RubyGems - aliyun-sdk - Versions diffs - 0.4.0 → 0.4.1 - Mend

aliyun-sdk 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/lib/aliyun/oss/bucket.rb +26 -10
data/lib/aliyun/oss/protocol.rb +6 -0
data/lib/aliyun/oss/util.rb +2 -2
data/lib/aliyun/sts/config.rb +2 -1
data/lib/aliyun/sts/protocol.rb +1 -1
data/lib/aliyun/version.rb +1 -1
data/spec/aliyun/oss/client/bucket_spec.rb +24 -0
data/tests/config.rb +16 -0
data/tests/test_object_url.rb +69 -0
metadata +6 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3351c07de0b29f43528b3bcb1a3ce7acae4cd9be
-  data.tar.gz: e748094c575c5f22e775723d88794c92f2819d3b
+  metadata.gz: 4d2294b9c0a613bb98a3b888d820be1e0c2ecff3
+  data.tar.gz: 2891c2c8687b498e2c404b4637709088975440e9
 SHA512:
-  metadata.gz: 7ca9fac250cd61d7f9adee1012e033e29a5eeecd5c890f795b0bfb3be4e1094475eb10fcf976e78b3d1662ba8b1046329698375928495c620762bb56228a6714
-  data.tar.gz: d5a21aea9411798f93e44f45142abb488c67c4ec06c4b0ff7382cac289862fddac10976f488e9aac59a441b8e2528d9e6844614dd2e95b21d1cb092c09cdffaf
+  metadata.gz: e1ea89fa4af2f7f46a78ada3fda39e7ff491ad7feecc4f8e056791e93f411a403db25076c3bf42a2e2f227e2de7f59e8daf78ee426249d70e6b4182664602ddc
+  data.tar.gz: 61abb3e86fc538213d70826bf2bde4c3e6dbfa47c8cdbd0c5c9eb271359f366930f23c68cc314dcb10cb18c5619fcc140dcebab87c7aa247bf228834a79056b6

data/CHANGELOG.md CHANGED

@@ -1,5 +1,9 @@
 ## Change Log
+### v0.4.1 / 2016-07-19
+- Support signature object url with STS
 ### v0.4.0 / 2016-05-19
 - Enable copy objects of different buckets(but in the same region)

data/lib/aliyun/oss/bucket.rb CHANGED

@@ -595,17 +595,33 @@ module Aliyun
         return url unless sign
         expires = Time.now.to_i + expiry
-        string_to_sign = "GET\n" +
-                         "\n\n" +
-                         "#{expires}\n" +
-                         "/#{name}/#{key}"
-        signature = sign(string_to_sign)
-        query_string = {
+        query = {
           'Expires' => expires.to_s,
-          'OSSAccessKeyId' => CGI.escape(access_key_id),
-          'Signature' => CGI.escape(signature)
-        }.map { |k, v| "#{k}=#{v}" }.join('&')
+          'OSSAccessKeyId' => CGI.escape(access_key_id)
+        }
+        sub_res = []
+        if @protocol.get_sts_token
+          sub_res << "security-token=#{@protocol.get_sts_token}"
+          query['security-token'] = CGI.escape(@protocol.get_sts_token)
+        end
+        resource = "/#{name}/#{key}"
+        unless sub_res.empty?
+          resource << "?#{sub_res.join('&')}"
+        end
+        string_to_sign = "" <<
+                         "GET\n" << # method
+                         "\n" <<    # Content-MD5
+                         "\n" <<    # Content-Type
+                         "#{expires}\n" <<
+                         "#{resource}"
+        signature = sign(string_to_sign)
+        query_string =
+          query.merge('Signature' => CGI.escape(signature))
+          .map { |k, v| "#{k}=#{v}" }.join('&')
         [url, query_string].join('?')
       end

data/lib/aliyun/oss/protocol.rb CHANGED

@@ -1365,6 +1365,12 @@ module Aliyun
         @config.access_key_id
       end
+      # Get user's STS token
+      # @return [String] the STS token
+      def get_sts_token
+        @config.sts_token
+      end
       # Sign a string using the stored access key secret
       # @param [String] string_to_sign the string to sign
       # @return [String] the signature

data/lib/aliyun/oss/util.rb CHANGED

@@ -41,8 +41,6 @@ module Aliyun
             "#{verb}\n#{content_md5}\n#{content_type}\n#{date}\n" +
             "#{cano_headers}#{cano_res}"
-          logger.debug("String to sign: #{string_to_sign}")
           Util.sign(key, string_to_sign)
         end
@@ -51,6 +49,8 @@ module Aliyun
         # @param [String] string_to_sign the string to sign
         # @return [String] the signature
         def sign(key, string_to_sign)
+          logger.debug("String to sign: #{string_to_sign}")
           Base64.strict_encode64(
             OpenSSL::HMAC.digest('sha1', key, string_to_sign))
         end

data/lib/aliyun/sts/config.rb CHANGED

@@ -7,13 +7,14 @@ module Aliyun
     # timeout, retry mechanism, etc
     class Config < Common::Struct::Base
-      attrs :access_key_id, :access_key_secret
+      attrs :access_key_id, :access_key_secret, :endpoint
       def initialize(opts = {})
         super(opts)
         @access_key_id = @access_key_id.strip if @access_key_id
         @access_key_secret = @access_key_secret.strip if @access_key_secret
+        @endpoint = @endpoint.strip if @endpoint
       end
     end # Config

