def __init__(
self,
sts_endpoint,
access_key,
secret_key,
duration_seconds=0,
policy=None,
region=None,
role_arn=None,
role_session_name=None,
external_id=None,
http_client=None,
):
self._sts_endpoint = sts_endpoint
self._access_key = access_key
self._secret_key = secret_key
self._region = region or ""
self._http_client = http_client or urllib3.PoolManager(
retries=urllib3.Retry(
total=5,
backoff_factor=0.2,
status_forcelist=[500, 502, 503, 504],
), )
query_params = {
"Action":
"AssumeRole",
"Version":
"2011-06-15",
"DurationSeconds":
str(duration_seconds if duration_seconds >
_DEFAULT_DURATION_SECONDS else _DEFAULT_DURATION_SECONDS),
}
if role_arn:
query_params["RoleArn"] = role_arn
if role_session_name:
query_params["RoleSessionName"] = role_session_name
if policy:
query_params["Policy"] = policy
if external_id:
query_params["ExternalId"] = external_id
self._body = urlencode(query_params)
self._content_sha256 = sha256_hash(self._body)
url = urlsplit(sts_endpoint)
self._host = url.netloc
if ((url.scheme == "http" and url.port == 80)
or (url.scheme == "https" and url.port == 443)):
self._host = url.hostname
self._credentials = None
def test_simple_request(self):
url = urlsplit('http://localhost:9000/hello')
expected_signed_headers = ['x-amz-content-sha256', 'x-amz-date']
expected_request_array = [
'PUT', '/hello', '', 'x-amz-content-sha256:' + empty_hash,
'x-amz-date:dateString', '', ';'.join(expected_signed_headers),
empty_hash
]
headers_to_sign = {
'x-amz-date': 'dateString',
'x-amz-content-sha256': empty_hash
}
expected_request = sha256_hash('\n'.join(expected_request_array))
actual_request = _get_canonical_request_hash(
"PUT",
url,
headers_to_sign,
empty_hash,
)
eq_(expected_request, actual_request[0])
def test_request_with_query(self):
url = urlsplit('http://localhost:9000/hello?c=d&e=f&a=b')
expected_signed_headers = ['x-amz-content-sha256', 'x-amz-date']
expected_request_array = [
'PUT', '/hello', 'a=b&c=d&e=f',
'x-amz-content-sha256:' + empty_hash, 'x-amz-date:dateString', '',
';'.join(expected_signed_headers), empty_hash
]
expected_request = sha256_hash('\n'.join(expected_request_array))
headers_to_sign = {
'x-amz-date': 'dateString',
'x-amz-content-sha256': empty_hash
}
actual_request = _get_canonical_request_hash(
"PUT",
url,
headers_to_sign,
empty_hash,
)
self.assertEqual(expected_request, actual_request[0])