def get_s3_auth_headers(creds, url, method, data=None):
    # TODO: blocking function call
    # When there is data this function might recalc hashes
    req = AWSRequest(method=method, url=url, data=data)
    sig = S3SigV4Auth(Credentials(**creds), 's3', 'us-east-1')
    sig.headers_to_sign(req)
    sig.add_auth(req)
    return dict(req.headers.items())
Exemple #2
0
 def _sign_headers(self, method, url, headers={}):
     # Hijack botocore's machinery to sign the request.  This is a complicated
     # process that involves reformatting the request data according to specific
     # rules, and we don't want to implement that ourselves.
     # This code will need to be modified if we ever need to send requests
     # with data.
     request = AWSRequest(method=method, url=url, headers=headers)
     S3SigV4Auth(self._credentials, "s3", self._region).add_auth(request)
     return dict(request.headers.items())
Exemple #3
0
    def maybe_refresh_credentials():
        nonlocal credentials
        nonlocal auth

        if not managed_credentials:
            return

        creds = managed_credentials.get_frozen_credentials()
        if creds is credentials:
            return

        log.debug("Refreshed credentials (s3_get_object_request_maker)")

        credentials = creds
        auth = S3SigV4Auth(credentials, "s3", region_name)
Exemple #4
0
def s3_get_object_request_maker(region_name=None, credentials=None, ssl=True):
    from botocore.session import get_session
    from botocore.auth import S3SigV4Auth
    from botocore.awsrequest import AWSRequest
    from urllib.request import Request

    session = get_session()

    if region_name is None:
        region_name = auto_find_region()

    if credentials is None:
        credentials = session.get_credentials().get_frozen_credentials()

    protocol = 'https' if ssl else 'http'
    auth = S3SigV4Auth(credentials, 's3', region_name)

    def build_request(bucket=None, key=None, url=None, Range=None):
        if key is None and url is None:
            if bucket is None:
                raise ValueError('Have to supply bucket,key or url')
            # assume bucket is url
            url = bucket

        if url is not None:
            bucket, key = s3_url_parse(url)

        if isinstance(Range, (tuple, list)):
            Range = 'bytes={}-{}'.format(Range[0], Range[1] - 1)

        headers = {}
        if Range is not None:
            headers['Range'] = Range

        req = AWSRequest(method='GET',
                         url='{}://s3.{}.amazonaws.com/{}/{}'.format(
                             protocol, region_name, bucket, key),
                         headers=headers)

        auth.add_auth(req)

        return Request(req.url, headers=dict(**req.headers), method='GET')

    return build_request
Exemple #5
0
    def get_headers(self, url, method, body=None, acl=None):
        """
        Returns the necessary headers to do a http request to AWS S3.

        :param url: The full url of the file from S3
        :param method: The HTTP method to to be used (PUT, DELETE)
        :param body: The body to upload, as bytes (only for PUT)
        :param acl: The S3 ACL
        :return: The necessary headers to do an HTTP request to S3
        :rtype: dict
        """

        keys = ['X-Amz-Date',
                'X-Amz-Content-SHA256',
                'Authorization', ]

        headers = {}
        if method == 'PUT':
            headers = {
                'Content-MD5': self.getBodyMd5(body),
                'Expect': '100-continue',
            }

            keys = keys + ['Expect', 'Content-MD5']

            if acl:
                headers['x-amz-acl'] = acl
                keys.append('x-amz-acl')

        request = AWSRequest(method.upper(), url, data=body, headers=headers)

        signer = S3SigV4Auth(credentials=self.credentials, service_name='s3', region_name=self.region)
        signer.add_auth(request)

        allHeaders = {}
        for key in keys:
            allHeaders[key] = request.headers[key]

        return allHeaders
Exemple #6
0
def s3_get_object_request_maker(region_name=None, credentials=None, ssl=True):
    from botocore.session import get_session
    from botocore.auth import S3SigV4Auth
    from botocore.awsrequest import AWSRequest
    from urllib.request import Request

    session = get_session()

    if region_name is None:
        region_name = auto_find_region(session)

    if credentials is None:
        managed_credentials = session.get_credentials()
        credentials = managed_credentials.get_frozen_credentials()
    else:
        managed_credentials = None

    protocol = "https" if ssl else "http"
    auth = S3SigV4Auth(credentials, "s3", region_name)

    def maybe_refresh_credentials():
        nonlocal credentials
        nonlocal auth

        if not managed_credentials:
            return

        creds = managed_credentials.get_frozen_credentials()
        if creds is credentials:
            return

        log.debug("Refreshed credentials (s3_get_object_request_maker)")

        credentials = creds
        auth = S3SigV4Auth(credentials, "s3", region_name)

    def build_request(bucket=None, key=None, url=None, Range=None):
        if key is None and url is None:
            if bucket is None:
                raise ValueError("Have to supply bucket,key or url")
            # assume bucket is url
            url = bucket

        if url is not None:
            bucket, key = s3_url_parse(url)

        if isinstance(Range, (tuple, list)):
            Range = "bytes={}-{}".format(Range[0], Range[1] - 1)

        maybe_refresh_credentials()

        headers = {}
        if Range is not None:
            headers["Range"] = Range

        req = AWSRequest(
            method="GET",
            url="{}://s3.{}.amazonaws.com/{}/{}".format(
                protocol, region_name, bucket, key),
            headers=headers,
        )

        auth.add_auth(req)

        return Request(req.url, headers=dict(**req.headers), method="GET")

    return build_request
 def _create_auth(self, credentials):
     return S3SigV4Auth(credentials, self._service, self._region)
Exemple #8
0
 def __call__(self, request: AWSRequest):
     # Method hard coded to 'GET' as this prevents making accidental 'POSTS'
     aws_request = AWSRequest(method='GET', url=self.url, data=request.body)
     S3SigV4Auth(self.credentials, 's3', self.region).add_auth(aws_request)
     request.headers.update(dict(aws_request.headers.items()))
     return request
Exemple #9
0
 def __init__(self, fh, total_bytes, credentials, service_name,
              region_name):
     S3SigV4Auth.__init__(self, credentials, service_name, region_name)
     self.fh = fh
     self.total_bytes = total_bytes