def test_no_profile_checks_env_provider(self): self.config['profile'] = None self.session._profile = None resolver = credentials.create_credential_resolver(self.session) self.assertTrue( any(isinstance(p, EnvProvider) for p in resolver.providers))
def test_no_profile_checks_env_provider(self): self.config['profile'] = None self.session.profile = None resolver = credentials.create_credential_resolver(self.session) self.assertTrue( any(isinstance(p, EnvProvider) for p in resolver.providers))
def test_no_profile_checks_env_provider(self): # If no profile is provided, self.session_instance_vars.pop('profile', None) resolver = credentials.create_credential_resolver(self.session) # Then an EnvProvider should be part of our credential lookup chain. self.assertTrue( any(isinstance(p, EnvProvider) for p in resolver.providers))
def test_no_profile_checks_env_provider(self): # If no profile is provided, self.session_instance_vars.pop('profile', None) resolver = credentials.create_credential_resolver(self.session) # Then an EnvProvider should be part of our credential lookup chain. self.assertTrue( any(isinstance(p, EnvProvider) for p in resolver.providers))
def __init__(self, name, access_key=None, secret_key=None, security_token=None, profile_name=None, **kwargs): """ Create a new BotoCredentialAdapter. """ # TODO: We take kwargs because new boto2 versions have an 'anon' # argument and we want to be future proof if (name == 'aws' or name is None) and access_key is None and not kwargs.get( 'anon', False): # We are on AWS and we don't have credentials passed along and we aren't anonymous. # We will backend into a boto3 resolver for getting credentials. # Make sure to enable boto3's own caching, so we can share that # cash with pure boto3 code elsewhere in Toil. self._boto3_resolver = create_credential_resolver( Session(profile=profile_name), cache=JSONFileCache()) else: # We will use the normal flow self._boto3_resolver = None # Pass along all the arguments super(BotoCredentialAdapter, self).__init__(name, access_key=access_key, secret_key=secret_key, security_token=security_token, profile_name=profile_name, **kwargs)
def send_to_es(self, path, method="GET", payload={}): """Low-level POST data to Amazon Elasticsearch Service generating a Sigv4 signed request Args: path (str): path to send to ES method (str, optional): HTTP method default:GET payload (dict, optional): additional payload used during POST or PUT Returns: dict: json answer converted in dict Raises: #: Error during ES communication ES_Exception: Description """ if not path.startswith("/"): path = "/" + path es_region = self.cfg["es_endpoint"].split(".")[1] headers = { "Host": self.cfg["es_endpoint"], "Content-Type": "application/json" } # send to ES with exponential backoff retries = 0 while retries < int(self.cfg["es_max_retry"]): if retries > 0: seconds = (2**retries) * .1 time.sleep(seconds) req = AWSRequest( method=method, url="https://{}{}".format( self.cfg["es_endpoint"], quote(path)), data=json.dumps(payload), params={"format": "json"}, headers=headers) credential_resolver = create_credential_resolver(get_session()) credentials = credential_resolver.load_credentials() SigV4Auth(credentials, 'es', es_region).add_auth(req) try: preq = req.prepare() session = Session() res = session.send(preq) if res.status_code >= 200 and res.status_code <= 299: return json.loads(res.content) else: raise ES_Exception(res.status_code, res._content) except ES_Exception as e: if (e.status_code >= 500) and (e.status_code <= 599): retries += 1 # Candidate for retry else: raise # Stop retrying, re-raise exception
def test_create_credential_resolver(self): fake_session = mock.Mock() config = { 'credentials_file': 'a', 'legacy_config_file': 'b', 'config_file': 'c', 'metadata_service_timeout': 'd', 'metadata_service_num_attempts': 'e', } fake_session.get_config_variable = lambda x: config[x] resolver = credentials.create_credential_resolver(fake_session)
def __init__(self): credential_resolver = create_credential_resolver(get_session()) credentials = credential_resolver.load_credentials() awsauth = AWS4Auth( credentials.access_key, credentials.secret_key, 'us-east-1', 'es', session_token=credentials.token) self.es = Elasticsearch( hosts=[{'host': self.es_endpoint, 'port': 443}], http_auth=awsauth, use_ssl=True, verify_certs=True, connection_class=RequestsHttpConnection)
def test_assume_role_uses_correct_region(self): config = ('[profile A]\n' 'role_arn = arn:aws:iam::123456789:role/RoleA\n' 'source_profile = B\n\n' '[profile B]\n' 'aws_access_key_id = abc123\n' 'aws_secret_access_key = def456\n') self.write_config(config) session = Session(profile='A') # Verify that when we configure the session with a specific region # that we use that region when creating the sts client. session.set_config_variable('region', 'cn-north-1') create_client, expected_creds = self.create_stubbed_sts_client(session) session.create_client = create_client resolver = create_credential_resolver(session) provider = resolver.get_provider('assume-role') creds = provider.load() self.assert_creds_equal(creds, expected_creds) self.assertEqual(self.actual_client_region, 'cn-north-1')
