aliyun-sdk 0.1.8 → 0.2.0

data/lib/aliyun/sts/util.rb

@@ -0,0 +1,48 @@
+# -*- encoding: utf-8 -*-
+
+require 'time'
+require 'cgi'
+require 'base64'
+require 'openssl'
+require 'digest/md5'
+
+module Aliyun
+  module STS
+    ##
+    # Util functions to help generate formatted Date, signatures,
+    # etc.
+    #
+    module Util
+
+      class << self
+
+        include Common::Logging
+
+        # Calculate request signatures
+        def get_signature(verb, params, key)
+          logger.debug("Sign, verb: #{verb}, params: #{params}")
+
+          cano_query = params.sort.map {
+            |k, v| [CGI.escape(k), CGI.escape(v)].join('=') }.join('&')
+
+          string_to_sign =
+            verb + '&' + CGI.escape('/') + '&' + CGI.escape(cano_query)
+
+          logger.debug("String to sign: #{string_to_sign}")
+
+          Util.sign(key + '&', string_to_sign)
+        end
+
+        # Sign a string using HMAC and BASE64
+        # @param [String] key the secret key
+        # @param [String] string_to_sign the string to sign
+        # @return [String] the signature
+        def sign(key, string_to_sign)
+          Base64.strict_encode64(
+            OpenSSL::HMAC.digest('sha1', key, string_to_sign))
+        end
+
+      end # self
+    end # Util
+  end # STS
+end # Aliyun

data/lib/aliyun/{oss/version.rb → version.rb}

@@ -1,9 +1,7 @@
 # -*- encoding: utf-8 -*-
 
 module Aliyun
-  module OSS
 
-    VERSION = "0.1.8"
+    VERSION = "0.2.0"
 
-  end # OSS
 end # Aliyun

data/spec/aliyun/oss/client/client_spec.rb

@@ -14,12 +14,14 @@ module Aliyun
           endpoint = 'oss-cn-hangzhou.aliyuncs.com'
           client = Client.new(
             :endpoint => endpoint,
-            :access_key_id => 'xxx ', :access_key_secret => '  yyy ')
+            :access_key_id => 'xxx ', :access_key_secret => '  yyy ',
+            :sts_token => 'sts-token')
 
           config = client.instance_variable_get('@config')
           expect(config.endpoint.to_s).to eq("http://#{endpoint}")
           expect(config.access_key_id).to eq('xxx')
           expect(config.access_key_secret).to eq('yyy')
+          expect(config.sts_token).to eq('sts-token')
         end
 
         it "should not set Authorization with anonymous client" do
@@ -37,6 +39,24 @@ module Aliyun
             .with{ |req| not req.headers.has_key?('Authorization') }
         end
 
+        it "should set STS header" do
+          endpoint = 'oss-cn-hangzhou.aliyuncs.com'
+          bucket = 'rubysdk-bucket'
+          object = 'rubysdk-object'
+          client = Client.new(
+            :endpoint => endpoint,
+            :access_key_id => 'xxx', :access_key_secret => 'yyy',
+            :sts_token => 'sts-token')
+
+          stub_request(:get, "#{bucket}.#{endpoint}/#{object}")
+
+          client.get_bucket(bucket).get_object(object) {}
+
+          expect(WebMock)
+            .to have_requested(:get, "#{bucket}.#{endpoint}/#{object}")
+            .with{ |req| not req.headers.has_key?('x-oss-security-token') }
+        end
+
         it "should construct different client" do
           bucket = 'rubysdk-bucket'
           object = 'rubysdk-object'

