Example #1
0
    def __init__(self, name, access_key=None, secret_key=None,
                 security_token=None, profile_name=None):
        self.host = None
        self.port = None
        self.host_header = None
        self.access_key = access_key
        self.secret_key = secret_key
        self.security_token = security_token
        self.profile_name = profile_name
        self.name = name
        self.acl_class = self.AclClassMap[self.name]
        self.canned_acls = self.CannedAclsMap[self.name]
        self._credential_expiry_time = None

        # Load shared credentials file if it exists
        shared_path = os.path.join(expanduser('~'), '.' + name, 'credentials')
        self.shared_credentials = Config(do_load=False)
        if os.path.isfile(shared_path):
            self.shared_credentials.load_from_path(shared_path)

        self.get_credentials(access_key, secret_key, security_token, profile_name)
        self.configure_headers()
        self.configure_errors()

        # Allow config file to override default host and port.
        host_opt_name = '%s_host' % self.HostKeyMap[self.name]
        if config.has_option('Credentials', host_opt_name):
            self.host = config.get('Credentials', host_opt_name)
        port_opt_name = '%s_port' % self.HostKeyMap[self.name]
        if config.has_option('Credentials', port_opt_name):
            self.port = config.getint('Credentials', port_opt_name)
        host_header_opt_name = '%s_host_header' % self.HostKeyMap[self.name]
        if config.has_option('Credentials', host_header_opt_name):
            self.host_header = config.get('Credentials', host_header_opt_name)
Example #2
0
    def __init__(self, name, access_key=None, secret_key=None,
                 security_token=None, profile_name=None):
        self.host = None
        self.port = None
        self.host_header = None
        self.access_key = access_key
        self.secret_key = secret_key
        self.security_token = security_token
        self.profile_name = profile_name
        self.name = name
        self.acl_class = self.AclClassMap[self.name]
        self.canned_acls = self.CannedAclsMap[self.name]
        self._credential_expiry_time = None

        # Load shared credentials file if it exists
        shared_path = os.path.join(expanduser('~'), '.' + name, 'credentials')
        self.shared_credentials = Config(do_load=False)
        if os.path.isfile(shared_path):
            self.shared_credentials.load_from_path(shared_path)

        self.get_credentials(access_key, secret_key, security_token, profile_name)
        self.configure_headers()
        self.configure_errors()

        # Allow config file to override default host and port.
        host_opt_name = '%s_host' % self.HostKeyMap[self.name]
        if config.has_option('Credentials', host_opt_name):
            self.host = config.get('Credentials', host_opt_name)
        port_opt_name = '%s_port' % self.HostKeyMap[self.name]
        if config.has_option('Credentials', port_opt_name):
            self.port = config.getint('Credentials', port_opt_name)
        host_header_opt_name = '%s_host_header' % self.HostKeyMap[self.name]
        if config.has_option('Credentials', host_header_opt_name):
            self.host_header = config.get('Credentials', host_header_opt_name)
    def get_credentials(self, access_key=None, secret_key=None, security_token=None):
        access_key_name, secret_key_name = self.CredentialMap[self.name]
        if access_key is not None:
            self._access_key = access_key
        elif os.environ.has_key(access_key_name.upper()):
            self._access_key = os.environ[access_key_name.upper()]
        elif config.has_option('Credentials', access_key_name):
            self._access_key = config.get('Credentials', access_key_name)

        if secret_key is not None:
            self._secret_key = secret_key
        elif os.environ.has_key(secret_key_name.upper()):
            self._secret_key = os.environ[secret_key_name.upper()]
        elif config.has_option('Credentials', secret_key_name):
            self._secret_key = config.get('Credentials', secret_key_name)

        security_token_name = self.HeaderInfoMap[self.name][SECURITY_TOKEN_HEADER_KEY]
        security_token_name_env = security_token_name.upper().replace('-', '_')

        if security_token is not None:
            self._security_token = security_token
        elif os.environ.has_key(security_token_name_env):
            self._security_token = os.environ[security_token_name_env]
        elif config.has_option('Credentials', security_token_name):
            self._security_token = config.get('Credentials', security_token_name)

        if isinstance(self._secret_key, unicode):
            # the secret key must be bytes and not unicode to work
            #  properly with hmac.new (see http://bugs.python.org/issue5285)
            self._secret_key = str(self._secret_key)

        stsagent_command = os.environ.get('AWS_STSAGENT')
        if stsagent_command:
            self.stsagent = stsagent.STSAgent(stsagent_command, 60)
Example #4
0
 def __init__(self, name, access_key=None, secret_key=None,
              security_token=None, profile_name=None):
     self.host = None
     self.port = None
     self.host_header = None
     self.access_key = access_key
     self.secret_key = secret_key
     self.security_token = security_token
     self.profile_name = profile_name
     self.name = name
     self.acl_class = self.AclClassMap[self.name]
     self.canned_acls = self.CannedAclsMap[self.name]
     self._credential_expiry_time = None
     self.get_credentials(access_key, secret_key, security_token, profile_name)
     self.configure_headers()
     self.configure_errors()
     # Allow config file to override default host and port.
     host_opt_name = '%s_host' % self.HostKeyMap[self.name]
     if config.has_option('Credentials', host_opt_name):
         self.host = config.get('Credentials', host_opt_name)
     port_opt_name = '%s_port' % self.HostKeyMap[self.name]
     if config.has_option('Credentials', port_opt_name):
         self.port = config.getint('Credentials', port_opt_name)
     host_header_opt_name = '%s_host_header' % self.HostKeyMap[self.name]
     if config.has_option('Credentials', host_header_opt_name):
         self.host_header = config.get('Credentials', host_header_opt_name)
Example #5
0
 def __init__(self, name, access_key=None, secret_key=None,
              security_token=None):
     self.host = None
     self.port = None
     self.host_header = None
     self.access_key = access_key
     self.secret_key = secret_key
     self.security_token = security_token
     self.name = name
     self.acl_class = self.AclClassMap[self.name]
     self.canned_acls = self.CannedAclsMap[self.name]
     self._credential_expiry_time = None
     self.get_credentials(access_key, secret_key)
     self.configure_headers()
     self.configure_errors()
     # Allow config file to override default host and port.
     host_opt_name = '%s_host' % self.HostKeyMap[self.name]
     if config.has_option('Credentials', host_opt_name):
         self.host = config.get('Credentials', host_opt_name)
     port_opt_name = '%s_port' % self.HostKeyMap[self.name]
     if config.has_option('Credentials', port_opt_name):
         self.port = config.getint('Credentials', port_opt_name)
     host_header_opt_name = '%s_host_header' % self.HostKeyMap[self.name]
     if config.has_option('Credentials', host_header_opt_name):
         self.host_header = config.get('Credentials', host_header_opt_name)
Example #6
0
    def get_credentials(self,
                        access_key=None,
                        secret_key=None,
                        security_token=None):
        access_key_name, secret_key_name = self.CredentialMap[self.name]
        if access_key is not None:
            self.access_key = access_key
        elif os.environ.has_key(access_key_name.upper()):
            self.access_key = os.environ[access_key_name.upper()]
        elif config.has_option('Credentials', access_key_name):
            self.access_key = config.get('Credentials', access_key_name)

        if secret_key is not None:
            self.secret_key = secret_key
        elif os.environ.has_key(secret_key_name.upper()):
            self.secret_key = os.environ[secret_key_name.upper()]
        elif config.has_option('Credentials', secret_key_name):
            self.secret_key = config.get('Credentials', secret_key_name)

        security_token_name = self.HeaderInfoMap[
            self.name][SECURITY_TOKEN_HEADER_KEY]
        security_token_name_env = security_token_name.upper().replace('-', '_')

        if security_token is not None:
            self.security_token = security_token
        elif os.environ.has_key(security_token_name_env):
            self.security_token = os.environ[security_token_name_env]
        elif config.has_option('Credentials', security_token_name):
            self.secret_key = config.get('Credentials', security_token_name)

        if isinstance(self.secret_key, unicode):
            # the secret key must be bytes and not unicode to work
            #  properly with hmac.new (see http://bugs.python.org/issue5285)
            self.secret_key = str(self.secret_key)
 def _ServiceAccountCredentialsPresent(self):
   # TODO: Currently, service accounts cannot be project owners (unless
   # they are grandfathered). Unfortunately, setting a canned ACL other
   # than project-private, the ACL that buckets get by default, removes
   # project-editors access from the bucket ACL. So any canned ACL that would
   # actually represent a change the bucket would also orphan the service
   # account's access to the bucket. If service accounts can be owners
   # in the future, remove this function and update all callers.
   return (config.has_option('Credentials', 'gs_service_key_file') or
           config.has_option('GoogleCompute', 'service_account'))
Example #8
0
 def _ServiceAccountCredentialsPresent(self):
   # TODO: Currently, service accounts cannot be project owners (unless
   # they are grandfathered). Unfortunately, setting a canned ACL other
   # than project-private, the ACL that buckets get by default, removes
   # project-editors access from the bucket ACL. So any canned ACL that would
   # actually represent a change the bucket would also orphan the service
   # account's access to the bucket. If service accounts can be owners
   # in the future, remove this function and update all callers.
   return (config.has_option('Credentials', 'gs_service_key_file') or
           config.has_option('GoogleCompute', 'service_account'))
Example #9
0
    def get_credentials(self,
                        access_key=None,
                        secret_key=None,
                        security_token=None):
        access_key_name, secret_key_name, security_token_name = self.CredentialMap[
            self.name]
        if access_key is not None:
            self.access_key = access_key
            boto.log.debug("Using access key provided by client.")
        elif access_key_name.upper() in os.environ:
            self.access_key = os.environ[access_key_name.upper()]
            boto.log.debug("Using access key found in environment variable.")
        elif config.has_option('Credentials', access_key_name):
            self.access_key = config.get('Credentials', access_key_name)
            boto.log.debug("Using access key found in config file.")

