def create_temp_creds(client_id, access_token, start=None, expires=None, scopes=None, name=None):
"""Request temp TC creds with our permanent creds.
Args:
client_id (str): the taskcluster client_id to use
access_token (str): the taskcluster access_token to use
start (str, optional): the datetime string when the credentials will
start to be valid. Defaults to 10 minutes ago, for clock skew.
expires (str, optional): the datetime string when the credentials will
expire. Defaults to 31 days after 10 minutes ago.
scopes (list, optional): The list of scopes to request for the temp
creds. Defaults to ['assume:project:taskcluster:worker-test-scopes', ]
name (str, optional): the name to associate with the creds.
Returns:
dict: the temporary taskcluster credentials.
"""
now = arrow.utcnow().shift(minutes=-10)
start = start or now.datetime
expires = expires or now.shift(days=31).datetime
scopes = scopes or ["assume:project:taskcluster:worker-test-scopes"]
creds = createTemporaryCredentials(client_id, access_token, start, expires, scopes, name=name)
for key, value in creds.items():
try:
creds[key] = value.decode("utf-8")
except (AttributeError, UnicodeDecodeError):
pass
return creds
def create_temp_creds(client_id, access_token, start=None, expires=None,
scopes=None, name=None):
"""Request temp TC creds with our permanent creds.
Args:
client_id (str): the taskcluster client_id to use
access_token (str): the taskcluster access_token to use
start (str, optional): the datetime string when the credentials will
start to be valid. Defaults to 10 minutes ago, for clock skew.
expires (str, optional): the datetime string when the credentials will
expire. Defaults to 31 days after 10 minutes ago.
scopes (list, optional): The list of scopes to request for the temp
creds. Defaults to ['assume:project:taskcluster:worker-test-scopes', ]
name (str, optional): the name to associate with the creds.
Returns:
dict: the temporary taskcluster credentials.
"""
now = arrow.utcnow().replace(minutes=-10)
start = start or now.datetime
expires = expires or now.replace(days=31).datetime
scopes = scopes or ['assume:project:taskcluster:worker-test-scopes', ]
creds = createTemporaryCredentials(client_id, access_token, start, expires,
scopes, name=name)
for key, value in creds.items():
try:
creds[key] = value.decode('utf-8')
except (AttributeError, UnicodeDecodeError):
pass
return creds
def test_temporary_credentials(self):
tempCred = subject.createTemporaryCredentials(
'admin',
'adminToken',
datetime.datetime.utcnow() - datetime.timedelta(hours=10),
datetime.datetime.utcnow() + datetime.timedelta(hours=10),
['auth:credentials'],
)
self.client.options['credentials']['clientId'] = tempCred['clientId']
self.client.options['credentials']['accessToken'] = tempCred['accessToken']
self.client.options['credentials']['certificate'] = tempCred['certificate']
result = self.client.getCredentials('admin')
self.assertEqual(result['accessToken'], 'adminToken')
def create_temp_creds(client_id, access_token, start=None, expires=None,
scopes=None, name=None):
now = arrow.utcnow().replace(minutes=-10)
start = start or now.datetime
expires = expires or now.replace(days=31).datetime
scopes = scopes or ['assume:project:taskcluster:worker-test-scopes', ]
creds = createTemporaryCredentials(client_id, access_token, start, expires,
scopes, name=name)
for key, value in creds.items():
try:
creds[key] = value.decode('utf-8')
except (AttributeError, UnicodeDecodeError):
pass
return creds
def temp_credentials_signed_url(self):
tempCred = subject.createTemporaryCredentials(
'tester',
'no-secret',
datetime.datetime.utcnow() - datetime.timedelta(hours=10),
datetime.datetime.utcnow() + datetime.timedelta(hours=10),
['test:*'],
)
client = self.testClass({
'credentials': tempCred,
})
signedUrl = client.buildSignedUrl(methodName='testAuthenticateGet')
response = self._get_json(signedUrl)
self.assertEqual(response, {
'scopes': ['test:*'],
'clientId': 'tester',
})
def test_named_temporary_credentials(self):
tempCred = subject.createTemporaryCredentials(
'tester',
'no-secret',
datetime.datetime.utcnow() - datetime.timedelta(hours=10),
datetime.datetime.utcnow() + datetime.timedelta(hours=10),
['test:xyz'],
name='credName'
)
client = subject.Auth({
'credentials': tempCred,
})
result = client.testAuthenticate({
'clientScopes': ['test:*', 'auth:create-client:credName'],
'requiredScopes': ['test:xyz'],
})
self.assertEqual(result, {'scopes': ['test:xyz'], 'clientId': 'credName'})
def test_temp_credentials_signed_url(self):
tempCred = subject.createTemporaryCredentials(
'tester',
'no-secret',
datetime.datetime.utcnow() - datetime.timedelta(hours=10),
datetime.datetime.utcnow() + datetime.timedelta(hours=10),
['test:*'],
)
client = subject.Auth({
'credentials': tempCred,
})
signedUrl = client.buildSignedUrl('testAuthenticateGet')
response = requests.get(signedUrl)
response.raise_for_status()
response = response.json()
self.assertEqual(response, {
'scopes': ['test:*'],
'clientId': 'tester',
})
def test_temporary_credentials_authorizedScopes(self):
tempCred = subject.createTemporaryCredentials(
'tester',
'no-secret',
datetime.datetime.utcnow() - datetime.timedelta(hours=10),
datetime.datetime.utcnow() + datetime.timedelta(hours=10),
['test:xyz:*'],
)
client = subject.Auth({
'credentials': tempCred,
'authorizedScopes': ['test:xyz:abc'],
})
result = client.testAuthenticate({
'clientScopes': ['test:*'],
'requiredScopes': ['test:xyz:abc'],
})
self.assertEqual(result, {'scopes': ['test:xyz:abc'],
'clientId': 'tester'})
def test_temporary_credentials(self):
"""we can call methods which require authentication with temporary
credentials generated by python client"""
tempCred = subject.createTemporaryCredentials(
'tester',
'no-secret',
datetime.datetime.utcnow() - datetime.timedelta(hours=10),
datetime.datetime.utcnow() + datetime.timedelta(hours=10),
['test:xyz'],
)
client = subject.Auth({
'credentials': tempCred,
})
result = client.testAuthenticate({
'clientScopes': ['test:*'],
'requiredScopes': ['test:xyz'],
})
self.assertEqual(result, {'scopes': ['test:xyz'], 'clientId': 'tester'})
def create_temp_creds(client_id,
access_token,
start=None,
expires=None,
scopes=None,
name=None):
now = arrow.utcnow().replace(minutes=-10)
start = start or now.datetime
expires = expires or now.replace(days=31).datetime
scopes = scopes or [
'assume:project:taskcluster:worker-test-scopes',
]
creds = createTemporaryCredentials(client_id,
access_token,
start,
expires,
scopes,
name=name)
for key, value in creds.items():
try:
creds[key] = value.decode('utf-8')
except (AttributeError, UnicodeDecodeError):
pass
return creds