def __init__(self,
aws_access_key_id=None,
aws_secret_access_key=None,
is_secure=True,
port=None,
proxy=None,
proxy_port=None,
host=None,
debug=0,
session_token=None,
authenticate_requests=True,
validate_cert=True,
max_sts_attempts=3):
if not host:
host = self.DefaultHost
self.validate_cert = validate_cert
self.authenticate_requests = authenticate_requests
AWSAuthConnection.__init__(self,
host,
aws_access_key_id,
aws_secret_access_key,
is_secure,
port,
proxy,
proxy_port,
debug=debug,
security_token=session_token)
self.pending_requests = deque()
self.sts = AsyncAwsSts(aws_access_key_id, aws_secret_access_key)
assert (isinstance(max_sts_attempts, int) and max_sts_attempts >= 0)
self.max_sts_attempts = max_sts_attempts
def __init__(
self,
aws_access_key_id=None,
aws_secret_access_key=None,
is_secure=True,
port=None,
proxy=None,
proxy_port=None,
host=DefaultHost,
debug=0,
https_connection_factory=None,
calling_format=SubdomainCallingFormat(),
):
self.calling_format = calling_format
AWSAuthConnection.__init__(
self,
host,
aws_access_key_id,
aws_secret_access_key,
is_secure,
port,
proxy,
proxy_port,
debug=debug,
https_connection_factory=https_connection_factory,
)
def __init__(self, host, aws_access_key_id=None, aws_secret_access_key=None,
is_secure=True, port=None, proxy=None, proxy_port=None,
proxy_user=None, proxy_pass=None, debug=0,
https_connection_factory=None, path='/', provider='aws'):
AWSAuthConnection.__init__(self, host, aws_access_key_id, aws_secret_access_key,
is_secure, port, proxy, proxy_port, proxy_user, proxy_pass,
debug, https_connection_factory, path)
def __init__(self,
aws_access_key_id=None,
aws_secret_access_key=None,
is_secure=True,
port=None,
proxy=None,
proxy_port=None,
proxy_user=None,
proxy_pass=None,
debug=0,
https_connection_factory=None,
region=None,
path='/',
security_token=None):
if not region:
region = RegionInfo(self, self.DefaultRegionName,
self.DefaultRegionEndpoint)
self.region = region
AWSAuthConnection.__init__(self,
self.region.endpoint,
aws_access_key_id,
aws_secret_access_key,
is_secure,
port,
proxy,
proxy_port,
proxy_user,
proxy_pass,
debug,
https_connection_factory,
path,
security_token=security_token)
def __init__(self,
aws_access_key_id=None,
aws_secret_access_key=None,
is_secure=True,
port=None,
proxy=None,
proxy_port=None,
proxy_user=None,
proxy_pass=None,
host=DefaultHost,
debug=0,
https_connection_factory=None,
calling_format=SubdomainCallingFormat(),
path='/',
provider='aws',
bucket_class=Bucket):
self.calling_format = calling_format
self.bucket_class = bucket_class
AWSAuthConnection.__init__(
self,
host,
aws_access_key_id,
aws_secret_access_key,
is_secure,
port,
proxy,
proxy_port,
proxy_user,
proxy_pass,
debug=debug,
https_connection_factory=https_connection_factory,
path=path,
provider=provider)
def __init__(self,
aws_access_key_id=None,
aws_secret_access_key=None,
is_secure=True,
port=None,
proxy=None,
proxy_port=None,
debug=0,
security_token=None,
region=None,
validate_certs=True):
if not region:
region_name = boto.config.get('DynamoDB', 'region',
self.DefaultRegionName)
for reg in boto.dynamodb.regions():
if reg.name == region_name:
region = reg
break
self.region = region
AWSAuthConnection.__init__(self,
self.region.endpoint,
aws_access_key_id,
aws_secret_access_key,
is_secure,
port,
proxy,
proxy_port,
debug=debug,
security_token=security_token,
validate_certs=validate_certs)
self.throughput_exceeded_events = 0
def __init__(self,
aws_access_key_id=None,
aws_secret_access_key=None,
account_id='-',
is_secure=True,
port=None,
proxy=None,
proxy_port=None,
proxy_user=None,
proxy_pass=None,
debug=0,
https_connection_factory=None,
path='/',
provider='aws',
security_token=None,
suppress_consec_slashes=True,
region=None,
region_name='us-east-1'):
if not region:
for reg in boto.glacier.regions():
if reg.name == region_name:
region = reg
break
self.region = region
self.account_id = account_id
AWSAuthConnection.__init__(self, region.endpoint, aws_access_key_id,
aws_secret_access_key, is_secure, port,
proxy, proxy_port, proxy_user, proxy_pass,
debug, https_connection_factory, path,
provider, security_token,
suppress_consec_slashes)
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
is_secure=False, port=None, proxy=None, proxy_port=None,
host=DefaultHost, debug=0, https_connection_factory=None):
AWSAuthConnection.__init__(self, host,
aws_access_key_id, aws_secret_access_key,
is_secure, port, proxy, proxy_port, debug,
https_connection_factory)
def __init__(self,
aws_access_key_id=None,
aws_secret_access_key=None,
is_secure=True,
port=None,
proxy=None,
proxy_port=None,
proxy_user=None,
proxy_pass=None,
host=DefaultHost,
debug=0,
https_connection_factory=None,
calling_format=SubdomainCallingFormat(),
path='/',
headers={}):
self.calling_format = calling_format
self.headers = _environ_get_s3_headers()
self.headers.update(headers)
AWSAuthConnection.__init__(
self,
host,
aws_access_key_id,
aws_secret_access_key,
is_secure,
port,
proxy,
proxy_port,
proxy_user,
proxy_pass,
debug=debug,
https_connection_factory=https_connection_factory,
path=path)
def __init__(self,
private_key_path,
cert_path,
aws_access_key_id=None,
aws_secret_access_key=None,
is_secure=False,
port=DefaultPort,
proxy=None,
proxy_port=None,
proxy_user=None,
proxy_pass=None,
host=DefaultHost,
debug=0,
https_connection_factory=None,
path='/'):
self.private_key_path = private_key_path
self.cert_path = cert_path
AWSAuthConnection.__init__(
self,
host,
aws_access_key_id,
aws_secret_access_key,
is_secure,
port,
proxy,
proxy_port,
proxy_user,
proxy_pass,
debug=debug,
https_connection_factory=https_connection_factory,
path=path)
self._auth_handler.private_key_path = self.private_key_path
def __init__(
self,
aws_access_key_id=None,
aws_secret_access_key=None,
is_secure=True,
port=None,
proxy=None,
proxy_port=None,
host=None,
debug=0,
session_token=None,
):
if not host:
host = self.DefaultHost
self._passed_access_key = aws_access_key_id
self._passed_secret_key = aws_secret_access_key
if not session_token:
session_token = self._get_session_token()
self.creds = session_token
AWSAuthConnection.__init__(
self,
host,
self.creds.access_key,
self.creds.secret_key,
is_secure,
port,
proxy,
proxy_port,
debug=debug,
security_token=self.creds.session_token,
)
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
is_secure=True, port=None, proxy=None, proxy_port=None,
debug=0, session_token=None, region=None):
if not region:
region_name = boto.config.get('DynamoDB', 'region',
self.DefaultRegionName)
for reg in boto.dynamodb.regions():
if reg.name == region_name:
region = reg
break
self.region = region
self._passed_access_key = aws_access_key_id
self._passed_secret_key = aws_secret_access_key
if not session_token:
session_token = self._get_session_token()
self.creds = session_token
self.throughput_exceeded_events = 0
self.request_id = None
self.instrumentation = {'times': [], 'ids': []}
self.do_instrumentation = False
AWSAuthConnection.__init__(self, self.region.endpoint,
self.creds.access_key,
self.creds.secret_key,
is_secure, port, proxy, proxy_port,
debug=debug,
security_token=self.creds.session_token)
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
port=None, proxy=None, proxy_port=None,
host=DefaultHost, debug=0, security_token=None):
AWSAuthConnection.__init__(self, host,
aws_access_key_id, aws_secret_access_key,
True, port, proxy, proxy_port, debug=debug,
security_token=security_token)
def test_proxy_ssl_with_verification(self, ssl_mock, http_response_mock,
create_connection_mock):
type(http_response_mock.return_value).status = mock.PropertyMock(
return_value=200)
conn = AWSAuthConnection('mockservice.s3.amazonaws.com',
aws_access_key_id='access_key',
aws_secret_access_key='secret',
suppress_consec_slashes=False,
proxy_port=80)
conn.https_validate_certificates = True
dummy_cert = {
'subjectAltName':
(('DNS', 's3.amazonaws.com'), ('DNS', '*.s3.amazonaws.com')),
}
mock_sock = mock.Mock()
create_connection_mock.return_value = mock_sock
mock_sslSock = mock.Mock()
mock_sslSock.getpeercert.return_value = dummy_cert
mock_context = mock.Mock()
mock_context.wrap_socket.return_value = mock_sslSock
ssl_mock.create_default_context.return_value = mock_context
# Attempt to call proxy_ssl and make sure it works
conn.proxy_ssl('mockservice.s3.amazonaws.com', 80)
mock_sslSock.getpeercert.assert_called_once_with()
mock_context.wrap_socket.assert_called_once_with(
mock_sock, server_hostname='mockservice.s3.amazonaws.com')
def __init__(
self,
aws_access_key_id=None,
aws_secret_access_key=None,
port=None,
proxy=None,
proxy_port=None,
host=DefaultHost,
debug=0,
security_token=None,
validate_certs=True,
https_connection_factory=None,
):
AWSAuthConnection.__init__(
self,
host,
aws_access_key_id,
aws_secret_access_key,
True,
port,
proxy,
proxy_port,
debug=debug,
security_token=security_token,
validate_certs=validate_certs,
https_connection_factory=https_connection_factory,
)
def __init__(self,
aws_access_key_id=None,
aws_secret_access_key=None,
is_secure=True,
port=None,
proxy=None,
proxy_port=None,
host=None,
debug=0,
session_token=None):
if not host:
host = self.DefaultHost
self._passed_access_key = aws_access_key_id
self._passed_secret_key = aws_secret_access_key
if not session_token:
session_token = self._get_session_token()
self.creds = session_token
self.throughput_exceeded_events = 0
AWSAuthConnection.__init__(self,
host,
self.creds.access_key,
self.creds.secret_key,
is_secure,
port,
proxy,
proxy_port,
debug=debug,
security_token=self.creds.session_token)
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
is_secure=True, port=None, proxy=None, proxy_port=None,
debug=0, session_token=None, region=None):
"""
This is, for the moment at least, more complicated than other
Connection classes wrt credentials. If a session token is
passed in, it is expected to be a Credential object obtained
from a call to STS and those credentials will be used as-is.
If no session_token is passed in, we need to check to see if
we are running on an EC2 instance with an IAM Role associated
with it. If so, use those temporarty credentials. Finally, if
neither of the above scenarios were true, we must create
temporary credentials by making a call to STS ourselves.
NOTE: If this is called with an STS session token and no real
AWS credentials, there will be no way to renew the STS
session token when it expires.
"""
if not region:
region_name = boto.config.get('DynamoDB', 'region',
self.DefaultRegionName)
for reg in boto.dynamodb.regions():
if reg.name == region_name:
region = reg
break
self.region = region
self._passed_access_key = aws_access_key_id
self._passed_secret_key = aws_secret_access_key
if session_token:
# If an STS session token was passed in, use it.
# Note, however, that if no real credentials are passed
# in it will be impossible to renew this session token
# and when it expires, things will stop working.
AWSAuthConnection.__init__(self, self.region.endpoint,
session_token.access_key,
session_token.secret_key,
is_secure, port, proxy, proxy_port,
debug=debug,
security_token=session_token.session_token)
else:
# Create a connection in the normal way and see if
# session credentials are found. If so, it means we are
# using IAM Roles on an EC2 instance and we are good to go.
# If not, we need to explicitly create a session token.
AWSAuthConnection.__init__(self, self.region.endpoint,
aws_access_key_id,
aws_secret_access_key,
is_secure, port, proxy, proxy_port,
debug=debug)
if not self.provider.security_token:
self._need_session_token = True
self._get_session_token()
else:
self._need_session_token = False
self.throughput_exceeded_events = 0
self.request_id = None
self.instrumentation = {'times': [], 'ids': []}
self.do_instrumentation = False
def __init__(self,
host=DefaultHost,
aws_access_key_id=None,
aws_secret_access_key=None,
retry_policy=S3RetryPolicy()):
AWSAuthConnection.__init__(self, host, aws_access_key_id,
aws_secret_access_key)
self.retry_policy = retry_policy
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
is_secure=True, port=None, proxy=None, proxy_port=None,
host=DefaultHost, debug=0, https_connection_factory=None,
calling_format=SubdomainCallingFormat()):
self.calling_format = calling_format
AWSAuthConnection.__init__(self, host,
aws_access_key_id, aws_secret_access_key,
is_secure, port, proxy, proxy_port, debug=debug,
https_connection_factory=https_connection_factory)
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
port=None, proxy=None, proxy_port=None,
host=DefaultHost, debug=0, security_token=None,
validate_certs=True):
AWSAuthConnection.__init__(self, host,
aws_access_key_id, aws_secret_access_key,
True, port, proxy, proxy_port, debug=debug,
security_token=security_token,
validate_certs=validate_certs)
def __init__(self, **kwargs):
region = kwargs.get('region')
if not region:
region = RegionInfo(self, self.DefaultRegionName,
self.DefaultRegionEndpoint)
else:
del kwargs['region']
kwargs['host'] = region.endpoint
AWSAuthConnection.__init__(self, **kwargs)
self.region = region
def __init__(self,
host,
aws_access_key_id,
aws_secret_access_key,
port=443):
AWSAuthConnection.__init__(self,
host,
aws_access_key_id,
aws_secret_access_key,
port=port)
def __init__(self, **kwargs):
region = kwargs.get('region')
if not region:
region = RegionInfo(self, self.DefaultRegionName,
self.DefaultRegionEndpoint)
else:
del kwargs['region']
kwargs['host'] = region.endpoint
AWSAuthConnection.__init__(self, **kwargs)
self.region = region
def __init__(self,
aws_access_key_id=None,
aws_secret_access_key=None,
is_secure=True,
port=None,
proxy=None,
proxy_port=None,
host=None,
debug=0,
session_token=None,
endpoint=None,
authenticate_requests=True,
validate_cert=True,
max_sts_attempts=3,
ioloop=None):
if not host:
host = self.DefaultHost
if endpoint is not None:
self.url = endpoint
parse_url = urlparse(self.url)
self.host = parse_url.hostname
self.port = parse_url.port
self.protocol = parse_url.scheme
else:
self.protocol = 'https' if is_secure else 'http'
self.host = host
self.port = port
url = '{0}://{1}'.format(self.protocol, self.host)
if self.port:
url += ':{}'.format(self.port)
self.url = url
self.validate_cert = validate_cert
self.authenticate_requests = authenticate_requests
AWSAuthConnection.__init__(self,
self.host,
aws_access_key_id,
aws_secret_access_key,
is_secure,
self.port,
proxy,
proxy_port,
debug=debug,
security_token=session_token,
validate_certs=self.validate_cert)
self.ioloop = ioloop or IOLoop.instance()
self.http_client = AsyncHTTPClient(io_loop=self.ioloop)
self.pending_requests = deque()
self.sts = AsyncAwsSts(aws_access_key_id, aws_secret_access_key,
is_secure, self.port, proxy, proxy_port)
assert (isinstance(max_sts_attempts, int) and max_sts_attempts >= 0)
self.max_sts_attempts = max_sts_attempts
def test_get_proxy_url_with_auth(self):
conn = AWSAuthConnection('mockservice.cc-zone-1.amazonaws.com',
aws_access_key_id='access_key',
aws_secret_access_key='secret',
suppress_consec_slashes=False,
proxy="127.0.0.1",
proxy_user="******",
proxy_pass="******",
proxy_port="8180")
self.assertEqual(conn.get_proxy_url_with_auth(),
'http://john.doe:[email protected]:8180')
def setUp(self):