        if secret_key is not None:
            self.secret_key = secret_key
            boto.log.debug("Using secret key provided by client.")
        elif secret_key_name.upper() in os.environ:
            self.secret_key = os.environ[secret_key_name.upper()]
            boto.log.debug("Using secret key found in environment variable.")
        elif config.has_option('Credentials', secret_key_name):
            self.secret_key = config.get('Credentials', secret_key_name)
            boto.log.debug("Using secret key found in config file.")
        elif config.has_option('Credentials', 'keyring'):
            keyring_name = config.get('Credentials', 'keyring')
            try:
                import keyring
            except ImportError:
                boto.log.error("The keyring module could not be imported. "
                               "For keyring support, install the keyring "
                               "module.")
                raise
            self.secret_key = keyring.get_password(keyring_name,
                                                   self.access_key)
            boto.log.debug("Using secret key found in keyring.")

        if security_token is not None:
            self.security_token = security_token
            boto.log.debug("Using security token provided by client.")
        elif security_token_name is not None:
            if security_token_name.upper() in os.environ:
                self.security_token = os.environ[security_token_name.upper()]
                boto.log.debug("Using security token found in environment"
                               " variable.")
            elif config.has_option('Credentials', security_token_name):
                self.security_token = config.get('Credentials',
                                                 security_token_name)
                boto.log.debug("Using security token found in config file.")

        if ((self._access_key is None or self._secret_key is None)
                and self.MetadataServiceSupport[self.name]):
            self._populate_keys_from_metadata_server()
        self._secret_key = self._convert_key_to_str(self._secret_key)
Example #10
0
def confirm_aws_creds():
    logger.debug("Confirming AWS creds in some section in boto.config")
    akid = False
    skid = False
    for section in config.sections():
        akid = akid or config.has_option(section, 'aws_access_key_id')
        askid = skid or config.has_option(section, 'aws_secret_access_key')
    if not akid and skid:
        raise RuntimeError("No aws creds recognized by boto.")

    logger.debug("AWS creds present")
Example #11
0
    def get_credentials(self, access_key=None, secret_key=None,
                        security_token=None):
        access_key_name, secret_key_name, security_token_name = self.CredentialMap[self.name]
        if access_key is not None:
            self.access_key = access_key
            boto.log.debug("Using access key provided by client.")
        elif access_key_name.upper() in os.environ:
            self.access_key = os.environ[access_key_name.upper()]
            boto.log.debug("Using access key found in environment variable.")
        elif config.has_option('Credentials', access_key_name):
            self.access_key = config.get('Credentials', access_key_name)
            boto.log.debug("Using access key found in config file.")

        if secret_key is not None:
            self.secret_key = secret_key
            boto.log.debug("Using secret key provided by client.")
        elif secret_key_name.upper() in os.environ:
            self.secret_key = os.environ[secret_key_name.upper()]
            boto.log.debug("Using secret key found in environment variable.")
        elif config.has_option('Credentials', secret_key_name):
            self.secret_key = config.get('Credentials', secret_key_name)
            boto.log.debug("Using secret key found in config file.")
        elif config.has_option('Credentials', 'keyring'):
            keyring_name = config.get('Credentials', 'keyring')
            try:
                import keyring
            except ImportError:
                boto.log.error("The keyring module could not be imported. "
                               "For keyring support, install the keyring "
                               "module.")
                raise
            self.secret_key = keyring.get_password(
                keyring_name, self.access_key)
            boto.log.debug("Using secret key found in keyring.")

        if security_token is not None:
            self.security_token = security_token
            boto.log.debug("Using security token provided by client.")
        elif security_token_name is not None:
            if security_token_name.upper() in os.environ:
                self.security_token = os.environ[security_token_name.upper()]
                boto.log.debug("Using security token found in environment"
                               " variable.")
            elif config.has_option('Credentials', security_token_name):
                self.security_token = config.get('Credentials',
                                                 security_token_name)
                boto.log.debug("Using security token found in config file.")

        if ((self._access_key is None or self._secret_key is None) and
                self.MetadataServiceSupport[self.name]):
            self._populate_keys_from_metadata_server()
        self._secret_key = self._convert_key_to_str(self._secret_key)
Example #12
0
    def GetApiSelector(self, provider=None):
        """Returns a cs_api_map.ApiSelector based on input and configuration.

    Args:
      provider: Provider to return the ApiSelector for.  If None, class-wide
                default is used.

    Returns:
      cs_api_map.ApiSelector that will be used for calls to the delegator
      for this provider.
    """
        selected_provider = provider or self.provider
        if not selected_provider:
            raise ArgumentException('No provider selected for CloudApi')

        if (selected_provider not in self.api_map[ApiMapConstants.DEFAULT_MAP]
                or self.api_map[ApiMapConstants.DEFAULT_MAP][selected_provider]
                not in self.api_map[ApiMapConstants.API_MAP][selected_provider]
            ):
            raise ArgumentException(
                'No default api available for provider %s' % selected_provider)

        if selected_provider not in self.api_map[ApiMapConstants.SUPPORT_MAP]:
            raise ArgumentException(
                'No supported apis available for provider %s' %
                selected_provider)

        api = self.api_map[ApiMapConstants.DEFAULT_MAP][selected_provider]

        # If we have only HMAC credentials for Google Cloud Storage, we must use
        # the XML API as the JSON API does not support HMAC.
        #
        # Technically if we have only HMAC credentials, we should still be able to
        # access public read resources via the JSON API, but the XML API can do
        # that just as well. It is better to use it than inspect the credentials on
        # every HTTP call.
        if (provider == 'gs' and
                not config.has_option('Credentials', 'gs_oauth2_refresh_token')
                and
                not (config.has_option('Credentials', 'gs_service_client_id')
                     and config.has_option('Credentials',
                                           'gs_service_key_file')) and
            (config.has_option('Credentials', 'gs_access_key_id')
             and config.has_option('Credentials', 'gs_secret_access_key'))):
            api = ApiSelector.XML
        # Try to force the user's preference to a supported API.
        elif self.prefer_api in (
                self.api_map[ApiMapConstants.SUPPORT_MAP][selected_provider]):
            api = self.prefer_api
        return api
Example #13
0
    def get_credentials(self, access_key=None, secret_key=None):
        access_key_name, secret_key_name = self.CredentialMap[self.name]
        if access_key is not None:
            self.access_key = access_key
        elif os.environ.has_key(access_key_name.upper()):
            self.access_key = os.environ[access_key_name.upper()]
        elif config.has_option('Credentials', access_key_name):
            self.access_key = config.get('Credentials', access_key_name)

        if secret_key is not None:
            self.secret_key = secret_key
        elif os.environ.has_key(secret_key_name.upper()):
            self.secret_key = os.environ[secret_key_name.upper()]
        elif config.has_option('Credentials', secret_key_name):
            self.secret_key = config.get('Credentials', secret_key_name)
Example #14
0
    def get_credentials(self, access_key=None, secret_key=None):
        access_key_name, secret_key_name = self.CredentialMap[self.name]
        if access_key:
            self.access_key = access_key
        elif os.environ.has_key(access_key_name.upper()):
            self.access_key = os.environ[access_key_name.upper()]
        elif config.has_option('Credentials', access_key_name):
            self.access_key = config.get('Credentials', access_key_name)

        if secret_key:
            self.secret_key = secret_key
        elif os.environ.has_key(secret_key_name.upper()):
            self.secret_key = os.environ[secret_key_name.upper()]
        elif config.has_option('Credentials', secret_key_name):
            self.secret_key = config.get('Credentials', secret_key_name)
Example #15
0
    def __init__(
        self,
        aws_access_key_id=None,
        aws_secret_access_key=None,
        is_secure=True,
        port=None,
        proxy=None,
        proxy_port=None,
        proxy_user=None,
        proxy_pass=None,
        host=None,
        debug=0,
        https_connection_factory=None,
    ):
        if not host:
            if config.has_option("MTurk", "sandbox") and config.get("MTurk", "sandbox") == "True":
                host = "mechanicalturk.sandbox.amazonaws.com"
            else:
                host = "mechanicalturk.amazonaws.com"

