aliyun-sdk 0.1.8 → 0.2.0

data/lib/aliyun/oss/http.rb

@@ -32,6 +32,7 @@ module Aliyun
     class HTTP
 
       DEFAULT_CONTENT_TYPE = 'application/octet-stream'
+      STS_HEADER = 'x-oss-security-token'
       OPEN_TIMEOUT = 10
       READ_TIMEOUT = 120
 
@@ -124,7 +125,7 @@ module Aliyun
 
       end
 
-      include Logging
+      include Common::Logging
 
       def initialize(config)
         @config = config
@@ -209,6 +210,7 @@ module Aliyun
         headers['User-Agent'] = get_user_agent
         headers['Date'] = Time.now.httpdate
         headers['Content-Type'] ||= DEFAULT_CONTENT_TYPE
+        headers[STS_HEADER] = @config.sts_token if @config.sts_token
 
         if body = http_options[:body]
           if body.respond_to?(:read)

data/lib/aliyun/oss/multipart.rb

@@ -14,9 +14,7 @@ module Aliyun
       ##
       # A multipart transaction. Provide the basic checkpoint methods.
       #
-      class Transaction < Struct::Base
-
-        include Logging
+      class Transaction < Common::Struct::Base
 
         attrs :id, :object, :bucket, :creation_time, :options
 
@@ -65,7 +63,7 @@ module Aliyun
       ##
       # A part in a multipart uploading transaction
       #
-      class Part < Struct::Base
+      class Part < Common::Struct::Base
 
         attrs :number, :etag, :size, :last_modified
 

data/lib/aliyun/oss/object.rb

@@ -6,7 +6,7 @@ module Aliyun
     ##
     # Object表示OSS存储的一个对象
     #
-    class Object < Struct::Base
+    class Object < Common::Struct::Base
 
       attrs :key, :type, :size, :etag, :metas, :last_modified, :content_type
 

data/lib/aliyun/oss/protocol.rb

@@ -15,7 +15,7 @@ module Aliyun
 
       STREAM_CHUNK_SIZE = 16 * 1024
 
-      include Logging
+      include Common::Logging
 
       def initialize(config)
         @config = config

data/lib/aliyun/oss/struct.rb

@@ -51,55 +51,6 @@ module Aliyun
       end
     end # KeyEncoding
 
-    ##
-    # Common structs used. It provides a 'attrs' helper method for
-    # subclass to define its attributes. 'attrs' is based on
-    # attr_reader and provide additional functionalities for classes
-    # that inherits Struct::Base :
-    # * the constuctor is provided to accept options and set the
-    #   corresponding attibute automatically
-    # * the #to_s method is rewrite to concatenate the defined
-    #   attributes keys and values
-    # @example
-    #   class X < Struct::Base
-    #     attrs :foo, :bar
-    #   end
-    #
-    #   x.new(:foo => 'hello', :bar => 'world')
-    #   x.foo # == "hello"
-    #   x.bar # == "world"
-    #   x.to_s # == "foo: hello, bar: world"
-    module Struct
-      class Base
-        module AttrHelper
-          def attrs(*s)
-            define_method(:attrs) {s}
-            attr_reader(*s)
-          end
-        end
-
-        extend AttrHelper
-
-        def initialize(opts = {})
-          extra_keys = opts.keys - attrs
-          unless extra_keys.empty?
-            fail ClientError, "Unexpected extra keys: #{extra_keys.join(', ')}"
-          end
-
-          attrs.each do |attr|
-            instance_variable_set("@#{attr}", opts[attr])
-          end
-        end
-
-        def to_s
-          attrs.map do |attr|
-            v = instance_variable_get("@#{attr}")
-            "#{attr.to_s}: #{v}"
-          end.join(", ")
-        end
-      end # Base
-    end # Struct
-
     ##
     # Bucket Logging setting. See: {http://help.aliyun.com/document_detail/oss/product-documentation/function/logging.html OSS Bucket logging}
     # Attributes:
@@ -111,7 +62,7 @@ module Aliyun
     #    :enable => true, :target_bucket => 'log_bucket', :target_prefix => 'my-log')
     # @example Disable bucket logging
     #  bucket.logging = BucketLogging.new(:enable => false)
-    class BucketLogging < Struct::Base
+    class BucketLogging < Common::Struct::Base
       attrs :enable, :target_bucket, :target_prefix
 
