def test_create_log_stream_no_credentials_error(mocker):
mocker.patch('mount_efs.cloudwatch_create_log_stream_helper',
side_effect=[NoCredentialsError()])
is_completed = mount_efs.create_cloudwatch_log_stream(
MOCK_AGENT['client'], DEFAULT_CLOUDWATCH_LOG_GROUP,
DEFAULT_CLOUDWATCH_LOG_STREAM)
assert is_completed == False
def test_put_retention_policy_no_credentials_error(mocker):
mocker.patch('mount_efs.cloudwatch_put_retention_policy_helper',
side_effect=[NoCredentialsError()])
is_completed = mount_efs.put_cloudwatch_log_retention_policy(
MOCK_AGENT['client'], DEFAULT_CLOUDWATCH_LOG_GROUP,
DEFAULT_RETENTION_DAYS)
assert is_completed == False
def __init__(self, service="Testing", mode="run"):
self.service = service
self.mode = mode
if self.mode == "run":
for i in range(MAX_RETRIES):
try:
secret = get_secret(config[ENVIRONMENT]["kinesis"]["stream"])
self.stream = secret["streamName"]
except NoCredentialsError:
print("Credential retry:" + str(i))
time.sleep(10)
continue
else:
break
else:
raise NoCredentialsError(
"Unable to get credentials in specified number of retries"
)
self.kinesis = boto3.client("kinesis", region_name="us-west-2")
if self.mode == "test":
self.stream = get_secret(config["test"]["kinesis"]["stream"])["streamName"]
self.kinesis = boto3.client("kinesis", region_name="us-west-2")
if self.mode == "events_off":
self.logger = Logger(log_file=os.path.join(LOG_DIR, "Event_logger.log"))
def test_get_log_stream_next_token_no_credentials_error(mocker):
mocker.patch(
"mount_efs.cloudwatch_describe_log_streams_helper",
side_effect=[NoCredentialsError()],
)
token = mount_efs.get_log_stream_next_token(MOCK_AGENT)
assert token == None
def _call(self, operation_object, parameters, parsed_globals):
# We could get an error from get_endpoint() about not having
# a region configured. Before this happens we want to check
# for credentials so we can give a good error message.
result = []
if not self._session.get_credentials():
raise NoCredentialsError()
endpoint = operation_object.service.get_endpoint(
region_name=parsed_globals.region,
endpoint_url=parsed_globals.endpoint_url,
verify=parsed_globals.verify_ssl)
if operation_object.can_paginate and parsed_globals.paginate:
pages = operation_object.paginate(endpoint, **parameters)
key = None
for page in pages:
http_response = page[0]
if http_response.status_code == 200:
response_data = page[1]
keys = response_data.keys()
key = self.get_key_of_result(keys)
if key is not None:
result += response_data.get(key)
if key is not None:
return {key: result}
else:
return None
else:
http_response, response_data = operation_object.call(
endpoint, **parameters)
return response_data
def __init__(self, service='Testing', mode='run'):
self.service = service
self.mode = mode
if self.mode == 'run':
for i in range(MAX_RETRIES):
try:
self.stream = get_secret(
config[ENVIRONMENT]['kinesis']['stream'])['streamName']
except NoCredentialsError:
print('Credential retry:' + str(i))
time.sleep(10)
continue
else:
break
else:
raise NoCredentialsError(
"Unable to get credentials in specified number of retries")
self.kinesis = boto3.client('kinesis', region_name='us-west-2')
if self.mode == 'test':
self.stream = get_secret(
config['test']['kinesis']['stream'])['streamName']
self.kinesis = boto3.client('kinesis', region_name='us-west-2')
if self.mode == 'events_off':
self.logger = Logger(
log_file=os.path.join(LOG_DIR, "Event_logger.log"))
def test_create_log_group_no_credentials_error(mocker):
mocker.patch(
"mount_efs.cloudwatch_create_log_group_helper",
side_effect=[NoCredentialsError()],
)
is_completed = mount_efs.create_cloudwatch_log_group(
MOCK_AGENT, DEFAULT_CLOUDWATCH_LOG_GROUP)
assert is_completed == False
def test_describe_availability_zones_dryrun_failed_no_credential_error(mocker):
_test_describe_availability_zones_response(
mocker,
NoCredentialsError(),
None,
1,
desired_exception=mount_efs.FallbackException,
desired_message='confirm your aws credentials are properly configured')
def _get_credentials(self):
with self._lock:
if self._loaded_credentials is None:
loaded_creds = self._botocore_credential_provider\
.load_credentials()
if loaded_creds is None:
raise NoCredentialsError()
self._loaded_credentials = loaded_creds
return self._loaded_credentials
def test_commands_use_exception_handling(session, logger):
session.side_effect = NoCredentialsError()
for method in METHODS:
with pytest.raises(SystemExit) as pytest_wrapped_e:
cli.main([method, '--stack', STACK])
assert pytest_wrapped_e.value.code == 1
for method in NO_STACK_METHODS:
with pytest.raises(SystemExit) as pytest_wrapped_e:
cli.main([method])
assert pytest_wrapped_e.value.code == 1
def manage_stack(
region: str,
stack_name: str,
template_body: str,
profile: Optional[str] = None,
parameter_overrides: Optional[Dict[str, Union[str, List[str]]]] = None,
) -> List[Dict[str, str]]:
"""
get or create a CloudFormation stack
Parameters
----------
region: str
AWS region for the CloudFormation stack
stack_name: str
CloudFormation stack name
template_body: str
CloudFormation template's content
profile: Optional[str]
AWS named profile for the AWS account
parameter_overrides: Optional[Dict[str, Union[str, List[str]]]]
Values of template parameters, if any.