data/lib/aliyun/sts/protocol.rb CHANGED

@@ -86,7 +86,7 @@ module Aliyun
         r = RestClient::Request.execute(
           :method => 'POST',
-          :url => ENDPOINT,
+          :url => @config.endpoint || ENDPOINT,
           :payload => query
         ) do |response, request, result, &blk|

data/lib/aliyun/version.rb CHANGED

@@ -2,6 +2,6 @@
 module Aliyun
-    VERSION = "0.4.0"
+    VERSION = "0.4.1"
 end # Aliyun

data/spec/aliyun/oss/client/bucket_spec.rb CHANGED

@@ -466,6 +466,30 @@ module Aliyun
           sig = Util.sign('yyy', string_to_sign)
           expect(signature).to eq(sig)
         end
+        it "should get object url with STS" do
+          sts_bucket = Client.new(
+            :endpoint => @endpoint,
+            :access_key_id => 'xxx',
+            :access_key_secret => 'yyy',
+            :sts_token => 'zzz').get_bucket(@bucket_name)
+          object_url = 'http://rubysdk-bucket.oss-cn-hangzhou.aliyuncs.com/yeah'
+          url = sts_bucket.object_url('yeah')
+          path = url[0, url.index('?')]
+          expect(path).to eq(object_url)
+          query = {}
+          url[url.index('?') + 1, url.size].split('&')
+            .each { |s| k, v = s.split('='); query[k] = v }
+          expect(query.key?('Expires')).to be true
+          expect(query.key?('Signature')).to be true
+          expect(query['OSSAccessKeyId']).to eq('xxx')
+          expect(query['security-token']).to eq('zzz')
+        end
       end # object operations
       context "multipart operations" do

data/tests/config.rb CHANGED

@@ -11,5 +11,21 @@ class TestConf
     def bucket
       ENV['RUBY_SDK_OSS_BUCKET']
     end
+    def sts_creds
+      {
+        access_key_id: ENV['RUBY_SDK_STS_ID'],
+        access_key_secret: ENV['RUBY_SDK_STS_KEY'],
+        endpoint: ENV['RUBY_SDK_STS_ENDPOINT']
+      }
+    end
+    def sts_role
+      ENV['RUBY_SDK_STS_ROLE']
+    end
+    def sts_bucket
+      ENV['RUBY_SDK_STS_BUCKET']
+    end
   end
 end

data/tests/test_object_url.rb ADDED

@@ -0,0 +1,69 @@
+require 'minitest/autorun'
+require 'yaml'
+$LOAD_PATH.unshift(File.expand_path("../../lib", __FILE__))
+require 'aliyun/oss'
+require 'aliyun/sts'
+require 'rest-client'
+require_relative 'config'
+class TestObjectUrl < Minitest::Test
+  def setup
+    Aliyun::Common::Logging.set_log_level(Logger::DEBUG)
+    client = Aliyun::OSS::Client.new(TestConf.creds)
+    @bucket = client.get_bucket(TestConf.bucket)
+    @prefix = "tests/object_url/"
+  end
+  def get_key(k)
+    "#{@prefix}#{k}"
+  end
+  def test_signed_url_for_get
+    key = get_key('object-for-get')
+    @bucket.put_object(key, acl: Aliyun::OSS::ACL::PRIVATE)
+    plain_url = @bucket.object_url(key, false)
+    begin
+      r = RestClient.get(plain_url)
+      assert false, 'GET plain object url should receive 403'
+    rescue => e
+      assert_equal 403, e.response.code
+    end
+    signed_url = @bucket.object_url(key)
+    r = RestClient.get(signed_url)
+    assert_equal 200, r.code
+  end
+  def test_signed_url_with_sts
+    key = get_key('object-with-sts')
+    sts_client = Aliyun::STS::Client.new(TestConf.sts_creds)
+    token = sts_client.assume_role(TestConf.sts_role, 'app')
+    bucket = Aliyun::OSS::Client.new(
+      :endpoint => TestConf.creds[:endpoint],
+      :sts_token => token.security_token,
+      :access_key_id => token.access_key_id,
+      :access_key_secret => token.access_key_secret)
+             .get_bucket(TestConf.sts_bucket)
+    bucket.put_object(key, acl: Aliyun::OSS::ACL::PRIVATE)
+    plain_url = bucket.object_url(key, false)
+    begin
+      r = RestClient.get(plain_url)
+      assert false, 'GET plain object url should receive 403'
+    rescue => e
+      assert_equal 403, e.response.code
+    end
+    signed_url = bucket.object_url(key)
+    r = RestClient.get(signed_url)
+    assert_equal 200, r.code
+  end
+end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aliyun-sdk
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors:
 - Tianlong Wu
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-05-19 00:00:00.000000000 Z
+date: 2016-07-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: 0.10.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: 0.10.0
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -188,6 +188,7 @@ files:
 - tests/test_multipart.rb
 - tests/test_object_acl.rb
 - tests/test_object_key.rb
+- tests/test_object_url.rb
 - tests/test_resumable.rb
 homepage: https://github.com/aliyun/aliyun-oss-ruby-sdk
 licenses:
@@ -235,5 +236,6 @@ test_files:
 - tests/test_multipart.rb
 - tests/test_object_acl.rb
 - tests/test_object_key.rb
+- tests/test_object_url.rb
 - tests/test_resumable.rb
 has_rdoc: