def test_to_dict(self):
# This would fail miserably if ``Credentials.request_id`` hadn't been
# explicitly set (no default).
# Default.
self.assertEqual(self.creds.to_dict(), {
'access_key': None,
'expiration': None,
'request_id': None,
'secret_key': None,
'session_token': None
})
# Override.
creds = Credentials()
creds.access_key = 'something'
creds.secret_key = 'crypto'
creds.session_token = 'this'
creds.expiration = 'way'
creds.request_id = 'comes'
self.assertEqual(creds.to_dict(), {
'access_key': 'something',
'expiration': 'way',
'request_id': 'comes',
'secret_key': 'crypto',
'session_token': 'this'
})
def authenticate(self, account, user, passwd, new_passwd=None):
try:
req = urllib2.Request(self.auth_url)
if new_passwd:
auth_string = "%s@%s;%s@%s" % \
(base64.b64encode(user), \
base64.b64encode(account), \
base64.b64encode(passwd), \
new_passwd)
else:
auth_string = "%s@%s:%s" % \
(base64.b64encode(user), \
base64.b64encode(account), \
passwd)
encoded_auth = base64.b64encode(auth_string)
req.add_header('Authorization', "Basic %s" % encoded_auth)
response = urllib2.urlopen(req, timeout=15)
body = response.read()
# parse AccessKeyId, SecretAccessKey and SessionToken
creds = Credentials(None)
h = boto.handler.XmlHandler(creds, None)
xml.sax.parseString(body, h)
logging.info("authenticated user: "******"/" + user)
return creds
except urllib2.URLError, err:
# this returned for authorization problem
# HTTP Error 401: Unauthorized
# HTTP Error 403: Forbidden (when password has expired)
if issubclass(err.__class__, urllib2.HTTPError):
raise eucaconsole.EuiException(err.code, 'Not Authorized')
# this returned for connection problem (i.e. timeout)
# <urlopen error [Errno 61] Connection refused>
if issubclass(err.__class__, urllib2.URLError):
raise eucaconsole.EuiException(504, 'Timed out')
def authenticate(self, timeout=20):
""" Make authentication request to AWS STS service
Timeout defaults to 20 seconds"""
req = urllib2.Request(self.endpoint, data=self.package)
response = urllib2.urlopen(req, timeout=timeout)
body = response.read()
# parse AccessKeyId, SecretAccessKey and SessionToken
creds = Credentials()
h = BotoXmlHandler(creds, None)
xml.sax.parseString(body, h)
logging.info("Authenticated AWS user")
return creds
def authenticate_aws(self, package):
try:
req = urllib2.Request('https://sts.amazonaws.com', package)
response = urllib2.urlopen(req, timeout=20)
body = response.read()
# parse AccessKeyId, SecretAccessKey and SessionToken
creds = Credentials(None)
h = boto.handler.XmlHandler(creds, None)
xml.sax.parseString(body, h)
logging.info("authenticated aws user")
return creds
except urllib2.URLError, err:
# this returned for authorization problem
# HTTP Error 401: Unauthorized
# HTTP Error 403: Forbidden (when password has expired)
if issubclass(err.__class__, urllib2.HTTPError):
raise eucaconsole.EuiException(err.code, 'Not Authorized')
# this returned for connection problem (i.e. timeout)
# <urlopen error [Errno 61] Connection refused>
if issubclass(err.__class__, urllib2.URLError):
raise eucaconsole.EuiException(504, 'Timed out')
def authenticate(self,
account,
user,
passwd,
new_passwd=None,
timeout=15,
duration=3600):
if user == 'admin' and duration > 3600: # admin cannot have more than 1 hour duration
duration = 3600
# because of the variability, we need to keep this here, not in __init__
self.auth_url = self.TEMPLATE.format(
host=self.host,
port=self.port,
dur=duration,
)
req = urllib2.Request(self.auth_url)
if new_passwd:
auth_string = "{user}@{account};{pw}@{new_pw}".format(
user=base64.b64encode(user),
account=base64.b64encode(account),
pw=base64.b64encode(passwd),
new_pw=new_passwd)
else:
auth_string = "{user}@{account}:{pw}".format(
user=base64.b64encode(user),
account=base64.b64encode(account),
pw=passwd)
encoded_auth = base64.b64encode(auth_string)
req.add_header('Authorization', "Basic %s" % encoded_auth)
