def test_can_remove_providers(self):
self.provider1.load.return_value = credentials.Credentials(
'a', 'b', 'c')
self.provider2.load.return_value = credentials.Credentials(
'd', 'e', 'f')
resolver = credentials.CredentialResolver(
providers=[self.provider1, self.provider2])
resolver.remove('provider1')
creds = resolver.load_credentials()
self.assertIsNotNone(creds)
self.assertEqual(creds.access_key, 'd')
self.assertEqual(creds.secret_key, 'e')
self.assertEqual(creds.token, 'f')
self.assertTrue(not self.provider1.load.called)
self.provider2.load.assert_called_with()
def test_inject_additional_providers_after_existing(self):
self.provider1.load.return_value = None
self.provider2.load.return_value = self.fake_creds
resolver = credentials.CredentialResolver(
providers=[self.provider1, self.provider2])
# Now, if we were to call resolver.load() now, provider2 would
# win because it's returning a non None response.
# However we can inject a new provider before provider2 to
# override this process.
# Providers can be added by the METHOD name of each provider.
new_provider = mock.Mock()
new_provider.METHOD = 'new_provider'
new_provider.load.return_value = credentials.Credentials('d', 'e', 'f')
resolver.insert_after('provider1', new_provider)
creds = resolver.load_credentials()
self.assertIsNotNone(creds)
self.assertEqual(creds.access_key, 'd')
self.assertEqual(creds.secret_key, 'e')
self.assertEqual(creds.token, 'f')
# Provider 1 should have been called, but provider2 should
# *not* have been called because new_provider already returned
# a non-None response.
self.provider1.load.assert_called_with()
self.assertTrue(not self.provider2.called)
def _get_client_args(self, service_model, region_name, is_secure,
endpoint_url, verify, aws_access_key_id,
aws_secret_access_key, aws_session_token):
# A client needs:
#
# * serializer
# * endpoint
# * response parser
protocol = service_model.metadata['protocol']
serializer = botocore.serialize.create_serializer(
protocol, include_validation=True)
creds = None
if aws_secret_access_key is not None:
creds = credentials.Credentials(access_key=aws_access_key_id,
secret_key=aws_secret_access_key,
token=aws_session_token)
endpoint = self._endpoint_creator.create_endpoint(
service_model,
region_name,
is_secure=is_secure,
endpoint_url=endpoint_url,
verify=verify,
credentials=creds)
response_parser = botocore.parsers.create_parser(protocol)
return {
'serializer': serializer,
'endpoint': endpoint,
'response_parser': response_parser,
'event_emitter': self._event_emitter,
}
def setUp(self):
super(CredentialResolverTest, self).setUp()
self.provider1 = mock.Mock()
self.provider1.METHOD = 'provider1'
self.provider2 = mock.Mock()
self.provider2.METHOD = 'provider2'
self.fake_creds = credentials.Credentials('a', 'b', 'c')
def get_prepared_request(self, op, param, force_hmacv1=False):
request = []
if force_hmacv1:
self.endpoint.auth = auth.HmacV1Auth(
credentials.Credentials('foo', 'bar'))
self.endpoint._send_request = lambda prepared_request, operation: \
request.append(prepared_request)
self.endpoint.make_request(op.model, param)
return request[0]
def get_prepared_request(self, op, param, force_hmacv1=False):
request = []
if force_hmacv1:
self.endpoint.auth = auth.HmacV1Auth(
credentials.Credentials('foo', 'bar'))
def prepare_request(request, **kwargs):
fix_s3_host(request, self.signature_version,
self.endpoint.region_name)
return request
self.endpoint.prepare_request = prepare_request
return self.endpoint.create_request(param, op)
def test_inject_provider_before_existing(self):
new_provider = mock.Mock()
new_provider.METHOD = 'override'
new_provider.load.return_value = credentials.Credentials('x', 'y', 'z')
resolver = credentials.CredentialResolver(
providers=[self.provider1, self.provider2])
resolver.insert_before(self.provider1.METHOD, new_provider)
creds = resolver.load_credentials()
self.assertEqual(creds.access_key, 'x')
self.assertEqual(creds.secret_key, 'y')
self.assertEqual(creds.token, 'z')
def __init__(self, configuration):
super(AmazonElasticsearchService, self).__init__(configuration)
region = configuration['region']
cred = None
if configuration.get('use_aws_iam_profile', False):
cred = credentials.get_credentials(session.Session())
else:
cred = credentials.Credentials(
access_key=configuration.get('access_key', ''),
secret_key=configuration.get('secret_key', ''))
self.auth = AWSV4Sign(cred, region, 'es')
def __init__(self, configuration):
super(AmazonElasticsearchService, self).__init__(configuration)
region = configuration["region"]
cred = None
if configuration.get("use_aws_iam_profile", False):
cred = credentials.get_credentials(session.Session())
else:
cred = credentials.Credentials(
access_key=configuration.get("access_key", ""),
secret_key=configuration.get("secret_key", ""),
)
self.auth = AWSV4Sign(cred, region, "es")
def _ensure_credential_is_normalized_as_unicode(self, access, secret):
c = credentials.Credentials(access, secret)
self.assertTrue(isinstance(c.access_key, type(u'u')))
self.assertTrue(isinstance(c.secret_key, type(u'u')))
def credentials():
access_key = temporary_access_key_id()
secret_key = secret_access_key()
token = session_token()
return creds.Credentials(access_key, secret_key, token)
