configuration中\"issuer\"字段的值。",
+          "example": "https://xxx.qq.cn/oidc",
+          "member": "string",
+          "name": "IdentityUrl",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "disabled": false,
+          "document": "客户端ID，在OpenID Connect身份提供商注册的客户端ID。",
+          "example": "61adcf00620c31e3ddbc9546",
+          "member": "string",
+          "name": "ClientId",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "disabled": false,
+          "document": "授权请求Endpoint，OpenID Connect身份提供商授权地址。对应企业IdP提供的Openid-configuration中\"authorization_endpoint\"字段的值。",
+          "example": "https://console.authing.cn/console/get-started/61adcf00620c31e3d",
+          "member": "string",
+          "name": "AuthorizationEndpoint",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "disabled": false,
+          "document": "授权请求Response type，固定值id_token",
+          "example": "id_token",
+          "member": "string",
+          "name": "ResponseType",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "disabled": false,
+          "document": "授权请求Response mode。授权请求返回模式，form_post和fragment两种可选模式，推荐选择form_post模式。",
+          "example": "fragment",
+          "member": "string",
+          "name": "ResponseMode",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "disabled": false,
+          "document": "映射字段名称。IdP的id_token中哪一个字段映射到子用户的用户名，通常是sub或者name字段",
+          "example": "sub",
+          "member": "string",
+          "name": "MappingFiled",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "disabled": false,
+          "document": "签名公钥，需要base64_encode。验证OpenID Connect身份提供商ID Token签名的公钥。为了您的账号安全，建议您定期轮换签名公钥。",
+          "example": "无",
+          "member": "string",
+          "name": "IdentityKey",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "disabled": false,
+          "document": "授权请求Scope。openid; email;profile。授权请求信息范围。默认必选openid。",
+          "example": "无",
+          "member": "string",
+          "name": "Scope",
+          "required": false,
+          "type": "list"
+        },
+        {
+          "disabled": false,
+          "document": "描述",
+          "example": "描述",
+          "member": "string",
+          "name": "Description",
+          "required": false,
+          "type": "string"
+        }
+      ],
+      "type": "object"
+    },
+    "CreateIAPUserOIDCConfigResponse": {
+      "document": "CreateIAPUserOIDCConfig返回参数结构体",
+      "members": [
+        {
+          "document": "唯一请求 ID，由服务端生成，每次请求都会返回（若请求因其他原因未能抵达服务端，则该次请求不会获得 RequestId）。定位问题时需要提供该次请求的 RequestId。",
+          "member": "string",
+          "name": "RequestId",
+          "type": "string"
+        }
+      ],
+      "type": "object"
+    },
+    "DescribeIAPLoginSessionDurationRequest": {
+      "document": "DescribeIAPLoginSessionDuration请求参数结构体",
+      "members": [],
+      "type": "object"
+    },
+    "DescribeIAPLoginSessionDurationResponse": {
+      "document": "DescribeIAPLoginSessionDuration返回参数结构体",
+      "members": [
+        {
+          "disabled": false,
+          "document": "登录会话时长",
+          "example": "172800",
+          "member": "int64",
+          "name": "Duration",
+          "output_required": true,
+          "type": "int",
+          "value_allowed_null": false
+        },
+        {
+          "document": "唯一请求 ID，由服务端生成，每次请求都会返回（若请求因其他原因未能抵达服务端，则该次请求不会获得 RequestId）。定位问题时需要提供该次请求的 RequestId。",
+          "member": "string",
+          "name": "RequestId",
+          "type": "string"
+        }
+      ],
+      "type": "object"
+    },
+    "DescribeIAPUserOIDCConfigRequest": {
+      "document": "DescribeIAPUserOIDCConfig请求参数结构体",
+      "members": [],
+      "type": "object"
+    },
+    "DescribeIAPUserOIDCConfigResponse": {
+      "document": "DescribeIAPUserOIDCConfig返回参数结构体",
+      "members": [
+        {
+          "disabled": false,
+          "document": "身份提供商类型。 13：IAP用户OIDC身份提供商",
+          "example": "13",
+          "member": "uint64",
+          "name": "ProviderType",
+          "output_required": true,
+          "type": "int",
+          "value_allowed_null": false
