def _generate_signature(params):
# If we have a policy and a sak, create the signature.
policy = params.get('UploadPolicy')
sak = params.get('_SAK')
if policy and sak:
policy = base64.b64encode(six.b(policy)).decode('utf-8')
new_hmac = hmac.new(sak.encode('utf-8'), digestmod=sha1)
new_hmac.update(six.b(policy))
ps = base64.encodestring(new_hmac.digest()).strip().decode('utf-8')
params['UploadPolicySignature'] = ps
del params['_SAK']
def _generate_signature(params):
# If we have a policy and a sak, create the signature.
policy = params.get('UploadPolicy')
sak = params.get('_SAK')
if policy and sak:
policy = base64.b64encode(six.b(policy)).decode('utf-8')
new_hmac = hmac.new(sak.encode('utf-8'), digestmod=sha1)
new_hmac.update(six.b(policy))
ps = base64.encodebytes(new_hmac.digest()).strip().decode('utf-8')
params['UploadPolicySignature'] = ps
del params['_SAK']
def _decrypt_password_data(self, parsed, **kwargs):
"""
This handler gets called after the GetPasswordData command has been
executed. It is called with the and the ``parsed`` data. It checks to
see if a private launch key was specified on the command. If it was,
it tries to use that private key to decrypt the password data and
replace it in the returned data dictionary.
"""
if self._key_path is not None:
logger.debug("Decrypting password data using: %s", self._key_path)
value = parsed.get('PasswordData')
if not value:
return
try:
with open(self._key_path) as pk_file:
pk_contents = pk_file.read()
private_key = rsa.PrivateKey.load_pkcs1(six.b(pk_contents))
value = base64.b64decode(value)
value = rsa.decrypt(value, private_key)
logger.debug(parsed)
parsed['PasswordData'] = value.decode('utf-8')
logger.debug(parsed)
except Exception:
logger.debug('Unable to decrypt PasswordData', exc_info=True)
msg = ('Unable to decrypt password data using '
'provided private key file.')
raise ValueError(msg)
def _decrypt_password_data(self, parsed, **kwargs):
"""
This handler gets called after the GetPasswordData command has been
executed. It is called with the and the ``parsed`` data. It checks to
see if a private launch key was specified on the command. If it was,
it tries to use that private key to decrypt the password data and
replace it in the returned data dictionary.
"""
if self._key_path is not None:
logger.debug("Decrypting password data using: %s", self._key_path)
value = parsed.get('PasswordData')
if not value:
return
try:
with open(self._key_path) as pk_file:
pk_contents = pk_file.read()
private_key = rsa.PrivateKey.load_pkcs1(six.b(pk_contents))
value = base64.b64decode(value)
value = rsa.decrypt(value, private_key)
logger.debug(parsed)
parsed['PasswordData'] = value.decode('utf-8')
logger.debug(parsed)
except Exception:
logger.debug('Unable to decrypt PasswordData', exc_info=True)
msg = ('Unable to decrypt password data using '
'provided private key file.')