       def enabled?
@@ -125,7 +76,7 @@ module Aliyun
     # * enable [Boolean] whether to enable website hosting for the bucket
     # * index [String] the index object as the index page for the website
     # * error [String] the error object as the error page for the website
-    class BucketWebsite < Struct::Base
+    class BucketWebsite < Common::Struct::Base
       attrs :enable, :index, :error
 
       def enabled?
@@ -138,7 +89,7 @@ module Aliyun
     # Attributes:
     # * allow_empty [Boolean] whether to allow requests with empty "Referer"
     # * whitelist [Array<String>] the allowed origins for requests
-    class BucketReferer < Struct::Base
+    class BucketReferer < Common::Struct::Base
       attrs :allow_empty, :whitelist
 
       def allow_empty?
@@ -171,7 +122,7 @@ module Aliyun
     #     :prefix => 'foo/',
     #     :expiry => 15)
     # @note the expiry date is treated as UTC time
-    class LifeCycleRule < Struct::Base
+    class LifeCycleRule < Common::Struct::Base
 
       attrs :id, :enable, :prefix, :expiry
 
@@ -188,7 +139,7 @@ module Aliyun
     # * allowed_headers [Array<String>] the allowed headers
     # * expose_headers [Array<String>] the expose headers
     # * max_age_seconds [Integer] the max age seconds
-    class CORSRule < Struct::Base
+    class CORSRule < Common::Struct::Base
 
       attrs :allowed_origins, :allowed_methods, :allowed_headers,
             :expose_headers, :max_age_seconds

data/lib/aliyun/oss/upload.rb

@@ -7,6 +7,9 @@ module Aliyun
       # A multipart upload transaction
       #
       class Upload < Transaction
+
+        include Common::Logging
+
         PART_SIZE = 10 * 1024 * 1024
         READ_SIZE = 16 * 1024
         NUM_THREAD = 10

data/lib/aliyun/oss/util.rb

@@ -18,7 +18,7 @@ module Aliyun
 
       class << self
 
-        include Logging
+        include Common::Logging
 
         # Calculate request signatures
         def get_signature(key, verb, headers, resources)

data/lib/aliyun/sts.rb

@@ -0,0 +1,9 @@
+# -*- encoding: utf-8 -*-
+
+require_relative 'common'
+require_relative 'sts/util'
+require_relative 'sts/exception'
+require_relative 'sts/struct'
+require_relative 'sts/config'
+require_relative 'sts/protocol'
+require_relative 'sts/client'

data/lib/aliyun/sts/client.rb

@@ -0,0 +1,38 @@
+# -*- encoding: utf-8 -*-
+
+module Aliyun
+  module STS
+
+    # STS服务的客户端，用于向STS申请临时token。
+    # @example 创建Client
+    #   client = Client.new(
+    #     :access_key_id => 'access_key_id',
+    #     :access_key_secret => 'access_key_secret')
+    #   token = client.assume_role('role:arn', 'app')
+    #
+    #   policy = Policy.new
+    #   policy.allow(['oss:Get*'], ['acs:oss:*:*:my-bucket/*'])
+    #   token = client.assume_role('role:arn', 'app', policy, 60)
+    #   puts token.to_s
+    class Client
+
+      def initialize(opts)
+        @config = Config.new(opts)
+        @protocol = Protocol.new(@config)
+      end
+
+      # Assume a role
+      # @param role [String] the role arn
+      # @param session [String] the session name
+      # @param policy [STS::Policy] the policy
+      # @param duration [Fixnum] the duration seconds for the
+      #  requested token
+      # @return [STS::Token] the sts token
+      def assume_role(role, session, policy = nil, duration = 3600)
+        @protocol.assume_role(role, session, policy, duration)
+      end
+
+    end # Client
+
+  end # STS
+end # Aliyun

data/lib/aliyun/sts/config.rb

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+
+module Aliyun
+  module STS
+
+    # A place to store various configurations: credentials, api
+    # timeout, retry mechanism, etc
+    class Config < Common::Struct::Base
+
+      attrs :access_key_id, :access_key_secret
+
+      def initialize(opts = {})
+        super(opts)
+
+        @access_key_id.strip! if @access_key_id
+        @access_key_secret.strip! if @access_key_secret
+      end
+    end # Config
+
+  end # STS
+end # Aliyun

