如何通过Javascript SDK获取amazon S3 bucket的默认加密设置

How to get the default encryption settings of amazon S3 buckets via Javascript SDK

我想使用 javascript 的 AWS SDK 列出我所有 s3 存储桶的默认加密设置(none、AES-256、AWS-KMS)。(2.305)

首先,我使用 listBuckets 获取所有存储桶,然后使用 getBucketEncryption 函数遍历所有存储桶。

我的问题是 getBucketEncryption 是异步的,因此我使用 promises 来等待所有请求的处理。所以我将所有的承诺添加到列表中并使用 Promise.all() 等待它们。最后,当我得到所有结果时,我不知道结果属于哪个桶,因为 getBucketEncryption 没有 return 带有数据的桶名称和承诺可以按任何顺序解析。

我需要以某种方式在 s3.getBucketEncryption 调用周围包装一个 promise,我可以在其中传递存储桶名称,以便稍后进行评估...但是如何?

代码来了:

console.log('Loading function');

const aws = require('aws-sdk');

const s3 = new aws.S3({ apiVersion: '2006-03-01', region: 'eu-west-1' });

function reflect(promise){
    return promise.then(
        function(v){ return {cryptSetting:v, status: "COMPLIANT" }},
        function(e){ return {error:e, status: "NON_COMPLIANT"}});
}

s3.listBuckets({},function(err,data){
    if (err){
        console.log(err, err.stack); // an error occurred
    } 
    else{

        var bucketList = JSON.parse(JSON.stringify(data.Buckets));

        var list = new Array();

        for(let i in bucketList){
            list.push(s3.getBucketEncryption({Bucket: bucketList[i].Name})
            .promise());      
        }   

        Promise.all(list.map(reflect)).then(function(values) {

            for(let i in values){
                // at this point I do not have the bucket name any more
                // because it's not included in the values array
                console.log("Bucketname missing here " + values[i].cryptSetting
                + ' ' + values[i].status);
            }
          });

     }  
});

输出如下所示:

Loading function

Bucketname missing here [object Object] COMPLIANT

Bucketname missing here [object Object] COMPLIANT

Bucketname missing here [object Object] COMPLIANT

Bucketname missing here [object Object] COMPLIANT

Bucketname missing here [object Object] COMPLIANT

Bucketname missing here [object Object] COMPLIANT

Bucketname missing here [object Object] COMPLIANT

Bucketname missing here undefined NON_COMPLIANT

Bucketname missing here undefined NON_COMPLIANT

Bucketname missing here [object Object] COMPLIANT

Bucketname missing here undefined NON_COMPLIANT

好消息.....真的很简单。

values 数组保证与 bucketList 数组一致,无论承诺的顺序如何。

所以bucketList[i]将对应values[i]

s3.listBuckets({}, function(err, data) {
    if (err) {
        console.log(err, err.stack); // an error occurred
    } else {
        var bucketList = JSON.parse(JSON.stringify(data.Buckets));
        var promises = bucketList.map(function(b) {
            return s3.getBucketEncryption({ 'Bucket':b.Name }).promise();
        });
        Promise.all(promises.map(reflect)).then(function(values) {
            for(let i in values) {
                // `values` is guaranteed to be congruous with `bucketList`.
                // ie. `bucketList[i]` corresponds with `values[i]`.
                console.log([bucketList[i].name, values[i].cryptSetting, values[i].status].join(' '));
            }
        });
    }  
});

另一种方法是:

  • reflect 上移到 bucketList.map() 阶段。
  • .bucket 属性.
    • 装饰(在 bucketList.map(...) 闭包中)reflect() 交付的每个 values 
s3.listBuckets({}, function(err, data) {
    if (err) {
        console.log(err, err.stack); // an error occurred
    } else {
        var bucketList = JSON.parse(JSON.stringify(data.Buckets));
        var promises = bucketList.map(function(b) {
            var promise = s3.getBucketEncryption({ 'Bucket':b.Name }).promise();
            return reflect(promise).then(function(value) {
                return Object.assign(value, { 'bucket':b });
            });
        });
        Promise.all(promises).then(function(values) {
            for(let i in values) {
                // each value now has a '.bucket' property.
                console.log([values[i].bucket.name, values[i].cryptSetting, values[i].status].join(' '));
            }
        });
    }
});