def test_bucket_encryption_wrong(self): from oss2.models import ServerSideEncryptionRule self.assertRaises(oss2.exceptions.NoSuchServerSideEncryptionRule, self.bucket.get_bucket_encryption) rule = ServerSideEncryptionRule() rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_AES256 rule.kms_master_keyid = "test" self.assertRaises(oss2.exceptions.InvalidArgument, self.bucket.put_bucket_encryption, rule) rule.sse_algorithm = "random" rule.kms_master_keyid = "" self.assertRaises(oss2.exceptions.InvalidEncryptionAlgorithmError, self.bucket.put_bucket_encryption, rule) rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_KMS rule.kms_master_keyid = "" result = self.bucket.put_bucket_encryption(rule) self.assertEqual(int(result.status) / 100, 2) rule.kms_master_keyid = None result = self.bucket.put_bucket_encryption(rule) self.assertEqual(int(result.status) / 100, 2) result = self.bucket.get_bucket_encryption() self.assertEqual(result.sse_algorithm, oss2.SERVER_SIDE_ENCRYPTION_KMS) self.assertTrue(result.kms_master_keyid is None) result = self.bucket.delete_bucket_encryption() rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_KMS rule.kms_master_keyid = "test_wrong" result = self.bucket.put_bucket_encryption(rule) self.assertEqual(int(result.status) / 100, 2) result = self.bucket.get_bucket_encryption() self.assertEqual(result.sse_algorithm, oss2.SERVER_SIDE_ENCRYPTION_KMS) self.assertEqual(result.kms_master_keyid, "test_wrong") result = self.bucket.delete_bucket_encryption() self.assertEqual(int(result.status), 204)
def test_bucket_encryption(self): from oss2.models import ServerSideEncryptionRule rule = ServerSideEncryptionRule() # AES256 rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_AES256 rule.kms_master_keyid = "" result = self.bucket.put_bucket_encryption(rule) self.assertEqual(int(result.status) / 100, 2) wait_meta_sync() result = self.bucket.get_bucket_info() self.assertEqual(result.bucket_encryption_rule.sse_algorithm, 'AES256') self.assertTrue(result.bucket_encryption_rule.kms_master_keyid is None) result = self.bucket.put_object("test", "test") self.assertEqual(int(result.status) / 100, 2) result = self.bucket.get_object("test") self.assertEqual(int(result.status) / 100, 2) self.assertEqual("test", result.read()) result = self.bucket.delete_bucket_encryption() self.assertEqual(int(result.status) / 100, 2) # KMS rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_KMS rule.kms_master_keyid = "" result = self.bucket.put_bucket_encryption(rule) self.assertEqual(int(result.status) / 100, 2) wait_meta_sync() result = self.bucket.get_bucket_info() self.assertEqual(result.bucket_encryption_rule.sse_algorithm, 'KMS') self.assertTrue(result.bucket_encryption_rule.kms_master_keyid is None) result = self.bucket.delete_bucket_encryption() self.assertEqual(int(result.status) / 100, 2)
access_key_id = os.getenv('OSS_TEST_ACCESS_KEY_ID', '<你的AccessKeyId>') access_key_secret = os.getenv('OSS_TEST_ACCESS_KEY_SECRET', '<你的AccessKeySecret>') bucket_name = os.getenv('OSS_TEST_BUCKET', '<你要请求的Bucket名称>') endpoint = os.getenv('OSS_TEST_ENDPOINT', '<你的访问域名>') # 确认上面的参数都填写正确了 for param in (access_key_id, access_key_secret, bucket_name, endpoint): assert '<' not in param, '请设置参数:' + param # 创建Bucket对象,所有Object相关的接口都可以通过Bucket对象来进行 bucket = oss2.Bucket(oss2.Auth(access_key_id, access_key_secret), endpoint, bucket_name) # ##########以下是设置bucket服务端加密的示例############## # 以设置AES256加密为例。 rule = ServerSideEncryptionRule() rule.sse_algorithm = SERVER_SIDE_ENCRYPTION_AES256 bucket.put_bucket_encryption(rule) # 获取服务端加密配置。 result = bucket.get_bucket_encryption() print('sse_algorithm:', result.sse_algorithm) print('kms_key_id:', result.kms_master_keyid) print('data_algorithm:', result.kms_data_encryption) # ##########以下是使用put_object接口上传文件时单独指定文件的服务端加密方式的示例############ key = 'test_put_object' # 在headers中指定加密方式。 headers = dict() # 使用KMS加密 headers[OSS_SERVER_SIDE_ENCRYPTION] = SERVER_SIDE_ENCRYPTION_KMS
def test_put_bucket_encryption(self): auth = oss2.Auth(OSS_ID, OSS_SECRET) bucket_name = OSS_BUCKET + "-test-put-bucket-encryption" bucket = oss2.Bucket(auth, self.endpoint, bucket_name) bucket.create_bucket() # set SM4 rule = ServerSideEncryptionRule() rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_SM4 bucket.put_bucket_encryption(rule) result = bucket.get_bucket_encryption() self.assertEqual(SERVER_SIDE_ENCRYPTION_SM4, result.sse_algorithm) self.assertIsNone(result.kms_master_keyid) self.assertIsNone(result.kms_data_encryption) bucket_info = bucket.get_bucket_info() rule = bucket_info.bucket_encryption_rule self.assertEqual(SERVER_SIDE_ENCRYPTION_SM4, rule.sse_algorithm) self.assertIsNone(result.kms_master_keyid) self.assertIsNone(result.kms_data_encryption) # set KMS and data SM4, and none kms_key_id. rule = ServerSideEncryptionRule() rule.sse_algorithm = SERVER_SIDE_ENCRYPTION_KMS rule.kms_data_encryption = KMS_DATA_ENCRYPTION_SM4 bucket.put_bucket_encryption(rule) result = bucket.get_bucket_encryption() self.assertEqual(SERVER_SIDE_ENCRYPTION_KMS, result.sse_algorithm) self.assertIsNone(result.kms_master_keyid) self.assertEqual(KMS_DATA_ENCRYPTION_SM4, result.kms_data_encryption) bucket_info = bucket.get_bucket_info() rule = bucket_info.bucket_encryption_rule self.assertEqual(SERVER_SIDE_ENCRYPTION_KMS, rule.sse_algorithm) self.assertIsNone(rule.kms_master_keyid) self.assertEqual(KMS_DATA_ENCRYPTION_SM4, rule.kms_data_encryption) # set KMS and SM4, and has kms key id rule = ServerSideEncryptionRule() rule.sse_algorithm = SERVER_SIDE_ENCRYPTION_KMS rule.kms_master_keyid = '123' rule.kms_data_encryption = KMS_DATA_ENCRYPTION_SM4 bucket.put_bucket_encryption(rule) result = bucket.get_bucket_encryption() self.assertEqual(SERVER_SIDE_ENCRYPTION_KMS, result.sse_algorithm) self.assertEqual('123', result.kms_master_keyid) self.assertEqual(KMS_DATA_ENCRYPTION_SM4, result.kms_data_encryption) bucket_info = bucket.get_bucket_info() rule = bucket_info.bucket_encryption_rule self.assertEqual(SERVER_SIDE_ENCRYPTION_KMS, rule.sse_algorithm) self.assertEqual('123', rule.kms_master_keyid) self.assertEqual(KMS_DATA_ENCRYPTION_SM4, rule.kms_data_encryption) # set AES256 and data encryption is not none rule = ServerSideEncryptionRule() rule.sse_algorithm = SERVER_SIDE_ENCRYPTION_AES256 rule.kms_data_encryption = KMS_DATA_ENCRYPTION_SM4 bucket.put_bucket_encryption(rule) result = bucket.get_bucket_encryption() self.assertEqual(SERVER_SIDE_ENCRYPTION_AES256, result.sse_algorithm) self.assertIsNone(result.kms_master_keyid) self.assertIsNone(result.kms_data_encryption) bucket_info = bucket.get_bucket_info() rule = bucket_info.bucket_encryption_rule self.assertEqual(SERVER_SIDE_ENCRYPTION_AES256, rule.sse_algorithm) self.assertIsNone(rule.kms_master_keyid) self.assertIsNone(rule.kms_data_encryption) # set SM4 and data encryption is not none rule = ServerSideEncryptionRule() rule.sse_algorithm = SERVER_SIDE_ENCRYPTION_SM4 rule.kms_data_encryption = KMS_DATA_ENCRYPTION_SM4 bucket.put_bucket_encryption(rule) result = bucket.get_bucket_encryption() self.assertEqual(SERVER_SIDE_ENCRYPTION_SM4, result.sse_algorithm) self.assertIsNone(result.kms_master_keyid) self.assertIsNone(result.kms_data_encryption) bucket_info = bucket.get_bucket_info() rule = bucket_info.bucket_encryption_rule self.assertEqual(SERVER_SIDE_ENCRYPTION_SM4, rule.sse_algorithm) self.assertIsNone(result.kms_master_keyid) self.assertIsNone(result.kms_data_encryption)