def test_content_length_str(self):
request = HTTPRequest('PUT', 'https', 'amazon.com', 443, None,
None, {}, {}, 'Body')
mock_connection = mock.Mock()
request.authorize(mock_connection)
# Ensure Content-Length header is a str. This is more explicit than
# relying on other code cast the value later. (Python 2.7.0, for
# example, assumes headers are of type str.)
self.assertIsInstance(request.headers['Content-Length'], str)
def test_correct_handling_of_plus_sign(self):
request = HTTPRequest('GET', 'https', 's3-us-west-2.amazonaws.com',
443, 'hello+world.txt', None, {}, {}, '')
canonical_uri = self.auth.canonical_uri(request)
# Ensure that things are properly quoted.
self.assertEqual(canonical_uri, 'hello%2Bworld.txt')
request = HTTPRequest('GET', 'https', 's3-us-west-2.amazonaws.com',
443, 'hello%2Bworld.txt', None, {}, {}, '')
canonical_uri = self.auth.canonical_uri(request)
# Verify double escaping hasn't occurred.
self.assertEqual(canonical_uri, 'hello%2Bworld.txt')
def test_credential_scope(self):
# test the AWS standard regions IAM endpoint
auth = HmacAuthV4Handler('iam.amazonaws.com', Mock(), self.provider)
request = HTTPRequest(
'POST', 'https', 'iam.amazonaws.com', 443, '/', '/', {
'Action': 'ListAccountAliases',
'Version': '2010-05-08'
}, {
'Content-Length': '44',
'Content-Type':
'application/x-www-form-urlencoded; charset=UTF-8',
'X-Amz-Date': '20130808T013210Z'
}, 'Action=ListAccountAliases&Version=2010-05-08')
credential_scope = auth.credential_scope(request)
region_name = credential_scope.split('/')[1]
self.assertEqual(region_name, 'us-east-1')
# test the AWS GovCloud region IAM endpoint
auth = HmacAuthV4Handler('iam.us-gov.amazonaws.com', Mock(),
self.provider)
request = HTTPRequest(
'POST', 'https', 'iam.us-gov.amazonaws.com', 443, '/', '/', {
'Action': 'ListAccountAliases',
'Version': '2010-05-08'
}, {
'Content-Length': '44',
'Content-Type':
'application/x-www-form-urlencoded; charset=UTF-8',
'X-Amz-Date': '20130808T013210Z'
}, 'Action=ListAccountAliases&Version=2010-05-08')
credential_scope = auth.credential_scope(request)
region_name = credential_scope.split('/')[1]
self.assertEqual(region_name, 'us-gov-west-1')
# iam.us-west-1.amazonaws.com does not exist however this
# covers the remaining region_name control structure for a
# different region name
auth = HmacAuthV4Handler('iam.us-west-1.amazonaws.com', Mock(),
self.provider)
request = HTTPRequest(
'POST', 'https', 'iam.us-west-1.amazonaws.com', 443, '/', '/', {
'Action': 'ListAccountAliases',
'Version': '2010-05-08'
}, {
'Content-Length': '44',
'Content-Type':
'application/x-www-form-urlencoded; charset=UTF-8',
'X-Amz-Date': '20130808T013210Z'
}, 'Action=ListAccountAliases&Version=2010-05-08')
credential_scope = auth.credential_scope(request)
region_name = credential_scope.split('/')[1]
self.assertEqual(region_name, 'us-west-1')
def test_mangle_path_and_params(self):
request = HTTPRequest(
method='GET',
protocol='https',
host='awesome-bucket.s3-us-west-2.amazonaws.com',
port=443,
# LOOK AT THIS PATH. JUST LOOK AT IT.
path='/?delete&max-keys=0',
auth_path=None,
params={
'key': 'why hello there',
# This gets overwritten, to make sure back-compat is maintained.
'max-keys': 1,
},
headers={
'User-Agent': 'Boto',
'X-AMZ-Content-sha256':
'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
'X-AMZ-Date': '20130605T193245Z',
},
body='')
mod_req = self.auth.mangle_path_and_params(request)
self.assertEqual(mod_req.path, '/?delete&max-keys=0')
self.assertEqual(mod_req.auth_path, '/')
self.assertEqual(mod_req.params, {
'max-keys': '0',
'key': 'why hello there',
'delete': ''
})
def test_canonical_uri(self):
request = HTTPRequest('GET', 'https', 's3-us-west-2.amazonaws.com',
443, 'x/./././x .html', None, {}, {}, '')
canonical_uri = self.auth.canonical_uri(request)
# S3 doesn't canonicalize the way other SigV4 services do.
# This just urlencoded, no normalization of the path.
self.assertEqual(canonical_uri, 'x/./././x%20.html')
def get_auth_headers(self, url_path):
creds, soon_expires = self._creds_soon_expiring()
if soon_expires:
creds = self._set_creds(creds=_get_credentials())
handler = ZuluHmacAuthV3HTTPHandler(
host=HOST,
config={},
provider=provider.Provider(
name='aws',
access_key=creds['accessKeyId'],
secret_key=creds['secretAccessKey'],
security_token=creds['sessionToken'],
))
parsed_url = urlparse(url_path)
params = {
key: val[0]
for key, val in parse_qs(parsed_url.query).items()
}
request = HTTPRequest(method='GET',
protocol='https',
host=HOST,
port=443,
path=parsed_url.path,
auth_path=None,
params=params,
headers={},
body='')
handler.add_auth(req=request)
headers = request.headers
headers['User-Agent'] = USER_AGENT
return headers
def setUp(self):
self.provider = mock.Mock()
self.provider.access_key = 'access_key'
self.provider.secret_key = 'secret_key'
self.request = HTTPRequest('POST', 'https',
'glacier.us-east-1.amazonaws.com', 443,
'/-/vaults/foo/archives', None, {},
{'x-amz-glacier-version': '2012-06-01'}, '')
def test_query_string(self):
auth = HmacAuthV4Handler('sns.us-east-1.amazonaws.com', mock.Mock(),
self.provider)
params = {
'Message': u'We \u2665 utf-8'.encode('utf-8'),
}
request = HTTPRequest('POST', 'https', 'sns.us-east-1.amazonaws.com',
443, '/', None, params, {}, '')
query_string = auth.query_string(request)
self.assertEqual(query_string, 'Message=We%20%E2%99%A5%20utf-8')
def test_bytes_header(self):
auth = HmacAuthV4Handler('glacier.us-east-1.amazonaws.com',
mock.Mock(), self.provider)
request = HTTPRequest(
'GET', 'http', 'glacier.us-east-1.amazonaws.com', 80,
'x/./././x .html', None, {},
{'x-amz-glacier-version': '2012-06-01', 'x-amz-hash': b'f00'}, '')
canonical = auth.canonical_request(request)
self.assertIn('f00', canonical)
def test_canonical_uri(self):
auth = HmacAuthV4Handler('glacier.us-east-1.amazonaws.com', Mock(),
self.provider)
request = HTTPRequest('GET', 'https',
'glacier.us-east-1.amazonaws.com', 443,
'x/./././x .html', None, {},
{'x-amz-glacier-version': '2012-06-01'}, '')
canonical_uri = auth.canonical_uri(request)
# This should be both normalized & urlencoded.
self.assertEqual(canonical_uri, 'x/x%20.html')
def test_canonical_query_string(self):
auth = HmacAuthV4Handler('glacier.us-east-1.amazonaws.com',
mock.Mock(), self.provider)
request = HTTPRequest('GET', 'https',
'glacier.us-east-1.amazonaws.com', 443,
'/-/vaults/foo/archives', None, {},
{'x-amz-glacier-version': '2012-06-01'}, '')
request.params['Foo.1'] = 'aaa'
request.params['Foo.10'] = 'zzz'
query_string = auth.canonical_query_string(request)
self.assertEqual(query_string, 'Foo.1=aaa&Foo.10=zzz')
def test_user_agent_not_url_encoded(self):
headers = {'Some-Header': u'should be encoded \u2713',
'User-Agent': UserAgent}
request = HTTPRequest('PUT', 'https', 'amazon.com', 443, None,
None, {}, headers, 'Body')
mock_connection = mock.Mock()
# Create a method that preserves the headers at the time of
# authorization.
def mock_add_auth(req, **kwargs):
mock_connection.headers_at_auth = req.headers.copy()
mock_connection._auth_handler.add_auth = mock_add_auth
request.authorize(mock_connection)
# Ensure the headers at authorization are as expected i.e.
# the user agent header was not url encoded but the other header was.
self.assertEqual(mock_connection.headers_at_auth,
{'Some-Header': 'should be encoded %E2%9C%93',
'User-Agent': UserAgent})
def test_user_agent_not_url_encoded(self):
headers = {'Some-Header': u'should be url encoded',
'User-Agent': UserAgent}
request = HTTPRequest('PUT', 'https', 'amazon.com', 443, None,
None, {}, headers, 'Body')
mock_connection = mock.Mock()
# Create a method that preserves the headers at the time of
# authorization.
def mock_add_auth(req, **kwargs):
mock_connection.headers_at_auth = req.headers.copy()
mock_connection._auth_handler.add_auth = mock_add_auth
request.authorize(mock_connection)
# Ensure the headers at authorization are as expected i.e.
# the user agent header was not url encoded but the other header was.
self.assertEqual(mock_connection.headers_at_auth,
{'Some-Header': 'should%20be%20url%20encoded',
'User-Agent': UserAgent})
def test_canonical_uri(self):
auth = HmacAuthV4Handler('glacier.us-east-1.amazonaws.com',
mock.Mock(), self.provider)
request = HTTPRequest('GET', 'https',
'glacier.us-east-1.amazonaws.com', 443,
'x/./././x .html', None, {},
{'x-amz-glacier-version': '2012-06-01'}, '')
canonical_uri = auth.canonical_uri(request)
# This should be both normalized & urlencoded.
self.assertEqual(canonical_uri, 'x/x%20.html')
auth = HmacAuthV4Handler('glacier.us-east-1.amazonaws.com',
mock.Mock(), self.provider)
request = HTTPRequest('GET', 'https',
'glacier.us-east-1.amazonaws.com', 443,
'x/./././x/html/', None, {},
{'x-amz-glacier-version': '2012-06-01'}, '')
canonical_uri = auth.canonical_uri(request)
# Trailing slashes should be preserved.
self.assertEqual(canonical_uri, 'x/x/html/')
request = HTTPRequest('GET', 'https',
'glacier.us-east-1.amazonaws.com', 443, '/',
None, {},
{'x-amz-glacier-version': '2012-06-01'}, '')
canonical_uri = auth.canonical_uri(request)
# There should not be two-slashes.
self.assertEqual(canonical_uri, '/')
# Make sure Windows-style slashes are converted properly
request = HTTPRequest('GET', 'https',
'glacier.us-east-1.amazonaws.com', 443,
'\\x\\x.html', None, {},
{'x-amz-glacier-version': '2012-06-01'}, '')
canonical_uri = auth.canonical_uri(request)
self.assertEqual(canonical_uri, '/x/x.html')
def test_unicode_query_string(self):
request = HTTPRequest(
method='HEAD',
protocol='https',
host='awesome-bucket.s3-us-west-2.amazonaws.com',
port=443,
path=u'/?max-keys=1&prefix=El%20Ni%C3%B1o',
auth_path=u'/awesome-bucket/?max-keys=1&prefix=El%20Ni%C3%B1o',
params={},
headers={},
body='')
mod_req = self.auth.mangle_path_and_params(request)
self.assertEqual(mod_req.path, u'/?max-keys=1&prefix=El%20Ni%C3%B1o')
self.assertEqual(mod_req.auth_path, u'/awesome-bucket/')
self.assertEqual(mod_req.params, {
u'max-keys': u'1',
u'prefix': u'El Ni\xf1o',
})
def setUp(self):
self.provider = Mock()
self.provider.access_key = 'access_key'
self.provider.secret_key = 'secret_key'
self.request = HTTPRequest(method='GET',
protocol='https',
host='sts.amazonaws.com',
port=443,
path='/',
auth_path=None,
params={
'Action': 'AssumeRoleWithWebIdentity',
'Version': '2011-06-15',
'RoleSessionName':
'web-identity-federation',
'ProviderId': '2012-06-01',
'WebIdentityToken':
'Atza|IQEBLjAsAhRkcxQ',
},
headers={},
body='')
