class TestSigner(BaseSignerTest):
def test_region_name(self):
self.assertEqual(self.signer.region_name, 'region_name')
def test_signature_version(self):
self.assertEqual(self.signer.signature_version, 'v4')
def test_signing_name(self):
self.assertEqual(self.signer.signing_name, 'signing_name')
def test_region_required_for_sigv4(self):
self.signer = RequestSigner(
'service_name', None, 'signing_name', 'v4', self.credentials,
self.emitter)
with self.assertRaises(NoRegionError):
self.signer.sign('operation_name', mock.Mock())
def test_get_auth(self):
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth = self.signer.get_auth('service_name', 'region_name')
self.assertEqual(auth, auth_cls.return_value)
auth_cls.assert_called_with(
credentials=self.fixed_credentials,
service_name='service_name',
region_name='region_name')
def test_get_auth_signature_override(self):
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-custom': auth_cls}):
auth = self.signer.get_auth(
'service_name', 'region_name', signature_version='v4-custom')
self.assertEqual(auth, auth_cls.return_value)
auth_cls.assert_called_with(
credentials=self.fixed_credentials,
service_name='service_name',
region_name='region_name')
def test_get_auth_bad_override(self):
with self.assertRaises(UnknownSignatureVersionError):
self.signer.get_auth('service_name', 'region_name',
signature_version='bad')
def test_emits_choose_signer(self):
request = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': mock.Mock()}):
self.signer.sign('operation_name', request)
self.emitter.emit_until_response.assert_called_with(
'choose-signer.service_name.operation_name',
signing_name='signing_name', region_name='region_name',
signature_version='v4')
def test_choose_signer_override(self):
request = mock.Mock()
auth = mock.Mock()
auth.REQUIRES_REGION = False
self.emitter.emit_until_response.return_value = (None, 'custom')
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'custom': auth}):
self.signer.sign('operation_name', request)
auth.assert_called_with(credentials=self.fixed_credentials)
auth.return_value.add_auth.assert_called_with(request)
def test_emits_before_sign(self):
request = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': mock.Mock()}):
self.signer.sign('operation_name', request)
self.emitter.emit.assert_called_with(
'before-sign.service_name.operation_name',
request=mock.ANY, signing_name='signing_name',
region_name='region_name', signature_version='v4',
request_signer=self.signer)
def test_disable_signing(self):
# Returning botocore.UNSIGNED from choose-signer disables signing!
request = mock.Mock()
auth = mock.Mock()
self.emitter.emit_until_response.return_value = (None,
botocore.UNSIGNED)
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth}):
self.signer.sign('operation_name', request)
auth.assert_not_called()
def test_generate_url_emits_choose_signer(self):
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': mock.Mock()}):
self.signer.generate_presigned_url(request_dict, 'operation_name')
self.emitter.emit_until_response.assert_called_with(
'choose-signer.service_name.operation_name',
signing_name='signing_name', region_name='region_name',
signature_version='v4-query')
def test_generate_url_choose_signer_override(self):
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
auth = mock.Mock()
auth.REQUIRES_REGION = False
self.emitter.emit_until_response.return_value = (None, 'custom')
auth_types_map = {'custom': mock.Mock(), 'custom-query': auth}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types_map):
self.signer.generate_presigned_url(request_dict, 'operation_name')
auth.assert_called_with(credentials=self.fixed_credentials,
expires=3600)
def test_generate_url_unsigned(self):
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
self.emitter.emit_until_response.return_value = (
None, botocore.UNSIGNED)
url = self.signer.generate_presigned_url(
request_dict, 'operation_name')
self.assertEqual(url, 'https://foo.com')
def test_generate_presigned_url(self):
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-query': auth}):
presigned_url = self.signer.generate_presigned_url(
request_dict, operation_name='operation_name')
auth.assert_called_with(
credentials=self.fixed_credentials, region_name='region_name',
service_name='signing_name', expires=3600)
self.assertEqual(presigned_url, 'https://foo.com')
def test_generate_presigned_url_with_region_override(self):
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-query': auth}):