+        },
+        {
+          "disabled": false,
+          "document": "身份提供商URL",
+          "example": "1111",
+          "member": "string",
+          "name": "IdentityUrl",
+          "output_required": true,
+          "type": "string",
+          "value_allowed_null": false
+        },
+        {
+          "disabled": false,
+          "document": "签名公钥",
+          "example": "无",
+          "member": "string",
+          "name": "IdentityKey",
+          "output_required": true,
+          "type": "string",
+          "value_allowed_null": false
+        },
+        {
+          "disabled": false,
+          "document": "客户端id",
+          "example": "无",
+          "member": "string",
+          "name": "ClientId",
+          "output_required": true,
+          "type": "string",
+          "value_allowed_null": false
+        },
+        {
+          "disabled": false,
+          "document": "状态：0:未设置，11:已开启，2:已禁用",
+          "example": "1",
+          "member": "uint64",
+          "name": "Status",
+          "output_required": true,
+          "type": "int",
+          "value_allowed_null": false
+        },
+        {
+          "disabled": false,
+          "document": "HTTPS CA证书的验证指纹，允许英文字母和数字，每个指纹长度为40个字符，最多5个指纹。",
+          "example": "[\"902ef2deeb3c5b13ea4c3d5193629309e231****\"]",
+          "member": "string",
+          "name": "Fingerprints",
+          "output_required": false,
+          "type": "list",
+          "value_allowed_null": false
+        },
+        {
+          "disabled": false,
+          "document": "是否需要开启自动使用OIDC签名公钥，1:需要，2:不需要，默认不需要",
+          "example": "2",
+          "member": "uint64",
+          "name": "EnableAutoPublicKey",
+          "output_required": false,
+          "type": "int",
+          "value_allowed_null": false
+        },
+        {
+          "disabled": false,
+          "document": "授权请求Endpoint",
+          "example": "无",
+          "member": "string",
+          "name": "AuthorizationEndpoint",
+          "output_required": true,
+          "type": "string",
+          "value_allowed_null": false
+        },
+        {
+          "disabled": false,
+          "document": "授权请求Scope",
+          "example": "无",
+          "member": "string",
+          "name": "Scope",
+          "output_required": true,
+          "type": "list",
+          "value_allowed_null": false
+        },
+        {
+          "disabled": false,
+          "document": "授权请求Response type",
+          "example": "无",
+          "member": "string",
+          "name": "ResponseType",
+          "output_required": true,
+          "type": "string",
+          "value_allowed_null": false
+        },
+        {
+          "disabled": false,
+          "document": "授权请求Response mode",
+          "example": "无",
+          "member": "string",
+          "name": "ResponseMode",
+          "output_required": true,
+          "type": "string",
+          "value_allowed_null": false
+        },
+        {
+          "disabled": false,
+          "document": "映射字段名称",
+          "example": "无",
+          "member": "string",
+          "name": "MappingFiled",
+          "output_required": true,
+          "type": "string",
+          "value_allowed_null": false
+        },
+        {
+          "disabled": false,
+          "document": "描述",
+          "example": "无",
+          "member": "string",
+          "name": "Description",
+          "output_required": true,
+          "type": "string",
+          "value_allowed_null": false
+        },
+        {
+          "document": "唯一请求 ID，由服务端生成，每次请求都会返回（若请求因其他原因未能抵达服务端，则该次请求不会获得 RequestId）。定位问题时需要提供该次请求的 RequestId。",
+          "member": "string",
+          "name": "RequestId",
+          "type": "string"
+        }
+      ],
+      "type": "object"
+    },
+    "DisableIAPUserSSORequest": {
+      "document": "DisableIAPUserSSO请求参数结构体",
+      "members": [],
+      "type": "object"
+    },
+    "DisableIAPUserSSOResponse": {
+      "document": "DisableIAPUserSSO返回参数结构体",
+      "members": [
+        {