response = urllib2.urlopen(req, timeout=timeout)
body = response.read()
# parse AccessKeyId, SecretAccessKey and SessionToken
creds = Credentials()
h = BotoXmlHandler(creds, None)
xml.sax.parseString(body, h)
logging.info("Authenticated Eucalyptus user: "******"/" + user)
return creds
def authenticate(self, timeout=20):
""" Make authentication request to AWS STS service
Timeout defaults to 20 seconds"""
if self.validate_certs:
conn = CertValidatingHTTPSConnection(self.host,
self.port,
timeout=timeout,
**self.kwargs)
else:
conn = httplib.HTTPSConnection(self.host,
self.port,
timeout=timeout)
headers = {"Content-type": "application/x-www-form-urlencoded"}
try:
conn.request('POST', '', self.package, headers)
response = conn.getresponse()
if response.status != 200:
raise urllib2.HTTPError(url='',
code=response.status,
msg=response.reason,
hdrs=None,
fp=None)
body = response.read()
# parse AccessKeyId, SecretAccessKey and SessionToken
creds = Credentials()
h = BotoXmlHandler(creds, None)
parseString(body, h)
return creds
except SSLError as err:
if err.message != '':
raise urllib2.URLError(err.message)
else:
raise urllib2.URLError(err[1])
except socket.error as err:
raise urllib2.URLError(err.message)
def authenticate(self, account, user, passwd):
try:
req = urllib2.Request(self.auth_url)
auth_string = "%s@%s:%s" % \
(base64.b64encode(user), \
base64.b64encode(account), \
passwd)
encoded_auth = base64.b64encode(auth_string.encode('utf8'))
req.add_header('Authorization', "Basic %s" % encoded_auth)
response = urllib2.urlopen(req, timeout=15)
body = response.read()
# parse AccessKeyId, SecretAccessKey and SessionToken
creds = Credentials(None)
h = boto.handler.XmlHandler(creds, None)
xml.sax.parseString(body, h)
logging.info("authenticated user: "******"/" + user)
return creds
except urllib2.URLError, err:
traceback.print_exc(file=sys.stdout)
if not (issubclass(err.__class__, urllib2.HTTPError)):
if isinstance(err.reason, socket.timeout):
raise server.EuiException(504, 'Timed out')
raise server.EuiException(401, 'Not Authorized')
def setUp(self):
super(STSCredentialsTest, self).setUp()
self.creds = Credentials()
def _authenticate_(self,
account,
user,
passwd,
new_passwd=None,
timeout=15,
duration=3600):
auth_path = self.TEMPLATE.format(dur=duration)
if not self.dns_enabled:
auth_path = self.NON_DNS_QUERY_PATH + auth_path
else:
auth_path = '/' + auth_path
host = self.host
if self.dns_enabled:
host = 'tokens.{0}'.format(host)
if self.validate_certs:
conn = CertValidatingHTTPSConnection(host,
self.port,
timeout=timeout,
**self.kwargs)
else:
conn = HttpsConnectionFactory(self.port).https_connection_factory(
host, timeout=timeout)
if new_passwd:
auth_string = u"{user}@{account};{pw}@{new_pw}".format(
user=base64.b64encode(user),
account=base64.b64encode(account),
pw=base64.b64encode(passwd),
new_pw=new_passwd)
else:
auth_string = u"{user}@{account}:{pw}".format(
user=base64.b64encode(user),
account=base64.b64encode(account),
pw=passwd)
encoded_auth = base64.b64encode(auth_string)
headers = {'Authorization': "Basic %s" % encoded_auth}
try:
conn.request('GET', auth_path, '', headers)
response = conn.getresponse()
if response.status != 200:
raise urllib2.HTTPError(url='',
code=response.status,
msg=response.reason,
hdrs=None,
fp=None)
body = response.read()
# parse AccessKeyId, SecretAccessKey and SessionToken
creds = Credentials()
h = BotoXmlHandler(creds, None)
parseString(body, h)
return creds
except SSLError as err:
if err.message != '':
raise urllib2.URLError(str(err))
else:
raise urllib2.URLError(err[1])
except socket.error as err:
# when dns enabled, but path cloud, we get here with
# err=gaierror(8, 'nodename nor servname provided, or not known')
# when dns disabled, but path cloud, we get here with
# err=gaierror(8, 'nodename nor servname provided, or not known')
raise urllib2.URLError(str(err))
