def _get_presigned_url(self, cluster_name, role_arn): session = self._session_handler.get_session(self._region_name, role_arn) if self._region_name is None: self._region_name = session.get_config_variable('region') loader = botocore.loaders.create_loader() data = loader.load_data("endpoints") endpoint_resolver = botocore.regions.EndpointResolver(data) endpoint = endpoint_resolver.construct_endpoint( AUTH_SERVICE, self._region_name) signer = RequestSigner(ServiceId(AUTH_SERVICE), self._region_name, AUTH_SERVICE, AUTH_SIGNING_VERSION, session.get_credentials(), session.get_component('event_emitter')) action_params = 'Action=' + AUTH_COMMAND + '&Version=' + AUTH_API_VERSION params = { 'method': 'GET', 'url': 'https://' + endpoint["hostname"] + '/?' + action_params, 'body': {}, 'headers': { CLUSTER_NAME_HEADER: cluster_name }, 'context': {} } url = signer.generate_presigned_url( params, region_name=endpoint["credentialScope"]["region"], operation_name='', expires_in=URL_TIMEOUT) return url
def test_region_required_for_sigv4(self): self.signer = RequestSigner(ServiceId('service_name'), None, 'signing_name', 'v4', self.credentials, self.emitter) with self.assertRaises(NoRegionError): self.signer.sign('operation_name', self.request)
async def test_testsigner_region_required_for_sig4(base_signer_setup: dict): signer = aiobotocore.signers.AioRequestSigner( ServiceId('service_name'), None, 'signing_name', 'v4', base_signer_setup['credentials'], base_signer_setup['emitter']) with pytest.raises(NoRegionError): await signer.sign('operation_name', base_signer_setup['request'])
def setUp(self): super(TestS3PostPresigner, self).setUp() self.request_signer = RequestSigner( ServiceId('service_name'), 'region_name', 'signing_name', 's3v4', self.credentials, self.emitter) self.signer = S3PostPresigner(self.request_signer) self.request_dict = { 'headers': {}, 'url': 'https://s3.amazonaws.com/mybucket', 'body': b'', 'url_path': '/', 'method': 'POST', 'context': {} } self.auth = mock.Mock() self.auth.REQUIRES_REGION = True self.add_auth = mock.Mock() self.auth.return_value.add_auth = self.add_auth self.fixed_credentials = self.credentials.get_frozen_credentials() self.datetime_patch = mock.patch('botocore.signers.datetime') self.datetime_mock = self.datetime_patch.start() self.fixed_date = datetime.datetime(2014, 3, 10, 17, 2, 55, 0) self.fixed_delta = datetime.timedelta(seconds=3600) self.datetime_mock.datetime.utcnow.return_value = self.fixed_date self.datetime_mock.timedelta.return_value = self.fixed_delta
def setUp(self): self.credentials = Credentials('key', 'secret') self.emitter = mock.Mock() self.emitter.emit_until_response.return_value = (None, None) self.signer = RequestSigner(ServiceId('service_name'), 'region_name', 'signing_name', 'v4', self.credentials, self.emitter) self.fixed_credentials = self.credentials.get_frozen_credentials()
def setUp(self): super(TestRetryInterface, self).setUp() self.retried_on_exception = None self._operation = Mock(spec=OperationModel) self._operation.name = 'DescribeInstances' self._operation.metadata = {'protocol': 'query'} self._operation.service_model.service_id = ServiceId('EC2') self._operation.has_streaming_output = False self._operation.has_event_stream_output = False
def sign_botocore(): request = AWSRequest( "POST", URL_STRING, data=json.dumps(PAYLOAD, separators=(",", ":")).encode("utf-8"), ) emitter = HierarchicalEmitter() RequestSigner( ServiceId(SERVICE_NAME), REGION, SERVICE_NAME, "v4", CREDENTIALS, emitter ).sign(ACTION, request)
def test_presigned_post_throws_unsupported_signature_error(self): request_dict = { 'headers': {}, 'url': 'https://s3.amazonaws.com/mybucket/myobject', 'body': b'', 'url_path': '/', 'method': 'POST', 'context': {} } self.request_signer = RequestSigner( ServiceId('service_name'), 'region_name', 'signing_name', 'foo', self.credentials, self.emitter) self.signer = S3PostPresigner(self.request_signer) with self.assertRaises(UnsupportedSignatureVersionError): self.signer.generate_presigned_post(request_dict)
async def base_signer_setup() -> dict: emitter = mock.AsyncMock() emitter.emit_until_response.return_value = (None, None) credentials = aiobotocore.credentials.AioCredentials('key', 'secret') signer = aiobotocore.signers.AioRequestSigner(ServiceId('service_name'), 'region_name', 'signing_name', 'v4', credentials, emitter) return { 'credentials': credentials, 'emitter': emitter, 'signer': signer, 'fixed_credentials': await credentials.get_frozen_credentials(), 'request': AWSRequest() }
def test_no_credentials_case_is_forwarded_to_signer(self): # If no credentials are given to the RequestSigner, we should # forward that fact on to the Auth class and let them handle # the error (which they already do). self.credentials = None self.signer = RequestSigner(ServiceId('service_name'), 'region_name', 'signing_name', 'v4', self.credentials, self.emitter) auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): self.signer.get_auth_instance('service_name', 'region_name', 'v4') auth_cls.assert_called_with( service_name='service_name', region_name='region_name', credentials=None, )
def test_signer_with_refreshable_credentials_gets_credential_set(self): class FakeCredentials(Credentials): def get_frozen_credentials(self): return ReadOnlyCredentials('foo', 'bar', 'baz') self.credentials = FakeCredentials('a', 'b', 'c') self.signer = RequestSigner( ServiceId('service_name'), 'region_name', 'signing_name', 'v4', self.credentials, self.emitter) auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): auth = self.signer.get_auth('service_name', 'region_name') self.assertEqual(auth, auth_cls.return_value) # Note we're called with 'foo', 'bar', 'baz', and *not* # 'a', 'b', 'c'. auth_cls.assert_called_with( credentials=ReadOnlyCredentials('foo', 'bar', 'baz'), service_name='service_name', region_name='region_name')
def setUp(self): super(TestRetryInterface, self).setUp() self.retried_on_exception = None self._operation = Mock(spec=OperationModel) self._operation.service_model.service_id = ServiceId('ec2')