        AWSQueryConnection.__init__(
            self,
            aws_access_key_id,
            aws_secret_access_key,
            is_secure,
            port,
            proxy,
            proxy_port,
            proxy_user,
            proxy_pass,
            host,
            debug,
            https_connection_factory,
        )
Example #16
0
    def __init__(self,
                 aws_access_key_id=None,
                 aws_secret_access_key=None,
                 is_secure=True,
                 port=None,
                 proxy=None,
                 proxy_port=None,
                 proxy_user=None,
                 proxy_pass=None,
                 host=None,
                 debug=0,
                 https_connection_factory=None,
                 security_token=None,
                 profile_name=None):
        if not host:
            if config.has_option('MTurk', 'sandbox') and config.get(
                    'MTurk', 'sandbox') == 'True':
                host = 'mechanicalturk.sandbox.amazonaws.com'
            else:
                host = 'mechanicalturk.amazonaws.com'
        self.debug = debug

        super(MTurkConnection, self).__init__(aws_access_key_id,
                                              aws_secret_access_key,
                                              is_secure,
                                              port,
                                              proxy,
                                              proxy_port,
                                              proxy_user,
                                              proxy_pass,
                                              host,
                                              debug,
                                              https_connection_factory,
                                              security_token=security_token,
                                              profile_name=profile_name)
Example #17
0
def ConfigureNoOpAuthIfNeeded():
  """Sets up no-op auth handler if no boto credentials are configured."""
  if not HasConfiguredCredentials():
    if (config.has_option('Credentials', 'gs_service_client_id') and
        not HAS_CRYPTO):
      if system_util.InvokedViaCloudSdk():
        raise CommandException('\n'.join(
            textwrap.wrap(
                'Your gsutil is configured with an OAuth2 service account, but '
                'you do not have PyOpenSSL or PyCrypto 2.6 or later installed. '
                'Service account authentication requires one of these libraries; '
                'please reactivate your service account via the gcloud auth '
                'command and ensure any gcloud packages necessary for '
                'service accounts are present.')))
      else:
        raise CommandException('\n'.join(
            textwrap.wrap(
                'Your gsutil is configured with an OAuth2 service account, but '
                'you do not have PyOpenSSL or PyCrypto 2.6 or later installed. '
                'Service account authentication requires one of these libraries; '
                'please install either of them to proceed, or configure a '
                'different type of credentials with "gsutil config".')))
    else:
      # With no boto config file the user can still access publicly readable
      # buckets and objects.
      from gslib import no_op_auth_plugin  # pylint: disable=unused-variable
Example #18
0
def PrintTrackerDirDeprecationWarningIfNeeded():
  # TODO: Remove this along with the tracker_dir config value 1 year after
  # 4.6 release date. Use state_dir instead.
  if config.has_option('GSUtil', 'resumable_tracker_dir'):
    sys.stderr.write('Warning: you have set resumable_tracker_dir in your '
                     '.boto configuration file. This configuration option is '
                     'deprecated; please use the state_dir configuration '
                     'option instead.\n')
Example #19
0
def PrintTrackerDirDeprecationWarningIfNeeded():
  # TODO: Remove this along with the tracker_dir config value 1 year after
  # 4.6 release date. Use state_dir instead.
  if config.has_option('GSUtil', 'resumable_tracker_dir'):
    sys.stderr.write('Warning: you have set resumable_tracker_dir in your '
                     '.boto configuration file. This configuration option is '
                     'deprecated; please use the state_dir configuration '
                     'option instead.\n')
Example #20
0
  def GetApiSelector(self, provider=None):
    """Returns a cs_api_map.ApiSelector based on input and configuration.

    Args:
      provider: Provider to return the ApiSelector for.  If None, class-wide
                default is used.

    Returns:
      cs_api_map.ApiSelector that will be used for calls to the delegator
      for this provider.
    """
    selected_provider = provider or self.provider
    if not selected_provider:
      raise ArgumentException('No provider selected for CloudApi')

    if (selected_provider not in self.api_map[ApiMapConstants.DEFAULT_MAP] or
        self.api_map[ApiMapConstants.DEFAULT_MAP][selected_provider] not in
        self.api_map[ApiMapConstants.API_MAP][selected_provider]):
      raise ArgumentException('No default api available for provider %s' %
                              selected_provider)

    if selected_provider not in self.api_map[ApiMapConstants.SUPPORT_MAP]:
      raise ArgumentException('No supported apis available for provider %s' %
                              selected_provider)

    api = self.api_map[ApiMapConstants.DEFAULT_MAP][selected_provider]

    # If we have only HMAC credentials for Google Cloud Storage, we must use
    # the XML API as the JSON API does not support HMAC.
    #
    # Technically if we have only HMAC credentials, we should still be able to
    # access public read resources via the JSON API, but the XML API can do
    # that just as well. It is better to use it than inspect the credentials on
    # every HTTP call.
    if (provider == 'gs' and
        not config.has_option('Credentials', 'gs_oauth2_refresh_token') and
        not (config.has_option('Credentials', 'gs_service_client_id')
             and config.has_option('Credentials', 'gs_service_key_file')) and
        (config.has_option('Credentials', 'gs_access_key_id')
         and config.has_option('Credentials', 'gs_secret_access_key'))):
      api = ApiSelector.XML
    # Try to force the user's preference to a supported API.
    elif self.prefer_api in (self.api_map[ApiMapConstants.SUPPORT_MAP]
                             [selected_provider]):
      api = self.prefer_api
    return api
Example #21
0
def HasConfiguredCredentials():
  """Determines if boto credential/config file exists."""
  has_goog_creds = (config.has_option('Credentials', 'gs_access_key_id') and
                    config.has_option('Credentials', 'gs_secret_access_key'))
  has_amzn_creds = (config.has_option('Credentials', 'aws_access_key_id') and
                    config.has_option('Credentials', 'aws_secret_access_key'))
  has_oauth_creds = (config.has_option('Credentials',
                                       'gs_oauth2_refresh_token'))
  has_service_account_creds = (
      HAS_CRYPTO and
      config.has_option('Credentials', 'gs_service_client_id') and
      config.has_option('Credentials', 'gs_service_key_file'))

  if (has_goog_creds or has_amzn_creds or has_oauth_creds or
      has_service_account_creds):
    return True

  valid_auth_handler = None
  try:
    valid_auth_handler = boto.auth.get_auth_handler(GSConnection.DefaultHost,
                                                    config,
                                                    Provider('google'),
                                                    requested_capability=['s3'])
    # Exclude the no-op auth handler as indicating credentials are configured.
    # Note we can't use isinstance() here because the no-op module may not be
    # imported so we can't get a reference to the class type.
    if 'NoOpAuth' == getattr(
        getattr(valid_auth_handler, '__class__', None),
        '__name__',
        None):  # yapf: disable
      valid_auth_handler = None
  except NoAuthHandlerFound:
    pass

  return valid_auth_handler
Example #22
0
def HasConfiguredCredentials():
  """Determines if boto credential/config file exists."""
  has_goog_creds = (config.has_option('Credentials', 'gs_access_key_id') and
                    config.has_option('Credentials', 'gs_secret_access_key'))
  has_amzn_creds = (config.has_option('Credentials', 'aws_access_key_id') and
                    config.has_option('Credentials', 'aws_secret_access_key'))
  has_oauth_creds = (
      config.has_option('Credentials', 'gs_oauth2_refresh_token'))
  has_service_account_creds = (
      HAS_CRYPTO and
      config.has_option('Credentials', 'gs_service_client_id') and
      config.has_option('Credentials', 'gs_service_key_file'))

  if (has_goog_creds or has_amzn_creds or has_oauth_creds or
      has_service_account_creds):
    return True

  valid_auth_handler = None
  try:
    valid_auth_handler = boto.auth.get_auth_handler(
        GSConnection.DefaultHost, config, Provider('google'),
        requested_capability=['s3'])
    # Exclude the no-op auth handler as indicating credentials are configured.
    # Note we can't use isinstance() here because the no-op module may not be
    # imported so we can't get a reference to the class type.
    if getattr(getattr(valid_auth_handler, '__class__', None),
               '__name__', None) == 'NoOpAuth':
      valid_auth_handler = None
  except NoAuthHandlerFound:
    pass

  return valid_auth_handler
Example #23
0
 def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
              is_secure=True, port=None, proxy=None, proxy_port=None,
              proxy_user=None, proxy_pass=None, host='ec2.amazonaws.com', debug=0,
              https_connection_factory=None):
     if config.has_option('Boto', 'ec2_host'):
         host = config.get('Boto', 'ec2_host')
     AWSQueryConnection.__init__(self, aws_access_key_id, aws_secret_access_key,
                                 is_secure, port, proxy, proxy_port, proxy_user, proxy_pass,
                                 host, debug, https_connection_factory)
Example #24
0
    def get_credentials(self, access_key=None, secret_key=None):
        access_key_name, secret_key_name = self.CredentialMap[self.name]
        if access_key is not None:
            self.access_key = access_key
        elif access_key_name.upper() in os.environ:
            self.access_key = os.environ[access_key_name.upper()]
        elif config.has_option('Credentials', access_key_name):
            self.access_key = config.get('Credentials', access_key_name)

        if secret_key is not None:
            self.secret_key = secret_key
        elif secret_key_name.upper() in os.environ:
            self.secret_key = os.environ[secret_key_name.upper()]
        elif config.has_option('Credentials', secret_key_name):
            self.secret_key = config.get('Credentials', secret_key_name)
        if isinstance(self.secret_key, unicode):
            # the secret key must be bytes and not unicode to work
            #  properly with hmac.new (see http://bugs.python.org/issue5285)
            self.secret_key = str(self.secret_key)
Example #25
0
    def get_credentials(self, access_key=None, secret_key=None):
        access_key_name, secret_key_name = self.CredentialMap[self.name]
        if access_key is not None:
            self.access_key = access_key
        elif os.environ.has_key(access_key_name.upper()):
            self.access_key = os.environ[access_key_name.upper()]
        elif config.has_option('Credentials', access_key_name):
            self.access_key = config.get('Credentials', access_key_name)

        if secret_key is not None:
            self.secret_key = secret_key
        elif os.environ.has_key(secret_key_name.upper()):
            self.secret_key = os.environ[secret_key_name.upper()]
        elif config.has_option('Credentials', secret_key_name):
            self.secret_key = config.get('Credentials', secret_key_name)
        if isinstance(self.secret_key, unicode):
            # the secret key must be bytes and not unicode to work
            #  properly with hmac.new (see http://bugs.python.org/issue5285)
            self.secret_key = str(self.secret_key)
Example #26
0
    def get_credentials(self, access_key=None, secret_key=None):
        access_key_name, secret_key_name = self.CredentialMap[self.name]
        if access_key is not None:
            self.access_key = access_key
        elif access_key_name.upper() in os.environ:
            self.access_key = os.environ[access_key_name.upper()]
        elif config.has_option('Credentials', access_key_name):
            self.access_key = config.get('Credentials', access_key_name)

