def close_par(par=None, par_uid=None, url_checksum=None): """Close the passed OSPar, which provides access to data in the passed bucket Args: par (OSPar, default=None): OSPar to close bucket par_uid (str, default=None): UID for OSPar url_checksum (str, default=None): Checksum to pass to PARRegistry Returns: None """ from Acquire.ObjectStore import OSParRegistry as _OSParRegistry if par is None: par = _OSParRegistry.get( par_uid=par_uid, details_function=_get_driver_details_from_data, url_checksum=url_checksum) from Acquire.ObjectStore import OSPar as _OSPar if not isinstance(par, _OSPar): raise TypeError("The OSPar must be of type OSPar") if par.driver() != "gcp": raise ValueError("Cannot delete a OSPar that was not created " "by the GCP object store") # close the OSPar - this will trigger any close_function(s) _OSParRegistry.close(par=par)
def close_par(par=None, par_uid=None, url_checksum=None): """Close the passed OSPar, which provides access to data in the passed bucket Args: par (OSPar, default=None): OSPar to close bucket par_uid (str, default=None): UID for OSPar url_checksum (str, default=None): Checksum to pass to PARRegistry Returns: None """ from Acquire.ObjectStore import OSParRegistry as _OSParRegistry if par is None: par = _OSParRegistry.get( par_uid=par_uid, details_function=_get_driver_details_from_data, url_checksum=url_checksum) from Acquire.ObjectStore import OSPar as _OSPar if not isinstance(par, _OSPar): raise TypeError("The OSPar must be of type OSPar") if par.driver() != "oci": raise ValueError("Cannot delete a OSPar that was not created " "by the OCI object store") # delete the PAR from Acquire.Service import get_service_account_bucket \ as _get_service_account_bucket par_bucket = par.driver_details()["bucket"] par_id = par.driver_details()["par_id"] bucket = _get_service_account_bucket() # now get the bucket accessed by the OSPar... bucket = OCI_ObjectStore.get_bucket(bucket=bucket, bucket_name=par_bucket) client = bucket["client"] try: response = client.delete_preauthenticated_request( client.get_namespace().data, bucket["bucket_name"], par_id) except Exception as e: from Acquire.ObjectStore import ObjectStoreError raise ObjectStoreError("Unable to delete a OSPar '%s' : Error %s" % (par_id, str(e))) if response.status not in [200, 204]: from Acquire.ObjectStore import ObjectStoreError raise ObjectStoreError( "Unable to delete a OSPar '%s' : Status %s, Error %s" % (par_id, response.status, str(response.data))) # close the OSPar - this will trigger any close_function(s) _OSParRegistry.close(par=par)
def close_par(par=None, par_uid=None, url_checksum=None): """Close the passed PAR, which provides access to data in the passed bucket """ from Acquire.ObjectStore import OSParRegistry as _OSParRegistry if par is None: par = _OSParRegistry.get( par_uid=par_uid, url_checksum=url_checksum, details_function=_get_driver_details_from_data) from Acquire.ObjectStore import OSPar as _OSPar if not isinstance(par, _OSPar): raise TypeError("The PAR must be of type OSPar") if par.driver() != "testing_objstore": raise ValueError("Cannot delete a PAR that was not created " "by the testing object store") # delete the PAR (no need to do this on testing) # close the PAR - this will trigger any close_function(s) _OSParRegistry.close(par=par)
def create_par(bucket, encrypt_key, key=None, readable=True, writeable=False, duration=3600, cleanup_function=None): """Create a pre-authenticated request for the passed bucket and key (if key is None then the request is for the entire bucket). This will return a OSPar object that will contain a URL that can be used to access the object/bucket. If writeable is true, then the URL will also allow the object/bucket to be written to. PARs are time-limited. Set the lifetime in seconds by passing in 'duration' (by default this is one hour) Args: bucket (dict): Bucket to create OSPar for encrypt_key (PublicKey): Public key to encrypt PAR key (str, default=None): Key readable (bool, default=True): If bucket is readable writeable (bool, default=False): If bucket is writeable duration (int, default=3600): Duration OSPar should be valid for in seconds cleanup_function (function, default=None): Cleanup function to be passed to PARRegistry Returns: OSPar: Pre-authenticated request for the bucket """ from Acquire.Crypto import PublicKey as _PublicKey if not isinstance(encrypt_key, _PublicKey): from Acquire.Client import PARError raise PARError( "You must supply a valid PublicKey to encrypt the " "returned OSPar") # get the UTC datetime when this OSPar should expire from Acquire.ObjectStore import get_datetime_now as _get_datetime_now expires_datetime = _get_datetime_now() + \ _datetime.timedelta(seconds=duration) is_bucket = (key is None) # Limitation of OCI - cannot have a bucket OSPar with # read permissions! if is_bucket and readable: from Acquire.Client import PARError raise PARError( "You cannot create a Bucket OSPar that has read permissions " "due to a limitation in the underlying platform") try: from oci.object_storage.models import \ CreatePreauthenticatedRequestDetails as \ _CreatePreauthenticatedRequestDetails except: raise ImportError( "Cannot import OCI. Please install OCI, e.g. via " "'pip install oci' so that you can connect to the " "Oracle Cloud Infrastructure") oci_par = None request = _CreatePreauthenticatedRequestDetails() if is_bucket: request.access_type = "AnyObjectWrite" elif readable and writeable: request.access_type = "ObjectReadWrite" elif readable: request.access_type = "ObjectRead" elif writeable: request.access_type = "ObjectWrite" else: from Acquire.ObjectStore import ObjectStoreError raise ObjectStoreError( "Unsupported permissions model for OSPar!") request.name = str(_uuid.uuid4()) if not is_bucket: request.object_name = _clean_key(key) request.time_expires = expires_datetime client = bucket["client"] try: response = client.create_preauthenticated_request( client.get_namespace().data, bucket["bucket_name"], request) except Exception as e: # couldn't create the preauthenticated request from Acquire.ObjectStore import ObjectStoreError raise ObjectStoreError( "Unable to create the OSPar '%s': %s" % (str(request), str(e))) if response.status != 200: from Acquire.ObjectStore import ObjectStoreError raise ObjectStoreError( "Unable to create the OSPar '%s': Status %s, Error %s" % (str(request), response.status, str(response.data))) oci_par = response.data if oci_par is None: from Acquire.ObjectStore import ObjectStoreError raise ObjectStoreError( "Unable to create the preauthenticated request!") created_datetime = oci_par.time_created.replace( tzinfo=_datetime.timezone.utc) expires_datetime = oci_par.time_expires.replace( tzinfo=_datetime.timezone.utc) # the URI returned by OCI does not include the server. We need # to get the server based on the region of this bucket url = _get_object_url_for_region(bucket["region"], oci_par.access_uri) # get the checksum for this URL - used to validate the close # request from Acquire.ObjectStore import OSPar as _OSPar from Acquire.ObjectStore import OSParRegistry as _OSParRegistry url_checksum = _OSPar.checksum(url) driver_details = {"driver": "oci", "bucket": bucket["bucket_name"], "created_datetime": created_datetime, "par_id": oci_par.id, "par_name": oci_par.name} par = _OSPar(url=url, encrypt_key=encrypt_key, key=oci_par.object_name, expires_datetime=expires_datetime, is_readable=readable, is_writeable=writeable, driver_details=driver_details) _OSParRegistry.register(par=par, url_checksum=url_checksum, details_function=_get_driver_details_from_par, cleanup_function=cleanup_function) return par
def create_par(bucket, encrypt_key, key=None, readable=True, writeable=False, duration=3600, cleanup_function=None): """Create a pre-authenticated request for the passed bucket and key (if key is None then the request is for the entire bucket). This will return a OSPar object that will contain a URL that can be used to access the object/bucket. If writeable is true, then the URL will also allow the object/bucket to be written to. PARs are time-limited. Set the lifetime in seconds by passing in 'duration' (by default this is one hour) Args: bucket (dict): Bucket to create OSPar for encrypt_key (PublicKey): Public key to encrypt PAR key (str, default=None): Key readable (bool, default=True): If bucket is readable writeable (bool, default=False): If bucket is writeable duration (int, default=3600): Duration OSPar should be valid for in seconds cleanup_function (function, default=None): Cleanup function to be passed to PARRegistry Returns: OSPar: Pre-authenticated request for the bucket """ from Acquire.Crypto import PublicKey as _PublicKey if not isinstance(encrypt_key, _PublicKey): from Acquire.Client import PARError raise PARError("You must supply a valid PublicKey to encrypt the " "returned OSPar") is_bucket = (key is None) if writeable: method = "PUT" elif readable: method = "GET" else: from Acquire.ObjectStore import ObjectStoreError raise ObjectStoreError("Unsupported permissions model for OSPar!") try: # get the UTC datetime when this OSPar should expire from Acquire.ObjectStore import get_datetime_now as _get_datetime_now created_datetime = _get_datetime_now() expires_datetime = _get_datetime_now() + _datetime.timedelta( seconds=duration) bucket_obj = bucket["bucket"] if is_bucket: url = bucket_obj.generate_signed_url( version='v4', expiration=expires_datetime, method=method) else: blob = bucket_obj.blob(key) url = blob.generate_signed_url(version='v4', expiration=expires_datetime, method=method) except Exception as e: # couldn't create the preauthenticated request from Acquire.ObjectStore import ObjectStoreError raise ObjectStoreError("Unable to create the OSPar '%s': %s" % (key, str(e))) if url is None: from Acquire.ObjectStore import ObjectStoreError raise ObjectStoreError("Unable to create the signed URL!") # get the checksum for this URL - used to validate the close # request from Acquire.ObjectStore import OSPar as _OSPar from Acquire.ObjectStore import OSParRegistry as _OSParRegistry url_checksum = _OSPar.checksum(url) bucket_name = bucket["bucket_name"] driver_details = { "driver": "gcp", "bucket": bucket_name, "created_datetime": created_datetime } par = _OSPar(url=url, encrypt_key=encrypt_key, key=key, expires_datetime=expires_datetime, is_readable=readable, is_writeable=writeable, driver_details=driver_details) _OSParRegistry.register(par=par, url_checksum=url_checksum, details_function=_get_driver_details_from_par, cleanup_function=cleanup_function) return par
def create_par(bucket, encrypt_key, key=None, readable=True, writeable=False, duration=3600, cleanup_function=None): """Create a pre-authenticated request for the passed bucket and key (if key is None then the request is for the entire bucket). This will return a PAR object that will contain a URL that can be used to access the object/bucket. If writeable is true, then the URL will also allow the object/bucket to be written to. PARs are time-limited. Set the lifetime in seconds by passing in 'duration' (by default this is one hour). Note that you must pass in a public key that will be used to encrypt this PAR. This is necessary as the PAR grants access to anyone who can decrypt the URL """ from Acquire.Crypto import PublicKey as _PublicKey if not isinstance(encrypt_key, _PublicKey): from Acquire.Client import PARError raise PARError("You must supply a valid PublicKey to encrypt the " "returned PAR") if key is not None: if not _os.path.exists("%s/%s._data" % (bucket, key)): from Acquire.Client import PARError raise PARError( "The object '%s' in bucket '%s' does not exist!" % (key, bucket)) elif not _os.path.exists(bucket): from Acquire.Client import PARError raise PARError("The bucket '%s' does not exist!" % bucket) url = "file://%s" % bucket if key: url = "%s/%s" % (url, key) # get the time this PAR was created from Acquire.ObjectStore import get_datetime_now as _get_datetime_now created_datetime = _get_datetime_now() # get the UTC datetime when this PAR should expire expires_datetime = created_datetime + \ _datetime.timedelta(seconds=duration) # mimic limitations of OCI - cannot have a bucket PAR with # read permissions! if (key is None) and readable: from Acquire.Client import PARError raise PARError( "You cannot create a Bucket PAR that has read permissions " "due to a limitation in the underlying platform") from Acquire.ObjectStore import OSPar as _OSPar from Acquire.ObjectStore import OSParRegistry as _OSParRegistry url_checksum = _OSPar.checksum(url) driver_details = { "driver": "testing_objstore", "bucket": bucket, "created_datetime": created_datetime } par = _OSPar(url=url, key=key, encrypt_key=encrypt_key, expires_datetime=expires_datetime, is_readable=readable, is_writeable=writeable, driver_details=driver_details) _OSParRegistry.register(par=par, url_checksum=url_checksum, details_function=_get_driver_details_from_par, cleanup_function=cleanup_function) return par