def test_to_dict(self): # This would fail miserably if ``Credentials.request_id`` hadn't been # explicitly set (no default). # Default. self.assertEqual(self.creds.to_dict(), { 'access_key': None, 'expiration': None, 'request_id': None, 'secret_key': None, 'session_token': None }) # Override. creds = Credentials() creds.access_key = 'something' creds.secret_key = 'crypto' creds.session_token = 'this' creds.expiration = 'way' creds.request_id = 'comes' self.assertEqual(creds.to_dict(), { 'access_key': 'something', 'expiration': 'way', 'request_id': 'comes', 'secret_key': 'crypto', 'session_token': 'this' })
def authenticate(self, account, user, passwd, new_passwd=None): try: req = urllib2.Request(self.auth_url) if new_passwd: auth_string = "%s@%s;%s@%s" % \ (base64.b64encode(user), \ base64.b64encode(account), \ base64.b64encode(passwd), \ new_passwd) else: auth_string = "%s@%s:%s" % \ (base64.b64encode(user), \ base64.b64encode(account), \ passwd) encoded_auth = base64.b64encode(auth_string) req.add_header('Authorization', "Basic %s" % encoded_auth) response = urllib2.urlopen(req, timeout=15) body = response.read() # parse AccessKeyId, SecretAccessKey and SessionToken creds = Credentials(None) h = boto.handler.XmlHandler(creds, None) xml.sax.parseString(body, h) logging.info("authenticated user: "******"/" + user) return creds except urllib2.URLError, err: # this returned for authorization problem # HTTP Error 401: Unauthorized # HTTP Error 403: Forbidden (when password has expired) if issubclass(err.__class__, urllib2.HTTPError): raise eucaconsole.EuiException(err.code, 'Not Authorized') # this returned for connection problem (i.e. timeout) # <urlopen error [Errno 61] Connection refused> if issubclass(err.__class__, urllib2.URLError): raise eucaconsole.EuiException(504, 'Timed out')
def authenticate(self, timeout=20): """ Make authentication request to AWS STS service Timeout defaults to 20 seconds""" req = urllib2.Request(self.endpoint, data=self.package) response = urllib2.urlopen(req, timeout=timeout) body = response.read() # parse AccessKeyId, SecretAccessKey and SessionToken creds = Credentials() h = BotoXmlHandler(creds, None) xml.sax.parseString(body, h) logging.info("Authenticated AWS user") return creds
def authenticate_aws(self, package): try: req = urllib2.Request('https://sts.amazonaws.com', package) response = urllib2.urlopen(req, timeout=20) body = response.read() # parse AccessKeyId, SecretAccessKey and SessionToken creds = Credentials(None) h = boto.handler.XmlHandler(creds, None) xml.sax.parseString(body, h) logging.info("authenticated aws user") return creds except urllib2.URLError, err: # this returned for authorization problem # HTTP Error 401: Unauthorized # HTTP Error 403: Forbidden (when password has expired) if issubclass(err.__class__, urllib2.HTTPError): raise eucaconsole.EuiException(err.code, 'Not Authorized') # this returned for connection problem (i.e. timeout) # <urlopen error [Errno 61] Connection refused> if issubclass(err.__class__, urllib2.URLError): raise eucaconsole.EuiException(504, 'Timed out')
def authenticate(self, account, user, passwd, new_passwd=None, timeout=15, duration=3600): if user == 'admin' and duration > 3600: # admin cannot have more than 1 hour duration duration = 3600 # because of the variability, we need to keep this here, not in __init__ self.auth_url = self.TEMPLATE.format( host=self.host, port=self.port, dur=duration, ) req = urllib2.Request(self.auth_url) if new_passwd: auth_string = "{user}@{account};{pw}@{new_pw}".format( user=base64.b64encode(user), account=base64.b64encode(account), pw=base64.b64encode(passwd), new_pw=new_passwd) else: auth_string = "{user}@{account}:{pw}".format( user=base64.b64encode(user), account=base64.b64encode(account), pw=passwd) encoded_auth = base64.b64encode(auth_string) req.add_header('Authorization', "Basic %s" % encoded_auth) response = urllib2.urlopen(req, timeout=timeout) body = response.read() # parse AccessKeyId, SecretAccessKey and SessionToken creds = Credentials() h = BotoXmlHandler(creds, None) xml.sax.parseString(body, h) logging.info("Authenticated Eucalyptus user: "******"/" + user) return creds
def authenticate(self, timeout=20): """ Make authentication request to AWS STS service Timeout defaults to 20 seconds""" if self.validate_certs: conn = CertValidatingHTTPSConnection(self.host, self.port, timeout=timeout, **self.kwargs) else: conn = httplib.HTTPSConnection(self.host, self.port, timeout=timeout) headers = {"Content-type": "application/x-www-form-urlencoded"} try: conn.request('POST', '', self.package, headers) response = conn.getresponse() if response.status != 200: raise urllib2.HTTPError(url='', code=response.status, msg=response.reason, hdrs=None, fp=None) body = response.read() # parse AccessKeyId, SecretAccessKey and SessionToken creds = Credentials() h = BotoXmlHandler(creds, None) parseString(body, h) return creds except SSLError as err: if err.message != '': raise urllib2.URLError(err.message) else: raise urllib2.URLError(err[1]) except socket.error as err: raise urllib2.URLError(err.message)
def authenticate(self, account, user, passwd): try: req = urllib2.Request(self.auth_url) auth_string = "%s@%s:%s" % \ (base64.b64encode(user), \ base64.b64encode(account), \ passwd) encoded_auth = base64.b64encode(auth_string.encode('utf8')) req.add_header('Authorization', "Basic %s" % encoded_auth) response = urllib2.urlopen(req, timeout=15) body = response.read() # parse AccessKeyId, SecretAccessKey and SessionToken creds = Credentials(None) h = boto.handler.XmlHandler(creds, None) xml.sax.parseString(body, h) logging.info("authenticated user: "******"/" + user) return creds except urllib2.URLError, err: traceback.print_exc(file=sys.stdout) if not (issubclass(err.__class__, urllib2.HTTPError)): if isinstance(err.reason, socket.timeout): raise server.EuiException(504, 'Timed out') raise server.EuiException(401, 'Not Authorized')
def setUp(self): super(STSCredentialsTest, self).setUp() self.creds = Credentials()
def _authenticate_(self, account, user, passwd, new_passwd=None, timeout=15, duration=3600): auth_path = self.TEMPLATE.format(dur=duration) if not self.dns_enabled: auth_path = self.NON_DNS_QUERY_PATH + auth_path else: auth_path = '/' + auth_path host = self.host if self.dns_enabled: host = 'tokens.{0}'.format(host) if self.validate_certs: conn = CertValidatingHTTPSConnection(host, self.port, timeout=timeout, **self.kwargs) else: conn = HttpsConnectionFactory(self.port).https_connection_factory( host, timeout=timeout) if new_passwd: auth_string = u"{user}@{account};{pw}@{new_pw}".format( user=base64.b64encode(user), account=base64.b64encode(account), pw=base64.b64encode(passwd), new_pw=new_passwd) else: auth_string = u"{user}@{account}:{pw}".format( user=base64.b64encode(user), account=base64.b64encode(account), pw=passwd) encoded_auth = base64.b64encode(auth_string) headers = {'Authorization': "Basic %s" % encoded_auth} try: conn.request('GET', auth_path, '', headers) response = conn.getresponse() if response.status != 200: raise urllib2.HTTPError(url='', code=response.status, msg=response.reason, hdrs=None, fp=None) body = response.read() # parse AccessKeyId, SecretAccessKey and SessionToken creds = Credentials() h = BotoXmlHandler(creds, None) parseString(body, h) return creds except SSLError as err: if err.message != '': raise urllib2.URLError(str(err)) else: raise urllib2.URLError(err[1]) except socket.error as err: # when dns enabled, but path cloud, we get here with # err=gaierror(8, 'nodename nor servname provided, or not known') # when dns disabled, but path cloud, we get here with # err=gaierror(8, 'nodename nor servname provided, or not known') raise urllib2.URLError(str(err))