data/spec/aliyun/sts/client_spec.rb

@@ -0,0 +1,150 @@
+require 'spec_helper'
+require 'yaml'
+require 'nokogiri'
+
+module Aliyun
+  module STS
+
+    describe Client do
+
+      context "construct" do
+        it "should setup a/k" do
+          client = Client.new(
+            :access_key_id => 'xxx', :access_key_secret => 'yyy')
+
+          config = client.instance_variable_get('@config')
+          expect(config.access_key_id).to eq('xxx')
+          expect(config.access_key_secret).to eq('yyy')
+        end
+      end
+
+      def mock_sts(id, key, token, expiration)
+        Nokogiri::XML::Builder.new do |xml|
+          xml.AssumeRoleResponse {
+            xml.RequestId '0000'
+            xml.AssumedRoleUser {
+              xml.arn 'arn-001'
+              xml.AssumedRoleUserId 'id-001'
+            }
+            xml.Credentials {
+              xml.AccessKeyId id
+              xml.AccessKeySecret key
+              xml.SecurityToken token
+              xml.Expiration expiration.utc.iso8601
+            }
+          }
+        end.to_xml
+      end
+
+      def mock_error(code, message)
+        Nokogiri::XML::Builder.new do |xml|
+          xml.Error {
+            xml.Code code
+            xml.Message message
+            xml.RequestId '0000'
+          }
+        end.to_xml
+      end
+
+      def err(msg, reqid = '0000')
+        "#{msg} RequestId: #{reqid}"
+      end
+
+      before :all do
+        @url = 'https://sts.aliyuncs.com'
+        @client = Client.new(access_key_id: 'xxx', access_key_secret: 'yyy')
+      end
+
+      context "assume role" do
+        it "should assume role" do
+          expiration = Time.parse(Time.now.utc.iso8601)
+
+          stub_request(:post, @url)
+            .to_return(:body => mock_sts(
+                         'sts_id', 'sts_key', 'sts_token', expiration))
+
+          token = @client.assume_role('role-1', 'app-1')
+
+          rbody = nil
+          expect(WebMock).to have_requested(:post, @url)
+                              .with { |req| rbody = req.body }
+          params = rbody.split('&').reduce({}) { |h, i|
+            v = i.split('=')
+            h.merge({v[0] => v[1]})
+          }
+          expect(params['Action']).to eq('AssumeRole')
+          expect(params['RoleArn']).to eq('role-1')
+          expect(params['RoleSessionName']).to eq('app-1')
+          expect(params['DurationSeconds']).to eq('3600')
+          expect(params['Format']).to eq('XML')
+          expect(params['Version']).to eq('2015-04-01')
+          expect(params['AccessKeyId']).to eq('xxx')
+          expect(params.key?('Signature')).to be true
+          expect(params.key?('SignatureNonce')).to be true
+          expect(params['SignatureMethod']).to eq('HMAC-SHA1')
+
+          expect(token.access_key_id).to eq('sts_id')
+          expect(token.access_key_secret).to eq('sts_key')
+          expect(token.security_token).to eq('sts_token')
+          expect(token.expiration).to eq(expiration)
+        end
+
+        it "should raise error" do
+          code = "InvalidParameter"
+          message = "Bla bla bla."
+
+          stub_request(:post, @url)
+            .to_return(:status => 400,
+                       :body => mock_error(code, message))
+
+
+          expect {
+            @client.assume_role('role-1', 'app-1')
+          }.to raise_error(ServerError, err(message))
+
+        end
+
+        it "should set policy and duration" do
+          expiration = Time.parse(Time.now.utc.iso8601)
+
+          stub_request(:post, @url)
+            .to_return(:body => mock_sts(
+                         'sts_id', 'sts_key', 'sts_token', expiration))
+
+          policy = Policy.new
+          policy.allow(
+            ['oss:Get*', 'oss:PutObject'],
+            ['acs:oss:*:*:bucket', 'acs::oss:*:*:bucket/*'])
+          duration = 300
+          token = @client.assume_role('role-1', 'app-1', policy, duration)
+
+          rbody = nil
+          expect(WebMock).to have_requested(:post, @url)
+                              .with { |req| rbody = req.body }
+          params = rbody.split('&').reduce({}) { |h, i|
+            v = i.split('=')
+            h.merge({v[0] => CGI.unescape(v[1])})
+          }
+          expect(params['Action']).to eq('AssumeRole')
+          expect(params['RoleArn']).to eq('role-1')
+          expect(params['RoleSessionName']).to eq('app-1')
+          expect(params['DurationSeconds']).to eq('300')
+          expect(params['Format']).to eq('XML')
+          expect(params['Version']).to eq('2015-04-01')
+          expect(params['AccessKeyId']).to eq('xxx')
+          expect(params.key?('Signature')).to be true
+          expect(params.key?('SignatureNonce')).to be true
+          expect(params['SignatureMethod']).to eq('HMAC-SHA1')
+          expect(params['Policy']).to eq(policy.serialize)
+
+          expect(token.access_key_id).to eq('sts_id')
+          expect(token.access_key_secret).to eq('sts_key')
+          expect(token.security_token).to eq('sts_token')
+          expect(token.expiration).to eq(expiration)
+        end
+      end
+
+    end # Client
+
+  end # OSS
+end # Aliyun

data/spec/aliyun/sts/util_spec.rb

@@ -0,0 +1,39 @@
+# -*- encoding: utf-8 -*-
+
+require 'spec_helper'
+require 'yaml'
+require 'nokogiri'
+
+module Aliyun
+  module STS
+
+    describe Util do
+
+      it "should get correct signature" do
+        key = 'helloworld'
+        ts = '2015-12-07T07:18:41Z'
+
+        params = {
+          'Action' => 'AssumeRole',
+          'RoleArn' => 'role-1',
+          'RoleSessionName' => 'app-1',
+          'DurationSeconds' => '300',
+          'Format' => 'XML',
+          'Version' => '2015-04-01',
+          'AccessKeyId' => 'xxx',
+          'SignatureMethod' => 'HMAC-SHA1',
+          'SignatureVersion' => '1.0',
+          'SignatureNonce' => '3.14159',
+          'Timestamp' => ts
+        }
+
+        signature = Util.get_signature('POST', params, key)
+        expect(signature).to eq("92ta30QopCT4YTbRCaWtS31kyeg=")
+
+        signature = Util.get_signature('GET', params, key)
+        expect(signature).to eq("nvMmnOSxGrfK+1zf0oFR5RB2M7k=")
+      end
+
+    end # Util
+  end # OSS
+end # Aliyun

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aliyun-sdk
 version: !ruby/object:Gem::Version
-  version: 0.1.8
+  version: 0.2.0
 platform: ruby
 authors:
 - Tianlong Wu
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-03 00:00:00.000000000 Z
+date: 2015-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -124,6 +124,12 @@ files:
 - examples/aliyun/oss/resumable_download.rb
 - examples/aliyun/oss/resumable_upload.rb
 - examples/aliyun/oss/streaming.rb
+- examples/aliyun/oss/using_sts.rb
+- examples/aliyun/sts/assume_role.rb
+- lib/aliyun/common.rb
+- lib/aliyun/common/exception.rb
+- lib/aliyun/common/logging.rb
+- lib/aliyun/common/struct.rb
 - lib/aliyun/oss.rb
 - lib/aliyun/oss/bucket.rb
 - lib/aliyun/oss/client.rb
@@ -132,14 +138,20 @@ files:
 - lib/aliyun/oss/exception.rb
 - lib/aliyun/oss/http.rb
 - lib/aliyun/oss/iterator.rb
-- lib/aliyun/oss/logging.rb
 - lib/aliyun/oss/multipart.rb
 - lib/aliyun/oss/object.rb
 - lib/aliyun/oss/protocol.rb
 - lib/aliyun/oss/struct.rb
 - lib/aliyun/oss/upload.rb
 - lib/aliyun/oss/util.rb
-- lib/aliyun/oss/version.rb
+- lib/aliyun/sts.rb
+- lib/aliyun/sts/client.rb
+- lib/aliyun/sts/config.rb
+- lib/aliyun/sts/exception.rb
+- lib/aliyun/sts/protocol.rb
+- lib/aliyun/sts/struct.rb
+- lib/aliyun/sts/util.rb
+- lib/aliyun/version.rb
 - spec/aliyun/oss/bucket_spec.rb
 - spec/aliyun/oss/client/bucket_spec.rb
 - spec/aliyun/oss/client/client_spec.rb
@@ -150,6 +162,8 @@ files:
 - spec/aliyun/oss/object_spec.rb
 - spec/aliyun/oss/service_spec.rb
 - spec/aliyun/oss/util_spec.rb
+- spec/aliyun/sts/client_spec.rb
+- spec/aliyun/sts/util_spec.rb
 - tests/test_content_type.rb
 - tests/test_encoding.rb
 - tests/test_large_file.rb
@@ -191,9 +205,12 @@ test_files:
 - spec/aliyun/oss/object_spec.rb
 - spec/aliyun/oss/service_spec.rb
 - spec/aliyun/oss/util_spec.rb
+- spec/aliyun/sts/client_spec.rb
+- spec/aliyun/sts/util_spec.rb
 - tests/test_content_type.rb
 - tests/test_encoding.rb
 - tests/test_large_file.rb
 - tests/test_multipart.rb
 - tests/test_object_key.rb
 - tests/test_resumable.rb
+has_rdoc: