searchusermenu
  • 发布文章
  • 消息中心
点赞
收藏
评论
分享
原创

对象存储通过s3接口验证桶/文件读写权限

2023-05-19 03:12:34
112
0
from boto3.session import Session
import datetime
#该方法验证桶的权限,桶的创建者针对私有可读可读写的桶都具备查看桶中文件的权限,可以删除桶。非owner,私有的无法访问,可读的只能读取桶中文件列表,无法修改桶,可读写的可以读取桶中文件列表,可以修改桶
def test_lb(bname):
access_key = "xxxxxxxxxxxxxxxxx" #ak
secret_key = "xxxxxxxxxxxxxxxxxxxxx"#sk
url = "xxxxxxxxx"#云服务提供商的对象存储服务的外网地址
session = Session(access_key, secret_key)
s3_client = session.client("s3", endpoint_url=url)
response = s3_client.list_objects(Bucket=bname, MaxKeys=100)
for obj in response["Contents"]:#验证可读
print('object: %s Size: %s Owner: %s' %(obj["Key"], obj["Size"], obj['Owner']['DisplayName']))
response = s3_client.delete_bucket(Bucket=bname)#验证可写
print("result"+response)
#该方法验证文件的权限,桶的创建者对私有可读可读写都可以获取到指定文件信息。非owner,针对私有文件无法获取到文件信息,可读的可以获取到,无法修改文件信息,可读写的可以获取到,可以修改文件信息
def test_ob(bname,key):
access_key = "xxxxxxxxxxxxxx"
secret_key = "xxxxxxxxxxxxxxxxxxxxxxxxx"
url = "xxxxxxxxxx"#云服务提供商的对象存储服务的外网地址
session = Session(access_key, secret_key)
s3_client = session.client("s3", endpoint_url=url)
date = datetime.datetime(2021, 5, 1, 12, 17, 14)
response = s3_client.get_object(#验证文件可读
Bucket=bname, Key=key, IfModifiedSince=date
)
print(response)
response = s3_client.put_object_tagging(#验证文件可写
Bucket=bname,
Key=key,
VersionId='null',
Tagging={
'TagSet': [
{
'Key': 'key-3',
'Value': 'val-3'
}
]
})
print(response)
if __name__ == '__main__':
test_lb('bucket-a198')
test_ob('bucket-9a1a','test2/2.jpeg')
0条评论
0 / 1000
d****n
8文章数
0粉丝数
d****n
8 文章 | 0 粉丝
原创

对象存储通过s3接口验证桶/文件读写权限

2023-05-19 03:12:34
112
0
from boto3.session import Session
import datetime
#该方法验证桶的权限,桶的创建者针对私有可读可读写的桶都具备查看桶中文件的权限,可以删除桶。非owner,私有的无法访问,可读的只能读取桶中文件列表,无法修改桶,可读写的可以读取桶中文件列表,可以修改桶
def test_lb(bname):
access_key = "xxxxxxxxxxxxxxxxx" #ak
secret_key = "xxxxxxxxxxxxxxxxxxxxx"#sk
url = "xxxxxxxxx"#云服务提供商的对象存储服务的外网地址
session = Session(access_key, secret_key)
s3_client = session.client("s3", endpoint_url=url)
response = s3_client.list_objects(Bucket=bname, MaxKeys=100)
for obj in response["Contents"]:#验证可读
print('object: %s Size: %s Owner: %s' %(obj["Key"], obj["Size"], obj['Owner']['DisplayName']))
response = s3_client.delete_bucket(Bucket=bname)#验证可写
print("result"+response)
#该方法验证文件的权限,桶的创建者对私有可读可读写都可以获取到指定文件信息。非owner,针对私有文件无法获取到文件信息,可读的可以获取到,无法修改文件信息,可读写的可以获取到,可以修改文件信息
def test_ob(bname,key):
access_key = "xxxxxxxxxxxxxx"
secret_key = "xxxxxxxxxxxxxxxxxxxxxxxxx"
url = "xxxxxxxxxx"#云服务提供商的对象存储服务的外网地址
session = Session(access_key, secret_key)
s3_client = session.client("s3", endpoint_url=url)
date = datetime.datetime(2021, 5, 1, 12, 17, 14)
response = s3_client.get_object(#验证文件可读
Bucket=bname, Key=key, IfModifiedSince=date
)
print(response)
response = s3_client.put_object_tagging(#验证文件可写
Bucket=bname,
Key=key,
VersionId='null',
Tagging={
'TagSet': [
{
'Key': 'key-3',
'Value': 'val-3'
}
]
})
print(response)
if __name__ == '__main__':
test_lb('bucket-a198')
test_ob('bucket-9a1a','test2/2.jpeg')
文章来自个人专栏
对象存储权限验证
2 文章 | 1 订阅
0条评论
0 / 1000
请输入你的评论
0
0