From 5705b07ff55108e5ef0357c76e76a0f4819ddbb9 Mon Sep 17 00:00:00 2001
From: zhuxiaolong37 <85101990+zhuxiaolong37@users.noreply.github.com>
Date: Tue, 29 Jun 2021 11:34:37 +0800
Subject: [PATCH 1/2] Dev 2106 (#282)

* add transfer acceleration
---
 oss2/api.py                                | 28 +++++++++++++
 oss2/auth.py                               |  2 +-
 oss2/exceptions.py                         |  3 ++
 oss2/models.py                             | 11 +++++
 oss2/xml_utils.py                          | 10 +++++
 tests/test_bucket_transfer_acceleration.py | 17 ++++++++
 unittests/test_bucket.py                   | 49 ++++++++++++++++++++++
 7 files changed, 119 insertions(+), 1 deletion(-)
 create mode 100644 tests/test_bucket_transfer_acceleration.py

diff --git a/oss2/api.py b/oss2/api.py
index a9994713..a11396ec 100644
--- a/oss2/api.py
+++ b/oss2/api.py
@@ -397,6 +397,7 @@ class Bucket(_Base):
     REPLICATION = "replication"
     REPLICATION_LOCATION = 'replicationLocation'
     REPLICATION_PROGRESS = 'replicationProgress'
+    TRANSFER_ACCELERATION = 'transferAcceleration'
 
 
     def __init__(self, auth, endpoint, bucket_name,
@@ -2492,6 +2493,33 @@ def _get_bucket_config(self, config):
         logger.debug("Get bucket config done, req_id: {0}, status_code: {1}".format(resp.request_id, resp.status))
         return resp
 
+    def put_bucket_transfer_acceleration(self, enabled):
+        """为存储空间（Bucket）配置传输加速
+
+        :param str enabled : 是否开启传输加速。true：开启传输加速; false：关闭传输加速.
+        :return: :class:`RequestResult <oss2.models.RequestResult>`
+        """
+        logger.debug("Start to bucket transfer acceleration, bucket: {0}, enabled: {1}."
+                     .format(self.bucket_name, enabled))
+        data = xml_utils.to_put_bucket_transfer_acceleration(enabled)
+        headers = http.CaseInsensitiveDict()
+        headers['Content-MD5'] = utils.content_md5(data)
+        resp = self.__do_bucket('PUT', data=data, params={Bucket.TRANSFER_ACCELERATION: ''}, headers=headers)
+        logger.debug("bucket transfer acceleration done, req_id: {0}, status_code: {1}".format(resp.request_id, resp.status))
+
+        return RequestResult(resp)
+
+    def get_bucket_transfer_acceleration(self):
+        """获取目标存储空间（Bucket）的传输加速配置
+
+        :return: :class:`GetBucketReplicationResult <oss2.models.GetBucketReplicationResult>`
+        """
+        logger.debug("Start to get bucket transfer acceleration: {0}".format(self.bucket_name))
+        resp = self.__do_bucket('GET', params={Bucket.TRANSFER_ACCELERATION: ''})
+        logger.debug("Get bucket transfer acceleration done, req_id: {0}, status_code: {1}".format(resp.request_id, resp.status))
+
+        return self._parse_result(resp, xml_utils.parse_get_bucket_transfer_acceleration_result, GetBucketTransferAccelerationResult)
+
     def __do_object(self, method, key, **kwargs):
         return self._do(method, self.bucket_name, key, **kwargs)
 
diff --git a/oss2/auth.py b/oss2/auth.py
index f756ef20..4e1a6366 100644
--- a/oss2/auth.py
+++ b/oss2/auth.py
@@ -83,7 +83,7 @@ class ProviderAuth(AuthBase):
          'versioning', 'versionId', 'policy', 'requestPayment', 'x-oss-traffic-limit', 'qosInfo', 'asyncFetch',
          'x-oss-request-payer', 'sequential', 'inventory', 'inventoryId', 'continuation-token', 'callback',
          'callback-var', 'worm', 'wormId', 'wormExtend', 'replication', 'replicationLocation',
-         'replicationProgress']
+         'replicationProgress', 'transferAcceleration']
     )
 
     def _sign_request(self, req, bucket_name, key):
diff --git a/oss2/exceptions.py b/oss2/exceptions.py
index cff7d1e6..5638a15b 100644
--- a/oss2/exceptions.py
+++ b/oss2/exceptions.py
@@ -309,6 +309,9 @@ class InvalidWORMConfiguration(ServerError):
     status = 400
     code = 'InvalidWORMConfiguration'
 
+class NoSuchTransferAccelerationConfiguration(ServerError):
+    status = 404
+    code = 'NoSuchTransferAccelerationConfiguration'
 
 def make_exception(resp):
     status = resp.status
diff --git a/oss2/models.py b/oss2/models.py
index 6024f1ea..a26226d2 100644
--- a/oss2/models.py
+++ b/oss2/models.py
@@ -2175,3 +2175,14 @@ class GetBucketReplicationProgressResult(RequestResult):
     def __init__(self, resp):
         super(GetBucketReplicationProgressResult, self).__init__(resp)
         self.progress = None
+
+
+class GetBucketTransferAccelerationResult(RequestResult):
+    """获取目标存储空间（Bucket）的传输加速配置。
+
+    :param enabled: Bucket传输加速状态
+    :type progress: class:`GetBucketTransferAccelerationResult <oss2.models.GetBucketTransferAccelerationResult>`。
+    """
+    def __init__(self, resp):
+        super(GetBucketTransferAccelerationResult, self).__init__(resp)
+        self.enabled = None
diff --git a/oss2/xml_utils.py b/oss2/xml_utils.py
index dcb45ca2..0223e3db 100644
--- a/oss2/xml_utils.py
+++ b/oss2/xml_utils.py
@@ -1694,3 +1694,13 @@ def parse_get_bucket_replication_progress_result(result, body):
 
     result.progress = progress
 
+
+def to_put_bucket_transfer_acceleration(enabled):
+    root = ElementTree.Element('TransferAccelerationConfiguration')
+    _add_text_child(root, 'Enabled', str(enabled))
+    return _node_to_string(root)
+
+
+def parse_get_bucket_transfer_acceleration_result(result, body):
+    root = ElementTree.fromstring(body)
+    result.enabled = _find_tag(root, "Enabled")
diff --git a/tests/test_bucket_transfer_acceleration.py b/tests/test_bucket_transfer_acceleration.py
new file mode 100644
index 00000000..b47b8fd0
--- /dev/null
+++ b/tests/test_bucket_transfer_acceleration.py
@@ -0,0 +1,17 @@
+from .common import *
+
+
+class TestBucketTransferAccelerat(OssTestCase):
+    def test_bucket_transfer_acceleration_normal(self):
+        result = self.bucket.put_bucket_transfer_acceleration('true')
+        self.assertEqual(200, result.status)
+
+        get_result = self.bucket.get_bucket_transfer_acceleration()
+        self.assertEqual('true', get_result.enabled)
+
+    def test_bucket_worm_illegal(self):
+        self.assertRaises(oss2.exceptions.NoSuchTransferAccelerationConfiguration, self.bucket.get_bucket_transfer_acceleration)
+
+
+if __name__ == '__main__':
+    unittest.main()
diff --git a/unittests/test_bucket.py b/unittests/test_bucket.py
index b3ff6c3e..9ad15cfb 100644
--- a/unittests/test_bucket.py
+++ b/unittests/test_bucket.py
@@ -820,6 +820,55 @@ def test_delete_bucket_policy(self, do_request):
 
         self.assertRequest(req_info, request_text)
 
