def setUp(self):
self.credentials = Credentials('key', 'secret')
self.emitter = mock.Mock()
self.emitter.emit_until_response.return_value = (None, None)
self.signer = RequestSigner(ServiceId('service_name'), 'region_name',
'signing_name', 'v4', self.credentials,
self.emitter)
self.fixed_credentials = self.credentials.get_frozen_credentials()
def test_destination_region_always_changed(self):
# If the user provides a destination region, we will still
# override the DesinationRegion with the region_name from
# the endpoint object.
actual_region = 'us-west-1'
operation_model = mock.Mock()
operation_model.name = 'CopySnapshot'
credentials = Credentials('key', 'secret')
event_emitter = HierarchicalEmitter()
request_signer = RequestSigner(ServiceId('ec2'), actual_region, 'ec2',
'v4', credentials, event_emitter)
request_dict = {}
params = {
'SourceRegion': 'us-west-2',
'DestinationRegion': 'us-east-1'
}
request_dict['body'] = params
request_dict['url'] = 'https://ec2.us-west-1.amazonaws.com'
request_dict['method'] = 'POST'
request_dict['headers'] = {}
request_dict['context'] = {}
# The user provides us-east-1, but we will override this to
# endpoint.region_name, of 'us-west-1' in this case.
handlers.inject_presigned_url_ec2(request_dict, request_signer,
operation_model)
self.assertIn('https://ec2.us-west-2.amazonaws.com?',
params['PresignedUrl'])
# Always use the DestinationRegion from the endpoint, regardless of
# whatever value the user provides.
self.assertEqual(params['DestinationRegion'], actual_region)
class BaseSignerTest(unittest.TestCase):
def setUp(self):
self.credentials = Credentials('key', 'secret')
self.emitter = mock.Mock()
self.emitter.emit_until_response.return_value = (None, None)
self.signer = RequestSigner(ServiceId('service_name'), 'region_name',
'signing_name', 'v4', self.credentials,
self.emitter)
self.fixed_credentials = self.credentials.get_frozen_credentials()
self.request = ibm_botocore.awsrequest.AWSRequest()
def test_adds_md5_when_s3v2(self):
credentials = Credentials('key', 'secret')
request_signer = RequestSigner(
's3', 'us-east-1', 's3', 's3', credentials, mock.Mock())
request_dict = {'body': b'bar',
'url': 'https://s3.us-east-1.amazonaws.com',
'method': 'PUT',
'headers': {}}
context = self.get_context()
handlers.conditionally_calculate_md5(
request_dict, request_signer=request_signer, context=context)
self.assertTrue('Content-MD5' in request_dict['headers'])
def test_add_md5_raises_error_when_md5_unavailable(self):
credentials = Credentials('key', 'secret')
request_signer = RequestSigner(
's3', 'us-east-1', 's3', 's3', credentials, mock.Mock())
request_dict = {'body': b'bar',
'url': 'https://s3.us-east-1.amazonaws.com',
'method': 'PUT',
'headers': {}}
self.set_md5_available(False)
with self.assertRaises(MD5UnavailableError):
handlers.calculate_md5(
request_dict, request_signer=request_signer)
def test_conditional_does_not_add_when_md5_unavailable(self):
credentials = Credentials('key', 'secret')
request_signer = RequestSigner(
's3', 'us-east-1', 's3', 's3', credentials, mock.Mock())
request_dict = {'body': b'bar',
'url': 'https://s3.us-east-1.amazonaws.com',
'method': 'PUT',
'headers': {}}
context = self.get_context()
self.set_md5_available(False)
with mock.patch('ibm_botocore.handlers.MD5_AVAILABLE', False):
handlers.conditionally_calculate_md5(
request_dict, request_signer=request_signer, context=context)
self.assertFalse('Content-MD5' in request_dict['headers'])
def __init__(self, test_case):
p = os.path.join
# We're using io.open() because we need to open these files with
# a specific encoding, and in 2.x io.open is the best way to do this.
self.raw_request = io.open(p(TESTSUITE_DIR, test_case + '.req'),
encoding='utf-8').read()
self.canonical_request = io.open(p(TESTSUITE_DIR, test_case + '.creq'),
encoding='utf-8').read().replace(
'\r', '')
self.string_to_sign = io.open(p(TESTSUITE_DIR, test_case + '.sts'),
encoding='utf-8').read().replace(
'\r', '')
self.authorization_header = io.open(p(TESTSUITE_DIR,
test_case + '.authz'),
encoding='utf-8').read().replace(
'\r', '')
self.signed_request = io.open(p(TESTSUITE_DIR, test_case + '.sreq'),
encoding='utf-8').read()
self.credentials = Credentials(ACCESS_KEY, SECRET_KEY)
def test_dest_region_removed(self):
operation_model = mock.Mock()
operation_model.name = 'CopyDBSnapshot'
credentials = Credentials('key', 'secret')
event_emitter = HierarchicalEmitter()
request_signer = RequestSigner(ServiceId('rds'), 'us-east-1', 'rds',
'v4', credentials, event_emitter)
request_dict = {}
params = {'SourceRegion': 'us-west-2'}
request_dict['body'] = params
request_dict['url'] = 'https://rds.us-east-1.amazonaws.com'
request_dict['method'] = 'POST'
request_dict['headers'] = {}
request_dict['context'] = {}
handlers.inject_presigned_url_rds(params=request_dict,
request_signer=request_signer,
model=operation_model)
self.assertNotIn('DestinationRegion', params)
def __init__(self, test_case):
filepath = os.path.join(TESTSUITE_DIR, test_case,
os.path.basename(test_case))
# We're using io.open() because we need to open these files with
# a specific encoding, and in 2.x io.open is the best way to do this.
self.raw_request = io.open(filepath + '.req', encoding='utf-8').read()
self.canonical_request = io.open(filepath + '.creq',
encoding='utf-8').read().replace(
'\r', '')
self.string_to_sign = io.open(filepath + '.sts',
encoding='utf-8').read().replace(
'\r', '')
self.authorization_header = io.open(filepath + '.authz',
encoding='utf-8').read().replace(
'\r', '')
self.signed_request = io.open(filepath + '.sreq',
encoding='utf-8').read()
token_pattern = r'^x-amz-security-token:(.*)$'
token_match = re.search(token_pattern, self.canonical_request,
re.MULTILINE)
token = token_match.group(1) if token_match else None
self.credentials = Credentials(ACCESS_KEY, SECRET_KEY, token)
def setUp(self):
self.credentials = Credentials(ACCESS_KEY, SECRET_KEY)
self.sigv4 = SigV4Auth(self.credentials, 'host', 'us-weast-1')
def create_random_credentials(self):
return Credentials('fake-%s' % random_chars(15),
'fake-%s' % random_chars(35),
'fake-%s' % random_chars(45))