presigned_url = self.signer.generate_presigned_url(
request_dict, operation_name='operation_name',
region_name='us-west-2')
auth.assert_called_with(
credentials=self.fixed_credentials, region_name='us-west-2',
service_name='signing_name', expires=3600)
self.assertEqual(presigned_url, 'https://foo.com')
def test_generate_presigned_url_with_exipres_in(self):
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-query': auth}):
presigned_url = self.signer.generate_presigned_url(
request_dict, operation_name='operation_name', expires_in=900)
auth.assert_called_with(
credentials=self.fixed_credentials,
region_name='region_name',
expires=900, service_name='signing_name')
self.assertEqual(presigned_url, 'https://foo.com')
def test_presigned_url_throws_unsupported_signature_error(self):
request_dict = {
'headers': {},
'url': 'https://s3.amazonaws.com/mybucket/myobject',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
self.signer = RequestSigner(
'service_name', 'region_name', 'signing_name',
'foo', self.credentials, self.emitter)
with self.assertRaises(UnsupportedSignatureVersionError):
self.signer.generate_presigned_url(
request_dict, operation_name='foo')
def test_signer_with_refreshable_credentials_gets_credential_set(self):
class FakeCredentials(Credentials):
def get_frozen_credentials(self):
return ReadOnlyCredentials('foo', 'bar', 'baz')
self.credentials = FakeCredentials('a', 'b', 'c')
self.signer = RequestSigner(
'service_name', 'region_name', 'signing_name',
'v4', self.credentials, self.emitter)
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth = self.signer.get_auth('service_name', 'region_name')
self.assertEqual(auth, auth_cls.return_value)
# Note we're called with 'foo', 'bar', 'baz', and *not*
# 'a', 'b', 'c'.
auth_cls.assert_called_with(
credentials=ReadOnlyCredentials('foo', 'bar', 'baz'),
service_name='service_name',
region_name='region_name')
def test_no_credentials_case_is_forwarded_to_signer(self):
# If no credentials are given to the RequestSigner, we should
# forward that fact on to the Auth class and let them handle
# the error (which they already do).
self.credentials = None
self.signer = RequestSigner(
'service_name', 'region_name', 'signing_name',
'v4', self.credentials, self.emitter)
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth = self.signer.get_auth_instance(
'service_name', 'region_name', 'v4')
auth_cls.assert_called_with(
service_name='service_name',
region_name='region_name',
credentials=None,
)
def test_sign_with_signing_type_standard(self):
auth = mock.Mock()
post_auth = mock.Mock()
query_auth = mock.Mock()
request = mock.Mock()
auth_types = {
'v4-presign-post': post_auth,
'v4-query': query_auth,
'v4': auth
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
self.signer.sign('operation_name', request,
signing_type='standard')
self.assertFalse(post_auth.called)
self.assertFalse(query_auth.called)
auth.assert_called_with(
credentials=ReadOnlyCredentials('key', 'secret', None),
service_name='signing_name',
region_name='region_name'
)
def test_sign_with_signing_type_presign_url(self):
auth = mock.Mock()
post_auth = mock.Mock()
query_auth = mock.Mock()
request = mock.Mock()
auth_types = {
'v4-presign-post': post_auth,
'v4-query': query_auth,
'v4': auth
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
self.signer.sign('operation_name', request,
signing_type='presign-url')
self.assertFalse(post_auth.called)
self.assertFalse(auth.called)
query_auth.assert_called_with(
credentials=ReadOnlyCredentials('key', 'secret', None),
service_name='signing_name',
region_name='region_name'
)
def test_sign_with_signing_type_presign_post(self):
auth = mock.Mock()
post_auth = mock.Mock()
query_auth = mock.Mock()
request = mock.Mock()
auth_types = {
'v4-presign-post': post_auth,
'v4-query': query_auth,
'v4': auth
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
self.signer.sign('operation_name', request,
signing_type='presign-post')
self.assertFalse(auth.called)
self.assertFalse(query_auth.called)
post_auth.assert_called_with(
credentials=ReadOnlyCredentials('key', 'secret', None),
service_name='signing_name',
region_name='region_name'
)
def test_sign_with_region_name(self):
request = mock.Mock()
auth = mock.Mock()
auth_types = {
'v4': auth
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
self.signer.sign('operation_name', request, region_name='foo')
auth.assert_called_with(
credentials=ReadOnlyCredentials('key', 'secret', None),
service_name='signing_name',
