def setUp(self):
super(TestS3PostPresigner, self).setUp()
self.request_signer = RequestSigner(ServiceId('service_name'),
'region_name', 'signing_name',
's3v4', self.credentials,
self.emitter)
self.signer = S3PostPresigner(self.request_signer)
self.request_dict = {
'headers': {},
'url': 'https://s3.amazonaws.com/mybucket',
'body': b'',
'url_path': '/',
'method': 'POST',
'context': {}
}
self.auth = mock.Mock()
self.auth.REQUIRES_REGION = True
self.add_auth = mock.Mock()
self.auth.return_value.add_auth = self.add_auth
self.fixed_credentials = self.credentials.get_frozen_credentials()
self.datetime_patch = mock.patch('ibm_botocore.signers.datetime')
self.datetime_mock = self.datetime_patch.start()
self.fixed_date = datetime.datetime(2014, 3, 10, 17, 2, 55, 0)
self.fixed_delta = datetime.timedelta(seconds=3600)
self.datetime_mock.datetime.utcnow.return_value = self.fixed_date
self.datetime_mock.timedelta.return_value = self.fixed_delta
def test_region_required_for_sigv4(self):
self.signer = RequestSigner(ServiceId('service_name'), None,
'signing_name', 'v4', self.credentials,
self.emitter)
with self.assertRaises(NoRegionError):
self.signer.sign('operation_name', self.request)
def test_destination_region_always_changed(self):
# If the user provides a destination region, we will still
# override the DesinationRegion with the region_name from
# the endpoint object.
actual_region = 'us-west-1'
operation_model = mock.Mock()
operation_model.name = 'CopySnapshot'
credentials = Credentials('key', 'secret')
event_emitter = HierarchicalEmitter()
request_signer = RequestSigner(ServiceId('ec2'), actual_region, 'ec2',
'v4', credentials, event_emitter)
request_dict = {}
params = {
'SourceRegion': 'us-west-2',
'DestinationRegion': 'us-east-1'
}
request_dict['body'] = params
request_dict['url'] = 'https://ec2.us-west-1.amazonaws.com'
request_dict['method'] = 'POST'
request_dict['headers'] = {}
request_dict['context'] = {}
# The user provides us-east-1, but we will override this to
# endpoint.region_name, of 'us-west-1' in this case.
handlers.inject_presigned_url_ec2(request_dict, request_signer,
operation_model)
self.assertIn('https://ec2.us-west-2.amazonaws.com?',
params['PresignedUrl'])
# Always use the DestinationRegion from the endpoint, regardless of
# whatever value the user provides.
self.assertEqual(params['DestinationRegion'], actual_region)
def setUp(self):
self.credentials = Credentials('key', 'secret')
self.emitter = mock.Mock()
self.emitter.emit_until_response.return_value = (None, None)
self.signer = RequestSigner(ServiceId('service_name'), 'region_name',
'signing_name', 'v4', self.credentials,
self.emitter)
self.fixed_credentials = self.credentials.get_frozen_credentials()
def setUp(self):
super(TestRetryInterface, self).setUp()
self.retried_on_exception = None
self._operation = Mock(spec=OperationModel)
self._operation.name = 'DescribeInstances'
self._operation.metadata = {'protocol': 'query'}
self._operation.service_model.service_id = ServiceId('EC2')
self._operation.has_streaming_output = False
self._operation.has_event_stream_output = False
def test_add_md5_raises_error_when_md5_unavailable(self):
credentials = Credentials('key', 'secret')
request_signer = RequestSigner(ServiceId('s3'), 'us-east-1', 's3',
's3', credentials, mock.Mock())
request_dict = {
'body': b'bar',
'url': 'https://s3.us-east-1.amazonaws.com',
'method': 'PUT',
'headers': {}
}
self.set_md5_available(False)
with self.assertRaises(MD5UnavailableError):
handlers.calculate_md5(request_dict, request_signer=request_signer)
def test_presigned_url_throws_unsupported_signature_error(self):
request_dict = {
'headers': {},
'url': 'https://s3.amazonaws.com/mybucket/myobject',
'body': b'',
'url_path': '/',
'method': 'GET',
'context': {}
}
self.signer = RequestSigner(ServiceId('service_name'), 'region_name',
'signing_name', 'foo', self.credentials,
self.emitter)
with self.assertRaises(UnsupportedSignatureVersionError):
self.signer.generate_presigned_url(request_dict,
operation_name='foo')
def test_adds_md5_when_s3v2(self):
credentials = Credentials('key', 'secret')
request_signer = RequestSigner(ServiceId('s3'), 'us-east-1', 's3',
's3', credentials, mock.Mock())
request_dict = {
'body': b'bar',
'url': 'https://s3.us-east-1.amazonaws.com',
'method': 'PUT',
'headers': {}
}
context = self.get_context()
handlers.conditionally_calculate_md5(request_dict,
request_signer=request_signer,
context=context)
self.assertTrue('Content-MD5' in request_dict['headers'])
def test_no_credentials_case_is_forwarded_to_signer(self):
# If no credentials are given to the RequestSigner, we should
# forward that fact on to the Auth class and let them handle
# the error (which they already do).
self.credentials = None
self.signer = RequestSigner(ServiceId('service_name'), 'region_name',
'signing_name', 'v4', self.credentials,
self.emitter)
auth_cls = mock.Mock()
with mock.patch.dict(ibm_botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
self.signer.get_auth_instance('service_name', 'region_name', 'v4')
auth_cls.assert_called_with(
service_name='service_name',
region_name='region_name',
credentials=None,
)
def test_dest_region_removed(self):
operation_model = mock.Mock()
operation_model.name = 'CopyDBSnapshot'
credentials = Credentials('key', 'secret')
event_emitter = HierarchicalEmitter()
request_signer = RequestSigner(ServiceId('rds'), 'us-east-1', 'rds',
'v4', credentials, event_emitter)
request_dict = {}
params = {'SourceRegion': 'us-west-2'}
request_dict['body'] = params
request_dict['url'] = 'https://rds.us-east-1.amazonaws.com'
request_dict['method'] = 'POST'
request_dict['headers'] = {}
request_dict['context'] = {}
handlers.inject_presigned_url_rds(params=request_dict,
request_signer=request_signer,
model=operation_model)
self.assertNotIn('DestinationRegion', params)
def test_signer_with_refreshable_credentials_gets_credential_set(self):
class FakeCredentials(Credentials):
def get_frozen_credentials(self):
return ReadOnlyCredentials('foo', 'bar', 'baz')
self.credentials = FakeCredentials('a', 'b', 'c')
self.signer = RequestSigner(ServiceId('service_name'), 'region_name',
'signing_name', 'v4', self.credentials,
self.emitter)
auth_cls = mock.Mock()
with mock.patch.dict(ibm_botocore.auth.AUTH_TYPE_MAPS,
{'v4': auth_cls}):
auth = self.signer.get_auth('service_name', 'region_name')
self.assertEqual(auth, auth_cls.return_value)
# Note we're called with 'foo', 'bar', 'baz', and *not*
# 'a', 'b', 'c'.
auth_cls.assert_called_with(credentials=ReadOnlyCredentials(
'foo', 'bar', 'baz'),
service_name='service_name',
region_name='region_name')