        if secret_key is not None:
            self.secret_key = secret_key
        elif secret_key_name.upper() in os.environ:
            self.secret_key = os.environ[secret_key_name.upper()]
        elif config.has_option('Credentials', secret_key_name):
            self.secret_key = config.get('Credentials', secret_key_name)

        if ((self._access_key is None or self._secret_key is None) and
                self.MetadataServiceSupport[self.name]):
            self._populate_keys_from_metadata_server()
        self._secret_key = self._convert_key_to_str(self._secret_key)
Example #27
0
 def __init__(self, name, access_key=None, secret_key=None):
     self.host = None
     self.access_key = None
     self.secret_key = None
     self.name = name
     self.acl_class = self.AclClassMap[self.name]
     self.canned_acls = self.CannedAclsMap[self.name]
     self.get_credentials(access_key, secret_key)
     self.configure_headers()
     # allow config file to override default host
     host_opt_name = '%s_host' % self.HostKeyMap[self.name]
     if (config.has_option('Credentials', host_opt_name)):
         self.host = config.get('Credentials', host_opt_name)
Example #28
0
 def __init__(self, name, access_key=None, secret_key=None):
     self.host = None
     self.access_key = None
     self.secret_key = None
     self.name = name
     self.acl_class = self.AclClassMap[self.name]
     self.canned_acls = self.CannedAclsMap[self.name]
     self.get_credentials(access_key, secret_key)
     self.configure_headers()
     # allow config file to override default host
     host_opt_name = '%s_host' % self.HostKeyMap[self.name]
     if (config.has_option('Credentials', host_opt_name)):
         self.host = config.get('Credentials', host_opt_name)
Example #29
0
def HasConfiguredCredentials():
  """Determines if boto credential/config file exists."""
  config = boto.config
  has_goog_creds = (config.has_option('Credentials', 'gs_access_key_id') and
                    config.has_option('Credentials', 'gs_secret_access_key'))
  has_amzn_creds = (config.has_option('Credentials', 'aws_access_key_id') and
                    config.has_option('Credentials', 'aws_secret_access_key'))
  has_oauth_creds = (
      config.has_option('Credentials', 'gs_oauth2_refresh_token'))
  has_service_account_creds = (HAS_CRYPTO and
      config.has_option('Credentials', 'gs_service_client_id') 
      and config.has_option('Credentials', 'gs_service_key_file'))
  has_auth_plugins = config.has_option('Plugin', 'plugin_directory')
  return (has_goog_creds or has_amzn_creds or has_oauth_creds
          or has_auth_plugins or has_service_account_creds)
Example #30
0
def HasConfiguredCredentials():
    """Determines if boto credential/config file exists."""
    config = boto.config
    has_goog_creds = (config.has_option('Credentials', 'gs_access_key_id') and
                      config.has_option('Credentials', 'gs_secret_access_key'))
    has_amzn_creds = (config.has_option('Credentials', 'aws_access_key_id')
                      and config.has_option('Credentials',
                                            'aws_secret_access_key'))
    has_oauth_creds = (config.has_option('Credentials',
                                         'gs_oauth2_refresh_token'))
    has_service_account_creds = (
        HAS_CRYPTO and config.has_option('Credentials', 'gs_service_client_id')
        and config.has_option('Credentials', 'gs_service_key_file'))
    has_auth_plugins = config.has_option('Plugin', 'plugin_directory')
    return (has_goog_creds or has_amzn_creds or has_oauth_creds
            or has_auth_plugins or has_service_account_creds)
Example #31
0
 def __init__(self, name, access_key=None, secret_key=None, security_token=None):
     self.host = None
     self.access_key = access_key
     self.secret_key = secret_key
     self.security_token = security_token
     self.name = name
     self.acl_class = self.AclClassMap[self.name]
     self.canned_acls = self.CannedAclsMap[self.name]
     self.get_credentials(access_key, secret_key)
     self.configure_headers()
     self.configure_errors()
     # allow config file to override default host
     host_opt_name = "%s_host" % self.HostKeyMap[self.name]
     if config.has_option("Credentials", host_opt_name):
         self.host = config.get("Credentials", host_opt_name)
Example #32
0
def HasConfiguredCredentials():
    """Determines if boto credential/config file exists."""
    config = boto.config
    has_goog_creds = config.has_option("Credentials", "gs_access_key_id") and config.has_option(
        "Credentials", "gs_secret_access_key"
    )
    has_amzn_creds = config.has_option("Credentials", "aws_access_key_id") and config.has_option(
        "Credentials", "aws_secret_access_key"
    )
    has_oauth_creds = config.has_option("Credentials", "gs_oauth2_refresh_token")
    has_service_account_creds = (
        HAS_CRYPTO
        and config.has_option("Credentials", "gs_service_client_id")
        and config.has_option("Credentials", "gs_service_key_file")
    )
    has_auth_plugins = config.has_option("Plugin", "plugin_directory")
    return has_goog_creds or has_amzn_creds or has_oauth_creds or has_auth_plugins or has_service_account_creds
Example #33
0
def ConfigureNoOpAuthIfNeeded():
  """Sets up no-op auth handler if no boto credentials are configured."""
  if not HasConfiguredCredentials():
    if (config.has_option('Credentials', 'gs_service_client_id')
        and not HAS_CRYPTO):
      raise CommandException('\n'.join(textwrap.wrap(
          'Your gsutil is configured with an OAuth2 service account, but you '
          'do not have PyOpenSSL or PyCrypto 2.6 or later installed.  Service '
          'account authentication requires one of these libraries; please '
          'install either of them to proceed, or configure a different type '
          'of credentials with "gsutil config".')))
    else:
      # With no boto config file the user can still access publicly readable
      # buckets and objects.
      from gslib import no_op_auth_plugin  # pylint: disable=unused-variable
Example #34
0
    def get_credentials(self, access_key=None, secret_key=None):
        access_key_name, secret_key_name = self.CredentialMap[self.name]
        if access_key is not None:
            self.access_key = access_key
        elif access_key_name.upper() in os.environ:
            self.access_key = os.environ[access_key_name.upper()]
        elif config.has_option('Credentials', access_key_name):
            self.access_key = config.get('Credentials', access_key_name)

        if secret_key is not None:
            self.secret_key = secret_key
        elif secret_key_name.upper() in os.environ:
            self.secret_key = os.environ[secret_key_name.upper()]
        elif config.has_option('Credentials', secret_key_name):
            self.secret_key = config.get('Credentials', secret_key_name)

        if ((self.access_key is None or self.secret_key is None)
                and self.MetadataServiceSupport[self.name]):
            self._populate_keys_from_metadata_server()

        if isinstance(self.secret_key, unicode):
            # the secret key must be bytes and not unicode to work
            #  properly with hmac.new (see http://bugs.python.org/issue5285)
            self.secret_key = str(self.secret_key)
Example #35
0
    def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
                 is_secure=True, port=None, proxy=None, proxy_port=None,
                 proxy_user=None, proxy_pass=None,
                 host=None, debug=0,
                 https_connection_factory=None):
        if not host:
            if config.has_option('MTurk', 'sandbox') and config.get('MTurk', 'sandbox') == 'True':
                host = 'mechanicalturk.sandbox.amazonaws.com'
            else:
                host = 'mechanicalturk.amazonaws.com'

        AWSQueryConnection.__init__(self, aws_access_key_id,
                                    aws_secret_access_key,
                                    is_secure, port, proxy, proxy_port,
                                    proxy_user, proxy_pass, host, debug,
                                    https_connection_factory)
Example #36
0
def ConfigureNoOpAuthIfNeeded():
    """Sets up no-op auth handler if no boto credentials are configured."""
    if not HasConfiguredCredentials():
        if (config.has_option('Credentials', 'gs_service_client_id')
                and not HAS_CRYPTO):
            raise CommandException('\n'.join(
                textwrap.wrap(
                    'Your gsutil is configured with an OAuth2 service account, but you '
                    'do not have PyOpenSSL or PyCrypto 2.6 or later installed.  Service '
                    'account authentication requires one of these libraries; please '
                    'install either of them to proceed, or configure a different type '
                    'of credentials with "gsutil config".')))
        else:
            # With no boto config file the user can still access publicly readable
            # buckets and objects.
            from gslib import no_op_auth_plugin  # pylint: disable=unused-variable
Example #37
0
    def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
                 is_secure=False, port=None, proxy=None, proxy_port=None,
                 proxy_user=None, proxy_pass=None,
                 host=None, debug=0,
                 https_connection_factory=None):
        if not host:
            if config.has_option('MTurk', 'sandbox') and config.get('MTurk', 'sandbox') == 'True':
                host = 'mechanicalturk.sandbox.amazonaws.com'
            else:
                host = 'mechanicalturk.amazonaws.com'

        AWSQueryConnection.__init__(self, aws_access_key_id,
                                    aws_secret_access_key,
                                    is_secure, port, proxy, proxy_port,
                                    proxy_user, proxy_pass, host, debug,
                                    https_connection_factory)
Example #38
0
    def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
                 is_secure=True, port=None, proxy=None, proxy_port=None,
                 proxy_user=None, proxy_pass=None,
                 host=None, debug=0,
                 https_connection_factory=None, security_token=None,
                 profile_name=None, provider='aws'):
        if not host:
            if config.has_option('MTurk', 'sandbox') and config.get('MTurk', 'sandbox') == 'True':
                host = 'mechanicalturk.sandbox.amazonaws.com'
            else:
                host = 'mechanicalturk.amazonaws.com'
        self.debug = debug

        super(MTurkConnection, self).__init__(aws_access_key_id,
                                    aws_secret_access_key,
                                    is_secure, port, proxy, proxy_port,
                                    proxy_user, proxy_pass, host, debug,
                                    https_connection_factory,
                                    security_token=security_token,
                                    profile_name=profile_name, provider=provider)
Example #39
0
    def __init__(
        self,
        aws_access_key_id=None,
        aws_secret_access_key=None,
        is_secure=True,
        port=None,
        proxy=None,
        proxy_port=None,
        proxy_user=None,
        proxy_pass=None,
        host=None,
        debug=0,
        https_connection_factory=None,
        security_token=None,
        profile_name=None,
    ):
        if not host:
            if config.has_option("MTurk", "sandbox") and config.get("MTurk", "sandbox") == "True":
                host = "mechanicalturk.sandbox.amazonaws.com"
            else:
                host = "mechanicalturk.amazonaws.com"
        self.debug = debug

        super(MTurkConnection, self).__init__(
            aws_access_key_id,
            aws_secret_access_key,
            is_secure,
            port,
            proxy,
            proxy_port,
            proxy_user,
            proxy_pass,
            host,
            debug,
            https_connection_factory,
            security_token=security_token,
            profile_name=profile_name,
        )
Example #40
0
def ConfigureNoOpAuthIfNeeded():
  """Sets up no-op auth handler if no boto credentials are configured."""
  if not HasConfiguredCredentials():
    if (config.has_option('Credentials', 'gs_service_client_id')
        and not HAS_CRYPTO):
      if os.environ.get('CLOUDSDK_WRAPPER') == '1':
        raise CommandException('\n'.join(textwrap.wrap(
            'Your gsutil is configured with an OAuth2 service account, but '
            'you do not have PyOpenSSL or PyCrypto 2.6 or later installed. '
            'Service account authentication requires one of these libraries; '
            'please reactivate your service account via the gcloud auth '
            'command and ensure any gcloud packages necessary for '
            'service accounts are present.')))
      else:
        raise CommandException('\n'.join(textwrap.wrap(
            'Your gsutil is configured with an OAuth2 service account, but '
            'you do not have PyOpenSSL or PyCrypto 2.6 or later installed. '
            'Service account authentication requires one of these libraries; '
            'please install either of them to proceed, or configure a '
            'different type of credentials with "gsutil config".')))
    else:
      # With no boto config file the user can still access publicly readable
      # buckets and objects.
      from gslib import no_op_auth_plugin  # pylint: disable=unused-variable
Example #41
0
def _BotoIsSecure():
  for cfg_var in ('is_secure', 'https_validate_certificates'):
    if (config.has_option('Boto', cfg_var)
        and not config.getboolean('Boto', cfg_var)):
      return False, cfg_var
  return True, ''
Example #42
0
    def __init__(self, host, aws_access_key_id=None,
                 aws_secret_access_key=None,
                 is_secure=True, port=None, proxy=None, proxy_port=None,
                 proxy_user=None, proxy_pass=None, debug=0,
                 https_connection_factory=None, path='/',
                 provider='aws', security_token=None,
                 suppress_consec_slashes=True,
                 validate_certs=True, profile_name=None):
        """
        :type host: str
        :param host: The host to make the connection to

        :keyword str aws_access_key_id: Your AWS Access Key ID (provided by
            Amazon). If none is specified, the value in your
            ``AWS_ACCESS_KEY_ID`` environmental variable is used.
        :keyword str aws_secret_access_key: Your AWS Secret Access Key
            (provided by Amazon). If none is specified, the value in your
            ``AWS_SECRET_ACCESS_KEY`` environmental variable is used.
        :keyword str security_token: The security token associated with
            temporary credentials issued by STS.  Optional unless using
            temporary credentials.  If none is specified, the environment
            variable ``AWS_SECURITY_TOKEN`` is used if defined.

        :type is_secure: boolean
        :param is_secure: Whether the connection is over SSL

        :type https_connection_factory: list or tuple
        :param https_connection_factory: A pair of an HTTP connection
            factory and the exceptions to catch.  The factory should have
            a similar interface to L{http_client.HTTPSConnection}.

        :param str proxy: Address/hostname for a proxy server

        :type proxy_port: int
        :param proxy_port: The port to use when connecting over a proxy

        :type proxy_user: str
        :param proxy_user: The username to connect with on the proxy

        :type proxy_pass: str
        :param proxy_pass: The password to use when connection over a proxy.

        :type port: int
        :param port: The port to use to connect

        :type suppress_consec_slashes: bool
        :param suppress_consec_slashes: If provided, controls whether
            consecutive slashes will be suppressed in key paths.

        :type validate_certs: bool
        :param validate_certs: Controls whether SSL certificates
            will be validated or not.  Defaults to True.

        :type profile_name: str
        :param profile_name: Override usual Credentials section in config
            file to use a named set of keys instead.
        """
        self.suppress_consec_slashes = suppress_consec_slashes
        self.num_retries = 6
        # Override passed-in is_secure setting if value was defined in config.
        if config.has_option('Boto', 'is_secure'):
            is_secure = config.getboolean('Boto', 'is_secure')
        self.is_secure = is_secure
        # Whether or not to validate server certificates.
        # The default is now to validate certificates.  This can be
        # overridden in the boto config file are by passing an
        # explicit validate_certs parameter to the class constructor.
        self.https_validate_certificates = config.getbool(
            'Boto', 'https_validate_certificates',
            validate_certs)
        if self.https_validate_certificates and not HAVE_HTTPS_CONNECTION:
            raise BotoClientError(
                    "SSL server certificate validation is enabled in boto "
                    "configuration, but Python dependencies required to "
                    "support this feature are not available. Certificate "
                    "validation is only supported when running under Python "
                    "2.6 or later.")
        certs_file = config.get_value(
                'Boto', 'ca_certificates_file', DEFAULT_CA_CERTS_FILE)
        if certs_file == 'system':
            certs_file = None
        self.ca_certificates_file = certs_file
        if port:
            self.port = port
        else:
            self.port = PORTS_BY_SECURITY[is_secure]

        self.handle_proxy(proxy, proxy_port, proxy_user, proxy_pass)
        # define exceptions from http_client that we want to catch and retry
        self.http_exceptions = (http_client.HTTPException, socket.error,
                                socket.gaierror, http_client.BadStatusLine)
        # define subclasses of the above that are not retryable.
        self.http_unretryable_exceptions = []
        if HAVE_HTTPS_CONNECTION:
            self.http_unretryable_exceptions.append(
                    https_connection.InvalidCertificateException)

        # define values in socket exceptions we don't want to catch
        self.socket_exception_values = (errno.EINTR,)
        if https_connection_factory is not None:
            self.https_connection_factory = https_connection_factory[0]
            self.http_exceptions += https_connection_factory[1]
        else:
            self.https_connection_factory = None
        if (is_secure):
            self.protocol = 'https'
        else:
            self.protocol = 'http'
        self.host = host
        self.path = path
        # if the value passed in for debug
        if not isinstance(debug, six.integer_types):
            debug = 0
        self.debug = config.getint('Boto', 'debug', debug)
        self.host_header = None

        # Timeout used to tell http_client how long to wait for socket timeouts.
        # Default is to leave timeout unchanged, which will in turn result in
        # the socket's default global timeout being used. To specify a
        # timeout, set http_socket_timeout in Boto config. Regardless,
        # timeouts will only be applied if Python is 2.6 or greater.
        self.http_connection_kwargs = {}
        if (sys.version_info[0], sys.version_info[1]) >= (2, 6):
            # If timeout isn't defined in boto config file, use 70 second
            # default as recommended by
            # http://docs.aws.amazon.com/amazonswf/latest/apireference/API_PollForActivityTask.html
            self.http_connection_kwargs['timeout'] = config.getint(
                'Boto', 'http_socket_timeout', 70)

        if isinstance(provider, Provider):
            # Allow overriding Provider
            self.provider = provider
        else:
            self._provider_type = provider
            self.provider = Provider(self._provider_type,
                                     aws_access_key_id,
                                     aws_secret_access_key,
                                     security_token,
                                     profile_name)

        # Allow config file to override default host, port, and host header.
        if self.provider.host:
            self.host = self.provider.host
        if self.provider.port:
            self.port = self.provider.port
        if self.provider.host_header:
            self.host_header = self.provider.host_header

        self._pool = ConnectionPool()
        self._connection = (self.host, self.port, self.is_secure)
        self._last_rs = None
        self._auth_handler = auth.get_auth_handler(
              host, config, self.provider, self._required_auth_capability())
        if getattr(self, 'AuthServiceName', None) is not None:
            self.auth_service_name = self.AuthServiceName
        self.request_hook = None
Example #43
0
def _HasGceCreds():
    return config.has_option('GoogleCompute', 'service_account')
Example #44
0
    def __init__(self,
                 host,
                 aws_access_key_id=None,
                 aws_secret_access_key=None,
                 is_secure=True,
                 port=None,
                 proxy=None,
                 proxy_port=None,
                 proxy_user=None,
                 proxy_pass=None,
                 debug=0,
                 https_connection_factory=None,
                 path='/',
                 provider='aws'):
        """
        :type host: str
        :param host: The host to make the connection to
       
        :keyword str aws_access_key_id: Your AWS Access Key ID (provided by
            Amazon). If none is specified, the value in your 
            ``AWS_ACCESS_KEY_ID`` environmental variable is used.
        :keyword str aws_secret_access_key: Your AWS Secret Access Key 
            (provided by Amazon). If none is specified, the value in your 
            ``AWS_SECRET_ACCESS_KEY`` environmental variable is used.