region_name='foo'
)
def test_sign_with_expires_in(self):
request = mock.Mock()
auth = mock.Mock()
auth_types = {
'v4': auth
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
self.signer.sign('operation_name', request, expires_in=2)
auth.assert_called_with(
credentials=ReadOnlyCredentials('key', 'secret', None),
service_name='signing_name',
region_name='region_name',
expires=2
)
def test_unknown_signer_raises_unknown_on_standard(self):
request = mock.Mock()
auth = mock.Mock()
auth_types = {
'v4': auth
}
self.emitter.emit_until_response.return_value = (None, 'custom')
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
with self.assertRaises(UnknownSignatureVersionError):
self.signer.sign('operation_name', request,
signing_type='standard')
def test_unknown_signer_raises_unsupported_when_not_standard(self):
request = mock.Mock()
auth = mock.Mock()
auth_types = {
'v4': auth
}
self.emitter.emit_until_response.return_value = (None, 'custom')
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
with self.assertRaises(UnsupportedSignatureVersionError):
self.signer.sign('operation_name', request,
signing_type='presign-url')
with self.assertRaises(UnsupportedSignatureVersionError):
self.signer.sign('operation_name', request,
signing_type='presign-post')
class TestSigner(BaseSignerTest):
def test_region_name(self):
self.assertEqual(self.signer.region_name, 'region_name')
def test_signature_version(self):
self.assertEqual(self.signer.signature_version, 'v4')
def test_signing_name(self):
self.assertEqual(self.signer.signing_name, 'signing_name')
def test_region_required_for_sigv4(self):
self.signer = RequestSigner(
'service_name', None, 'signing_name', 'v4', self.credentials,
self.emitter)
with self.assertRaises(NoRegionError):
self.signer.sign('operation_name', mock.Mock())
def test_get_auth(self):
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth = self.signer.get_auth('service_name', 'region_name')
self.assertEqual(auth, auth_cls.return_value)
auth_cls.assert_called_with(
credentials=self.credentials, service_name='service_name',
region_name='region_name')
def test_get_auth_cached(self):
def side_effect(*args, **kwargs):
return mock.Mock()
auth_cls = mock.Mock(side_effect=side_effect)
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth1 = self.signer.get_auth('service_name', 'region_name')
auth2 = self.signer.get_auth('service_name', 'region_name')
self.assertEqual(auth1, auth2)
def test_get_auth_cached_expires(self):
def side_effect(*args, **kwargs):
return mock.Mock()
auth_cls = mock.Mock(side_effect=side_effect)
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth1 = self.signer.get_auth('service_name', 'region_name',
expires=60)
auth2 = self.signer.get_auth('service_name', 'region_name',
expires=90)
self.assertNotEqual(auth1, auth2)
def test_get_auth_signature_override(self):
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-custom': auth_cls}):
auth = self.signer.get_auth(
'service_name', 'region_name', signature_version='v4-custom')
self.assertEqual(auth, auth_cls.return_value)
auth_cls.assert_called_with(
credentials=self.credentials, service_name='service_name',
region_name='region_name')
def test_get_auth_bad_override(self):
with self.assertRaises(UnknownSignatureVersionError):
self.signer.get_auth('service_name', 'region_name',
signature_version='bad')
def test_emits_choose_signer(self):
request = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': mock.Mock()}):
self.signer.sign('operation_name', request)
self.emitter.emit_until_response.assert_called_with(
'choose-signer.service_name.operation_name',
signing_name='signing_name', region_name='region_name',
signature_version='v4')
def test_choose_signer_override(self):
request = mock.Mock()
auth = mock.Mock()
auth.REQUIRES_REGION = False
self.emitter.emit_until_response.return_value = (None, 'custom')
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'custom': auth}):
self.signer.sign('operation_name', request)
auth.assert_called_with(credentials=self.credentials)
auth.return_value.add_auth.assert_called_with(request=request)
def test_emits_before_sign(self):
request = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': mock.Mock()}):
self.signer.sign('operation_name', request)
self.emitter.emit.assert_called_with(
'before-sign.service_name.operation_name',
request=mock.ANY, signing_name='signing_name',
region_name='region_name', signature_version='v4',
request_signer=self.signer)
def test_disable_signing(self):
# Returning botocore.UNSIGNED from choose-signer disables signing!
request = mock.Mock()
auth = mock.Mock()
self.emitter.emit_until_response.return_value = (None,
botocore.UNSIGNED)
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth}):
self.signer.sign('operation_name', request)
auth.assert_not_called()
def test_generate_presigned_url(self):
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET'
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-query': auth}):
presigned_url = self.signer.generate_presigned_url(request_dict)
auth.assert_called_with(
credentials=self.credentials, region_name='region_name',
service_name='signing_name', expires=3600)
self.assertEqual(presigned_url, 'https://foo.com')
def test_generate_presigned_url_with_region_override(self):
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET'
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-query': auth}):
presigned_url = self.signer.generate_presigned_url(
request_dict, region_name='us-west-2')
auth.assert_called_with(
credentials=self.credentials, region_name='us-west-2',
service_name='signing_name', expires=3600)
self.assertEqual(presigned_url, 'https://foo.com')
def test_generate_presigned_url_with_exipres_in(self):
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET'
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-query': auth}):
presigned_url = self.signer.generate_presigned_url(
request_dict, expires_in=900)
auth.assert_called_with(
credentials=self.credentials, region_name='region_name',
expires=900, service_name='signing_name')
self.assertEqual(presigned_url, 'https://foo.com')
def test_generate_presigned_url_fixes_s3_host(self):
self.signer = RequestSigner(
'service_name', 'region_name', 'signing_name',
's3', self.credentials, self.emitter)
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://s3.amazonaws.com/mybucket/myobject',
'body': b'',
'url_path': '/',
'method': 'GET'
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'s3-query': auth}):
presigned_url = self.signer.generate_presigned_url(
request_dict, expires_in=900)
auth.assert_called_with(
credentials=self.credentials, region_name='region_name',
expires=900, service_name='signing_name')
self.assertEqual(presigned_url,
'https://mybucket.s3.amazonaws.com/myobject')
def test_presigned_url_throws_unsupported_signature_error(self):
self.signer = RequestSigner(
'service_name', 'region_name', 'signing_name',
'foo', self.credentials, self.emitter)
with self.assertRaises(UnsupportedSignatureVersionError):
self.signer.generate_presigned_url({})
class TestSigner(BaseSignerTest):
def test_region_name(self):
self.assertEqual(self.signer.region_name, 'region_name')
def test_signature_version(self):
self.assertEqual(self.signer.signature_version, 'v4')
def test_signing_name(self):
self.assertEqual(self.signer.signing_name, 'signing_name')
def test_region_required_for_sigv4(self):
self.signer = RequestSigner(
'service_name', None, 'signing_name', 'v4', self.credentials,
self.emitter)
with self.assertRaises(NoRegionError):
self.signer.sign('operation_name', mock.Mock())
def test_get_auth(self):
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth = self.signer.get_auth('service_name', 'region_name')
self.assertEqual(auth, auth_cls.return_value)
auth_cls.assert_called_with(
credentials=self.credentials, service_name='service_name',
region_name='region_name')
def test_get_auth_cached(self):
def side_effect(*args, **kwargs):
return mock.Mock()
auth_cls = mock.Mock(side_effect=side_effect)
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth1 = self.signer.get_auth('service_name', 'region_name')
auth2 = self.signer.get_auth('service_name', 'region_name')
self.assertEqual(auth1, auth2)
def test_get_auth_cached_expires(self):
def side_effect(*args, **kwargs):
return mock.Mock()
auth_cls = mock.Mock(side_effect=side_effect)
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth1 = self.signer.get_auth('service_name', 'region_name',
expires=60)
auth2 = self.signer.get_auth('service_name', 'region_name',
expires=90)
self.assertNotEqual(auth1, auth2)
def test_get_auth_signature_override(self):
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-custom': auth_cls}):
auth = self.signer.get_auth(
'service_name', 'region_name', signature_version='v4-custom')
self.assertEqual(auth, auth_cls.return_value)
auth_cls.assert_called_with(
credentials=self.credentials, service_name='service_name',
region_name='region_name')
def test_get_auth_bad_override(self):
with self.assertRaises(UnknownSignatureVersionError):
self.signer.get_auth('service_name', 'region_name',
signature_version='bad')
def test_emits_choose_signer(self):
request = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': mock.Mock()}):
self.signer.sign('operation_name', request)
self.emitter.emit_until_response.assert_called_with(
'choose-signer.service_name.operation_name',
signing_name='signing_name', region_name='region_name',
signature_version='v4')
def test_choose_signer_override(self):
request = mock.Mock()
auth = mock.Mock()
auth.REQUIRES_REGION = False
self.emitter.emit_until_response.return_value = (None, 'custom')
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'custom': auth}):
self.signer.sign('operation_name', request)
auth.assert_called_with(credentials=self.credentials)
auth.return_value.add_auth.assert_called_with(request=request)
def test_emits_before_sign(self):
request = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': mock.Mock()}):
self.signer.sign('operation_name', request)
self.emitter.emit.assert_called_with(
'before-sign.service_name.operation_name',
request=mock.ANY, signing_name='signing_name',
region_name='region_name', signature_version='v4',
request_signer=self.signer)
def test_disable_signing(self):
# Returning botocore.UNSIGNED from choose-signer disables signing!
request = mock.Mock()
auth = mock.Mock()
self.emitter.emit_until_response.return_value = (None,
botocore.UNSIGNED)
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth}):
self.signer.sign('operation_name', request)
auth.assert_not_called()
def test_generate_presigned_url(self):
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET'
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-query': auth}):
presigned_url = self.signer.generate_presigned_url(request_dict)
auth.assert_called_with(
credentials=self.credentials, region_name='region_name',
service_name='signing_name', expires=3600)
self.assertEqual(presigned_url, 'https://foo.com')
def test_generate_presigned_url_with_region_override(self):
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET'
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-query': auth}):
presigned_url = self.signer.generate_presigned_url(
request_dict, region_name='us-west-2')
auth.assert_called_with(
credentials=self.credentials, region_name='us-west-2',
service_name='signing_name', expires=3600)
self.assertEqual(presigned_url, 'https://foo.com')
def test_generate_presigned_url_with_exipres_in(self):
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET'
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-query': auth}):
presigned_url = self.signer.generate_presigned_url(
request_dict, expires_in=900)
auth.assert_called_with(
credentials=self.credentials, region_name='region_name',
expires=900, service_name='signing_name')
self.assertEqual(presigned_url, 'https://foo.com')
def test_generate_presigned_url_fixes_s3_host(self):
self.signer = RequestSigner(
'service_name', 'region_name', 'signing_name',
's3', self.credentials, self.emitter)
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://s3.amazonaws.com/mybucket/myobject',
'body': b'',
'url_path': '/',
'method': 'GET'
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'s3-query': auth}):
presigned_url = self.signer.generate_presigned_url(
request_dict, expires_in=900)
auth.assert_called_with(
credentials=self.credentials, region_name='region_name',
expires=900, service_name='signing_name')
self.assertEqual(presigned_url,
'https://mybucket.s3.amazonaws.com/myobject')
def test_presigned_url_throws_unsupported_signature_error(self):
self.signer = RequestSigner(
'service_name', 'region_name', 'signing_name',
'foo', self.credentials, self.emitter)
with self.assertRaises(UnsupportedSignatureVersionError):
self.signer.generate_presigned_url({})
class TestSigner(unittest.TestCase):
def setUp(self):
self.credentials = Credentials('key', 'secret')
self.emitter = mock.Mock()
self.emitter.emit_until_response.return_value = (None, None)
self.signer = RequestSigner(
'service_name', 'region_name', 'signing_name',
'v4', self.credentials, self.emitter)
def test_region_required_for_sigv4(self):
self.signer = RequestSigner(
'service_name', None, 'signing_name', 'v4', self.credentials,
self.emitter)
with self.assertRaises(NoRegionError):
self.signer.sign('operation_name', mock.Mock())
def test_get_auth(self):
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth = self.signer.get_auth('service_name', 'region_name')
self.assertEqual(auth, auth_cls.return_value)
auth_cls.assert_called_with(
credentials=self.credentials, service_name='service_name',
region_name='region_name')
def test_get_auth_cached(self):
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth1 = self.signer.get_auth('service_name', 'region_name')
auth2 = self.signer.get_auth('service_name', 'region_name')
self.assertEqual(auth1, auth2)
def test_get_auth_signature_override(self):
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-custom': auth_cls}):
auth = self.signer.get_auth(
'service_name', 'region_name', signature_version='v4-custom')
self.assertEqual(auth, auth_cls.return_value)
auth_cls.assert_called_with(
credentials=self.credentials, service_name='service_name',
region_name='region_name')
def test_get_auth_bad_override(self):
with self.assertRaises(UnknownSignatureVersionError):
self.signer.get_auth('service_name', 'region_name',
signature_version='bad')
def test_emits_choose_signer(self):
request = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': mock.Mock()}):
self.signer.sign('operation_name', request)
self.emitter.emit_until_response.assert_called_with(
'choose-signer.service_name.operation_name',
signing_name='signing_name', region_name='region_name',
signature_version='v4')
def test_choose_signer_override(self):
request = mock.Mock()
auth = mock.Mock()
auth.REQUIRES_REGION = False
self.emitter.emit_until_response.return_value = (None, 'custom')
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'custom': auth}):
self.signer.sign('operation_name', request)
auth.assert_called_with(credentials=self.credentials)
auth.return_value.add_auth.assert_called_with(request=request)
def test_emits_before_sign(self):
request = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': mock.Mock()}):
self.signer.sign('operation_name', request)
self.emitter.emit.assert_called_with(
'before-sign.service_name.operation_name',
request=mock.ANY, signing_name='signing_name',
region_name='region_name', signature_version='v4',
request_signer=self.signer)
def test_disable_signing(self):
# Returning botocore.UNSIGNED from choose-signer disables signing!
request = mock.Mock()
auth = mock.Mock()
self.emitter.emit_until_response.return_value = (None,
botocore.UNSIGNED)
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth}):
self.signer.sign('operation_name', request)
auth.assert_not_called()
class TestSigner(BaseSignerTest):
def test_region_name(self):
self.assertEqual(self.signer.region_name, 'region_name')
def test_signature_version(self):
self.assertEqual(self.signer.signature_version, 'v4')
def test_signing_name(self):
self.assertEqual(self.signer.signing_name, 'signing_name')
def test_region_required_for_sigv4(self):
self.signer = RequestSigner(
ServiceId('service_name'), None, 'signing_name', 'v4',
self.credentials, self.emitter
)
with self.assertRaises(NoRegionError):
self.signer.sign('operation_name', self.request)
def test_get_auth(self):
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth = self.signer.get_auth('service_name', 'region_name')
self.assertEqual(auth, auth_cls.return_value)
auth_cls.assert_called_with(
credentials=self.fixed_credentials,
service_name='service_name',
region_name='region_name')
def test_get_auth_signature_override(self):
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-custom': auth_cls}):
auth = self.signer.get_auth(
'service_name', 'region_name', signature_version='v4-custom')
self.assertEqual(auth, auth_cls.return_value)
auth_cls.assert_called_with(
credentials=self.fixed_credentials,
service_name='service_name',
region_name='region_name')
def test_get_auth_bad_override(self):
with self.assertRaises(UnknownSignatureVersionError):
self.signer.get_auth('service_name', 'region_name',
signature_version='bad')
def test_emits_choose_signer(self):
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': mock.Mock()}):
self.signer.sign('operation_name', self.request)
self.emitter.emit_until_response.assert_called_with(
'choose-signer.service_name.operation_name',
signing_name='signing_name', region_name='region_name',
signature_version='v4', context=mock.ANY)
def test_choose_signer_override(self):
auth = mock.Mock()
auth.REQUIRES_REGION = False
self.emitter.emit_until_response.return_value = (None, 'custom')
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'custom': auth}):
self.signer.sign('operation_name', self.request)
auth.assert_called_with(credentials=self.fixed_credentials)
auth.return_value.add_auth.assert_called_with(self.request)
def test_emits_before_sign(self):
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': mock.Mock()}):
self.signer.sign('operation_name', self.request)
self.emitter.emit.assert_called_with(
'before-sign.service_name.operation_name',
request=self.request, signing_name='signing_name',
region_name='region_name', signature_version='v4',
request_signer=self.signer, operation_name='operation_name')
def test_disable_signing(self):
# Returning botocore.UNSIGNED from choose-signer disables signing!
auth = mock.Mock()
self.emitter.emit_until_response.return_value = (None,
botocore.UNSIGNED)
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth}):
self.signer.sign('operation_name', self.request)
auth.assert_not_called()
def test_generate_url_emits_choose_signer(self):
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': mock.Mock()}):
self.signer.generate_presigned_url(request_dict, 'operation_name')
self.emitter.emit_until_response.assert_called_with(
'choose-signer.service_name.operation_name',
signing_name='signing_name', region_name='region_name',
signature_version='v4-query', context=mock.ANY)
def test_choose_signer_passes_context(self):
self.request.context = {'foo': 'bar'}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': mock.Mock()}):
self.signer.sign('operation_name', self.request)
self.emitter.emit_until_response.assert_called_with(
'choose-signer.service_name.operation_name',
signing_name='signing_name', region_name='region_name',
signature_version='v4', context={'foo': 'bar'})
def test_generate_url_choose_signer_override(self):
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
auth = mock.Mock()
auth.REQUIRES_REGION = False
self.emitter.emit_until_response.return_value = (None, 'custom')
auth_types_map = {'custom': mock.Mock(), 'custom-query': auth}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types_map):
self.signer.generate_presigned_url(request_dict, 'operation_name')
auth.assert_called_with(credentials=self.fixed_credentials,
expires=3600)
def test_generate_url_unsigned(self):
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
self.emitter.emit_until_response.return_value = (
None, botocore.UNSIGNED)
url = self.signer.generate_presigned_url(
request_dict, 'operation_name')
self.assertEqual(url, 'https://foo.com')
def test_generate_presigned_url(self):
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-query': auth}):
presigned_url = self.signer.generate_presigned_url(
request_dict, operation_name='operation_name')
auth.assert_called_with(
credentials=self.fixed_credentials, region_name='region_name',
service_name='signing_name', expires=3600)
self.assertEqual(presigned_url, 'https://foo.com')
def test_generate_presigned_url_with_region_override(self):
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-query': auth}):
presigned_url = self.signer.generate_presigned_url(
request_dict, operation_name='operation_name',
region_name='us-west-2')
auth.assert_called_with(
credentials=self.fixed_credentials, region_name='us-west-2',
service_name='signing_name', expires=3600)
self.assertEqual(presigned_url, 'https://foo.com')
def test_generate_presigned_url_with_exipres_in(self):
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-query': auth}):
presigned_url = self.signer.generate_presigned_url(
request_dict, operation_name='operation_name', expires_in=900)
auth.assert_called_with(
credentials=self.fixed_credentials,
region_name='region_name',
expires=900, service_name='signing_name')
self.assertEqual(presigned_url, 'https://foo.com')
def test_presigned_url_throws_unsupported_signature_error(self):
request_dict = {
'headers': {},
'url': 'https://s3.amazonaws.com/mybucket/myobject',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
self.signer = RequestSigner(
ServiceId('service_name'), 'region_name', 'signing_name',
'foo', self.credentials, self.emitter)
with self.assertRaises(UnsupportedSignatureVersionError):
self.signer.generate_presigned_url(
request_dict, operation_name='foo')
def test_signer_with_refreshable_credentials_gets_credential_set(self):
class FakeCredentials(Credentials):
def get_frozen_credentials(self):
return ReadOnlyCredentials('foo', 'bar', 'baz')
self.credentials = FakeCredentials('a', 'b', 'c')
self.signer = RequestSigner(
ServiceId('service_name'), 'region_name', 'signing_name',
'v4', self.credentials, self.emitter)
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth = self.signer.get_auth('service_name', 'region_name')
self.assertEqual(auth, auth_cls.return_value)
# Note we're called with 'foo', 'bar', 'baz', and *not*
# 'a', 'b', 'c'.
auth_cls.assert_called_with(
credentials=ReadOnlyCredentials('foo', 'bar', 'baz'),
service_name='service_name',
region_name='region_name')
def test_no_credentials_case_is_forwarded_to_signer(self):
# If no credentials are given to the RequestSigner, we should
# forward that fact on to the Auth class and let them handle
# the error (which they already do).
self.credentials = None
self.signer = RequestSigner(
ServiceId('service_name'), 'region_name', 'signing_name',
'v4', self.credentials, self.emitter)
auth_cls = mock.Mock()
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth = self.signer.get_auth_instance(
'service_name', 'region_name', 'v4')
auth_cls.assert_called_with(
service_name='service_name',
region_name='region_name',
credentials=None,
)
def test_sign_with_signing_type_standard(self):
auth = mock.Mock()
post_auth = mock.Mock()
query_auth = mock.Mock()
auth_types = {
'v4-presign-post': post_auth,
'v4-query': query_auth,
'v4': auth
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
self.signer.sign('operation_name', self.request,
signing_type='standard')
self.assertFalse(post_auth.called)
self.assertFalse(query_auth.called)
auth.assert_called_with(
credentials=ReadOnlyCredentials('key', 'secret', None),
service_name='signing_name',
region_name='region_name'
)
def test_sign_with_signing_type_presign_url(self):
auth = mock.Mock()
post_auth = mock.Mock()
query_auth = mock.Mock()
auth_types = {
'v4-presign-post': post_auth,
'v4-query': query_auth,
'v4': auth
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
self.signer.sign('operation_name', self.request,
signing_type='presign-url')
self.assertFalse(post_auth.called)
self.assertFalse(auth.called)
query_auth.assert_called_with(
credentials=ReadOnlyCredentials('key', 'secret', None),
service_name='signing_name',
region_name='region_name'
)
def test_sign_with_signing_type_presign_post(self):
auth = mock.Mock()
post_auth = mock.Mock()
query_auth = mock.Mock()
auth_types = {
'v4-presign-post': post_auth,
'v4-query': query_auth,
'v4': auth
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
self.signer.sign('operation_name', self.request,
signing_type='presign-post')
self.assertFalse(auth.called)
self.assertFalse(query_auth.called)
post_auth.assert_called_with(
credentials=ReadOnlyCredentials('key', 'secret', None),
service_name='signing_name',
region_name='region_name'
)
def test_sign_with_region_name(self):
auth = mock.Mock()
auth_types = {
'v4': auth
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
self.signer.sign('operation_name', self.request, region_name='foo')
auth.assert_called_with(
credentials=ReadOnlyCredentials('key', 'secret', None),
service_name='signing_name',
region_name='foo'
)
def test_sign_override_region_from_context(self):
auth = mock.Mock()
auth_types = {
'v4': auth
}
self.request.context = {'signing': {'region': 'my-override-region'}}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
self.signer.sign('operation_name', self.request)
auth.assert_called_with(
credentials=ReadOnlyCredentials('key', 'secret', None),
service_name='signing_name',
region_name='my-override-region'
)
def test_sign_with_region_name_overrides_context(self):
auth = mock.Mock()
auth_types = {
'v4': auth
}
self.request.context = {'signing': {'region': 'context-override'}}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
self.signer.sign('operation_name', self.request,
region_name='param-override')
auth.assert_called_with(
credentials=ReadOnlyCredentials('key', 'secret', None),
service_name='signing_name',
region_name='param-override'
)
def test_sign_with_expires_in(self):
auth = mock.Mock()
auth_types = {
'v4': auth
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
self.signer.sign('operation_name', self.request, expires_in=2)
auth.assert_called_with(
credentials=ReadOnlyCredentials('key', 'secret', None),
service_name='signing_name',
region_name='region_name',
expires=2
)
def test_sign_with_custom_signing_name(self):
auth = mock.Mock()
auth_types = {
'v4': auth
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
self.signer.sign('operation_name', self.request,
signing_name='foo')
auth.assert_called_with(
credentials=ReadOnlyCredentials('key', 'secret', None),
service_name='foo',
region_name='region_name'
)
def test_presign_with_custom_signing_name(self):
auth = mock.Mock()
auth.REQUIRES_REGION = True
request_dict = {
'headers': {},
'url': 'https://foo.com',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS,
{'v4-query': auth}):
presigned_url = self.signer.generate_presigned_url(
request_dict, operation_name='operation_name',
signing_name='foo')
auth.assert_called_with(
credentials=self.fixed_credentials,
region_name='region_name',
expires=3600, service_name='foo')
self.assertEqual(presigned_url, 'https://foo.com')
def test_unknown_signer_raises_unknown_on_standard(self):
auth = mock.Mock()
auth_types = {
'v4': auth
}
self.emitter.emit_until_response.return_value = (None, 'custom')
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
with self.assertRaises(UnknownSignatureVersionError):
self.signer.sign('operation_name', self.request,
signing_type='standard')
def test_unknown_signer_raises_unsupported_when_not_standard(self):
auth = mock.Mock()
auth_types = {
'v4': auth
}
self.emitter.emit_until_response.return_value = (None, 'custom')
with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types):
with self.assertRaises(UnsupportedSignatureVersionError):
self.signer.sign('operation_name', self.request,
signing_type='presign-url')
with self.assertRaises(UnsupportedSignatureVersionError):
self.signer.sign('operation_name', self.request,
signing_type='presign-post')
