def _get_presigned_url(self, cluster_name, role_arn):
session = self._session_handler.get_session(self._region_name,
role_arn)
if self._region_name is None:
self._region_name = session.get_config_variable('region')
loader = botocore.loaders.create_loader()
data = loader.load_data("endpoints")
endpoint_resolver = botocore.regions.EndpointResolver(data)
endpoint = endpoint_resolver.construct_endpoint(
AUTH_SERVICE, self._region_name)
signer = RequestSigner(ServiceId(AUTH_SERVICE), self._region_name,
AUTH_SERVICE, AUTH_SIGNING_VERSION,
session.get_credentials(),
session.get_component('event_emitter'))
action_params = 'Action=' + AUTH_COMMAND + '&Version=' + AUTH_API_VERSION
params = {
'method': 'GET',
'url': 'https://' + endpoint["hostname"] + '/?' + action_params,
'body': {},
'headers': {
CLUSTER_NAME_HEADER: cluster_name
},
'context': {}
}
url = signer.generate_presigned_url(
params,
region_name=endpoint["credentialScope"]["region"],
operation_name='',
expires_in=URL_TIMEOUT)
return url
def test_region_required_for_sigv4(self):
self.signer = RequestSigner(ServiceId('service_name'), None,
'signing_name', 'v4', self.credentials,
self.emitter)
with self.assertRaises(NoRegionError):
self.signer.sign('operation_name', self.request)
async def test_testsigner_region_required_for_sig4(base_signer_setup: dict):
signer = aiobotocore.signers.AioRequestSigner(
ServiceId('service_name'), None, 'signing_name', 'v4',
base_signer_setup['credentials'], base_signer_setup['emitter'])
with pytest.raises(NoRegionError):
await signer.sign('operation_name', base_signer_setup['request'])
def setUp(self):
super(TestS3PostPresigner, self).setUp()
self.request_signer = RequestSigner(
ServiceId('service_name'), 'region_name', 'signing_name',
's3v4', self.credentials, self.emitter)
self.signer = S3PostPresigner(self.request_signer)
self.request_dict = {
'headers': {},
'url': 'https://s3.amazonaws.com/mybucket',
'body': b'',
'url_path': '/',
'method': 'POST',
'context': {}
}
self.auth = mock.Mock()
self.auth.REQUIRES_REGION = True
self.add_auth = mock.Mock()
self.auth.return_value.add_auth = self.add_auth
self.fixed_credentials = self.credentials.get_frozen_credentials()
self.datetime_patch = mock.patch('botocore.signers.datetime')
self.datetime_mock = self.datetime_patch.start()
self.fixed_date = datetime.datetime(2014, 3, 10, 17, 2, 55, 0)
self.fixed_delta = datetime.timedelta(seconds=3600)
self.datetime_mock.datetime.utcnow.return_value = self.fixed_date
self.datetime_mock.timedelta.return_value = self.fixed_delta
def setUp(self):
self.credentials = Credentials('key', 'secret')
self.emitter = mock.Mock()
self.emitter.emit_until_response.return_value = (None, None)
self.signer = RequestSigner(ServiceId('service_name'), 'region_name',
'signing_name', 'v4', self.credentials,
self.emitter)
self.fixed_credentials = self.credentials.get_frozen_credentials()
def setUp(self):
super(TestRetryInterface, self).setUp()
self.retried_on_exception = None
self._operation = Mock(spec=OperationModel)
self._operation.name = 'DescribeInstances'
self._operation.metadata = {'protocol': 'query'}
self._operation.service_model.service_id = ServiceId('EC2')
self._operation.has_streaming_output = False
self._operation.has_event_stream_output = False
def sign_botocore():
request = AWSRequest(
"POST",
URL_STRING,
data=json.dumps(PAYLOAD, separators=(",", ":")).encode("utf-8"),
)
emitter = HierarchicalEmitter()
RequestSigner(
ServiceId(SERVICE_NAME), REGION, SERVICE_NAME, "v4", CREDENTIALS, emitter
).sign(ACTION, request)
def test_presigned_post_throws_unsupported_signature_error(self):
request_dict = {
'headers': {},
'url': 'https://s3.amazonaws.com/mybucket/myobject',
'body': b'',
'url_path': '/',
'method': 'POST',
'context': {}
}
self.request_signer = RequestSigner(
ServiceId('service_name'), 'region_name', 'signing_name',
'foo', self.credentials, self.emitter)
self.signer = S3PostPresigner(self.request_signer)
with self.assertRaises(UnsupportedSignatureVersionError):
self.signer.generate_presigned_post(request_dict)
async def base_signer_setup() -> dict:
emitter = mock.AsyncMock()
emitter.emit_until_response.return_value = (None, None)
credentials = aiobotocore.credentials.AioCredentials('key', 'secret')
signer = aiobotocore.signers.AioRequestSigner(ServiceId('service_name'),
'region_name', 'signing_name',
'v4', credentials, emitter)
return {
'credentials': credentials,
'emitter': emitter,
'signer': signer,
'fixed_credentials': await credentials.get_frozen_credentials(),
'request': AWSRequest()
}
def test_no_credentials_case_is_forwarded_to_signer(self):
# If no credentials are given to the RequestSigner, we should
# forward that fact on to the Auth class and let them handle
# the error (which they already do).
self.credentials = None
self.signer = RequestSigner(ServiceId('service_name'), 'region_name',
'signing_name', 'v4', self.credentials,
self.emitter)
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}):
self.signer.get_auth_instance('service_name', 'region_name', 'v4')
auth_cls.assert_called_with(
service_name='service_name',
region_name='region_name',
credentials=None,
)
def test_signer_with_refreshable_credentials_gets_credential_set(self):
class FakeCredentials(Credentials):
def get_frozen_credentials(self):
return ReadOnlyCredentials('foo', 'bar', 'baz')
self.credentials = FakeCredentials('a', 'b', 'c')
self.signer = RequestSigner(
ServiceId('service_name'), 'region_name', 'signing_name',
'v4', self.credentials, self.emitter)
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth = self.signer.get_auth('service_name', 'region_name')
self.assertEqual(auth, auth_cls.return_value)
# Note we're called with 'foo', 'bar', 'baz', and *not*
# 'a', 'b', 'c'.
auth_cls.assert_called_with(
credentials=ReadOnlyCredentials('foo', 'bar', 'baz'),
service_name='service_name',
region_name='region_name')
def setUp(self):
super(TestRetryInterface, self).setUp()
self.retried_on_exception = None
self._operation = Mock(spec=OperationModel)
self._operation.service_model.service_id = ServiceId('ec2')