Returns: Stack output section(list of OutputKey, OutputValue pairs)
"""
try:
if profile:
session = boto3.Session(
profile_name=profile,
region_name=region if region else None) # type: ignore
cloudformation_client = session.client("cloudformation")
else:
cloudformation_client = boto3.client(
"cloudformation",
config=Config(region_name=region if region else None))
except ProfileNotFound as ex:
raise ProfileNotFound(
f"Error Setting Up Managed Stack Client: the provided AWS name profile '{profile}' is not found. "
"please check the documentation for setting up a named profile: "
"https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html"
) from ex
except NoCredentialsError as ex:
raise NoCredentialsError(
"Error Setting Up Managed Stack Client: Unable to resolve credentials for the AWS SDK for Python client. "
"Please see their documentation for options to pass in credentials: "
"https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html"
) from ex
except NoRegionError as ex:
raise NoRegionError(
"Error Setting Up Managed Stack Client: Unable to resolve a region. "
"Please provide a region via the --region parameter or by the AWS_REGION environment variable."
) from ex
return _create_or_get_stack(cloudformation_client, stack_name,
template_body, parameter_overrides)
def test_fetch_layer_uri_fails_with_no_creds(self):
lambda_client_mock = Mock()
lambda_client_mock.get_layer_version.side_effect = NoCredentialsError()
download_layers = LayerDownloader("/", ".", Mock(), lambda_client_mock)
layer = Mock()
layer.layer_arn = "arn"
layer.version = 1
with self.assertRaises(CredentialsRequired):
download_layers._fetch_layer_uri(layer=layer)
def call(session, operation_name, parameters, region_name=None,
endpoint_url=None, verify=None):
# We could get an error from get_endpoint() about not having
# a region configured. Before this happens we want to check
# for credentials so we can give a good error message.
if session.get_credentials() is None:
raise NoCredentialsError()
client = session.create_client(
'emr', region_name=region_name, endpoint_url=endpoint_url,
verify=verify)
LOG.debug('Calling ' + str(operation_name))
return getattr(client, operation_name)(**parameters)
def add_auth(self, request):
if self.credentials is None:
raise NoCredentialsError()
# Use utcnow() because that's what gets mocked by tests, but set
# timezone because CRT assumes naive datetime is local time.
datetime_now = datetime.datetime.utcnow().replace(
tzinfo=datetime.timezone.utc)
# Use existing 'X-Amz-Content-SHA256' header if able
existing_sha256 = self._get_existing_sha256(request)
self._modify_request_before_signing(request)
credentials_provider = awscrt.auth.AwsCredentialsProvider.new_static(
access_key_id=self.credentials.access_key,
secret_access_key=self.credentials.secret_key,
session_token=self.credentials.token)
if self._should_sha256_sign_payload(request):
if existing_sha256:
explicit_payload = existing_sha256
else:
explicit_payload = None # to be calculated during signing
else:
explicit_payload = UNSIGNED_PAYLOAD
if self._should_add_content_sha256_header(explicit_payload):
body_header = \
awscrt.auth.AwsSignedBodyHeaderType.X_AMZ_CONTENT_SHA_256
else:
body_header = awscrt.auth.AwsSignedBodyHeaderType.NONE
signing_config = awscrt.auth.AwsSigningConfig(
algorithm=awscrt.auth.AwsSigningAlgorithm.V4,
signature_type=self._SIGNATURE_TYPE,
credentials_provider=credentials_provider,
region=self._region_name,
service=self._service_name,
date=datetime_now,
should_sign_header=self._should_sign_header,
use_double_uri_encode=self._USE_DOUBLE_URI_ENCODE,
should_normalize_uri_path=self._SHOULD_NORMALIZE_URI_PATH,
signed_body_value=explicit_payload,
signed_body_header_type=body_header,
expiration_in_seconds=self._expiration_in_seconds,
)
crt_request = self._crt_request_from_aws_request(request)
future = awscrt.auth.aws_sign_request(crt_request, signing_config)
future.result()
self._apply_signing_changes(request, crt_request)
def test__get_account_info(self, mock_session, mock__get_region,
mock__get_partition, mock_boto3):
mock__get_region.return_value = "us-east-1"
session = boto3.Session()
session.get_available_regions = mock.Mock()
session.client = mock.Mock()
sts = mock.Mock()
sts.get_caller_identity.return_value = {"Account": "123412341234"}
session.client.return_value = sts
mock_session.return_value = session
mock_boto3.session.Session = mock.Mock()
mock_boto3.session.Session.return_value = session
cache = Boto3Cache(_boto3=mock_boto3)
mock__get_partition.return_value = ("aws-us-gov", "us-gov-east-1")
partition = cache._get_account_info("default")["partition"]
self.assertEqual(partition, "aws-us-gov")
mock__get_partition.return_value = ("aws-cn", "cn-north-1")
partition = cache._get_account_info("default")["partition"]
self.assertEqual(partition, "aws-cn")
mock__get_partition.return_value = ("aws", "us-east-1")
partition = cache._get_account_info("default")["partition"]
self.assertEqual(partition, "aws")
self.assertEqual(3, sts.get_caller_identity.call_count)
sts.get_caller_identity.side_effect = ClientError(
error_response={"Error": {
"Code": "test"
}}, operation_name="test")
with self.assertRaises(ClientError):
cache._get_account_info("default")
sts.get_caller_identity.side_effect = ClientError(
error_response={"Error": {
"Code": "AccessDenied"
}},
operation_name="test")
with self.assertRaises(TaskCatException):
cache._get_account_info("default")
sts.get_caller_identity.side_effect = NoCredentialsError()
with self.assertRaises(TaskCatException):
cache._get_account_info("default")
sts.get_caller_identity.side_effect = ProfileNotFound(
profile="non-existent_profile")
with self.assertRaises(TaskCatException):
cache._get_account_info("default")
def call(session, operation_object, parameters, region_name=None,
endpoint_url=None, verify=None):
# We could get an error from get_endpoint() about not having
# a region configured. Before this happens we want to check
# for credentials so we can give a good error message.
if session.get_credentials() is None:
raise NoCredentialsError()
endpoint = operation_object.service.get_endpoint(
region_name=region_name, endpoint_url=endpoint_url,
verify=verify)
LOG.debug('Calling ' + str(operation_object) + ' with endpoint: ' +
endpoint.host)
return operation_object.call(endpoint, **parameters)
def _call(self, operation_object, parameters, parsed_globals):
# We could get an error from get_endpoint() about not having
# a region configured. Before this happens we want to check
# for credentials so we can give a good error message.
result = []
if not self._session.get_credentials():
raise NoCredentialsError()
endpoint = operation_object.service.get_endpoint(
region_name=parsed_globals.region,
endpoint_url=parsed_globals.endpoint_url,
verify=parsed_globals.verify_ssl)
http_response, response_data = operation_object.call(
endpoint, **parameters)
return response_data
def test_integration_test_s3():
try:
import fs_s3fs
from botocore.exceptions import NoCredentialsError
except ImportError:
raise ImportError(
"https://github.com/PyFilesystem/s3fs must be installed for this test."
)
try:
dp = load_datapackage(fs_or_obj=open_fs("s3://bwprocessing"))
check_metadata(dp, False)
check_data(dp)
except NoCredentialsError:
raise NoCredentialsError(
"Supply AWS credentials (https://boto3.amazonaws.com/v1/documentation/api/latest/guide/quickstart.html)"
)
def add_auth(self, request):
if self.credentials is None:
raise NoCredentialsError()
datetime_now = datetime.datetime.utcnow()
request.context['timestamp'] = datetime_now.strftime(SIGV4_TIMESTAMP)
# This could be a retry. Make sure the previous
# authorization header is removed first.
self._modify_request_before_signing(request)
canonical_request = self.canonical_request(request)
logger.debug("Calculating signature using v4 auth.")
logger.debug('CanonicalRequest:\n%s', canonical_request)
string_to_sign = self.string_to_sign(request, canonical_request)
logger.debug('StringToSign:\n%s', string_to_sign)
signature = self.signature(string_to_sign, request)
logger.debug('Signature:\n%s', signature)
self._inject_signature_to_request(request, signature)
def describe_services(self, cluster_name, service_name):
if not self.access_key_id or not self.secret_access_key:
raise NoCredentialsError()
if cluster_name != u'test-cluster':
error_response = {u'Error': {u'Code': u'ClusterNotFoundException', u'Message': u'Cluster not found.'}}
raise ClientError(error_response, u'DescribeServices')
if service_name != u'test-service':
return {u'services': []}
if self.deployment_errors:
return {
u"services": [PAYLOAD_SERVICE_WITH_ERRORS],
u"failures": []
}
return {
u"services": [PAYLOAD_SERVICE],
u"failures": []
}
def invoke(self, operation_object, parameters, parsed_globals):
# We could get an error from get_endpoint() about not having
# a region configured. Before this happens we want to check
# for credentials so we can give a good error message.
if not self._session.get_credentials():
raise NoCredentialsError()
endpoint = operation_object.service.get_endpoint(
region_name=parsed_globals.region,
endpoint_url=parsed_globals.endpoint_url,
verify=parsed_globals.verify_ssl)
if operation_object.can_paginate and parsed_globals.paginate:
pages = operation_object.paginate(endpoint, **parameters)
self._display_response(operation_object, pages, parsed_globals)
else:
http_response, response_data = operation_object.call(
endpoint, **parameters)
self._display_response(operation_object, response_data,
parsed_globals)
return 0
def add_auth(self, request):
if self.credentials is None:
raise NoCredentialsError()
if 'Date' in request.headers:
del request.headers['Date']
request.headers['Date'] = formatdate(usegmt=True)
if self.credentials.token:
if 'X-Amz-Security-Token' in request.headers:
del request.headers['X-Amz-Security-Token']
request.headers['X-Amz-Security-Token'] = self.credentials.token
new_hmac = hmac.new(self.credentials.secret_key.encode('utf-8'),
digestmod=sha256)
new_hmac.update(request.headers['Date'].encode('utf-8'))
encoded_signature = encodebytes(new_hmac.digest()).strip()
signature = ('AWS3-HTTPS AWSAccessKeyId=%s,Algorithm=%s,Signature=%s' %
(self.credentials.access_key, 'HmacSHA256',
encoded_signature.decode('utf-8')))
if 'X-Amzn-Authorization' in request.headers:
del request.headers['X-Amzn-Authorization']
request.headers['X-Amzn-Authorization'] = signature
def cli(profile):
"""Webotron deploys websites to AWS."""
global session, bucket_manager, domain_manager, cert_manager, dist_manager
session_cfg = {}
if profile:
session_cfg['profile_name'] = profile
try:
session = boto3.Session(**session_cfg)
bucket_manager = BucketManager(session)
domain_manager = DomainManager(session)
cert_manager = CertificateManager(session)
dist_manager = DistributionManager(session)
except ProfileNotFound as e:
print(e)
exit()
else:
raise NoCredentialsError(
"Please input profile name with --profile flag"
)
exit()
def add_auth(self, request):
# The auth handler is the last thing called in the
# preparation phase of a prepared request.
# Because of this we have to parse the query params
# from the request body so we can update them with
# the sigv2 auth params.
if self.credentials is None:
raise NoCredentialsError()
if request.data:
# POST
params = request.data
else:
# GET
params = request.params
params['AWSAccessKeyId'] = self.credentials.access_key
params['SignatureVersion'] = '2'
params['SignatureMethod'] = 'HmacSHA256'
params['Timestamp'] = time.strftime(ISO8601, time.gmtime())
if self.credentials.token:
params['SecurityToken'] = self.credentials.token
qs, signature = self.calc_signature(request, params)
params['Signature'] = signature
return request
def get_queue_by_name(self, **kwargs):
raise NoCredentialsError()
def raise_exception(*args, **kwargs):
raise NoCredentialsError()
def test_catches_common_aws_exceptions(session, stack_waiter):
session.side_effect = NoCredentialsError()
with pytest.raises(SystemExit) as pytest_wrapped_e:
cli.main(['deploy', '--stack', STACK])
assert pytest_wrapped_e.value.code == 1
def test_put_log_events_no_credentials_error(mocker):
mocker.patch('mount_efs.get_log_stream_next_token', return_value='ABCDEF')
mocker.patch('mount_efs.cloudwatch_put_log_events_helper',
side_effect=[NoCredentialsError()])
is_completed = mount_efs.publish_cloudwatch_log(MOCK_AGENT, 'Test')
assert is_completed == False
def test_constructor_no_credentials_throws_exception(self, mockdriver):
mockdriver.list_tables.side_effect = NoCredentialsError()
with self.assertRaises(NoCredentialError):
QldbShell(None, mockdriver)
def _no_credentials_error():
raise NoCredentialsError()