+    @patch('oss2.Session.do_request')
+    def test_put_bucket_transfer_acceleration(self, do_request):
+        request_text = '''PUT /?transferAcceleration HTTP/1.1
+Date: Fri , 30 Apr 2021 13:08:38 GMT
+Content-Length：443
+Host: ming-oss-share.oss-cn-hangzhou.aliyuncs.com
+Authorization: OSS qn6qrrqxo2oawuk53otf****:PYbzsdWAIWAlMW8luk****
+
+<?xml version="1.0" encoding="UTF-8"?>
+<TransferAccelerationConfiguration><Enabled>true</Enabled>
+</TransferAccelerationConfiguration>'''
+
+        response_text = '''HTTP/1.1 200 OK
+x-oss-request-id: 534B371674A4D890****
+Date: Fri , 30 Apr 2021 13:08:38 GMT
+Content-Length: 443
+Connection: keep-alive
+Server: AliyunOSS'''
+
+        req_info = mock_response(do_request, response_text)
+
+        result = bucket().put_bucket_transfer_acceleration('true')
+
+        self.assertRequest(req_info, request_text)
+
+    @patch('oss2.Session.do_request')
+    def test_get_bucket_transfer_acceleration(self, do_request):
+        request_text = '''GET /?transferAcceleration HTTP/1.1
+Date: Fri , 30 Apr 2021 13:08:38 GMT
+Content-Length：443
+Host: ming-oss-share.oss-cn-hangzhou.aliyuncs.com
+Authorization: OSS qn6qrrqxo2oawuk53otf****:PYbzsdWAIWAlMW8luk****'''
+
+        response_text = '''HTTP/1.1 200 OK
+x-oss-request-id: 534B371674E88A4D8906****
+Date: Fri , 30 Apr 2021 13:08:38 GMT
+
+<?xml version="1.0" encoding="UTF-8"?>
+<TransferAccelerationConfiguration>
+ <Enabled>true</Enabled>
+</TransferAccelerationConfiguration>'''
+
+        req_info = mock_response(do_request, response_text)
+
+        result = bucket().get_bucket_transfer_acceleration()
+
+        self.assertRequest(req_info, request_text)
+        self.assertEqual(result.enabled, 'true')
+
 
 if __name__ == '__main__':
     unittest.main()

From cc1c40170d4d1303b82e4b0342ea5b1f3852ff18 Mon Sep 17 00:00:00 2001
From: zxl01071856 <zxl01071856@alibaba-inc.com>
Date: Wed, 8 Sep 2021 11:13:08 +0800
Subject: [PATCH 2/2] Modifying the implementation of KMS encryption with STS

---
 oss2/crypto.py | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/oss2/crypto.py b/oss2/crypto.py
index 3d5b9d42..a7b2672a 100644
--- a/oss2/crypto.py
+++ b/oss2/crypto.py
@@ -304,6 +304,7 @@ class AliKMSProvider(BaseCryptoProvider):
 
     def __init__(self, access_key_id, access_key_secret, region, cmk_id, sts_token=None, passphrase=None,
                  cipher=utils.AESCTRCipher(), mat_desc=None):
+        from aliyunsdkcore.auth.credentials import StsTokenCredential
 
         super(AliKMSProvider, self).__init__(cipher=cipher, mat_desc=mat_desc)
         if not isinstance(cipher, utils.AESCTRCipher):
@@ -312,7 +313,8 @@ def __init__(self, access_key_id, access_key_secret, region, cmk_id, sts_token=N
         self.custom_master_key_id = cmk_id
         self.sts_token = sts_token
         self.context = '{"x-passphrase":"' + passphrase + '"}' if passphrase else ''
-        self.kms_client = client.AcsClient(access_key_id, access_key_secret, region)
+        credential = StsTokenCredential(access_key_id, access_key_secret, sts_token)
+        self.kms_client = client.AcsClient(region_id=region, credential=credential)
 
     def get_key(self):
         plain_key, encrypted_key = self.__generate_data_key()
@@ -357,8 +359,6 @@ def __generate_data_key(self):
         req.set_KeySpec('AES_256')
         req.set_NumberOfBytes(32)
         req.set_EncryptionContext(self.context)
-        if self.sts_token:
-            req.set_STSToken(self.sts_token)
 
         resp = self.__do(req)
 
@@ -372,8 +372,6 @@ def __encrypt_data(self, data):
         req.set_KeyId(self.custom_master_key_id)
         req.set_Plaintext(data)
         req.set_EncryptionContext(self.context)
-        if self.sts_token:
-            req.set_STSToken(self.sts_token)
 
         resp = self.__do(req)
 
@@ -386,8 +384,6 @@ def __decrypt_data(self, data):
         req.set_method(method_type.POST)
         req.set_CiphertextBlob(data)
         req.set_EncryptionContext(self.context)
-        if self.sts_token:
-            req.set_STSToken(self.sts_token)
 
         resp = self.__do(req)
         return resp['Plaintext']