data/lib/aliyun/sts/exception.rb

@@ -0,0 +1,53 @@
+# -*- encoding: utf-8 -*-
+
+require 'nokogiri'
+
+module Aliyun
+  module STS
+
+    # ServerError represents exceptions from the STS
+    # service. i.e. Client receives a HTTP response whose status is
+    # NOT OK. #message provides the error message and #to_s gives
+    # detailed information probably including the STS request id.
+    class ServerError < Common::Exception
+
+      attr_reader :http_code, :error_code, :message, :request_id
+
+      def initialize(response)
+        @http_code = response.code
+        @attrs = {}
+
+        doc = Nokogiri::XML(response.body) do |config|
+          config.options |= Nokogiri::XML::ParseOptions::NOBLANKS
+        end rescue nil
+
+        if doc and doc.root
+          doc.root.children.each do |n|
+            @attrs[n.name] = n.text
+          end
+        end
+
+        @error_code = @attrs['Code']
+        @message = @attrs['Message']
+        @request_id = @attrs['RequestId']
+      end
+
+      def message
+        msg = @attrs['Message'] || "UnknownError[#{http_code}]."
+        "#{msg} RequestId: #{request_id}"
+      end
+
+      def to_s
+        @attrs.merge({'HTTPCode' => @http_code}).map do |k, v|
+          [k, v].join(": ")
+        end.join(", ")
+      end
+    end # ServerError
+
+    # ClientError represents client exceptions caused mostly by
+    # invalid parameters.
+    class ClientError < Common::Exception
+    end # ClientError
+
+  end # STS
+end # Aliyun

data/lib/aliyun/sts/protocol.rb

@@ -0,0 +1,130 @@
+# -*- encoding: utf-8 -*-
+
+require 'rest-client'
+require 'nokogiri'
+require 'time'
+
+module Aliyun
+  module STS
+
+    # Protocol implements the STS Open API which is low-level. User
+    # should refer to {STS::Client} for normal use.
+    class Protocol
+
+      ENDPOINT = 'https://sts.aliyuncs.com'
+      FORMAT = 'XML'
+      API_VERSION = '2015-04-01'
+      SIGNATURE_METHOD = 'HMAC-SHA1'
+      SIGNATURE_VERSION = '1.0'
+
+      include Common::Logging
+
+      def initialize(config)
+        @config = config
+      end
+
+      # Assume a role
+      # @param role [String] the role arn
+      # @param session [String] the session name
+      # @param policy [STS::Policy] the policy
+      # @param duration [Fixnum] the duration seconds for the
+      #  requested token
+      # @return [STS::Token] the sts token
+      def assume_role(role, session, policy = nil, duration = 3600)
+        logger.info("Begin assume role, role: #{role}, session: #{session}, "\
+                    "policy: #{policy}, duration: #{duration}")
+
+        params = {
+          'Action' => 'AssumeRole',
+          'RoleArn' => role,
+          'RoleSessionName' => session,
+          'DurationSeconds' => duration.to_s
+        }
+        params.merge!({'Policy' => policy.serialize}) if policy
+
+        body = do_request(params)
+        doc = parse_xml(body)
+
+        creds_node = doc.at_css("Credentials")
+        creds = {
+          session_name: session,
+          access_key_id: get_node_text(creds_node, 'AccessKeyId'),
+          access_key_secret: get_node_text(creds_node, 'AccessKeySecret'),
+          security_token: get_node_text(creds_node, 'SecurityToken'),
+          expiration: get_node_text(
+            creds_node, 'Expiration') { |x| Time.parse(x) },
+        }
+
+        logger.info("Done assume role, creds: #{creds}")
+
+        Token.new(creds)
+      end
+
+      private
+      # Generate a random signature nonce
+      # @return [String] a random string
+      def signature_nonce
+        (rand * 1_000_000_000).to_s
+      end
+
+      # Do HTTP POST request with specified params
+      # @param params [Hash] the parameters to STS
+      # @return [String] the response body
+      # @raise [ServerError] raise errors if the server responds with errors
+      def do_request(params)
+        query = params.merge(
+          {'Format' => FORMAT,
+           'Version' => API_VERSION,
+           'AccessKeyId' => @config.access_key_id,
+           'SignatureMethod' => SIGNATURE_METHOD,
+           'SignatureVersion' => SIGNATURE_VERSION,
+           'SignatureNonce' => signature_nonce,
+           'Timestamp' => Time.now.utc.iso8601})
+
+        signature = Util.get_signature('POST', query, @config.access_key_secret)
+        query.merge!({'Signature' => signature})
+
+        r = RestClient::Request.execute(
+          :method => 'POST',
+          :url => ENDPOINT,
+          :payload => query
+        ) do |response, request, result, &blk|
+
+          if response.code >= 300
+            e = ServerError.new(response)
+            logger.error(e.to_s)
+            raise e
+          else
+            response.return!(request, result, &blk)
+          end
+        end
+
+        logger.debug("Received HTTP response, code: #{r.code}, headers: "\
+                     "#{r.headers}, body: #{r.body}")
+        r.body
+      end
+
+      # Parse body content to xml document
+      # @param content [String] the xml content
+      # @return [Nokogiri::XML::Document] the parsed document
+      def parse_xml(content)
+        doc = Nokogiri::XML(content) do |config|
+          config.options |= Nokogiri::XML::ParseOptions::NOBLANKS
+        end
+
+        doc
+      end
+
+      # Get the text of a xml node
+      # @param node [Nokogiri::XML::Node] the xml node
+      # @param tag [String] the node tag
+      # @yield [String] the node text is given to the block
+      def get_node_text(node, tag, &block)
+        n = node.at_css(tag) if node
+        value = n.text if n
+        block && value ? yield(value) : value
+      end
+
+    end # Protocol
+  end # STS
+end # Aliyun

data/lib/aliyun/sts/struct.rb

@@ -0,0 +1,64 @@
+# -*- encoding: utf-8 -*-
+
+require 'json'
+require 'cgi'
+
+module Aliyun
+  module STS
+
+    # STS Policy. Referer to
+    # https://help.aliyun.com/document_detail/ram/ram-user-guide/policy_reference/struct_def.html for details.
+    class Policy < Common::Struct::Base
+      VERSION = '1'
+
+      attrs :rules
+
+      # Add an 'Allow' rule
+      # @param actions [Array<String>] actions of the rule. e.g.:
+      #  oss:GetObject, oss:Get*, oss:*
+      # @param resources [Array<String>] resources of the rule. e.g.:
+      #  acs:oss:*:*:my-bucket, acs:oss:*:*:my-bucket/*, acs:oss:*:*:*
+      def allow(actions, resources)
+        add_rule(true, actions, resources)
+      end
+
+      # Add an 'Deny' rule
+      # @param actions [Array<String>] actions of the rule. e.g.:
+      #  oss:GetObject, oss:Get*, oss:*
+      # @param resources [Array<String>] resources of the rule. e.g.:
+      #  acs:oss:*:*:my-bucket, acs:oss:*:*:my-bucket/*, acs:oss:*:*:*
+      def deny(actions, resources)
+        add_rule(false, actions, resources)
+      end
+
+      # Serialize to rule to string
+      def serialize
+        {'Version' => VERSION, 'Statement' => @rules}.to_json
+      end
+
+      private
+      def add_rule(allow, actions, resources)
+        @rules ||= []
+        @rules << {
+          'Effect' => allow ? 'Allow' : 'Deny',
+          'Action' => actions,
+          'Resource' => resources
+        }
+      end
+    end
+
+    # STS token. User may use the credentials included to access
+    # Alicloud resources(OSS, OTS, etc).
+    # Attributes:
+    # * access_key_id [String] the AccessKeyId
+    # * access_key_secret [String] the AccessKeySecret
+    # * security_token [String] the SecurityToken
+    # * expiration [Time] the time when the token will be expired
+    # * session_name [String] the session name for this token
+    class Token < Common::Struct::Base
+      attrs :access_key_id, :access_key_secret,
+            :security_token, :expiration, :session_name
+    end
+
+  end # STS
+end # Aliyun