        :type is_secure: boolean
        :param is_secure: Whether the connection is over SSL

        :type https_connection_factory: list or tuple
        :param https_connection_factory: A pair of an HTTP connection
                                         factory and the exceptions to catch.
                                         The factory should have a similar
                                         interface to L{httplib.HTTPSConnection}.

        :param str proxy: Address/hostname for a proxy server

        :type proxy_port: int
        :param proxy_port: The port to use when connecting over a proxy

        :type proxy_user: str
        :param proxy_user: The username to connect with on the proxy

        :type proxy_pass: str
        :param proxy_pass: The password to use when connection over a proxy.

        :type port: int
        :param port: The port to use to connect
        """
        self.num_retries = 5
        # Override passed-in is_secure setting if value was defined in config.
        if config.has_option('Boto', 'is_secure'):
            is_secure = config.getboolean('Boto', 'is_secure')
        self.is_secure = is_secure
        # Whether or not to validate server certificates.  At some point in the
        # future, the default should be flipped to true.
        self.https_validate_certificates = config.getbool(
            'Boto', 'https_validate_certificates', False)
        if self.https_validate_certificates and not HAVE_HTTPS_CONNECTION:
            raise BotoClientError(
                "SSL server certificate validation is enabled in boto "
                "configuration, but Python dependencies required to "
                "support this feature are not available. Certificate "
                "validation is only supported when running under Python "
                "2.6 or later.")
        self.ca_certificates_file = config.get_value('Boto',
                                                     'ca_certificates_file',
                                                     DEFAULT_CA_CERTS_FILE)
        self.handle_proxy(proxy, proxy_port, proxy_user, proxy_pass)
        # define exceptions from httplib that we want to catch and retry
        self.http_exceptions = (httplib.HTTPException, socket.error,
                                socket.gaierror)
        # define subclasses of the above that are not retryable.
        self.http_unretryable_exceptions = []
        if HAVE_HTTPS_CONNECTION:
            self.http_unretryable_exceptions.append(ssl.SSLError)
            self.http_unretryable_exceptions.append(
                https_connection.InvalidCertificateException)

        # define values in socket exceptions we don't want to catch
        self.socket_exception_values = (errno.EINTR, )
        if https_connection_factory is not None:
            self.https_connection_factory = https_connection_factory[0]
            self.http_exceptions += https_connection_factory[1]
        else:
            self.https_connection_factory = None
        if (is_secure):
            self.protocol = 'https'
        else:
            self.protocol = 'http'
        self.host = host
        self.path = path
        if debug:
            self.debug = debug
        else:
            self.debug = config.getint('Boto', 'debug', debug)
        if port:
            self.port = port
        else:
            self.port = PORTS_BY_SECURITY[is_secure]

        # Timeout used to tell httplib how long to wait for socket timeouts.
        # Default is to leave timeout unchanged, which will in turn result in
        # the socket's default global timeout being used. To specify a
        # timeout, set http_socket_timeout in Boto config. Regardless,
        # timeouts will only be applied if Python is 2.6 or greater.
        self.http_connection_kwargs = {}
        if (sys.version_info[0], sys.version_info[1]) >= (2, 6):
            if config.has_option('Boto', 'http_socket_timeout'):
                timeout = config.getint('Boto', 'http_socket_timeout')
                self.http_connection_kwargs['timeout'] = timeout

        self.provider = Provider(provider, aws_access_key_id,
                                 aws_secret_access_key)

        # allow config file to override default host
        if self.provider.host:
            self.host = self.provider.host

        # cache up to 20 connections per host, up to 20 hosts
        self._pool = ConnectionPool(20, 20)
        self._connection = (self.server_name(), self.is_secure)
        self._last_rs = None
        self._auth_handler = auth.get_auth_handler(
            host, config, self.provider, self._required_auth_capability())
Example #45
0
    def get_credentials(self,
                        access_key=None,
                        secret_key=None,
                        security_token=None,
                        profile_name=None):
        access_key_name, secret_key_name, security_token_name, \
            profile_name_name = self.CredentialMap[self.name]

        # Load profile from shared environment variable if it was not
        # already passed in and the environment variable exists
        if profile_name is None and profile_name_name is not None and \
           profile_name_name.upper() in os.environ:
            profile_name = os.environ[profile_name_name.upper()]

        shared = self.shared_credentials

        if access_key is not None:
            self.access_key = access_key
            boto.log.debug("Using access key provided by client.")
        elif access_key_name.upper() in os.environ:
            self.access_key = os.environ[access_key_name.upper()]
            boto.log.debug("Using access key found in environment variable.")
        elif profile_name is not None:
            if shared.has_option(profile_name, access_key_name):
                self.access_key = shared.get(profile_name, access_key_name)
                boto.log.debug("Using access key found in shared credential "
                               "file for profile %s." % profile_name)
            elif config.has_option("profile %s" % profile_name,
                                   access_key_name):
                self.access_key = config.get("profile %s" % profile_name,
                                             access_key_name)
                boto.log.debug("Using access key found in config file: "
                               "profile %s." % profile_name)
            else:
                raise ProfileNotFoundError('Profile "%s" not found!' %
                                           profile_name)
        elif shared.has_option('default', access_key_name):
            self.access_key = shared.get('default', access_key_name)
            boto.log.debug("Using access key found in shared credential file.")
        elif config.has_option('Credentials', access_key_name):
            self.access_key = config.get('Credentials', access_key_name)
            boto.log.debug("Using access key found in config file.")

        if secret_key is not None:
            self.secret_key = secret_key
            boto.log.debug("Using secret key provided by client.")
        elif secret_key_name.upper() in os.environ:
            self.secret_key = os.environ[secret_key_name.upper()]
            boto.log.debug("Using secret key found in environment variable.")
        elif profile_name is not None:
            if shared.has_option(profile_name, secret_key_name):
                self.secret_key = shared.get(profile_name, secret_key_name)
                boto.log.debug("Using secret key found in shared credential "
                               "file for profile %s." % profile_name)
            elif config.has_option("profile %s" % profile_name,
                                   secret_key_name):
                self.secret_key = config.get("profile %s" % profile_name,
                                             secret_key_name)
                boto.log.debug("Using secret key found in config file: "
                               "profile %s." % profile_name)
            else:
                raise ProfileNotFoundError('Profile "%s" not found!' %
                                           profile_name)
        elif shared.has_option('default', secret_key_name):
            self.secret_key = shared.get('default', secret_key_name)
            boto.log.debug("Using secret key found in shared credential file.")
        elif config.has_option('Credentials', secret_key_name):
            self.secret_key = config.get('Credentials', secret_key_name)
            boto.log.debug("Using secret key found in config file.")
        elif config.has_option('Credentials', 'keyring'):
            keyring_name = config.get('Credentials', 'keyring')
            try:
                import keyring
            except ImportError:
                boto.log.error("The keyring module could not be imported. "
                               "For keyring support, install the keyring "
                               "module.")
                raise
            self.secret_key = keyring.get_password(keyring_name,
                                                   self.access_key)
            boto.log.debug("Using secret key found in keyring.")

        if security_token is not None:
            self.security_token = security_token
            boto.log.debug("Using security token provided by client.")
        elif ((security_token_name is not None) and (access_key is None)
              and (secret_key is None)):
            # Only provide a token from the environment/config if the
            # caller did not specify a key and secret.  Otherwise an
            # environment/config token could be paired with a
            # different set of credentials provided by the caller
            if security_token_name.upper() in os.environ:
                self.security_token = os.environ[security_token_name.upper()]
                boto.log.debug("Using security token found in environment"
                               " variable.")
            elif shared.has_option(profile_name or 'default',
                                   security_token_name):
                self.security_token = shared.get(profile_name or 'default',
                                                 security_token_name)
                boto.log.debug("Using security token found in shared "
                               "credential file.")
            elif config.has_option('Credentials', security_token_name):
                self.security_token = config.get('Credentials',
                                                 security_token_name)
                boto.log.debug("Using security token found in config file.")

        if ((self._access_key is None or self._secret_key is None)
                and self.MetadataServiceSupport[self.name]):
            self._populate_keys_from_metadata_server()
        self._secret_key = self._convert_key_to_str(self._secret_key)
Example #46
0
def _HasOauth2UserAccountCreds():
  return config.has_option('Credentials', 'gs_oauth2_refresh_token')
Example #47
0
def _HasOauth2ServiceAccountCreds():
  return config.has_option('Credentials', 'gs_service_key_file')
Example #48
0
BASE_DIR = os.path.dirname(os.path.dirname(__file__))


# Setup a database connection to be used in the rest of the code
DB_HOST = os.environ.get('DB_HOST', 'localhost:27017')
client = MongoClient(DB_HOST)
DB_NAME = os.environ.get('DB_NAME', 'dealsdb')
db1 = client[DB_NAME]
if 'DB_USER' in os.environ:
    db1.authenticate(os.environ.get('DB_USER'), os.environ.get('DB_PASSWORD'))
on_aws = False #"ON_AWS" in os.environ

if on_aws:
    if not botoconfig.has_section('Credentials'):
        botoconfig.add_section('Credentials')
    if not botoconfig.has_option('Credentials', 'aws_access_key_id'):
        botoconfig.set('Credentials', 'aws_access_key_id',
                       os.environ.get('AWS_KEY'))
    if not botoconfig.has_option('Credentials', 'aws_secret_access_key'):
        botoconfig.set('Credentials', 'aws_secret_access_key',
                        os.environ.get('AWS_SECRET'))

# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.6/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'je+95#mqpv5%c2(sdp69q)5(o0_-5%*j-a(s0w%q9@spxaipkv'

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
Example #49
0
    def GetApiSelector(self, provider=None):
        """Returns a cs_api_map.ApiSelector based on input and configuration.

