def test_region_required_for_sigv4(self): self.signer = RequestSigner(ServiceId('service_name'), None, 'signing_name', 'v4', self.credentials, self.emitter) with self.assertRaises(NoRegionError): self.signer.sign('operation_name', self.request)
def test_destination_region_always_changed(self): # If the user provides a destination region, we will still # override the DesinationRegion with the region_name from # the endpoint object. actual_region = 'us-west-1' operation_model = mock.Mock() operation_model.name = 'CopySnapshot' credentials = Credentials('key', 'secret') event_emitter = HierarchicalEmitter() request_signer = RequestSigner(ServiceId('ec2'), actual_region, 'ec2', 'v4', credentials, event_emitter) request_dict = {} params = { 'SourceRegion': 'us-west-2', 'DestinationRegion': 'us-east-1' } request_dict['body'] = params request_dict['url'] = 'https://ec2.us-west-1.amazonaws.com' request_dict['method'] = 'POST' request_dict['headers'] = {} request_dict['context'] = {} # The user provides us-east-1, but we will override this to # endpoint.region_name, of 'us-west-1' in this case. handlers.inject_presigned_url_ec2(request_dict, request_signer, operation_model) self.assertIn('https://ec2.us-west-2.amazonaws.com?', params['PresignedUrl']) # Always use the DestinationRegion from the endpoint, regardless of # whatever value the user provides. self.assertEqual(params['DestinationRegion'], actual_region)
def setUp(self): super(TestS3PostPresigner, self).setUp() self.request_signer = RequestSigner(ServiceId('service_name'), 'region_name', 'signing_name', 's3v4', self.credentials, self.emitter) self.signer = S3PostPresigner(self.request_signer) self.request_dict = { 'headers': {}, 'url': 'https://s3.amazonaws.com/mybucket', 'body': b'', 'url_path': '/', 'method': 'POST', 'context': {} } self.auth = mock.Mock() self.auth.REQUIRES_REGION = True self.add_auth = mock.Mock() self.auth.return_value.add_auth = self.add_auth self.fixed_credentials = self.credentials.get_frozen_credentials() self.datetime_patch = mock.patch('ibm_botocore.signers.datetime') self.datetime_mock = self.datetime_patch.start() self.fixed_date = datetime.datetime(2014, 3, 10, 17, 2, 55, 0) self.fixed_delta = datetime.timedelta(seconds=3600) self.datetime_mock.datetime.utcnow.return_value = self.fixed_date self.datetime_mock.timedelta.return_value = self.fixed_delta
def setUp(self): self.credentials = Credentials('key', 'secret') self.emitter = mock.Mock() self.emitter.emit_until_response.return_value = (None, None) self.signer = RequestSigner(ServiceId('service_name'), 'region_name', 'signing_name', 'v4', self.credentials, self.emitter) self.fixed_credentials = self.credentials.get_frozen_credentials()
def get_client_args(self, service_model, region_name, is_secure, endpoint_url, verify, credentials, scoped_config, client_config, endpoint_bridge): final_args = self.compute_client_args( service_model, client_config, endpoint_bridge, region_name, endpoint_url, is_secure, scoped_config) service_name = final_args['service_name'] # noqa parameter_validation = final_args['parameter_validation'] endpoint_config = final_args['endpoint_config'] protocol = final_args['protocol'] config_kwargs = final_args['config_kwargs'] s3_config = final_args['s3_config'] partition = endpoint_config['metadata'].get('partition', None) socket_options = final_args['socket_options'] signing_region = endpoint_config['signing_region'] endpoint_region_name = endpoint_config['region_name'] event_emitter = copy.copy(self._event_emitter) signer = RequestSigner( service_model.service_id, signing_region, endpoint_config['signing_name'], endpoint_config['signature_version'], credentials, event_emitter ) config_kwargs['s3'] = s3_config new_config = Config(**config_kwargs) endpoint_creator = EndpointCreator(event_emitter) endpoint = endpoint_creator.create_endpoint( service_model, region_name=endpoint_region_name, endpoint_url=endpoint_config['endpoint_url'], verify=verify, response_parser_factory=self._response_parser_factory, max_pool_connections=new_config.max_pool_connections, proxies=new_config.proxies, timeout=(new_config.connect_timeout, new_config.read_timeout), socket_options=socket_options, client_cert=new_config.client_cert, proxies_config=new_config.proxies_config) serializer = ibm_botocore.serialize.create_serializer( protocol, parameter_validation) response_parser = ibm_botocore.parsers.create_parser(protocol) return { 'serializer': serializer, 'endpoint': endpoint, 'response_parser': response_parser, 'event_emitter': event_emitter, 'request_signer': signer, 'service_model': service_model, 'loader': self._loader, 'client_config': new_config, 'partition': partition, 'exceptions_factory': self._exceptions_factory }
def test_adds_md5_when_s3v2(self): credentials = Credentials('key', 'secret') request_signer = RequestSigner( 's3', 'us-east-1', 's3', 's3', credentials, mock.Mock()) request_dict = {'body': b'bar', 'url': 'https://s3.us-east-1.amazonaws.com', 'method': 'PUT', 'headers': {}} context = self.get_context() handlers.conditionally_calculate_md5( request_dict, request_signer=request_signer, context=context) self.assertTrue('Content-MD5' in request_dict['headers'])
def test_add_md5_raises_error_when_md5_unavailable(self): credentials = Credentials('key', 'secret') request_signer = RequestSigner( 's3', 'us-east-1', 's3', 's3', credentials, mock.Mock()) request_dict = {'body': b'bar', 'url': 'https://s3.us-east-1.amazonaws.com', 'method': 'PUT', 'headers': {}} self.set_md5_available(False) with self.assertRaises(MD5UnavailableError): handlers.calculate_md5( request_dict, request_signer=request_signer)
def test_presigned_url_throws_unsupported_signature_error(self): request_dict = { 'headers': {}, 'url': 'https://s3.amazonaws.com/mybucket/myobject', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } self.signer = RequestSigner(ServiceId('service_name'), 'region_name', 'signing_name', 'foo', self.credentials, self.emitter) with self.assertRaises(UnsupportedSignatureVersionError): self.signer.generate_presigned_url(request_dict, operation_name='foo')
def test_conditional_does_not_add_when_md5_unavailable(self): credentials = Credentials('key', 'secret') request_signer = RequestSigner( 's3', 'us-east-1', 's3', 's3', credentials, mock.Mock()) request_dict = {'body': b'bar', 'url': 'https://s3.us-east-1.amazonaws.com', 'method': 'PUT', 'headers': {}} context = self.get_context() self.set_md5_available(False) with mock.patch('ibm_botocore.handlers.MD5_AVAILABLE', False): handlers.conditionally_calculate_md5( request_dict, request_signer=request_signer, context=context) self.assertFalse('Content-MD5' in request_dict['headers'])
def test_no_credentials_case_is_forwarded_to_signer(self): # If no credentials are given to the RequestSigner, we should # forward that fact on to the Auth class and let them handle # the error (which they already do). self.credentials = None self.signer = RequestSigner(ServiceId('service_name'), 'region_name', 'signing_name', 'v4', self.credentials, self.emitter) auth_cls = mock.Mock() with mock.patch.dict(ibm_botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): self.signer.get_auth_instance('service_name', 'region_name', 'v4') auth_cls.assert_called_with( service_name='service_name', region_name='region_name', credentials=None, )
def test_dest_region_removed(self): operation_model = mock.Mock() operation_model.name = 'CopyDBSnapshot' credentials = Credentials('key', 'secret') event_emitter = HierarchicalEmitter() request_signer = RequestSigner(ServiceId('rds'), 'us-east-1', 'rds', 'v4', credentials, event_emitter) request_dict = {} params = {'SourceRegion': 'us-west-2'} request_dict['body'] = params request_dict['url'] = 'https://rds.us-east-1.amazonaws.com' request_dict['method'] = 'POST' request_dict['headers'] = {} request_dict['context'] = {} handlers.inject_presigned_url_rds(params=request_dict, request_signer=request_signer, model=operation_model) self.assertNotIn('DestinationRegion', params)
def test_signer_with_refreshable_credentials_gets_credential_set(self): class FakeCredentials(Credentials): def get_frozen_credentials(self): return ReadOnlyCredentials('foo', 'bar', 'baz') self.credentials = FakeCredentials('a', 'b', 'c') self.signer = RequestSigner( 'service_name', 'region_name', 'signing_name', 'v4', self.credentials, self.emitter) auth_cls = mock.Mock() with mock.patch.dict(ibm_botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): auth = self.signer.get_auth('service_name', 'region_name') self.assertEqual(auth, auth_cls.return_value) # Note we're called with 'foo', 'bar', 'baz', and *not* # 'a', 'b', 'c'. auth_cls.assert_called_with( credentials=ReadOnlyCredentials('foo', 'bar', 'baz'), service_name='service_name', region_name='region_name')