self.connection = AWSAuthConnection('s3.amazonaws.com')
self.non_retriable_code = 404
self.retry_status_codes = [301, 400]
self.success_response = self.create_response(200)
self.default_host = 'bucket.s3.amazonaws.com'
self.retry_region = RETRY_REGION_BYTES.decode('utf-8')
self.default_retried_host = ('bucket.s3.%s.amazonaws.com' %
self.retry_region)
self.test_headers = [('x-amz-bucket-region', self.retry_region)]
def test_get_proxy_url_with_auth(self):
conn = AWSAuthConnection(
'mockservice.cc-zone-1.amazonaws.com',
aws_access_key_id='access_key',
aws_secret_access_key='secret',
suppress_consec_slashes=False,
proxy="127.0.0.1",
proxy_user="******",
proxy_pass="******",
proxy_port="8180"
)
self.assertEqual(conn.get_proxy_url_with_auth(), 'http://john.doe:[email protected]:8180')
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
is_secure=True, port=None, proxy=None, proxy_port=None,
proxy_user=None, proxy_pass=None, debug=0,
https_connection_factory=None, region=None, path='/'):
if not region:
region = RegionInfo(self, self.DefaultRegionName,
self.DefaultRegionEndpoint)
self.region = region
AWSAuthConnection.__init__(self, self.region.endpoint,
aws_access_key_id, aws_secret_access_key,
is_secure, port, proxy, proxy_port,
proxy_user, proxy_pass, debug,
https_connection_factory, path)
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
is_secure=True, port=None, proxy=None, proxy_port=None,
proxy_user=None, proxy_pass=None,
host=DefaultHost, debug=0, https_connection_factory=None,
calling_format=SubdomainCallingFormat(), path='/',
provider='aws', bucket_class=Bucket, security_token=None):
self.calling_format = calling_format
self.bucket_class = bucket_class
AWSAuthConnection.__init__(self, host,
aws_access_key_id, aws_secret_access_key,
is_secure, port, proxy, proxy_port, proxy_user, proxy_pass,
debug=debug, https_connection_factory=https_connection_factory,
path=path, provider=provider, security_token=security_token)
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None, region="us-east-1",
is_secure=True, port=None, proxy=None, proxy_port=None,
proxy_user=None, proxy_pass=None,
host=None, debug=0, https_connection_factory=None,
path='/', provider='aws', security_token=None,
suppress_consec_slashes=True):
if host is None:
host = 'glacier.%s.amazonaws.com' % (region,)
AWSAuthConnection.__init__(self, host,
aws_access_key_id, aws_secret_access_key,
is_secure, port, proxy, proxy_port, proxy_user, proxy_pass,
debug=debug, https_connection_factory=https_connection_factory,
path=path, provider=provider, security_token=security_token,
suppress_consec_slashes=suppress_consec_slashes)
def test_proxy_ssl(self, ssl_mock, http_response_mock,
create_connection_mock):
type(http_response_mock.return_value).status = mock.PropertyMock(
return_value=200)
conn = AWSAuthConnection('mockservice.cc-zone-1.amazonaws.com',
aws_access_key_id='access_key',
aws_secret_access_key='secret',
suppress_consec_slashes=False,
proxy_port=80)
conn.https_validate_certificates = False
# Attempt to call proxy_ssl and make sure it works
conn.proxy_ssl('mockservice.cc-zone-1.amazonaws.com', 80)
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None, region="us-east-1",
is_secure=True, port=None, proxy=None, proxy_port=None,
proxy_user=None, proxy_pass=None,
host=None, debug=0, https_connection_factory=None,
path='/', provider='aws', security_token=None,
suppress_consec_slashes=True):
if host is None:
host = 'glacier.%s.amazonaws.com' % (region,)
AWSAuthConnection.__init__(self, host,
aws_access_key_id, aws_secret_access_key,
is_secure, port, proxy, proxy_port, proxy_user, proxy_pass,
debug=debug, https_connection_factory=https_connection_factory,
path=path, provider=provider, security_token=security_token,
suppress_consec_slashes=suppress_consec_slashes)
def __init__(self,
aws_access_key_id=None,
aws_secret_access_key=None,
is_secure=False,
port=None,
proxy=None,
proxy_port=None,
host=DefaultHost,
debug=0,
https_connection_factory=None):
AWSAuthConnection.__init__(self, host, aws_access_key_id,
aws_secret_access_key, is_secure, port,
proxy, proxy_port, debug,
https_connection_factory)
self.query_conn = None
def test_build_base_http_request_noproxy(self):
os.environ['no_proxy'] = 'mockservice.cc-zone-1.amazonaws.com'
conn = AWSAuthConnection('mockservice.cc-zone-1.amazonaws.com',
aws_access_key_id='access_key',
aws_secret_access_key='secret',
suppress_consec_slashes=False,
proxy="127.0.0.1",
proxy_user="******",
proxy_pass="******",
proxy_port="8180")
request = conn.build_base_http_request('GET', '/', None)
del os.environ['no_proxy']
self.assertEqual(request.path, '/')
def set_user_quota(self,
uid,
tenant='',
enabled=False,
max_objects=-1,
max_size_kb=-1):
"""获取用户容量限制"""
tenant = tenant or self.tenant
if tenant:
uid = '%s$%s' % (tenant, uid)
parameters = {'uid': uid, 'quota-type': 'user', 'quota-scope': 'user'}
data = {
'uid': uid,
'quota-scope': 'user',
'enabled': enabled,
'max_objects': max_objects,
'max_size_kb': max_size_kb,
}
response = AWSAuthConnection.make_request(
self.conn,
'PUT',
self.admin_endpoint + 'user?quota&' +
urllib.parse.urlencode(parameters),
data=json.dumps(data),
)
return self._handle_response(response)
def _QueryServiceState(self, conn, file_length):
"""Queries service to find out state of given upload.
Note that this method really just makes special case use of the
fact that the upload service always returns the current start/end
state whenever a PUT doesn't complete.
Args:
conn: HTTPConnection to use for the query.
file_length: Total length of the file.
Returns:
HTTP response from sending request.
Raises:
ResumableUploadException if problem querying service.
"""
# Send an empty PUT so that service replies with this resumable
# transfer's state.
put_headers = {
'Content-Range': (self._BuildContentRangeHeader('*', file_length)),
'Content-Length': '0'
}
return AWSAuthConnection.make_request(conn,
'PUT',
path=self.upload_url_path,
auth_path=self.upload_url_path,
headers=put_headers,
host=self.upload_url_host)
def test_proxy_ssl(self, ssl_mock, http_response_mock,
create_connection_mock):
type(http_response_mock.return_value).status = mock.PropertyMock(
return_value=200)
conn = AWSAuthConnection(
'mockservice.cc-zone-1.amazonaws.com',
aws_access_key_id='access_key',
aws_secret_access_key='secret',
suppress_consec_slashes=False,
proxy_port=80
)
conn.https_validate_certificates = False
# Attempt to call proxy_ssl and make sure it works
conn.proxy_ssl('mockservice.cc-zone-1.amazonaws.com', 80)
def make_request(self,
method,
bucket='',
key='',
headers=None,
data='',
query_args=None,
sender=None,
override_num_retries=None,
retry_handler=None):
if isinstance(bucket, self.bucket_class):
bucket = bucket.name
if isinstance(key, Key):
key = key.name
path = self.calling_format.build_path_base(bucket, key)
boto.log.debug('path=%s' % path)
auth_path = self.calling_format.build_auth_path(bucket, key)
boto.log.debug('auth_path=%s' % auth_path)
host = self.calling_format.build_host(self.server_name(), bucket)
if query_args:
path += '?' + query_args
boto.log.debug('path=%s' % path)
auth_path += '?' + query_args
boto.log.debug('auth_path=%s' % auth_path)
return AWSAuthConnection.make_request(
self,
method,
path,
headers,
data,
host,
auth_path,
sender,
override_num_retries=override_num_retries,
retry_handler=retry_handler)
def _query_server_state(self, conn, file_length):
"""
Queries server to find out what bytes it currently has.
Note that this method really just makes special case use of the
fact that the upload server always returns the current start/end
state whenever a PUT doesn't complete.
Returns (server_start, server_end), where the values are inclusive.
For example, (0, 2) would mean that the server has bytes 0, 1, *and* 2.
Raises ResumableUploadException if problem querying server.
"""
# Send an empty PUT so that server replies with this resumable
# transfer's state.
put_headers = {}
put_headers['Content-Range'] = (self._build_content_range_header(
'*', file_length))
put_headers['Content-Length'] = '0'
resp = AWSAuthConnection.make_request(conn,
'PUT',
path=self.tracker_uri_path,
headers=put_headers,
host=self.tracker_uri_host)
if resp.status == 200:
return (0, file_length) # Completed upload.
if resp.status != 308:
# This means the server didn't have any state for the given
# upload ID, which can happen (for example) if the caller saved
# the tracker URI to a file and then tried to restart the transfer
# after that upload ID has gone stale. In that case we need to
# start a new transfer (and the caller will then save the new
# tracker URI to the tracker file).
raise ResumableUploadException(
'Got non-308 response (%s) from server state query' %
resp.status, ResumableTransferDisposition.START_OVER)
got_valid_response = False
range_spec = resp.getheader('range')
if range_spec:
# Parse 'bytes=<from>-<to>' range_spec.
m = re.search('bytes=(\d+)-(\d+)', range_spec)
if m:
server_start = long(m.group(1))
server_end = long(m.group(2))
got_valid_response = True
else:
# No Range header, which means the server does not yet have
# any bytes. Note that the Range header uses inclusive 'from'
# and 'to' values. Since Range 0-0 would mean that the server
# has byte 0, omitting the Range header is used to indicate that
# the server doesn't have any bytes.
return self.SERVER_HAS_NOTHING
if not got_valid_response:
raise ResumableUploadException(
'Couldn\'t parse upload server state query response (%s)' %
str(resp.getheaders()),
ResumableTransferDisposition.START_OVER)
if conn.debug >= 1:
print 'Server has: Range: %d - %d.' % (server_start, server_end)
return (server_start, server_end)
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
is_secure=True, port=None, proxy=None, proxy_port=None,
proxy_user=None, proxy_pass=None,
host=DefaultHost, debug=0, https_connection_factory=None,
calling_format=SubdomainCallingFormat(), path='/',
headers={}):
self.calling_format = calling_format
self.headers = _environ_get_s3_headers()
self.headers.update(headers)
AWSAuthConnection.__init__(self, host,
aws_access_key_id, aws_secret_access_key,
is_secure, port, proxy, proxy_port, proxy_user, proxy_pass,
debug=debug, https_connection_factory=https_connection_factory,
path=path)
def make_request(self,
verb,
resource,
headers=None,
data='',
ok_responses=(200, ),
params=None,
sender=None,
response_headers=None):
if headers is None:
headers = {}
headers['x-amz-glacier-version'] = self.Version
uri = '/%s/%s' % (self.account_id, resource)
response = AWSAuthConnection.make_request(self,
verb,
uri,
params=params,
headers=headers,
sender=sender,
data=data)
if response.status in ok_responses:
return GlacierResponse(response, response_headers)
else:
# create glacier-specific exceptions
raise UnexpectedHTTPResponseError(ok_responses, response)
def __init__(self, private_key_path, cert_path,
aws_access_key_id=None, aws_secret_access_key=None,
is_secure=False, port=DefaultPort, proxy=None, proxy_port=None,
proxy_user=None, proxy_pass=None,
host=DefaultHost, debug=0, https_connection_factory=None,
path='/'):
self.private_key_path = private_key_path
self.cert_path = cert_path
AWSAuthConnection.__init__(self, host, aws_access_key_id,
aws_secret_access_key,
is_secure, port, proxy, proxy_port,
proxy_user, proxy_pass,
debug=debug,
https_connection_factory=https_connection_factory,
path=path)
self._auth_handler.private_key_path = self.private_key_path
def _query_server_state(self, conn, file_length):
"""
Queries server to find out state of given upload.
Note that this method really just makes special case use of the
fact that the upload server always returns the current start/end
state whenever a PUT doesn't complete.
Returns HTTP response from sending request.
Raises ResumableUploadException if problem querying server.
"""
# Send an empty PUT so that server replies with this resumable
# transfer's state.
put_headers = {}
put_headers["Content-Range"] = self._build_content_range_header("*", file_length)
put_headers["Content-Length"] = "0"
return AWSAuthConnection.make_request(
conn,
"PUT",
path=self.tracker_uri_path,
auth_path=self.tracker_uri_path,
headers=put_headers,
host=self.tracker_uri_host,
)
def make_request(self,
verb,
resource,
headers=None,
data='',
ok_responses=(200, )):
if headers is None:
headers = {}
headers['x-amz-glacier-version'] = self.Version
uri = '/%s/%s' % (self.account_id, resource)
response = AWSAuthConnection.make_request(self,
verb,
uri,
params=params,
headers=headers,
data=data)
if response.status in ok_responses:
is_json = response.getheader('Content-Type') == 'application/json'
body = json.loads(response.read()) if is_json else response.read()
return dict(response.getheaders()), body
else:
msg = 'Expected %s, got (%d, %s)' % (ok_responses, response.status,
response.read())
# create glacier-specific exceptions
raise BaseException(msg)
def _QueryServiceState(self, conn, file_length):
"""Queries service to find out state of given upload.
Note that this method really just makes special case use of the
fact that the upload service always returns the current start/end
state whenever a PUT doesn't complete.
Args:
conn: HTTPConnection to use for the query.
file_length: Total length of the file.
Returns:
HTTP response from sending request.
Raises:
ResumableUploadException if problem querying service.
"""
# Send an empty PUT so that service replies with this resumable
# transfer's state.
put_headers = {
'Content-Range': (self._BuildContentRangeHeader('*', file_length)),
'Content-Length': '0'
}
return AWSAuthConnection.make_request(conn,
'PUT',
path=self.upload_url_path,
auth_path=self.upload_url_path,
headers=put_headers,
host=self.upload_url_host)
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
is_secure=True, port=None, proxy=None, proxy_port=None,
host=None, debug=0, session_token=None):
if not host:
host = self.DefaultHost
if not session_token:
self.sts = boto.connect_sts(aws_access_key_id,
aws_secret_access_key)
session_token = self.sts.get_session_token()
self.creds = session_token
AWSAuthConnection.__init__(self, host,
self.creds.access_key,
self.creds.secret_key,
is_secure, port, proxy, proxy_port,
debug=debug,
security_token=self.creds.session_token)
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
is_secure=True, port=None, proxy=None, proxy_port=None,
proxy_user=None, proxy_pass=None,
host=DefaultHost, debug=0, https_connection_factory=None,
calling_format=SubdomainCallingFormat(), path='/',
provider='aws', bucket_class=Bucket, security_token=None,
suppress_consec_slashes=True, anon=False):
self.calling_format = calling_format
self.bucket_class = bucket_class
self.anon = anon
AWSAuthConnection.__init__(self, host,
aws_access_key_id, aws_secret_access_key,
is_secure, port, proxy, proxy_port, proxy_user, proxy_pass,
debug=debug, https_connection_factory=https_connection_factory,
path=path, provider=provider, security_token=security_token,
suppress_consec_slashes=suppress_consec_slashes)
def _query_server_state(self, conn, file_length):
"""
Queries server to find out what bytes it currently has.
Note that this method really just makes special case use of the
fact that the upload server always returns the current start/end
state whenever a PUT doesn't complete.
Returns (server_start, server_end), where the values are inclusive.
For example, (0, 2) would mean that the server has bytes 0, 1, *and* 2.
Raises ResumableUploadException if problem querying server.
"""
# Send an empty PUT so that server replies with this resumable
# transfer's state.
put_headers = {}
put_headers['Content-Range'] = (
self._build_content_range_header('*', file_length))
put_headers['Content-Length'] = '0'
resp = AWSAuthConnection.make_request(conn, 'PUT',
path=self.tracker_uri_path,
auth_path=self.tracker_uri_path,
headers=put_headers,
host=self.tracker_uri_host)
if resp.status == 200:
return (0, file_length) # Completed upload.
if resp.status != 308:
# This means the server didn't have any state for the given
# upload ID, which can happen (for example) if the caller saved
# the tracker URI to a file and then tried to restart the transfer
# after that upload ID has gone stale. In that case we need to
# start a new transfer (and the caller will then save the new
# tracker URI to the tracker file).
raise ResumableUploadException(
'Got non-308 response (%s) from server state query' %
resp.status, ResumableTransferDisposition.START_OVER)
got_valid_response = False
range_spec = resp.getheader('range')
if range_spec:
# Parse 'bytes=<from>-<to>' range_spec.
m = re.search('bytes=(\d+)-(\d+)', range_spec)
if m:
server_start = long(m.group(1))
server_end = long(m.group(2))
got_valid_response = True
else:
# No Range header, which means the server does not yet have
# any bytes. Note that the Range header uses inclusive 'from'
# and 'to' values. Since Range 0-0 would mean that the server
# has byte 0, omitting the Range header is used to indicate that
# the server doesn't have any bytes.
return self.SERVER_HAS_NOTHING
if not got_valid_response:
raise ResumableUploadException(
'Couldn\'t parse upload server state query response (%s)' %
str(resp.getheaders()), ResumableTransferDisposition.START_OVER)
if conn.debug >= 1:
print 'Server has: Range: %d - %d.' % (server_start, server_end)
return (server_start, server_end)
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
is_secure=True, port=None, proxy=None, proxy_port=None,
host=None, debug=0, session_token=None,
authenticate_requests=True, validate_cert=True, max_sts_attempts=3):
if not host:
host = self.DefaultHost
self.validate_cert = validate_cert
self.authenticate_requests = authenticate_requests
AWSAuthConnection.__init__(self, host,
aws_access_key_id,
aws_secret_access_key,
is_secure, port, proxy, proxy_port,
debug=debug, security_token=session_token)
self.pending_requests = deque()
self.sts = AsyncAwsSts(aws_access_key_id, aws_secret_access_key)
assert (isinstance(max_sts_attempts, int) and max_sts_attempts >= 0)
self.max_sts_attempts = max_sts_attempts
def test_build_base_http_request_noproxy(self):
os.environ['no_proxy'] = 'mockservice.cc-zone-1.amazonaws.com'
conn = AWSAuthConnection(
'mockservice.cc-zone-1.amazonaws.com',
aws_access_key_id='access_key',
aws_secret_access_key='secret',
suppress_consec_slashes=False,
proxy="127.0.0.1",
proxy_user="******",
proxy_pass="******",
proxy_port="8180"
)
request = conn.build_base_http_request('GET', '/', None)
del os.environ['no_proxy']
self.assertEqual(request.path, '/')
def __init__(self,
aws_access_key_id=None,
aws_secret_access_key=None,
port=None,
proxy=None,
proxy_port=None,
host=DefaultHost,
debug=0):
AWSAuthConnection.__init__(self,
host,
aws_access_key_id,
aws_secret_access_key,
True,
port,
proxy,
proxy_port,
debug=debug)
def make_request(self, action, path, headers=None, data='', params=None):
if params:
pairs = []
for key, val in params.iteritems():
if val is None: continue
pairs.append(key + '=' + urllib.quote(str(val)))
path += '?' + '&'.join(pairs)
return AWSAuthConnection.make_request(self, action, path, headers, data)
def make_request(self, action, path, headers=None, data='', params=None):
if params:
pairs = []
for key, val in params.iteritems():
if val is None: continue
pairs.append(key + '=' + urllib.quote(str(val)))
path += '?' + '&'.join(pairs)
return AWSAuthConnection.make_request(self, action, path, headers, data)
def handle_aws_login(self):
session = self.request.session
if self.aws_login_form.validate():
package = self.request.params.get('package')
package = base64.decodestring(package)
aws_region = self.request.params.get('aws-region')
validate_certs = asbool(self.request.registry.settings.get('connection.ssl.validation', False))
conn = AWSAuthConnection(None, aws_access_key_id='', aws_secret_access_key='')
ca_certs_file = conn.ca_certificates_file
conn = None
ca_certs_file = self.request.registry.settings.get('connection.ssl.certfile', ca_certs_file)
auth = AWSAuthenticator(package=package, validate_certs=validate_certs, ca_certs=ca_certs_file)
try:
creds = auth.authenticate(timeout=10)
logging.info(u"Authenticated AWS user from {ip}".format(ip=BaseView.get_remote_addr(self.request)))
default_region = self.request.registry.settings.get('aws.default.region', 'us-east-1')
session.invalidate() # Refresh session
session['cloud_type'] = 'aws'
session['session_token'] = creds.session_token
session['access_id'] = creds.access_key
session['secret_key'] = creds.secret_key
last_visited_aws_region = [reg for reg in AWS_REGIONS if reg.get('name') == aws_region]
session['region'] = aws_region if last_visited_aws_region else default_region
session['username_label'] = u'{user}...@AWS'.format(user=creds.access_key[:8])
session['supported_platforms'] = self.get_account_attributes(['supported-platforms'])
session['default_vpc'] = self.get_account_attributes(['default-vpc'])
conn = ConnectionManager.aws_connection(
session['region'], creds.access_key, creds.secret_key, creds.session_token, 'vpc')
vpcs = conn.get_all_vpcs()
if not vpcs or len(vpcs) == 0:
# remove vpc from supported-platforms
if 'VPC' in session.get('supported_platforms', []):
session.get('supported_platforms').remove('VPC')
headers = remember(self.request, creds.access_key[:8])
return HTTPFound(location=self.came_from, headers=headers)
except HTTPError, err:
if err.msg == 'Forbidden':
msg = _(u'Invalid access key and/or secret key.')
self.login_form_errors.append(msg)
except URLError, err:
if err.reason.find('ssl') > -1:
msg = INVALID_SSL_CERT_MSG
else:
msg = _(u'No response from host')
self.login_form_errors.append(msg)
def make_request(self, action, path, headers=None, data="", params=None):
if params:
pairs = []
for key, val in params.iteritems():
if val is None:
continue
pairs.append(key + "=" + urllib.quote(str(val)))
path += "?" + "&".join(pairs)
return AWSAuthConnection.make_request(self, action, path, headers, data, retry_handler=self._retry_handler)
def __init__(
self,
aws_access_key_id=None,
aws_secret_access_key=None,
is_secure=True,
port=None,
proxy=None,
proxy_port=None,
proxy_user=None,
proxy_pass=None,
host=DefaultHost,
debug=0,
https_connection_factory=None,
calling_format=SubdomainCallingFormat(),
path="/",
provider="aws",
bucket_class=Bucket,
security_token=None,
suppress_consec_slashes=True,
anon=False,
):
self.calling_format = calling_format
self.bucket_class = bucket_class
self.anon = anon
AWSAuthConnection.__init__(
self,
host,
aws_access_key_id,
aws_secret_access_key,
is_secure,
port,
proxy,
proxy_port,
proxy_user,
proxy_pass,
debug=debug,
https_connection_factory=https_connection_factory,
path=path,
provider=provider,
security_token=security_token,
suppress_consec_slashes=suppress_consec_slashes,
)
def make_request(self, verb, resource, headers=None, data='',
expected_status=None, params=None):
if headers is None:
headers = {}
response = AWSAuthConnection.make_request(
self, verb, resource, headers=headers, data=data, params=params)
body = json.loads(response.read().decode('utf-8'))
if response.status == expected_status:
return body
else:
raise JSONResponseError(response.status, response.reason, body)
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
is_secure=True, port=None, proxy=None, proxy_port=None,
debug=0, security_token=None, region=None,
validate_certs=True):
if not region:
region_name = boto.config.get('DynamoDB', 'region',
self.DefaultRegionName)
for reg in boto.dynamodb.regions():
if reg.name == region_name:
region = reg
break
self.region = region
AWSAuthConnection.__init__(self, self.region.endpoint,
aws_access_key_id,
aws_secret_access_key,
is_secure, port, proxy, proxy_port,
debug=debug, security_token=security_token,
validate_certs=validate_certs)
self.throughput_exceeded_events = 0
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
is_secure=True, port=None, proxy=None, proxy_port=None,
proxy_user=None, proxy_pass=None,
host=DefaultHost, debug=0, https_connection_factory=None,
calling_format=DefaultCallingFormat, path='/',
provider='aws', bucket_class=Bucket, security_token=None,
suppress_consec_slashes=True, anon=False,
validate_certs=None):
if isinstance(calling_format, str):
calling_format=boto.utils.find_class(calling_format)()
self.calling_format = calling_format
self.bucket_class = bucket_class
self.anon = anon
AWSAuthConnection.__init__(self, host,
aws_access_key_id, aws_secret_access_key,
is_secure, port, proxy, proxy_port, proxy_user, proxy_pass,
debug=debug, https_connection_factory=https_connection_factory,
path=path, provider=provider, security_token=security_token,
suppress_consec_slashes=suppress_consec_slashes,
validate_certs=validate_certs)
def make_request(self, method, bucket="", key="", headers=None, data="", query_args=None, sender=None):
if isinstance(bucket, Bucket):
bucket = bucket.name
if isinstance(key, Key):
key = key.name
path = self.calling_format.build_path_base(bucket, key)
auth_path = self.calling_format.build_auth_path(bucket, key)
host = self.calling_format.build_host(self.server, bucket)
if query_args:
path += "?" + query_args
auth_path += "?" + query_args
return AWSAuthConnection.make_request(self, method, path, headers, data, host, auth_path, sender)