    Args:
      provider: Provider to return the ApiSelector for.  If None, class-wide
                default is used.

    Returns:
      cs_api_map.ApiSelector that will be used for calls to the delegator
      for this provider.
    """
        selected_provider = provider or self.provider
        if not selected_provider:
            raise ArgumentException('No provider selected for CloudApi')

        if (selected_provider not in self.api_map[ApiMapConstants.DEFAULT_MAP]
                or self.api_map[ApiMapConstants.DEFAULT_MAP][selected_provider]
                not in self.api_map[ApiMapConstants.API_MAP][selected_provider]
            ):
            raise ArgumentException(
                'No default api available for provider %s' % selected_provider)

        if selected_provider not in self.api_map[ApiMapConstants.SUPPORT_MAP]:
            raise ArgumentException(
                'No supported apis available for provider %s' %
                selected_provider)

        api = self.api_map[ApiMapConstants.DEFAULT_MAP][selected_provider]

        using_gs_hmac = (
            provider == 'gs'
            and not config.has_option('Credentials', 'gs_oauth2_refresh_token')
            and
            not (config.has_option('Credentials', 'gs_service_client_id')
                 and config.has_option('Credentials', 'gs_service_key_file'))
            and (config.has_option('Credentials', 'gs_access_key_id')
                 and config.has_option('Credentials', 'gs_secret_access_key')))

        configured_encryption = (
            provider == 'gs'
            and (config.has_option('GSUtil', 'encryption_key')
                 or config.has_option('GSUtil', 'decryption_key1')))

        if using_gs_hmac and configured_encryption:
            raise CommandException(
                'gsutil does not support HMAC credentials with customer-supplied '
                'encryption keys (CSEK) or customer-managed KMS encryption keys '
                '(CMEK). Please generate and include non-HMAC credentials '
                'in your .boto configuration file, or to access public encrypted '
                'objects, remove your HMAC credentials.')
        # If we have only HMAC credentials for Google Cloud Storage, we must use
        # the XML API as the JSON API does not support HMAC.
        #
        # Technically if we have only HMAC credentials, we should still be able to
        # access public read resources via the JSON API, but the XML API can do
        # that just as well. It is better to use it than inspect the credentials on
        # every HTTP call.
        elif using_gs_hmac:
            api = ApiSelector.XML
        # CSEK and CMEK encryption keys are currently only supported in the
        # JSON API implementation (GcsJsonApi). We can't stop XML API users from
        # interacting with encrypted objects, since we don't know the object is
        # encrypted until after the API call is made, but if they specify
        # configuration values we will use JSON.
        elif configured_encryption:
            api = ApiSelector.JSON
        # Try to force the user's preference to a supported API.
        elif self.prefer_api in (
                self.api_map[ApiMapConstants.SUPPORT_MAP][selected_provider]):
            api = self.prefer_api

        if (api == ApiSelector.XML and context_config.get_context_config() and
                context_config.get_context_config().use_client_certificate):
            raise ArgumentException(
                'User enabled mTLS by setting "use_client_certificate", but mTLS'
                ' is not supported for the selected XML API. Try configuring for '
                ' the GCS JSON API or setting "use_client_certificate" to "False" in'
                ' the Boto config.')

        return api
    def GetApiSelector(self, provider=None):
        """Returns a cs_api_map.ApiSelector based on input and configuration.

    Args:
      provider: Provider to return the ApiSelector for.  If None, class-wide
                default is used.

    Returns:
      cs_api_map.ApiSelector that will be used for calls to the delegator
      for this provider.
    """
        selected_provider = provider or self.provider
        if not selected_provider:
            raise ArgumentException("No provider selected for CloudApi")

        if (
            selected_provider not in self.api_map[ApiMapConstants.DEFAULT_MAP]
            or self.api_map[ApiMapConstants.DEFAULT_MAP][selected_provider]
            not in self.api_map[ApiMapConstants.API_MAP][selected_provider]
        ):
            raise ArgumentException("No default api available for provider %s" % selected_provider)

        if selected_provider not in self.api_map[ApiMapConstants.SUPPORT_MAP]:
            raise ArgumentException("No supported apis available for provider %s" % selected_provider)

        api = self.api_map[ApiMapConstants.DEFAULT_MAP][selected_provider]

        using_gs_hmac = (
            provider == "gs"
            and not config.has_option("Credentials", "gs_oauth2_refresh_token")
            and not (
                config.has_option("Credentials", "gs_service_client_id")
                and config.has_option("Credentials", "gs_service_key_file")
            )
            and (
                config.has_option("Credentials", "gs_access_key_id")
                and config.has_option("Credentials", "gs_secret_access_key")
            )
        )

        configured_encryption = provider == "gs" and (
            config.has_option("GSUtil", "encryption_key") or config.has_option("GSUtil", "decryption_key1")
        )

        if using_gs_hmac and configured_encryption:
            raise CommandException(
                "gsutil does not support HMAC credentials with customer-supplied "
                "encryption keys. Please generate and include non-HMAC credentials "
                "in your .boto configuration file, or to access public encrypted "
                "objects, remove your HMAC credentials."
            )
        # If we have only HMAC credentials for Google Cloud Storage, we must use
        # the XML API as the JSON API does not support HMAC.
        #
        # Technically if we have only HMAC credentials, we should still be able to
        # access public read resources via the JSON API, but the XML API can do
        # that just as well. It is better to use it than inspect the credentials on
        # every HTTP call.
        elif using_gs_hmac:
            api = ApiSelector.XML
        # Customer-supplied encryption keys are only supported in the JSON API.
        # We can't stop XML API users from interacting with encrypted objects,
        # since we don't know the object is encrypted until after the API call is
        # made, but if they specify configuration values we will use JSON.
        elif configured_encryption:
            api = ApiSelector.JSON
        # Try to force the user's preference to a supported API.
        elif self.prefer_api in (self.api_map[ApiMapConstants.SUPPORT_MAP][selected_provider]):
            api = self.prefer_api
        return api
Example #51
0
# Setup a database connection to be used in the rest of the code
DB_HOST = os.environ.get('DB_HOST', 'localhost:27017')
client = MongoClient(DB_HOST)
DB_NAME = os.environ.get('DB_NAME', 'autotest')
AWS_KEY = os.environ.get('AWS_KEY',None)
AWS_SECRET = os.environ.get('AWS_SECRET', None)
db1 = client[DB_NAME]
if 'DB_USER' in os.environ:
    db1.authenticate(os.environ.get('DB_USER'), os.environ.get('DB_PASSWORD'))
on_aws = True #"ON_AWS" in os.environ

if on_aws:
    if not botoconfig.has_section('Credentials'):
        botoconfig.add_section('Credentials')
    if not botoconfig.has_option('Credentials', 'aws_access_key_id'):
        botoconfig.set('Credentials', 'aws_access_key_id',
                       os.environ.get('AWS_KEY'))
    if not botoconfig.has_option('Credentials', 'aws_secret_access_key'):
        botoconfig.set('Credentials', 'aws_secret_access_key',
                        os.environ.get('AWS_SECRET'))

# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'z%h7pr=_$j%^l54+xcjco8e+*%y)%j7q^&0w_+j8nfsh=ra_n('

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
Example #52
0
    def __init__(self, host, aws_access_key_id=None, aws_secret_access_key=None,
                 is_secure=True, port=None, proxy=None, proxy_port=None,
                 proxy_user=None, proxy_pass=None, debug=0,
                 https_connection_factory=None, path='/', provider='aws'):
        """
        :type host: str
        :param host: The host to make the connection to

        :keyword str aws_access_key_id: Your AWS Access Key ID (provided by
            Amazon). If none is specified, the value in your
            ``AWS_ACCESS_KEY_ID`` environmental variable is used.
        :keyword str aws_secret_access_key: Your AWS Secret Access Key
            (provided by Amazon). If none is specified, the value in your
            ``AWS_SECRET_ACCESS_KEY`` environmental variable is used.

        :type is_secure: boolean
        :param is_secure: Whether the connection is over SSL

        :type https_connection_factory: list or tuple
        :param https_connection_factory: A pair of an HTTP connection
                                         factory and the exceptions to catch.
                                         The factory should have a similar
                                         interface to L{httplib.HTTPSConnection}.

        :param str proxy: Address/hostname for a proxy server

        :type proxy_port: int
        :param proxy_port: The port to use when connecting over a proxy

        :type proxy_user: str
        :param proxy_user: The username to connect with on the proxy

        :type proxy_pass: str
        :param proxy_pass: The password to use when connection over a proxy.

        :type port: int
        :param port: The port to use to connect
        """
        self.num_retries = 5
        # Override passed-in is_secure setting if value was defined in config.
        if config.has_option('Boto', 'is_secure'):
            is_secure = config.getboolean('Boto', 'is_secure')
        self.is_secure = is_secure
        # Whether or not to validate server certificates.  At some point in the
        # future, the default should be flipped to true.
        self.https_validate_certificates = config.getbool(
                'Boto', 'https_validate_certificates', False)
        if self.https_validate_certificates and not HAVE_HTTPS_CONNECTION:
            raise BotoClientError(
                    "SSL server certificate validation is enabled in boto "
                    "configuration, but Python dependencies required to "
                    "support this feature are not available. Certificate "
                    "validation is only supported when running under Python "
                    "2.6 or later.")
        self.ca_certificates_file = config.get_value(
                'Boto', 'ca_certificates_file', DEFAULT_CA_CERTS_FILE)
        self.handle_proxy(proxy, proxy_port, proxy_user, proxy_pass)
        # define exceptions from httplib that we want to catch and retry
        self.http_exceptions = (httplib.HTTPException, socket.error,
                                socket.gaierror)
        # define subclasses of the above that are not retryable.
        self.http_unretryable_exceptions = []
        if HAVE_HTTPS_CONNECTION:
            self.http_unretryable_exceptions.append(ssl.SSLError)
            self.http_unretryable_exceptions.append(
                    https_connection.InvalidCertificateException)

        # define values in socket exceptions we don't want to catch
        self.socket_exception_values = (errno.EINTR,)
        if https_connection_factory is not None:
            self.https_connection_factory = https_connection_factory[0]
            self.http_exceptions += https_connection_factory[1]
        else:
            self.https_connection_factory = None
        if (is_secure):
            self.protocol = 'https'
        else:
            self.protocol = 'http'
        self.host = host
        self.path = path
        if debug:
            self.debug = debug
        else:
            self.debug = config.getint('Boto', 'debug', debug)
        if port:
            self.port = port
        else:
            self.port = PORTS_BY_SECURITY[is_secure]

        # Timeout used to tell httplib how long to wait for socket timeouts.
        # Default is to leave timeout unchanged, which will in turn result in
        # the socket's default global timeout being used. To specify a
        # timeout, set http_socket_timeout in Boto config. Regardless,
        # timeouts will only be applied if Python is 2.6 or greater.
        self.http_connection_kwargs = {}
        if (sys.version_info[0], sys.version_info[1]) >= (2, 6):
            if config.has_option('Boto', 'http_socket_timeout'):
                timeout = config.getint('Boto', 'http_socket_timeout')
                self.http_connection_kwargs['timeout'] = timeout

        self.provider = Provider(provider,
                                 aws_access_key_id,
                                 aws_secret_access_key)

        # allow config file to override default host
        if self.provider.host:
            self.host = self.provider.host

        self._pool = ConnectionPool()
        self._connection = (self.server_name(), self.is_secure)
        self._last_rs = None
        self._auth_handler = auth.get_auth_handler(
              host, config, self.provider, self._required_auth_capability())
Example #53
0
    def __init__(self,
                 host,
                 aws_access_key_id=None,
                 aws_secret_access_key=None,
                 is_secure=True,
                 port=None,
                 proxy=None,
                 proxy_port=None,
                 proxy_user=None,
                 proxy_pass=None,
                 debug=0,
                 https_connection_factory=None,
                 path='/'):
        """
        :type host: string
        :param host: The host to make the connection to

        :type aws_access_key_id: string
        :param aws_access_key_id: AWS Access Key ID (provided by Amazon)

        :type aws_secret_access_key: string
        :param aws_secret_access_key: Secret Access Key (provided by Amazon)

        :type is_secure: boolean
        :param is_secure: Whether the connection is over SSL

        :type https_connection_factory: list or tuple
        :param https_connection_factory: A pair of an HTTP connection
                                         factory and the exceptions to catch.
                                         The factory should have a similar
                                         interface to L{httplib.HTTPSConnection}.

        :type proxy:
        :param proxy:

        :type proxy_port: int
        :param proxy_port: The port to use when connecting over a proxy

        :type proxy_user: string
        :param proxy_user: The username to connect with on the proxy

        :type proxy_pass: string
        :param proxy_pass: The password to use when connection over a proxy.

        :type port: integer
        :param port: The port to use to connect
        """

        self.num_retries = 5
        self.is_secure = is_secure
        self.handle_proxy(proxy, proxy_port, proxy_user, proxy_pass)
        # define exceptions from httplib that we want to catch and retry
        self.http_exceptions = (httplib.HTTPException, socket.error,
                                socket.gaierror)
        # define values in socket exceptions we don't want to catch
        self.socket_exception_values = (errno.EINTR, )
        if https_connection_factory is not None:
            self.https_connection_factory = https_connection_factory[0]
            self.http_exceptions += https_connection_factory[1]
        else:
            self.https_connection_factory = None
        if (is_secure):
            self.protocol = 'https'
        else:
            self.protocol = 'http'
        self.host = host
        self.path = path
        if debug:
            self.debug = debug
        else:
            self.debug = config.getint('Boto', 'debug', debug)
        if port:
            self.port = port
        else:
            self.port = PORTS_BY_SECURITY[is_secure]

        if aws_access_key_id:
            self.aws_access_key_id = aws_access_key_id
        elif os.environ.has_key('AWS_ACCESS_KEY_ID'):
            self.aws_access_key_id = os.environ['AWS_ACCESS_KEY_ID']
        elif config.has_option('Credentials', 'aws_access_key_id'):
            self.aws_access_key_id = config.get('Credentials',
                                                'aws_access_key_id')

        if aws_secret_access_key:
            self.aws_secret_access_key = aws_secret_access_key
        elif os.environ.has_key('AWS_SECRET_ACCESS_KEY'):
            self.aws_secret_access_key = os.environ['AWS_SECRET_ACCESS_KEY']
        elif config.has_option('Credentials', 'aws_secret_access_key'):
            self.aws_secret_access_key = config.get('Credentials',
                                                    'aws_secret_access_key')

        # initialize an HMAC for signatures, make copies with each request
        self.hmac = hmac.new(self.aws_secret_access_key, digestmod=sha)
        if sha256:
            self.hmac_256 = hmac.new(self.aws_secret_access_key,
                                     digestmod=sha256)
        else:
            self.hmac_256 = None

        # cache up to 20 connections per host, up to 20 hosts
        self._pool = ConnectionPool(20, 20)
        self._connection = (self.server_name(), self.is_secure)
        self._last_rs = None
Example #54
0
def _HasOauth2ServiceAccountCreds():
    return config.has_option('Credentials', 'gs_service_key_file')
Example #55
0
    def __init__(self, host, aws_access_key_id=None, aws_secret_access_key=None,
                 is_secure=True, port=None, proxy=None, proxy_port=None,
                 proxy_user=None, proxy_pass=None, debug=0,
                 https_connection_factory=None, path='/', provider='aws'):
        """
        :type host: str
        :param host: The host to make the connection to
       
        :keyword str aws_access_key_id: Your AWS Access Key ID (provided by
            Amazon). If none is specified, the value in your 
            ``AWS_ACCESS_KEY_ID`` environmental variable is used.
        :keyword str aws_secret_access_key: Your AWS Secret Access Key 
            (provided by Amazon). If none is specified, the value in your 
            ``AWS_SECRET_ACCESS_KEY`` environmental variable is used.

        :type is_secure: boolean
        :param is_secure: Whether the connection is over SSL

        :type https_connection_factory: list or tuple
        :param https_connection_factory: A pair of an HTTP connection
                                         factory and the exceptions to catch.
                                         The factory should have a similar
                                         interface to L{httplib.HTTPSConnection}.

        :param str proxy: Address/hostname for a proxy server

        :type proxy_port: int
        :param proxy_port: The port to use when connecting over a proxy

        :type proxy_user: str
        :param proxy_user: The username to connect with on the proxy

        :type proxy_pass: str
        :param proxy_pass: The password to use when connection over a proxy.

        :type port: int
        :param port: The port to use to connect
        """
        self.num_retries = 5
        # Override passed-in is_secure setting if value was defined in config.
        if config.has_option('Boto', 'is_secure'):
            is_secure = config.getboolean('Boto', 'is_secure')
        self.is_secure = is_secure
        self.handle_proxy(proxy, proxy_port, proxy_user, proxy_pass)
        # define exceptions from httplib that we want to catch and retry
        self.http_exceptions = (httplib.HTTPException, socket.error,
                                socket.gaierror)
        # define values in socket exceptions we don't want to catch
        self.socket_exception_values = (errno.EINTR,)
        if https_connection_factory is not None:
            self.https_connection_factory = https_connection_factory[0]
            self.http_exceptions += https_connection_factory[1]
        else:
            self.https_connection_factory = None
        if (is_secure):
            self.protocol = 'https'
        else:
            self.protocol = 'http'
        self.host = host
        self.path = path
        if debug:
            self.debug = debug
        else:
            self.debug = config.getint('Boto', 'debug', debug)
        if port:
            self.port = port
        else:
            self.port = PORTS_BY_SECURITY[is_secure]

        self.provider = Provider(provider,
                                 aws_access_key_id,
                                 aws_secret_access_key)

        # allow config file to override default host
        if self.provider.host:
            self.host = self.provider.host

        # cache up to 20 connections per host, up to 20 hosts
        self._pool = ConnectionPool(20, 20)
        self._connection = (self.server_name(), self.is_secure)
        self._last_rs = None
        self._auth_handler = auth.get_auth_handler(
              host, config, self.provider, self._required_auth_capability()) 
Example #56
0
def _HasOauth2UserAccountCreds():
    return config.has_option('Credentials', 'gs_oauth2_refresh_token')
Example #57
0
def _BotoIsSecure():
    for cfg_var in ('is_secure', 'https_validate_certificates'):
        if (config.has_option('Boto', cfg_var)
                and not config.getboolean('Boto', cfg_var)):
            return False, cfg_var
    return True, ''
Example #58
0
def _HasGceCreds():
  return config.has_option('GoogleCompute', 'service_account')