raise ValueError(msg)
def setUp(self):
self.session = FakeSession({'config_file': 'myconfigfile'})
self.subscribe = CloudTrailSubscribe(self.session)
self.subscribe.region_name = 'us-east-1'
self.subscribe.iam = Mock()
self.subscribe.iam.get_user = Mock(
return_value={'User': {
'Arn': '::::123:456'
}})
self.subscribe.s3 = Mock()
self.subscribe.s3.meta.region_name = 'us-east-1'
policy_template = six.BytesIO(six.b(u'{"Statement": []}'))
self.subscribe.s3.get_object = Mock(
return_value={'Body': policy_template})
self.subscribe.s3.head_bucket.return_value = {}
self.subscribe.sns = Mock()
self.subscribe.sns.meta.region_name = 'us-east-1'
self.subscribe.sns.list_topics = Mock(
return_value={'Topics': [{
'TopicArn': ':test2'
}]})
self.subscribe.sns.create_topic = Mock(
return_value={'TopicArn': 'foo'})
self.subscribe.sns.get_topic_attributes = Mock(
return_value={'Attributes': {
'Policy': '{"Statement": []}'
}})
def setUp(self):
self.session = FakeSession({'config_file': 'myconfigfile'})
self.subscribe = CloudTrailSubscribe(self.session)
self.subscribe.iam = Mock()
self.subscribe.iam.GetUser = Mock(
return_value={'User': {
'Arn': '::::123:456'
}})
self.subscribe.s3 = Mock()
self.subscribe.s3.endpoint = Mock()
self.subscribe.s3.endpoint.region_name = 'us-east-1'
policy_template = six.BytesIO(six.b(u'{"Statement": []}'))
self.subscribe.s3.GetObject = Mock(
return_value={'Body': policy_template})
self.subscribe.s3.ListBuckets = Mock(
return_value={'Buckets': [{
'Name': 'test2'
}]})
self.subscribe.sns = Mock()
self.subscribe.sns.endpoint = Mock()
self.subscribe.sns.endpoint.region_name = 'us-east-1'
self.subscribe.sns.ListTopics = Mock(
return_value={'Topics': [{
'TopicArn': ':test2'
}]})
self.subscribe.sns.CreateTopic = Mock(return_value={'TopicArn': 'foo'})
self.subscribe.sns.GetTopicAttributes = Mock(
return_value={'Attributes': {
'Policy': '{"Statement": []}'
}})
def setUp(self):
self.session = FakeSession({'config_file': 'myconfigfile'})
self.subscribe = CloudTrailSubscribe(self.session)
self.subscribe.iam = Mock()
self.subscribe.iam.GetUser = Mock(
return_value={'User': {'Arn': '::::123:456'}})
self.subscribe.s3 = Mock()
self.subscribe.s3.endpoint = Mock()
self.subscribe.s3.endpoint.region_name = 'us-east-1'
policy_template = six.BytesIO(six.b(u'{"Statement": []}'))
self.subscribe.s3.GetObject = Mock(
return_value={'Body': policy_template})
self.subscribe.s3.ListBuckets = Mock(
return_value={'Buckets': [{'Name': 'test2'}]})
self.subscribe.sns = Mock()
self.subscribe.sns.endpoint = Mock()
self.subscribe.sns.endpoint.region_name = 'us-east-1'
self.subscribe.sns.ListTopics = Mock(
return_value={'Topics': [{'TopicArn': ':test2'}]})
self.subscribe.sns.CreateTopic = Mock(
return_value={'TopicArn': 'foo'})
self.subscribe.sns.GetTopicAttributes = Mock(
return_value={'Attributes': {'Policy': '{"Statement": []}'}})
def test_policy_provided(self):
policy = '{"notarealpolicy":true}'
base64policy = base64.encodestring(six.b(policy)).strip().decode('utf-8')
policy_signature = 'a5SmoLOxoM0MHpOdC25nE7KIafg='
args = ' --instance-id i-12345678 --owner-akid AKIAIOSFODNN7EXAMPLE'
args += ' --owner-sak wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
args += ' --bucket mybucket --prefix foobar --policy %s' % policy
args_list = (self.prefix + args).split()
result = {'InstanceId': 'i-12345678',
'Storage.S3.Bucket': 'mybucket',
'Storage.S3.Prefix': 'foobar',
'Storage.S3.AWSAccessKeyId': 'AKIAIOSFODNN7EXAMPLE',
'Storage.S3.UploadPolicy': base64policy,
'Storage.S3.UploadPolicySignature': policy_signature}
self.assert_params_for_cmd(args_list, result)
def test_policy_provided(self):
policy = '{"notarealpolicy":true}'
base64policy = base64.encodestring(
six.b(policy)).strip().decode('utf-8')
policy_signature = 'a5SmoLOxoM0MHpOdC25nE7KIafg='
args = ' --instance-id i-12345678 --owner-akid AKIAIOSFODNN7EXAMPLE'
args += ' --owner-sak wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
args += ' --bucket mybucket --prefix foobar --policy %s' % policy
args_list = (self.prefix + args).split()
result = {
'InstanceId': 'i-12345678',
'Storage.S3.Bucket': 'mybucket',
'Storage.S3.Prefix': 'foobar',
'Storage.S3.AWSAccessKeyId': 'AKIAIOSFODNN7EXAMPLE',
'Storage.S3.UploadPolicy': base64policy,
'Storage.S3.UploadPolicySignature': policy_signature
}
self.assert_params_for_cmd(args_list, result)
def setUp(self):
self.session = FakeSession({"config_file": "myconfigfile"})
self.subscribe = cloudtrail.CloudTrailSubscribe(self.session)
self.subscribe.region_name = "us-east-1"
self.subscribe.iam = Mock()
self.subscribe.iam.get_user = Mock(return_value={"User": {"Arn": "::::123:456"}})
self.subscribe.s3 = Mock()
self.subscribe.s3.meta.region_name = "us-east-1"
policy_template = six.BytesIO(six.b(u'{"Statement": []}'))
self.subscribe.s3.get_object = Mock(return_value={"Body": policy_template})
self.subscribe.s3.head_bucket.return_value = {}
self.subscribe.sns = Mock()
self.subscribe.sns.meta.region_name = "us-east-1"
self.subscribe.sns.list_topics = Mock(return_value={"Topics": [{"TopicArn": ":test2"}]})
self.subscribe.sns.create_topic = Mock(return_value={"TopicArn": "foo"})
self.subscribe.sns.get_topic_attributes = Mock(return_value={"Attributes": {"Policy": '{"Statement": []}'}})
def test_policy_provided(self):
policy = '{"notarealpolicy":true}'
base64policy = base64.encodestring(six.b(policy)).strip().decode("utf-8")
policy_signature = "a5SmoLOxoM0MHpOdC25nE7KIafg="
args = " --instance-id i-12345678 --owner-akid AKIAIOSFODNN7EXAMPLE"
args += " --owner-sak wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
args += " --bucket mybucket --prefix foobar --policy %s" % policy
args_list = (self.prefix + args).split()
result = {
"InstanceId": "i-12345678",
"storage": {
"S3": {
"Bucket": "mybucket",
"Prefix": "foobar",
"AWSAccessKeyId": "AKIAIOSFODNN7EXAMPLE",
"UploadPolicy": '{"notarealpolicy":true}',
"UploadPolicySignature": policy_signature,
}
},
}
self.assert_params_for_cmd2(args_list, result)
def setUp(self):
self.session = FakeSession({'config_file': 'myconfigfile'})
self.subscribe = CloudTrailSubscribe(self.session)
self.subscribe.region_name = 'us-east-1'
self.subscribe.iam = Mock()
self.subscribe.iam.get_user = Mock(
return_value={'User': {'Arn': '::::123:456'}})
self.subscribe.s3 = Mock()
self.subscribe.s3.meta.region_name = 'us-east-1'
policy_template = six.BytesIO(six.b(u'{"Statement": []}'))
self.subscribe.s3.get_object = Mock(
return_value={'Body': policy_template})
self.subscribe.s3.head_bucket.return_value = {}
self.subscribe.sns = Mock()
self.subscribe.sns.meta.region_name = 'us-east-1'
self.subscribe.sns.list_topics = Mock(
return_value={'Topics': [{'TopicArn': ':test2'}]})
self.subscribe.sns.create_topic = Mock(
return_value={'TopicArn': 'foo'})
self.subscribe.sns.get_topic_attributes = Mock(
return_value={'Attributes': {'Policy': '{"Statement": []}'}})