+          "document": "唯一请求 ID，由服务端生成，每次请求都会返回（若请求因其他原因未能抵达服务端，则该次请求不会获得 RequestId）。定位问题时需要提供该次请求的 RequestId。",
+          "member": "string",
+          "name": "RequestId",
+          "type": "string"
+        }
+      ],
+      "type": "object"
+    },
+    "ModifyIAPLoginSessionDurationRequest": {
+      "document": "ModifyIAPLoginSessionDuration请求参数结构体",
+      "members": [
+        {
+          "disabled": false,
+          "document": "登录会话时长",
+          "example": "172800",
+          "member": "int64",
+          "name": "Duration",
+          "required": true,
+          "type": "int"
+        }
+      ],
+      "type": "object"
+    },
+    "ModifyIAPLoginSessionDurationResponse": {
+      "document": "ModifyIAPLoginSessionDuration返回参数结构体",
+      "members": [
+        {
+          "document": "唯一请求 ID，由服务端生成，每次请求都会返回（若请求因其他原因未能抵达服务端，则该次请求不会获得 RequestId）。定位问题时需要提供该次请求的 RequestId。",
+          "member": "string",
+          "name": "RequestId",
+          "type": "string"
+        }
+      ],
+      "type": "object"
+    },
+    "UpdateIAPUserOIDCConfigRequest": {
+      "document": "UpdateIAPUserOIDCConfig请求参数结构体",
+      "members": [
+        {
+          "disabled": false,
+          "document": "身份提供商URL。OpenID Connect身份提供商标识。对应企业IdP提供的Openid-configuration中\"issuer\"字段的值。",
+          "example": "https://xxx.qq.cn/oidc",
+          "member": "string",
+          "name": "IdentityUrl",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "disabled": false,
+          "document": "客户端ID，在OpenID Connect身份提供商注册的客户端ID。",
+          "example": "61adcf00620c31e3ddbc9546",
+          "member": "string",
+          "name": "ClientId",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "disabled": false,
+          "document": "授权请求Endpoint，OpenID Connect身份提供商授权地址。对应企业IdP提供的Openid-configuration中\"authorization_endpoint\"字段的值。",
+          "example": "https://console.authing.cn/console/get-started/61adcf00620c31e3d",
+          "member": "string",
+          "name": "AuthorizationEndpoint",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "disabled": false,
+          "document": "授权请求Response type，固定值id_token",
+          "example": "id_token",
+          "member": "string",
+          "name": "ResponseType",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "disabled": false,
+          "document": "授权请求Response mode。授权请求返回模式，form_post和fragment两种可选模式，推荐选择form_post模式。",
+          "example": "fragment",
+          "member": "string",
+          "name": "ResponseMode",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "disabled": false,
+          "document": "映射字段名称。IdP的id_token中哪一个字段映射到子用户的用户名，通常是sub或者name字段",
+          "example": "sub",
+          "member": "string",
+          "name": "MappingFiled",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "disabled": false,
+          "document": "RSA签名公钥，JWKS格式，需要进行base64_encode。验证OpenID Connect身份提供商ID Token签名的公钥。为了您的账号安全，建议您定期轮换签名公钥。",
+          "example": "ewogICJ***IF0KfQ==",
+          "member": "string",
+          "name": "IdentityKey",
+          "required": true,
+          "type": "string"
+        },
+        {
+          "disabled": false,
+          "document": "授权请求Scope。openid; email;profile。授权请求信息范围。默认必选openid。",
+          "example": "openid",
+          "member": "string",
+          "name": "Scope",
+          "required": false,
+          "type": "list"
+        },
+        {
+          "disabled": false,
+          "document": "描述，长度为1~255个英文或中文字符，默认值为空。",
+          "example": "描述",
+          "member": "string",
+          "name": "Description",
+          "required": false,
+          "type": "string"
+        }
+      ],
+      "type": "object"
+    },
+    "UpdateIAPUserOIDCConfigResponse": {
+      "document": "UpdateIAPUserOIDCConfig返回参数结构体",
+      "members": [
+        {
+          "document": "唯一请求 ID，由服务端生成，每次请求都会返回（若请求因其他原因未能抵达服务端，则该次请求不会获得 RequestId）。定位问题时需要提供该次请求的 RequestId。",
+          "member": "string",
+          "name": "RequestId",
+          "type": "string"
+        }
+      ],
+      "type": "object"
+    }
+  },
+  "version": "1.0"
+}