def test_assume_role_uses_correct_region(self): config = ( '[profile A]\n' 'role_arn = arn:aws:iam::123456789:role/RoleA\n' 'source_profile = B\n\n' '[profile B]\n' 'aws_access_key_id = abc123\n' 'aws_secret_access_key = def456\n' ) self.write_config(config) session = Session(profile='A') # Verify that when we configure the session with a specific region # that we use that region when creating the sts client. session.set_config_variable('region', 'cn-north-1') create_client, expected_creds = self.create_stubbed_sts_client(session) session.create_client = create_client resolver = create_credential_resolver(session) provider = resolver.get_provider('assume-role') creds = provider.load() self.assert_creds_equal(creds, expected_creds) self.assertEqual(self.actual_client_region, 'cn-north-1')
def send_to_es(self, path, method="GET", payload={}): """Low-level POST data to Amazon Elasticsearch Service generating a Sigv4 signed request Args: path (str): path to send to ES method (str, optional): HTTP method default:GET payload (dict, optional): additional payload used during POST or PUT Returns: dict: json answer converted in dict Raises: #: Error during ES communication ESException: Description """ if not path.startswith("/"): path = "/" + path es_region = self.cfg["es_endpoint"].split(".")[1] req = AWSRequest(method=method, url="https://%s%s?pretty&format=json" % (self.cfg["es_endpoint"], quote(path)), data=payload, headers={'Host': self.cfg["es_endpoint"]}) credential_resolver = create_credential_resolver(get_session()) credentials = credential_resolver.load_credentials() SigV4Auth(credentials, 'es', es_region).add_auth(req) preq = req.prepare() session = Session() res = session.send(preq) session.close() if res.status_code >= 200 and res.status_code <= 299: return json.loads(res.content) else: raise ESException(res.status_code, res._content)
def test_env_provider_added_if_profile_from_env_set(self): self.fake_env_vars['profile'] = 'profile-from-env' resolver = credentials.create_credential_resolver(self.session) self.assertTrue( any(isinstance(p, EnvProvider) for p in resolver.providers))
def test_explicit_profile_ignores_env_provider(self): self.session_instance_vars['profile'] = 'dev' resolver = credentials.create_credential_resolver(self.session) self.assertTrue( all(not isinstance(p, EnvProvider) for p in resolver.providers))
def send_to_es(self, path="/", method=None, payload=None, extra_headers=None): """Low-level POST data to Amazon Elasticsearch Service generating a Sigv4 signed request Args: path (str): path to send to ES method (str, optional): HTTP method default:GET payload (dict, optional): additional payload used during POST or PUT Returns: dict: json answer converted in dict Raises: #: Error during ES communication ESException: Description """ # resolve default kwargs payload = payload or {} extra_headers = extra_headers or {} if not path.startswith("/"): path = "/" + path method = method if method else self.method es_region = self.cfg["es_endpoint"].split(".")[1] # send to ES with exponential backoff retries = 0 while retries < int(self.cfg["es_max_retry"]): if retries > 0: seconds = (2**retries) * .1 # print('Waiting for %.1f seconds', seconds) time.sleep(seconds) extra_headers.update({"Host": self.cfg["es_endpoint"]}) req = AWSRequest( method=method, url=('https://%s%s?pretty&format=json' % (self.cfg['es_endpoint'], urllib.parse.quote(path))), data=payload, headers=extra_headers) credential_resolver = create_credential_resolver(get_session()) credentials = credential_resolver.load_credentials() SigV4Auth(credentials, 'es', es_region).add_auth(req) try: preq = req.prepare() session = Session() res = session.send(preq) if res.status_code >= 200 and res.status_code <= 299: LOGGER.debug("%s %s", res.status_code, res.content) return json.loads(res.content) else: LOGGER.debug("%s %s", res.status_code, res.content) raise ESException(res.status_code, res.content) except ESException as err: if (err.status_code >= 500) and (err.status_code <= 599): retries += 1 # Candidate for retry else: raise # Stop retrying, re-raise exception
def test_no_profile_env_provider_is_first(self): self.config['profile'] = None self.session.profile = None resolver = credentials.create_credential_resolver(self.session) self.assertIsInstance(resolver.providers[0], credentials.EnvProvider)
def test_create_credential_resolver(self): resolver = credentials.create_credential_resolver(self.session) self.assertIsInstance(resolver, credentials.CredentialResolver)
def test_no_profile_env_provider_is_first(self): self.config['profile'] = None self.session._profile = None resolver = credentials.create_credential_resolver(self.session) self.assertIsInstance(resolver.providers[0], credentials.EnvProvider)
def test_explicit_profile_ignores_env_provider(self): self.config['profile'] = 'dev' resolver = credentials.create_credential_resolver(self.session) self.assertTrue( all(not isinstance(p, EnvProvider) for p in resolver.providers))
def test_create_credential_resolver(self): resolver = credentials.create_credential_resolver(self.session) self.assertIsInstance(resolver, credentials.CredentialResolver)
def test_env_provider_added_if_profile_from_env_set(self): self.fake_env_vars['profile'] = 'profile-from-env' resolver = credentials.create_credential_resolver(self.session) self.assertTrue( any(isinstance(p, EnvProvider) for p in resolver.providers))
def test_explicit_profile_ignores_env_provider(self): self.session_instance_vars["profile"] = "dev" resolver = credentials.create_credential_resolver(self.session) self.assertTrue(all(not isinstance(p, EnvProvider) for p in resolver.providers))