def test_bucket_encryption_wrong(self):
from oss2.models import ServerSideEncryptionRule
self.assertRaises(oss2.exceptions.NoSuchServerSideEncryptionRule,
self.bucket.get_bucket_encryption)
rule = ServerSideEncryptionRule()
rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_AES256
rule.kms_master_keyid = "test"
self.assertRaises(oss2.exceptions.InvalidArgument,
self.bucket.put_bucket_encryption, rule)
rule.sse_algorithm = "random"
rule.kms_master_keyid = ""
self.assertRaises(oss2.exceptions.InvalidEncryptionAlgorithmError,
self.bucket.put_bucket_encryption, rule)
rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_KMS
rule.kms_master_keyid = ""
result = self.bucket.put_bucket_encryption(rule)
self.assertEqual(int(result.status) / 100, 2)
rule.kms_master_keyid = None
result = self.bucket.put_bucket_encryption(rule)
self.assertEqual(int(result.status) / 100, 2)
result = self.bucket.get_bucket_encryption()
self.assertEqual(result.sse_algorithm, oss2.SERVER_SIDE_ENCRYPTION_KMS)
self.assertTrue(result.kms_master_keyid is None)
result = self.bucket.delete_bucket_encryption()
rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_KMS
rule.kms_master_keyid = "test_wrong"
result = self.bucket.put_bucket_encryption(rule)
self.assertEqual(int(result.status) / 100, 2)
result = self.bucket.get_bucket_encryption()
self.assertEqual(result.sse_algorithm, oss2.SERVER_SIDE_ENCRYPTION_KMS)
self.assertEqual(result.kms_master_keyid, "test_wrong")
result = self.bucket.delete_bucket_encryption()
self.assertEqual(int(result.status), 204)
def test_bucket_encryption(self):
from oss2.models import ServerSideEncryptionRule
rule = ServerSideEncryptionRule()
# AES256
rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_AES256
rule.kms_master_keyid = ""
result = self.bucket.put_bucket_encryption(rule)
self.assertEqual(int(result.status) / 100, 2)
wait_meta_sync()
result = self.bucket.get_bucket_info()
self.assertEqual(result.bucket_encryption_rule.sse_algorithm, 'AES256')
self.assertTrue(result.bucket_encryption_rule.kms_master_keyid is None)
result = self.bucket.put_object("test", "test")
self.assertEqual(int(result.status) / 100, 2)
result = self.bucket.get_object("test")
self.assertEqual(int(result.status) / 100, 2)
self.assertEqual("test", result.read())
result = self.bucket.delete_bucket_encryption()
self.assertEqual(int(result.status) / 100, 2)
# KMS
rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_KMS
rule.kms_master_keyid = ""
result = self.bucket.put_bucket_encryption(rule)
self.assertEqual(int(result.status) / 100, 2)
wait_meta_sync()
result = self.bucket.get_bucket_info()
self.assertEqual(result.bucket_encryption_rule.sse_algorithm, 'KMS')
self.assertTrue(result.bucket_encryption_rule.kms_master_keyid is None)
result = self.bucket.delete_bucket_encryption()
self.assertEqual(int(result.status) / 100, 2)
# 通过环境变量获取,或者把诸如“<你的AccessKeyId>”替换成真实的AccessKeyId等。
access_key_id = os.getenv('OSS_TEST_ACCESS_KEY_ID', '<你的AccessKeyId>')
access_key_secret = os.getenv('OSS_TEST_ACCESS_KEY_SECRET', '<你的AccessKeySecret>')
bucket_name = os.getenv('OSS_TEST_BUCKET', '<你要请求的Bucket名称>')
endpoint = os.getenv('OSS_TEST_ENDPOINT', '<你的访问域名>')
# 确认上面的参数都填写正确了
for param in (access_key_id, access_key_secret, bucket_name, endpoint):
assert '<' not in param, '请设置参数:' + param
# 创建Bucket对象,所有Object相关的接口都可以通过Bucket对象来进行
bucket = oss2.Bucket(oss2.Auth(access_key_id, access_key_secret), endpoint, bucket_name)
# ##########以下是设置bucket服务端加密的示例##############
# 以设置AES256加密为例。
rule = ServerSideEncryptionRule()
rule.sse_algorithm = SERVER_SIDE_ENCRYPTION_AES256
bucket.put_bucket_encryption(rule)
# 获取服务端加密配置。
result = bucket.get_bucket_encryption()
print('sse_algorithm:', result.sse_algorithm)
print('kms_key_id:', result.kms_master_keyid)
print('data_algorithm:', result.kms_data_encryption)
# ##########以下是使用put_object接口上传文件时单独指定文件的服务端加密方式的示例############
key = 'test_put_object'
# 在headers中指定加密方式。
headers = dict()
# 使用KMS加密
def test_put_bucket_encryption(self):
auth = oss2.Auth(OSS_ID, OSS_SECRET)
bucket_name = OSS_BUCKET + "-test-put-bucket-encryption"
bucket = oss2.Bucket(auth, self.endpoint, bucket_name)
bucket.create_bucket()
# set SM4
rule = ServerSideEncryptionRule()
rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_SM4
bucket.put_bucket_encryption(rule)
result = bucket.get_bucket_encryption()
self.assertEqual(SERVER_SIDE_ENCRYPTION_SM4, result.sse_algorithm)
self.assertIsNone(result.kms_master_keyid)
self.assertIsNone(result.kms_data_encryption)
bucket_info = bucket.get_bucket_info()
rule = bucket_info.bucket_encryption_rule
self.assertEqual(SERVER_SIDE_ENCRYPTION_SM4, rule.sse_algorithm)
self.assertIsNone(result.kms_master_keyid)
self.assertIsNone(result.kms_data_encryption)
# set KMS and data SM4, and none kms_key_id.
rule = ServerSideEncryptionRule()
rule.sse_algorithm = SERVER_SIDE_ENCRYPTION_KMS
rule.kms_data_encryption = KMS_DATA_ENCRYPTION_SM4
bucket.put_bucket_encryption(rule)
result = bucket.get_bucket_encryption()
self.assertEqual(SERVER_SIDE_ENCRYPTION_KMS, result.sse_algorithm)
self.assertIsNone(result.kms_master_keyid)
self.assertEqual(KMS_DATA_ENCRYPTION_SM4, result.kms_data_encryption)
bucket_info = bucket.get_bucket_info()
rule = bucket_info.bucket_encryption_rule
self.assertEqual(SERVER_SIDE_ENCRYPTION_KMS, rule.sse_algorithm)
self.assertIsNone(rule.kms_master_keyid)
self.assertEqual(KMS_DATA_ENCRYPTION_SM4, rule.kms_data_encryption)
# set KMS and SM4, and has kms key id
rule = ServerSideEncryptionRule()
rule.sse_algorithm = SERVER_SIDE_ENCRYPTION_KMS
rule.kms_master_keyid = '123'
rule.kms_data_encryption = KMS_DATA_ENCRYPTION_SM4
bucket.put_bucket_encryption(rule)
result = bucket.get_bucket_encryption()
self.assertEqual(SERVER_SIDE_ENCRYPTION_KMS, result.sse_algorithm)
self.assertEqual('123', result.kms_master_keyid)
self.assertEqual(KMS_DATA_ENCRYPTION_SM4, result.kms_data_encryption)
bucket_info = bucket.get_bucket_info()
rule = bucket_info.bucket_encryption_rule
self.assertEqual(SERVER_SIDE_ENCRYPTION_KMS, rule.sse_algorithm)
self.assertEqual('123', rule.kms_master_keyid)
self.assertEqual(KMS_DATA_ENCRYPTION_SM4, rule.kms_data_encryption)
# set AES256 and data encryption is not none
rule = ServerSideEncryptionRule()
rule.sse_algorithm = SERVER_SIDE_ENCRYPTION_AES256
rule.kms_data_encryption = KMS_DATA_ENCRYPTION_SM4
bucket.put_bucket_encryption(rule)
result = bucket.get_bucket_encryption()
self.assertEqual(SERVER_SIDE_ENCRYPTION_AES256, result.sse_algorithm)
self.assertIsNone(result.kms_master_keyid)
self.assertIsNone(result.kms_data_encryption)
bucket_info = bucket.get_bucket_info()
rule = bucket_info.bucket_encryption_rule
self.assertEqual(SERVER_SIDE_ENCRYPTION_AES256, rule.sse_algorithm)
self.assertIsNone(rule.kms_master_keyid)
self.assertIsNone(rule.kms_data_encryption)
# set SM4 and data encryption is not none
rule = ServerSideEncryptionRule()
rule.sse_algorithm = SERVER_SIDE_ENCRYPTION_SM4
rule.kms_data_encryption = KMS_DATA_ENCRYPTION_SM4
bucket.put_bucket_encryption(rule)
result = bucket.get_bucket_encryption()
self.assertEqual(SERVER_SIDE_ENCRYPTION_SM4, result.sse_algorithm)
self.assertIsNone(result.kms_master_keyid)
self.assertIsNone(result.kms_data_encryption)
bucket_info = bucket.get_bucket_info()
rule = bucket_info.bucket_encryption_rule
self.assertEqual(SERVER_SIDE_ENCRYPTION_SM4, rule.sse_algorithm)
self.assertIsNone(result.kms_master_keyid)
self.assertIsNone(result.kms_data_encryption)