tccli/services/iap/v20240713/examples.json

@@ -0,0 +1,59 @@
+{
+  "actions": {
+    "CreateIAPUserOIDCConfig": [
+      {
+        "document": "创建IAP的OIDC配置",
+        "input": "POST / HTTP/1.1\nHost: iap.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: CreateIAPUserOIDCConfig\n<公共请求参数>\n\n{\n    \"IdentityUrl\": \"https://accounts.g**gle.com\",\n    \"ClientId\": \"47***4801-pu***e7tj.apps.g**gleusercontent.com\",\n    \"AuthorizationEndpoint\": \"https://accounts.g**gle.com/o/oauth2/v2/auth\",\n    \"ResponseType\": \"id_token\",\n    \"ResponseMode\": \"form_post\",\n    \"MappingFiled\": \"email\",\n    \"IdentityKey\": \"ewogICAgImtleXMiOiBb*******gICBdCn0=\",\n    \"Scope\": [\n        \"openid\",\n        \"email\",\n        \"profile\"\n    ],\n    \"Description\": \"111\"\n}",
+        "output": "{\n    \"Response\": {\n        \"RequestId\": \"3ccecfc6-14a0-4aaa-bcf4-0d5b77835bfb\"\n    }\n}",
+        "title": "创建IAP的OIDC配置"
+      }
+    ],
+    "DescribeIAPLoginSessionDuration": [
+      {
+        "document": "查询登录有效时长",
+        "input": "POST / HTTP/1.1\nHost: iap.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeIAPLoginSessionDuration\n<公共请求参数>\n\n{}",
+        "output": "{\n    \"Response\": {\n        \"Duration\": 10000,\n        \"RequestId\": \"4ad66203-95eb-41cf-b011-af9c9be78e49\"\n    }\n}",
+        "title": "查询登录有效时长"
+      },
+      {
+        "document": "查询登录会话时长",
+        "input": "POST / HTTP/1.1\nHost: iap.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeIAPLoginSessionDuration\n<公共请求参数>\n\n{}",
+        "output": "{\n    \"Response\": {\n        \"Duration\": 10000,\n        \"RequestId\": \"4ad66203-95eb-41cf-b011-af9c9be78e49\"\n    }\n}",
+        "title": "查询登录会话时长"
+      }
+    ],
+    "DescribeIAPUserOIDCConfig": [
+      {
+        "document": "查询IAP的OIDC配置",
+        "input": "POST / HTTP/1.1\nHost: iap.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeIAPUserOIDCConfig\n<公共请求参数>\n\n{}",
+        "output": "{\n    \"Response\": {\n        \"AuthorizationEndpoint\": \"https://accounts.g**gle.com/o/oauth2/v2/auth\",\n        \"ClientId\": \"47***01-pu1e*****7tj.apps.g**gleusercontent.com\",\n        \"Description\": \"222\",\n        \"IdentityKey\": \"ewogICAgImtletVUkttZ0I***GTHVVRUJkdyIKICAgICAgICB9CiAgICBdCn0=\",\n        \"IdentityUrl\": \"https://accounts.g**gle.com\",\n        \"MappingFiled\": \"email\",\n        \"ProviderType\": 13,\n        \"RequestId\": \"f87e5dab-426a-4a50-ac5b-1c08151cd6a2\",\n        \"ResponseMode\": \"form_post\",\n        \"ResponseType\": \"id_token\",\n        \"Scope\": [\n            \"openid\",\n            \"email\",\n            \"profile\"\n        ],\n        \"Status\": 2\n    }\n}",
+        "title": "查询IAP的OIDC配置"
+      }
+    ],
+    "DisableIAPUserSSO": [
+      {
+        "document": "禁用IAP",
+        "input": "POST / HTTP/1.1\nHost: iap.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DisableIAPUserSSO\n<公共请求参数>\n\n{}",
+        "output": "{\n    \"Response\": {\n        \"RequestId\": \"0054eaee-a5f7-4c53-9288-f4f06488fc94\"\n    }\n}",
+        "title": "禁用IAP"
+      }
+    ],
+    "ModifyIAPLoginSessionDuration": [
+      {
+        "document": "设置登录会话时长",
+        "input": "POST / HTTP/1.1\nHost: iap.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: ModifyIAPLoginSessionDuration\n<公共请求参数>\n\n{\n    \"Duration\": 3600\n}",
+        "output": "{\n    \"Response\": {\n        \"RequestId\": \"27211afb-4f91-4473-bf32-1b73ac5c37f8\"\n    }\n}",
+        "title": "设置登录会话时长"
+      }
+    ],
+    "UpdateIAPUserOIDCConfig": [
+      {
+        "document": "修改IAP的OIDC配置",
+        "input": "POST / HTTP/1.1\nHost: iap.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: UpdateIAPUserOIDCConfig\n<公共请求参数>\n\n{\n    \"IdentityUrl\": \"https://accounts.g**gle.com\",\n    \"ClientId\": \"47***01-pu***mvj4lj1de7tj.apps.g**gleusercontent.com\",\n    \"AuthorizationEndpoint\": \"https://accounts.g**gle.com/o/oauth2/v2/auth\",\n    \"ResponseType\": \"id_token\",\n    \"ResponseMode\": \"form_post\",\n    \"MappingFiled\": \"email\",\n    \"IdentityKey\": \"ewogICAgImtle***xkd09GTHVVRUJkdyIKICAgICAgICB9CiAgICBdCn0=\",\n    \"Scope\": [\n        \"openid\",\n        \"email\",\n        \"profile\"\n    ],\n    \"Description\": \"1\"\n}",
+        "output": "{\n    \"Response\": {\n        \"RequestId\": \"b83e3152-6d18-4617-986d-ff4c666750ed\"\n    }\n}",
+        "title": "修改IAP的OIDC配置"
+      }
+    ]
+  },
+  "version": "1.0"
+}

tccli/services/ic/ic_client.py

@@ -520,7 +520,13 @@ def action_caller():
 
 def parse_global_arg(parsed_globals):
     g_param = parsed_globals
-
+    cvm_role_flag = True
+    for param in parsed_globals.keys():
+        if param in [OptionsDefine.SecretKey, OptionsDefine.SecretId, OptionsDefine.RoleArn,
+                     OptionsDefine.RoleSessionName]:
+            if parsed_globals[param] is not None:
+                cvm_role_flag = False
+                break
     is_exist_profile = True
     if not parsed_globals["profile"]:
         is_exist_profile = False
@@ -551,6 +557,7 @@ def parse_global_arg(parsed_globals):
             cred[OptionsDefine.SecretId] = os.environ.get(OptionsDefine.ENV_SECRET_ID)
             cred[OptionsDefine.SecretKey] = os.environ.get(OptionsDefine.ENV_SECRET_KEY)
             cred[OptionsDefine.Token] = os.environ.get(OptionsDefine.ENV_TOKEN)
+            cvm_role_flag = False
 
         if os.environ.get(OptionsDefine.ENV_REGION):
             conf[OptionsDefine.SysParam][OptionsDefine.Region] = os.environ.get(OptionsDefine.ENV_REGION)
@@ -558,6 +565,11 @@ def parse_global_arg(parsed_globals):
         if os.environ.get(OptionsDefine.ENV_ROLE_ARN) and os.environ.get(OptionsDefine.ENV_ROLE_SESSION_NAME):
             cred[OptionsDefine.RoleArn] = os.environ.get(OptionsDefine.ENV_ROLE_ARN)
             cred[OptionsDefine.RoleSessionName] = os.environ.get(OptionsDefine.ENV_ROLE_SESSION_NAME)
+            cvm_role_flag = False
+    
+    if cvm_role_flag:
+        if "type" in cred and cred["type"] == "cvm-role":
+            g_param[OptionsDefine.UseCVMRole.replace('-', '_')] = True
 
     for param in g_param.keys():
         if g_param[param] is None:

tccli/services/icr/icr_client.py

@@ -96,7 +96,13 @@ def action_caller():
 
 def parse_global_arg(parsed_globals):
     g_param = parsed_globals
-
+    cvm_role_flag = True
+    for param in parsed_globals.keys():
+        if param in [OptionsDefine.SecretKey, OptionsDefine.SecretId, OptionsDefine.RoleArn,
+                     OptionsDefine.RoleSessionName]:
+            if parsed_globals[param] is not None:
+                cvm_role_flag = False
+                break
     is_exist_profile = True
     if not parsed_globals["profile"]:
         is_exist_profile = False
@@ -127,6 +133,7 @@ def parse_global_arg(parsed_globals):
             cred[OptionsDefine.SecretId] = os.environ.get(OptionsDefine.ENV_SECRET_ID)
             cred[OptionsDefine.SecretKey] = os.environ.get(OptionsDefine.ENV_SECRET_KEY)
             cred[OptionsDefine.Token] = os.environ.get(OptionsDefine.ENV_TOKEN)
+            cvm_role_flag = False
 
         if os.environ.get(OptionsDefine.ENV_REGION):
             conf[OptionsDefine.SysParam][OptionsDefine.Region] = os.environ.get(OptionsDefine.ENV_REGION)
@@ -134,6 +141,11 @@ def parse_global_arg(parsed_globals):
         if os.environ.get(OptionsDefine.ENV_ROLE_ARN) and os.environ.get(OptionsDefine.ENV_ROLE_SESSION_NAME):
             cred[OptionsDefine.RoleArn] = os.environ.get(OptionsDefine.ENV_ROLE_ARN)
             cred[OptionsDefine.RoleSessionName] = os.environ.get(OptionsDefine.ENV_ROLE_SESSION_NAME)
+            cvm_role_flag = False
+    
+    if cvm_role_flag:
+        if "type" in cred and cred["type"] == "cvm-role":
+            g_param[OptionsDefine.UseCVMRole.replace('-', '_')] = True
 
     for param in g_param.keys():
         if g_param[param] is None:

tccli/services/ie/ie_client.py

@@ -573,7 +573,13 @@ def action_caller():
 
 def parse_global_arg(parsed_globals):
     g_param = parsed_globals
-
+    cvm_role_flag = True
+    for param in parsed_globals.keys():
+        if param in [OptionsDefine.SecretKey, OptionsDefine.SecretId, OptionsDefine.RoleArn,
+                     OptionsDefine.RoleSessionName]:
+            if parsed_globals[param] is not None:
+                cvm_role_flag = False
+                break
     is_exist_profile = True
     if not parsed_globals["profile"]:
         is_exist_profile = False
@@ -604,6 +610,7 @@ def parse_global_arg(parsed_globals):
             cred[OptionsDefine.SecretId] = os.environ.get(OptionsDefine.ENV_SECRET_ID)
             cred[OptionsDefine.SecretKey] = os.environ.get(OptionsDefine.ENV_SECRET_KEY)
             cred[OptionsDefine.Token] = os.environ.get(OptionsDefine.ENV_TOKEN)
+            cvm_role_flag = False
 
         if os.environ.get(OptionsDefine.ENV_REGION):
             conf[OptionsDefine.SysParam][OptionsDefine.Region] = os.environ.get(OptionsDefine.ENV_REGION)
@@ -611,6 +618,11 @@ def parse_global_arg(parsed_globals):
         if os.environ.get(OptionsDefine.ENV_ROLE_ARN) and os.environ.get(OptionsDefine.ENV_ROLE_SESSION_NAME):
             cred[OptionsDefine.RoleArn] = os.environ.get(OptionsDefine.ENV_ROLE_ARN)
             cred[OptionsDefine.RoleSessionName] = os.environ.get(OptionsDefine.ENV_ROLE_SESSION_NAME)
+            cvm_role_flag = False
+    
+    if cvm_role_flag:
+        if "type" in cred and cred["type"] == "cvm-role":
+            g_param[OptionsDefine.UseCVMRole.replace('-', '_')] = True
 
     for param in g_param.keys():
         if g_param[param] is None:

tccli/services/iecp/iecp_client.py

@@ -4389,7 +4389,13 @@ def action_caller():
 
 def parse_global_arg(parsed_globals):
     g_param = parsed_globals
-
+    cvm_role_flag = True
+    for param in parsed_globals.keys():
+        if param in [OptionsDefine.SecretKey, OptionsDefine.SecretId, OptionsDefine.RoleArn,
+                     OptionsDefine.RoleSessionName]:
+            if parsed_globals[param] is not None:
+                cvm_role_flag = False
+                break
     is_exist_profile = True
     if not parsed_globals["profile"]:
         is_exist_profile = False
@@ -4420,6 +4426,7 @@ def parse_global_arg(parsed_globals):
             cred[OptionsDefine.SecretId] = os.environ.get(OptionsDefine.ENV_SECRET_ID)
             cred[OptionsDefine.SecretKey] = os.environ.get(OptionsDefine.ENV_SECRET_KEY)
             cred[OptionsDefine.Token] = os.environ.get(OptionsDefine.ENV_TOKEN)
+            cvm_role_flag = False
 
         if os.environ.get(OptionsDefine.ENV_REGION):
             conf[OptionsDefine.SysParam][OptionsDefine.Region] = os.environ.get(OptionsDefine.ENV_REGION)
@@ -4427,6 +4434,11 @@ def parse_global_arg(parsed_globals):
         if os.environ.get(OptionsDefine.ENV_ROLE_ARN) and os.environ.get(OptionsDefine.ENV_ROLE_SESSION_NAME):
             cred[OptionsDefine.RoleArn] = os.environ.get(OptionsDefine.ENV_ROLE_ARN)
             cred[OptionsDefine.RoleSessionName] = os.environ.get(OptionsDefine.ENV_ROLE_SESSION_NAME)
+            cvm_role_flag = False
+    
+    if cvm_role_flag:
+        if "type" in cred and cred["type"] == "cvm-role":
+            g_param[OptionsDefine.UseCVMRole.replace('-', '_')] = True
 
     for param in g_param.keys():
         if g_param[param] is None: