def setUp(self):
oss2.defaults.connect_timeout = self.default_connect_timeout
oss2.defaults.multipart_threshold = self.default_multipart_num_threads
oss2.defaults.multipart_num_threads = random.randint(1, 5)
oss2.defaults.multiget_threshold = self.default_multiget_threshold
oss2.defaults.multiget_part_size = self.default_multiget_part_size
oss2.defaults.multiget_num_threads = random.randint(1, 5)
global OSS_AUTH_VERSION
OSS_AUTH_VERSION = os.getenv('OSS_TEST_AUTH_VERSION')
self.bucket = oss2.Bucket(oss2.make_auth(OSS_ID, OSS_SECRET, OSS_AUTH_VERSION), OSS_ENDPOINT, OSS_BUCKET)
try:
self.bucket.create_bucket()
except:
pass
self.rsa_crypto_bucket = oss2.CryptoBucket(oss2.make_auth(OSS_ID, OSS_SECRET, OSS_AUTH_VERSION), OSS_ENDPOINT, OSS_BUCKET,
crypto_provider=oss2.LocalRsaProvider())
self.kms_crypto_bucket = oss2.CryptoBucket(oss2.make_auth(OSS_ID, OSS_SECRET, OSS_AUTH_VERSION), OSS_ENDPOINT, OSS_BUCKET,
crypto_provider=oss2.AliKMSProvider(OSS_ID, OSS_SECRET, OSS_REGION, OSS_CMK))
self.key_list = []
self.temp_files = []
def bucket(crypto_provider=None):
if crypto_provider:
return oss2.CryptoBucket(oss2.Auth('fake-access-key-id',
'fake-access-key-secret'),
'http://oss-cn-hangzhou.aliyuncs.com',
BUCKET_NAME,
crypto_provider=crypto_provider)
else:
return oss2.Bucket(
oss2.Auth('fake-access-key-id', 'fake-access-key-secret'),
'http://oss-cn-hangzhou.aliyuncs.com', BUCKET_NAME)
def __init__(self, kms_access_key_secret=None):
oss2.set_file_logger(config.LogFile, 'oss2', config.LogLevel)
if not kms_access_key_secret:
kms_access_key_secret = str(
getpass("请输入AK为\"%s\"的KMS服务的SK:" %
color.red(config.KMSAccessKeyId)))
self.__OssEndpoint = 'https://' + config.OssEndpoint
self.__bucket = oss2.CryptoBucket(
oss2.Auth(config.OSSAccessKeyId, config.OSSAccessKeySecret),
self.__OssEndpoint,
config.bucket_name,
crypto_provider=oss2.crypto.AliKMSProvider(config.KMSAccessKeyId,
kms_access_key_secret,
config.KMSRegion,
config.CMKID))
try: # 检测Bucket是否存在
self.__bucket.get_bucket_info()
except oss2.exceptions.NoSuchBucket:
logger.critical("Bucket:\"%s\"不存在" % config.bucket_name)
raise ValueError("Bucket:\"%s\"不存在" % config.bucket_name)
try: # 检测KMS配置有效性
KmsClient(
OpenApiModels.Config(
access_key_id=config.KMSAccessKeyId,
access_key_secret=kms_access_key_secret,
endpoint='kms.%s.aliyuncs.com' %
config.KMSRegion)).generate_data_key(
KmsModels.GenerateDataKeyRequest(key_id=config.CMKID))
except:
logger.critical("无法调用KMS服务生成密钥,请检查相关配置,以及SK是否输入正确")
raise ValueError("无法调用KMS服务生成密钥,请检查相关配置,以及SK是否输入正确")
del kms_access_key_secret
self.__ping_cmd = ["ping", "1", config.OssEndpoint]
if os.name == 'nt':
self.__ping_cmd.insert(1, "-n")
elif os.name == 'posix':
self.__ping_cmd.insert(1, "-c")
else:
raise OSError("无法识别操作系统")
if subprocess.run(self.__ping_cmd,
capture_output=True).returncode != 0:
logger.error("无法连接至%s,请检查OssEndpoint和网络配置" % config.OssEndpoint)
raise ValueError("无法连接至%s,请检查OssEndpoint和网络配置" %
config.OssEndpoint)
self.__restore_configuration_model = [
oss2.models.RESTORE_TIER_EXPEDITED,
oss2.models.RESTORE_TIER_STANDARD, oss2.models.RESTORE_TIER_BULK
]
def _upload_file(self, token, filename, file_or_string, cmk_id=None):
token_meta = self.introspect()
if token_meta['active'] == False:
raise BGEError('access_token has expired')
client_id = token_meta['client_id']
credentials = token.credentials
destination = token.destination
bucket_name = token.bucket
endpoint = token.endpoint
access_key_id = credentials['access_key_id']
access_key_secret = credentials['access_key_secret']
security_token = credentials['security_token']
auth = oss2.StsAuth(access_key_id, access_key_secret, security_token)
if cmk_id is not None:
region_id = token.region_id
kms_provider = oss2.AliKMSProvider(access_key_id,
access_key_secret, region_id,
cmk_id)
# NOTE 官方 oss2 处理 STS 加密上传存在 bug,等待其修复,此处做代码动态修改
sts_token_credential = StsTokenCredential(access_key_id,
access_key_secret,
security_token)
kms_provider.kms_client = AcsClient(
region_id=region_id, credential=sts_token_credential)
bucket = oss2.CryptoBucket(auth,
endpoint,
bucket_name,
crypto_provider=kms_provider)
else:
bucket = oss2.Bucket(auth, endpoint, bucket_name)
object_name = '%s/%s' % (destination, filename)
bge_open_client_id_header = 'x-oss-meta-bge-open-client-id'
custom_headers = {bge_open_client_id_header: client_id}
bucket.put_object(object_name,
file_or_string,
headers=custom_headers,
progress_callback=progress_callback)
sys.stdout.write('')
return object_name
bucketEndpoint = os.getenv("BUCKET_ENDPOINT")
bucketEndpoint = str(base64.b64decode(bucketEndpoint))
bucketEndpoint = bucketEndpoint[2:]
bucketEndpoint = bucketEndpoint[:-1]
bucketName = os.getenv("BUCKET_NAME")
bucketName = str(base64.b64decode(bucketName))
bucketName = bucketName[2:]
bucketName = bucketName[:-1]
DbName = os.getenv("DB_NAME")
# KMS method to encrypt the data. This method only applies to scenarios where objects are uploaded or downloaded entirely.
bucket = oss2.CryptoBucket(auth,
bucketEndpoint,
bucketName,
crypto_provider=AliKMSProvider(
AccessKeyId, AccessKeySecret, KmsRegion,
KmsKey))
# Input path
address = (sys.argv[1])
if os.path.exists("dump.sql.gz"):
# Deleting dump.sql.gz file if present
os.remove("dump.sql.gz")
print("Existing dump.sql.gz file Removed!")
else:
# create empty file
open("dump.sql.gz", "w+")
# Download an object to a local file.
access_key_secret = os.getenv('OSS_TEST_ACCESS_KEY_SECRET',
'<你的AccessKeySecret>')
bucket_name = os.getenv('OSS_TEST_BUCKET', '<你的Bucket>')
endpoint = os.getenv('OSS_TEST_ENDPOINT', '<你的访问域名>')
# 确认上面的参数都填写正确了
for param in (access_key_id, access_key_secret, bucket_name, endpoint):
assert '<' not in param, '请设置参数:' + param
key = 'motto.txt'
content = b'a' * 1024 * 1024
filename = 'download.txt'
# 创建Bucket对象,可以进行客户端数据加密(用户端RSA),此模式下只提供对象整体上传下载操作
bucket = oss2.CryptoBucket(oss2.Auth(access_key_id, access_key_secret),
endpoint,
bucket_name,
crypto_provider=CustomCryptoProvider())
key1 = 'motto-copy.txt'
# 上传文件
bucket.put_object(key, content, headers={'content-length': str(1024 * 1024)})
"""
文件下载
"""
# 下载文件
# 原文件
result = bucket.get_object(key)
# 验证一下
endpoint = os.getenv('OSS_TEST_ENDPOINT', '<你的访问域名>')
cmk = os.getenv('OSS_TEST_CMK', '<你的CMK>')
region = os.getenv('OSS_TEST_REGION', '<你的区域>')
# 确认上面的参数都填写正确了
for param in (access_key_id, access_key_secret, bucket_name, endpoint, cmk,
region):
assert '<' not in param, '请设置参数:' + param
key = 'motto.txt'
content = b'a' * 1024 * 1024
filename = 'download.txt'
# 创建Bucket对象,可以进行客户端数据加密(用户端RSA),此模式下只提供对象整体上传下载操作
bucket = oss2.CryptoBucket(oss2.Auth(access_key_id, access_key_secret),
endpoint,
bucket_name,
crypto_provider=LocalRsaProvider())
key1 = 'motto-copy.txt'
# 上传文件
bucket.put_object(key, content, headers={'content-length': str(1024 * 1024)})
"""
文件下载
"""
# 下载文件
# 原文件
result = bucket.get_object(key)
# 验证一下
VwxmSr0FAajWAlcYN/fGkX1pWA041CKFVQJAG08ozzekeEpAuByTIOaEXgZr5MBQ
gBbHpgZNBl8Lsw9CJSQI15wGfv6yDiLXsH8FyC9TKs+d5Tv4Cvquk0efOQJAd9OC
lCKFs48hdyaiz9yEDsc57PdrvRFepVdj/gpGzD14mVerJbOiOF6aSV19ot27u4on
Td/3aifYs0CveHzFPQJAWb4LCDwqLctfzziG7/S7Z74gyq5qZF4FUElOAZkz718E
yZvADwuz/4aK0od0lX9c4Jp7Mo5vQ4TvdoBnPuGoyw==
-----END RSA PRIVATE KEY-----'''
public_key = '''-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAKiR+IBVdd/kiYXMoPD5c79QHJbqax7ZCwiDPdnAG0w27n19HnO21LH7
x8Hu9HgI3dtPO2s/0DpuOg3QUWeGVDe80kLkwU7U8HKsT8w13kAB9JVtr3cjqzHw
1KTkzNQIDg0nMBSpg4RYa0YFyibqQQXoyZHUQqJvUh3yGmihjnFpAgMBAAE=
-----END RSA PUBLIC KEY-----'''
key_pair = {'private_key': private_key, 'public_key': public_key}
bucket = oss2.CryptoBucket(oss2.Auth(access_key_id, access_key_secret),
endpoint,
bucket_name,
crypto_provider=RsaProvider(key_pair))
# 上传文件
bucket.put_object(key, content, headers={'content-length': str(1024 * 1024)})
"""
文件下载
"""
# 下载文件
# 原文件
result = bucket.get_object(key)
# 验证一下
content_got = b''
for chunk in result: