def test_crypto_get_compact_deprecated_kms(self, do_request):
content = b'a' * 1024 * 1024
encrypted_kms_path = "tests/deprecated_encrypted_1MB_a_kms"
encrypted_meta_kms_path = "tests/deprecated_encrypted_1MB_a_meta_kms.json"
with open(encrypted_kms_path, 'rb') as f:
encrypted_content = f.read()
with open(encrypted_meta_kms_path, 'r') as f:
meta = json.loads(f.read())
key = random_string(10)
provider = oss2.AliKMSProvider(OSS_ID, OSS_SECRET, OSS_REGION, OSS_CMK)
request_text, response_text = make_get_encrypted_object_compact_deprecated(
key, encrypted_content, meta)
plain_key = utils.b64decode_from_string(meta['base64-plain-key'])
plain_start = meta['plain-start']
req_info = unittests.common.mock_response(do_request, response_text)
with patch('oss2.AliKMSProvider.decrypt_encrypted_key',
return_value=plain_key):
with patch('oss2.AliKMSProvider.decrypt_encrypted_iv',
return_value=plain_start):
result = unittests.common.bucket(provider).get_object(key)
self.assertRequest(req_info, request_text)
self.assertEqual(result.read(), content)
def setUp(self):
oss2.defaults.connect_timeout = self.default_connect_timeout
oss2.defaults.multipart_threshold = self.default_multipart_num_threads
oss2.defaults.multipart_num_threads = random.randint(1, 5)
oss2.defaults.multiget_threshold = self.default_multiget_threshold
oss2.defaults.multiget_part_size = self.default_multiget_part_size
oss2.defaults.multiget_num_threads = random.randint(1, 5)
global OSS_AUTH_VERSION
OSS_AUTH_VERSION = os.getenv('OSS_TEST_AUTH_VERSION')
self.bucket = oss2.Bucket(oss2.make_auth(OSS_ID, OSS_SECRET, OSS_AUTH_VERSION), OSS_ENDPOINT, OSS_BUCKET)
try:
self.bucket.create_bucket()
except:
pass
self.rsa_crypto_bucket = oss2.CryptoBucket(oss2.make_auth(OSS_ID, OSS_SECRET, OSS_AUTH_VERSION), OSS_ENDPOINT, OSS_BUCKET,
crypto_provider=oss2.LocalRsaProvider())
self.kms_crypto_bucket = oss2.CryptoBucket(oss2.make_auth(OSS_ID, OSS_SECRET, OSS_AUTH_VERSION), OSS_ENDPOINT, OSS_BUCKET,
crypto_provider=oss2.AliKMSProvider(OSS_ID, OSS_SECRET, OSS_REGION, OSS_CMK))
self.key_list = []
self.temp_files = []
def _upload_file(self, token, filename, file_or_string, cmk_id=None):
token_meta = self.introspect()
if token_meta['active'] == False:
raise BGEError('access_token has expired')
client_id = token_meta['client_id']
credentials = token.credentials
destination = token.destination
bucket_name = token.bucket
endpoint = token.endpoint
access_key_id = credentials['access_key_id']
access_key_secret = credentials['access_key_secret']
security_token = credentials['security_token']
auth = oss2.StsAuth(access_key_id, access_key_secret, security_token)
if cmk_id is not None:
region_id = token.region_id
kms_provider = oss2.AliKMSProvider(access_key_id,
access_key_secret, region_id,
cmk_id)
# NOTE 官方 oss2 处理 STS 加密上传存在 bug,等待其修复,此处做代码动态修改
sts_token_credential = StsTokenCredential(access_key_id,
access_key_secret,
security_token)
kms_provider.kms_client = AcsClient(
region_id=region_id, credential=sts_token_credential)
bucket = oss2.CryptoBucket(auth,
endpoint,
bucket_name,
crypto_provider=kms_provider)
else:
bucket = oss2.Bucket(auth, endpoint, bucket_name)
object_name = '%s/%s' % (destination, filename)
bge_open_client_id_header = 'x-oss-meta-bge-open-client-id'
custom_headers = {bge_open_client_id_header: client_id}
bucket.put_object(object_name,
file_or_string,
headers=custom_headers,
progress_callback=progress_callback)
sys.stdout.write('')
return object_name