From 8d84c74dce474595d5a49a5d469ca9992c818665 Mon Sep 17 00:00:00 2001
From: ChenRui <chenrui.momo@gmail.com>
Date: Wed, 22 Mar 2023 10:28:16 +0800
Subject: [PATCH] Enable OBSClient security provider policy chain

1. Enable OBSClient security provider policy chain, it can work
with ENV "OBS_ACCESS_KEY_ID" and "OBS_SECRET_ACCESS_KEY" or
ECS agent to get AK/SK automatically, it's disable by default.
2. Fix cloud.storage.uri return a whole OBS bucket URI for
command "cloudtik workspace info"

Related-with: #1011
---
 .../providers/_private/huaweicloud/config.py      | 15 +++++++--------
 .../providers/_private/huaweicloud/utils.py       |  5 ++++-
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/python/cloudtik/providers/_private/huaweicloud/config.py b/python/cloudtik/providers/_private/huaweicloud/config.py
index a4f3f6364..b2c7f76c4 100644
--- a/python/cloudtik/providers/_private/huaweicloud/config.py
+++ b/python/cloudtik/providers/_private/huaweicloud/config.py
@@ -68,7 +68,7 @@
 from cloudtik.providers._private.huaweicloud.utils import _get_node_info, \
     _make_ecs_client, _make_obs_client, \
     _make_vpc_client, export_huaweicloud_obs_storage_config, flat_tags_map, \
-    get_huaweicloud_obs_storage_config, \
+    get_huaweicloud_cloud_storage_uri, get_huaweicloud_obs_storage_config, \
     get_huaweicloud_obs_storage_config_for_update, HWC_OBS_BUCKET, \
     HWC_SERVER_STATUS_ACTIVE, make_ecs_client, \
     make_eip_client, \
@@ -1075,13 +1075,12 @@ def get_huaweicloud_workspace_info(config):
     bucket_name = _get_managed_obs_bucket(obs_client, workspace_name)
 
     if bucket_name:
-        resp = obs_client.getBucketLocation(bucket_name)
-        if resp.status < 300:
-            managed_cloud_storage_uri = resp.body.location
-            managed_cloud_storage = {
-                HWC_MANAGED_CLOUD_STORAGE_OBS_BUCKET: bucket_name,
-                CLOUDTIK_MANAGED_CLOUD_STORAGE_URI: managed_cloud_storage_uri}
-            info[CLOUDTIK_MANAGED_CLOUD_STORAGE] = managed_cloud_storage
+        obs_bucket_uri = get_huaweicloud_cloud_storage_uri(
+            {HWC_OBS_BUCKET: bucket_name})
+        managed_cloud_storage = {
+            HWC_MANAGED_CLOUD_STORAGE_OBS_BUCKET: bucket_name,
+            CLOUDTIK_MANAGED_CLOUD_STORAGE_URI: obs_bucket_uri}
+        info[CLOUDTIK_MANAGED_CLOUD_STORAGE] = managed_cloud_storage
 
     return info
 
diff --git a/python/cloudtik/providers/_private/huaweicloud/utils.py b/python/cloudtik/providers/_private/huaweicloud/utils.py
index 7199d397b..f62e39ef7 100644
--- a/python/cloudtik/providers/_private/huaweicloud/utils.py
+++ b/python/cloudtik/providers/_private/huaweicloud/utils.py
@@ -98,7 +98,10 @@ def _client_cache(region: str = None, ak: str = None, sk: str = None) -> Dict[
                                server=OBS_SERVICES_URL, ssl_verify=_ssl_verify,
                                region=region)
     else:
-        obs_client = ObsClient(server=OBS_SERVICES_URL, ssl_verify=_ssl_verify,
+        # Enable OBSClient (ENV, ECS) security provider policy chain, see
+        # https://support.huaweicloud.com/sdk-python-devg-obs/obs_22_0601.html
+        obs_client = ObsClient(security_provider_policy='OBS_DEFAULT',
+                               server=OBS_SERVICES_URL, ssl_verify=_ssl_verify,
                                region=region)
     client_map['obs'] = obs_client