Cloud Design Pattern - Valet Key Pattern

1.前言

前一篇我们讨论了云计算设计模式之节流模式,了解了如何通过设定系统的资源消耗阀值来控制资源使用率及如何快速弹性扩容.这一篇我们了解下如何控制对应用程序依赖但不受应用程序控制的资源的访问.在静态资源托管模式中,我们把应用所依赖的某些静态部分存储在云存储中,通过存储服务进行读取,这时候我们就需要设计一种机制来确保云存储中资源的访问都是经过应用程序授权的.

2.概念

在前言中其实已经道出了Valet key模式的核心思想,那就是通过应用程序的授权机制,确保用户对不通过应用程序进行加载的资源的访问都是经过授权的合法访问.这种问题的解决方案是如何运作的呢?下图很好地展示了这种解决方案!

这种方式的根本目的在于限制用户对资源的访问的时间和范围,即用户只在这一次访问中对特定的某些资源有访问权限.这种模式能够大量简化用户的授权,角色的管理,权限的移除等等.

3.需要考虑的问题

1) 管理认证的状态及key的周期

2) 控制访问资源的key的级别

3) 如何控制用户的行为

4) 校验和数据过滤

5) 对所有操作的审核

6) key的安全传送

7) 保护敏感数据

4.何时使用

关于何时使用这种模式,官方给出了以下几点建议:

1）如果需要最小化静态资源下载,从而提升性能,并且对扩展性也有相应的要求

2）最小化操作的费用

3）数据存储在分布在不同的数据中心

5.Example

Micresoft Azure Storage 支持Shared Access Signatures (SAS)机制,可以对blob,table,queue进行这种控制.SAS token可以配置成对资源的read,write,update,并且可以配置时间限制（某个时间段或者无限制）

public class ValuesController : ApiController
{
  private readonly CloudStorageAccount account;
  private readonly string blobContainer;
  ...
  /// <summary>
  /// Return a limited access key that allows the caller to upload a file 
  /// to this specific destination for a defined period of time.
  /// </summary>
  private StorageEntitySas GetSharedAccessReferenceForUpload(string blobName)
  {
    var blobClient = this.account.CreateCloudBlobClient();
    var container = blobClient.GetContainerReference(this.blobContainer);

    var blob = container.GetBlockBlobReference(blobName);

    var policy = new SharedAccessBlobPolicy
    {
      Permissions = SharedAccessBlobPermissions.Write,

      // Specify a start time five minutes earlier to allow for client clock skew.
      SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5),

      // Specify a validity period of five minutes starting from now. 
      SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(5)
    };

    // Create the signature. 
    var sas = blob.GetSharedAccessSignature(policy);

    return new StorageEntitySas
    {
      BlobUri = blob.Uri,
      Credentials = sas,
      Name = blobName
    };
  }

  public struct StorageEntitySas
  {
    public string Credentials;
    public Uri BlobUri;
    public string Name;
  }
}

上面的代码演示了这种模式的实现,Azure对这方面的支持都是基于这种模式来实现的.

6.相关阅读

The following patterns and guidance may also be relevant when implementing this pattern:

• Gatekeeper Pattern. This pattern can be used in conjunction with the Valet Key pattern to protect applications and services by using a dedicated host instance that acts as a broker between clients and the application or service. The gatekeeper validates and sanitizes requests, and passes requests and data between the client and the application. This pattern can provide an additional layer of security, and reduce the attack surface of the system.
• Static Content Hosting Pattern. This pattern describes how to deploy static resources to a cloud-based storage service that can deliver these resources directly to the client in order to reduce the requirement for expensive compute instances. Where the resources are not intended to be publicly available, the Valet Key pattern can be used to secure them.

• The article Introducing Table SAS (Shared Access Signature), Queue SAS and update to Blob SAS on the Azure Storage Team blog.
• Shared Access Signatures, Part 1: Understanding the SAS Model on MSDN.
• Shared Access Signature Authentication with Service Bus on MSDN.