def setUp(self): oss2.defaults.connect_timeout = self.default_connect_timeout oss2.defaults.multipart_threshold = self.default_multipart_num_threads oss2.defaults.multipart_num_threads = random.randint(1, 5) oss2.defaults.multiget_threshold = self.default_multiget_threshold oss2.defaults.multiget_part_size = self.default_multiget_part_size oss2.defaults.multiget_num_threads = random.randint(1, 5) global OSS_AUTH_VERSION OSS_AUTH_VERSION = os.getenv('OSS_TEST_AUTH_VERSION') self.bucket = oss2.Bucket(oss2.make_auth(OSS_ID, OSS_SECRET, OSS_AUTH_VERSION), OSS_ENDPOINT, OSS_BUCKET) try: self.bucket.create_bucket() except: pass self.rsa_crypto_bucket = oss2.CryptoBucket(oss2.make_auth(OSS_ID, OSS_SECRET, OSS_AUTH_VERSION), OSS_ENDPOINT, OSS_BUCKET, crypto_provider=oss2.LocalRsaProvider()) self.kms_crypto_bucket = oss2.CryptoBucket(oss2.make_auth(OSS_ID, OSS_SECRET, OSS_AUTH_VERSION), OSS_ENDPOINT, OSS_BUCKET, crypto_provider=oss2.AliKMSProvider(OSS_ID, OSS_SECRET, OSS_REGION, OSS_CMK)) self.key_list = [] self.temp_files = []
def bucket(crypto_provider=None): if crypto_provider: return oss2.CryptoBucket(oss2.Auth('fake-access-key-id', 'fake-access-key-secret'), 'http://oss-cn-hangzhou.aliyuncs.com', BUCKET_NAME, crypto_provider=crypto_provider) else: return oss2.Bucket( oss2.Auth('fake-access-key-id', 'fake-access-key-secret'), 'http://oss-cn-hangzhou.aliyuncs.com', BUCKET_NAME)
def __init__(self, kms_access_key_secret=None): oss2.set_file_logger(config.LogFile, 'oss2', config.LogLevel) if not kms_access_key_secret: kms_access_key_secret = str( getpass("请输入AK为\"%s\"的KMS服务的SK:" % color.red(config.KMSAccessKeyId))) self.__OssEndpoint = 'https://' + config.OssEndpoint self.__bucket = oss2.CryptoBucket( oss2.Auth(config.OSSAccessKeyId, config.OSSAccessKeySecret), self.__OssEndpoint, config.bucket_name, crypto_provider=oss2.crypto.AliKMSProvider(config.KMSAccessKeyId, kms_access_key_secret, config.KMSRegion, config.CMKID)) try: # 检测Bucket是否存在 self.__bucket.get_bucket_info() except oss2.exceptions.NoSuchBucket: logger.critical("Bucket:\"%s\"不存在" % config.bucket_name) raise ValueError("Bucket:\"%s\"不存在" % config.bucket_name) try: # 检测KMS配置有效性 KmsClient( OpenApiModels.Config( access_key_id=config.KMSAccessKeyId, access_key_secret=kms_access_key_secret, endpoint='kms.%s.aliyuncs.com' % config.KMSRegion)).generate_data_key( KmsModels.GenerateDataKeyRequest(key_id=config.CMKID)) except: logger.critical("无法调用KMS服务生成密钥,请检查相关配置,以及SK是否输入正确") raise ValueError("无法调用KMS服务生成密钥,请检查相关配置,以及SK是否输入正确") del kms_access_key_secret self.__ping_cmd = ["ping", "1", config.OssEndpoint] if os.name == 'nt': self.__ping_cmd.insert(1, "-n") elif os.name == 'posix': self.__ping_cmd.insert(1, "-c") else: raise OSError("无法识别操作系统") if subprocess.run(self.__ping_cmd, capture_output=True).returncode != 0: logger.error("无法连接至%s,请检查OssEndpoint和网络配置" % config.OssEndpoint) raise ValueError("无法连接至%s,请检查OssEndpoint和网络配置" % config.OssEndpoint) self.__restore_configuration_model = [ oss2.models.RESTORE_TIER_EXPEDITED, oss2.models.RESTORE_TIER_STANDARD, oss2.models.RESTORE_TIER_BULK ]
def _upload_file(self, token, filename, file_or_string, cmk_id=None): token_meta = self.introspect() if token_meta['active'] == False: raise BGEError('access_token has expired') client_id = token_meta['client_id'] credentials = token.credentials destination = token.destination bucket_name = token.bucket endpoint = token.endpoint access_key_id = credentials['access_key_id'] access_key_secret = credentials['access_key_secret'] security_token = credentials['security_token'] auth = oss2.StsAuth(access_key_id, access_key_secret, security_token) if cmk_id is not None: region_id = token.region_id kms_provider = oss2.AliKMSProvider(access_key_id, access_key_secret, region_id, cmk_id) # NOTE 官方 oss2 处理 STS 加密上传存在 bug,等待其修复,此处做代码动态修改 sts_token_credential = StsTokenCredential(access_key_id, access_key_secret, security_token) kms_provider.kms_client = AcsClient( region_id=region_id, credential=sts_token_credential) bucket = oss2.CryptoBucket(auth, endpoint, bucket_name, crypto_provider=kms_provider) else: bucket = oss2.Bucket(auth, endpoint, bucket_name) object_name = '%s/%s' % (destination, filename) bge_open_client_id_header = 'x-oss-meta-bge-open-client-id' custom_headers = {bge_open_client_id_header: client_id} bucket.put_object(object_name, file_or_string, headers=custom_headers, progress_callback=progress_callback) sys.stdout.write('') return object_name
bucketEndpoint = os.getenv("BUCKET_ENDPOINT") bucketEndpoint = str(base64.b64decode(bucketEndpoint)) bucketEndpoint = bucketEndpoint[2:] bucketEndpoint = bucketEndpoint[:-1] bucketName = os.getenv("BUCKET_NAME") bucketName = str(base64.b64decode(bucketName)) bucketName = bucketName[2:] bucketName = bucketName[:-1] DbName = os.getenv("DB_NAME") # KMS method to encrypt the data. This method only applies to scenarios where objects are uploaded or downloaded entirely. bucket = oss2.CryptoBucket(auth, bucketEndpoint, bucketName, crypto_provider=AliKMSProvider( AccessKeyId, AccessKeySecret, KmsRegion, KmsKey)) # Input path address = (sys.argv[1]) if os.path.exists("dump.sql.gz"): # Deleting dump.sql.gz file if present os.remove("dump.sql.gz") print("Existing dump.sql.gz file Removed!") else: # create empty file open("dump.sql.gz", "w+") # Download an object to a local file.
access_key_secret = os.getenv('OSS_TEST_ACCESS_KEY_SECRET', '<你的AccessKeySecret>') bucket_name = os.getenv('OSS_TEST_BUCKET', '<你的Bucket>') endpoint = os.getenv('OSS_TEST_ENDPOINT', '<你的访问域名>') # 确认上面的参数都填写正确了 for param in (access_key_id, access_key_secret, bucket_name, endpoint): assert '<' not in param, '请设置参数:' + param key = 'motto.txt' content = b'a' * 1024 * 1024 filename = 'download.txt' # 创建Bucket对象,可以进行客户端数据加密(用户端RSA),此模式下只提供对象整体上传下载操作 bucket = oss2.CryptoBucket(oss2.Auth(access_key_id, access_key_secret), endpoint, bucket_name, crypto_provider=CustomCryptoProvider()) key1 = 'motto-copy.txt' # 上传文件 bucket.put_object(key, content, headers={'content-length': str(1024 * 1024)}) """ 文件下载 """ # 下载文件 # 原文件 result = bucket.get_object(key) # 验证一下
endpoint = os.getenv('OSS_TEST_ENDPOINT', '<你的访问域名>') cmk = os.getenv('OSS_TEST_CMK', '<你的CMK>') region = os.getenv('OSS_TEST_REGION', '<你的区域>') # 确认上面的参数都填写正确了 for param in (access_key_id, access_key_secret, bucket_name, endpoint, cmk, region): assert '<' not in param, '请设置参数:' + param key = 'motto.txt' content = b'a' * 1024 * 1024 filename = 'download.txt' # 创建Bucket对象,可以进行客户端数据加密(用户端RSA),此模式下只提供对象整体上传下载操作 bucket = oss2.CryptoBucket(oss2.Auth(access_key_id, access_key_secret), endpoint, bucket_name, crypto_provider=LocalRsaProvider()) key1 = 'motto-copy.txt' # 上传文件 bucket.put_object(key, content, headers={'content-length': str(1024 * 1024)}) """ 文件下载 """ # 下载文件 # 原文件 result = bucket.get_object(key) # 验证一下
VwxmSr0FAajWAlcYN/fGkX1pWA041CKFVQJAG08ozzekeEpAuByTIOaEXgZr5MBQ gBbHpgZNBl8Lsw9CJSQI15wGfv6yDiLXsH8FyC9TKs+d5Tv4Cvquk0efOQJAd9OC lCKFs48hdyaiz9yEDsc57PdrvRFepVdj/gpGzD14mVerJbOiOF6aSV19ot27u4on Td/3aifYs0CveHzFPQJAWb4LCDwqLctfzziG7/S7Z74gyq5qZF4FUElOAZkz718E yZvADwuz/4aK0od0lX9c4Jp7Mo5vQ4TvdoBnPuGoyw== -----END RSA PRIVATE KEY-----''' public_key = '''-----BEGIN RSA PUBLIC KEY----- MIGJAoGBAKiR+IBVdd/kiYXMoPD5c79QHJbqax7ZCwiDPdnAG0w27n19HnO21LH7 x8Hu9HgI3dtPO2s/0DpuOg3QUWeGVDe80kLkwU7U8HKsT8w13kAB9JVtr3cjqzHw 1KTkzNQIDg0nMBSpg4RYa0YFyibqQQXoyZHUQqJvUh3yGmihjnFpAgMBAAE= -----END RSA PUBLIC KEY-----''' key_pair = {'private_key': private_key, 'public_key': public_key} bucket = oss2.CryptoBucket(oss2.Auth(access_key_id, access_key_secret), endpoint, bucket_name, crypto_provider=RsaProvider(key_pair)) # 上传文件 bucket.put_object(key, content, headers={'content-length': str(1024 * 1024)}) """ 文件下载 """ # 下载文件 # 原文件 result = bucket.get_object(key) # 验证一下 content_got = b'' for chunk in result: