def test_presign_no_params(self): request = AWSRequest() request.method = 'GET' request.url = 'https://ec2.us-east-1.amazonaws.com/' self.auth.add_auth(request) query_string = self.get_parsed_query_string(request) self.assertEqual( query_string, {'X-Amz-Algorithm': 'AWS4-HMAC-SHA256', 'X-Amz-Credential': ('access_key/20140101/myregion/' 'myservice/aws4_request'), 'X-Amz-Date': '20140101T000000Z', 'X-Amz-Expires': '60', 'X-Amz-Signature': ('c70e0bcdb4cd3ee324f71c78195445b878' '8315af0800bbbdbbb6d05a616fb84c'), 'X-Amz-SignedHeaders': 'host'})
def test_canonical_query_string(self): request = AWSRequest() request.url = ( 'https://search-testdomain1-j67dwxlet67gf7ghwfmik2c67i.us-west-2.' 'cloudsearch.amazonaws.com/' '2013-01-01/search?format=sdk&pretty=true&' 'q.options=%7B%22defaultOperator%22%3A%20%22and%22%2C%20%22' 'fields%22%3A%5B%22directors%5E10%22%5D%7D&q=George%20Lucas') request.method = 'GET' auth = self.create_signer('cloudsearchdomain', 'us-west-2') actual = auth.canonical_query_string(request) # Here 'q' should come before 'q.options'. expected = ("format=sdk&pretty=true&q=George%20Lucas&q.options=%7B%22" "defaultOperator%22%3A%20%22and%22%2C%20%22fields%22%3A%5B" "%22directors%5E10%22%5D%7D") self.assertEqual(actual, expected)
def test_resign_with_token(self): credentials = ibm_botocore.credentials.Credentials(access_key='foo', secret_key='bar', token='baz') auth = ibm_botocore.auth.SigV3Auth(credentials) request = AWSRequest() request.headers['Date'] = 'Thu, 17 Nov 2005 18:49:58 GMT' request.method = 'PUT' request.url = 'https://route53.amazonaws.com/' auth.add_auth(request) original_auth = request.headers['X-Amzn-Authorization'] # Resigning the request shouldn't change the authorization # header. auth.add_auth(request) self.assertEqual(request.headers.get_all('X-Amzn-Authorization'), [original_auth])
def test_presign_where_body_is_json_string(self): request = AWSRequest() request.method = 'GET' request.url = 'https://myservice.us-east-1.amazonaws.com/' request.data = '{"Param": "value"}' self.auth.add_auth(request) query_string = self.get_parsed_query_string(request) expected_query_string = { 'X-Amz-Algorithm': 'AWS4-HMAC-SHA256', 'X-Amz-Credential': ( 'access_key/20140101/myregion/myservice/aws4_request'), 'X-Amz-Expires': '60', 'X-Amz-Date': '20140101T000000Z', 'X-Amz-Signature': ( '8e1d372d168d532313ce6df8f64a7dc51d' 'e6f312a9cfba6e5b345d8a771e839c'), 'X-Amz-SignedHeaders': 'host', 'Param': 'value' } self.assertEqual(query_string, expected_query_string)
def test_resign_with_token(self): credentials = ibm_botocore.credentials.Credentials( access_key='foo', secret_key='bar', token='baz') auth = ibm_botocore.auth.HmacV1Auth(credentials) request = AWSRequest() request.headers['Date'] = 'Thu, 17 Nov 2005 18:49:58 GMT' request.headers['Content-Type'] = 'text/html' request.method = 'PUT' request.url = 'https://s3.amazonaws.com/bucket/key' auth.add_auth(request) original_auth = request.headers['Authorization'] # Resigning the request shouldn't change the authorization # header. We are also ensuring that the date stays the same # because we're mocking out the formatdate() call. There's # another unit test that verifies we use the latest time # when we sign the request. auth.add_auth(request) self.assertEqual(request.headers.get_all('Authorization'), [original_auth])
def test_s3_sigv4_presign(self): auth = ibm_botocore.auth.S3SigV4QueryAuth( self.credentials, self.service_name, self.region_name, expires=60) request = AWSRequest() request.method = 'GET' request.url = ( 'https://s3.us-west-2.amazonaws.com/mybucket/keyname/.bar') auth.add_auth(request) query_string = self.get_parsed_query_string(request) # We use a different payload: self.assertEqual(auth.payload(request), 'UNSIGNED-PAYLOAD') # which will result in a different X-Amz-Signature: self.assertEqual( query_string, {'X-Amz-Algorithm': 'AWS4-HMAC-SHA256', 'X-Amz-Credential': ('access_key/20140101/myregion/' 'myservice/aws4_request'), 'X-Amz-Date': '20140101T000000Z', 'X-Amz-Expires': '60', 'X-Amz-Signature': ('ac1b8b9e47e8685c5c963d75e35e8741d55251' 'cd955239cc1efad4dc7201db66'), 'X-Amz-SignedHeaders': 'host'})
def test_resign_uses_most_recent_date(self): dates = [ 'Thu, 17 Nov 2005 18:49:58 GMT', 'Thu, 17 Nov 2014 20:00:00 GMT', ] self.formatdate.side_effect = dates request = AWSRequest() request.headers['Content-Type'] = 'text/html' request.method = 'PUT' request.url = 'https://s3.amazonaws.com/bucket/key' self.hmacv1.add_auth(request) original_date = request.headers['Date'] self.hmacv1.add_auth(request) modified_date = request.headers['Date'] # Each time we sign a request, we make another call to formatdate() # so we should have a different date header each time. self.assertEqual(original_date, dates[0]) self.assertEqual(modified_date, dates[1])
def test_thread_safe_timestamp(self): request = AWSRequest() request.url = ( 'https://search-testdomain1-j67dwxlet67gf7ghwfmik2c67i.us-west-2.' 'cloudsearch.amazonaws.com/' '2013-01-01/search?format=sdk&pretty=true&' 'q.options=%7B%22defaultOperator%22%3A%20%22and%22%2C%20%22' 'fields%22%3A%5B%22directors%5E10%22%5D%7D&q=George%20Lucas' ) request.method = 'GET' auth = self.create_signer('cloudsearchdomain', 'us-west-2') with mock.patch.object( ibm_botocore.auth.datetime, 'datetime', mock.Mock(wraps=datetime.datetime)) as mock_datetime: original_utcnow = datetime.datetime(2014, 1, 1, 0, 0) mock_datetime.utcnow.return_value = original_utcnow # Go through the add_auth process once. This will attach # a timestamp to the request at the beginning of auth. auth.add_auth(request) self.assertEqual(request.context['timestamp'], '20140101T000000Z') # Ensure the date is in the Authorization header self.assertIn('20140101', request.headers['Authorization']) # Now suppose the utc time becomes the next day all of a sudden mock_datetime.utcnow.return_value = datetime.datetime( 2014, 1, 2, 0, 0) # Smaller methods like the canonical request and string_to_sign # should have the timestamp attached to the request in their # body and not what the time is now mocked as. This is to ensure # there is no mismatching in timestamps when signing. cr = auth.canonical_request(request) self.assertIn('x-amz-date:20140101T000000Z', cr) self.assertNotIn('x-amz-date:20140102T000000Z', cr) sts = auth.string_to_sign(request, cr) self.assertIn('20140101T000000Z', sts) self.assertNotIn('20140102T000000Z', sts)