def test_fix_s3_host_initial(self):
request = AWSRequest(method="PUT", headers={}, url="https://s3-us-west-2.amazonaws.com/bucket/key.txt")
region_name = "us-west-2"
signature_version = "s3"
fix_s3_host(request=request, signature_version=signature_version, region_name=region_name)
self.assertEqual(request.url, "https://bucket.s3.amazonaws.com/key.txt")
self.assertEqual(request.auth_path, "/bucket/key.txt")
def test_dns_style_not_used_for_get_bucket_location(self):
original_url = "https://s3-us-west-2.amazonaws.com/bucket?location"
request = AWSRequest(method="GET", headers={}, url=original_url)
signature_version = "s3"
region_name = "us-west-2"
fix_s3_host(request=request, signature_version=signature_version, region_name=region_name)
# The request url should not have been modified because this is
# a request for GetBucketLocation.
self.assertEqual(request.url, original_url)
def test_fix_s3_host_only_applied_once(self):
request = AWSRequest(method="PUT", headers={}, url="https://s3-us-west-2.amazonaws.com/bucket/key.txt")
region_name = "us-west-2"
signature_version = "s3"
fix_s3_host(request=request, signature_version=signature_version, region_name=region_name)
# Calling the handler again should not affect the end result:
fix_s3_host(request=request, signature_version=signature_version, region_name=region_name)
self.assertEqual(request.url, "https://bucket.s3.amazonaws.com/key.txt")
# This was a bug previously. We want to make sure that
# calling fix_s3_host() again does not alter the auth_path.
# Otherwise we'll get signature errors.
self.assertEqual(request.auth_path, "/bucket/key.txt")
def test_fix_s3_host_initial(self):
request = AWSRequest(
method='PUT', headers={},
url='https://s3-us-west-2.amazonaws.com/bucket/key.txt'
)
region_name = 'us-west-2'
signature_version = 's3'
fix_s3_host(
request=request, signature_version=signature_version,
region_name=region_name)
self.assertEqual(request.url,
'https://bucket.s3.amazonaws.com/key.txt')
self.assertEqual(request.auth_path, '/bucket/key.txt')
def test_fix_s3_host_initial(self):
request = AWSRequest(
method='PUT',
headers={},
url='https://s3-us-west-2.amazonaws.com/bucket/key.txt')
region_name = 'us-west-2'
signature_version = 's3'
fix_s3_host(request=request,
signature_version=signature_version,
region_name=region_name)
self.assertEqual(request.url,
'https://bucket.s3.amazonaws.com/key.txt')
self.assertEqual(request.auth_path, '/bucket/key.txt')
def test_can_provide_default_endpoint_url(self):
request = AWSRequest(
method='PUT', headers={},
url='https://s3-us-west-2.amazonaws.com/bucket/key.txt'
)
region_name = 'us-west-2'
signature_version = 's3'
fix_s3_host(
request=request, signature_version=signature_version,
region_name=region_name,
default_endpoint_url='foo.s3.amazonaws.com')
self.assertEqual(request.url,
'https://bucket.foo.s3.amazonaws.com/key.txt')
def generate_presigned_url(self,
request_dict,
expires_in=3600,
region_name=None):
"""Generates a presigned url
:type request_dict: dict
:param request_dict: The prepared request dictionary returned by
``botocore.awsrequest.prepare_request_dict()``
:type expires_in: int
:param expires_in: The number of seconds the presigned url is valid
for. By default it expires in an hour (3600 seconds)
:type region_name: string
:param region_name: The region name to sign the presigned url.
:returns: The presigned url
"""
if region_name is None:
region_name = self._region_name
query_prefix = '-query'
signature_version = self._signature_version
if not signature_version.endswith(query_prefix):
signature_version += query_prefix
kwargs = {
'signing_name': self._signing_name,
'region_name': region_name,
'signature_version': signature_version,
'expires': expires_in
}
signature_type = signature_version.split('-', 1)[0]
try:
auth = self.get_auth_instance(**kwargs)
except UnknownSignatureVersionError:
raise UnsupportedSignatureVersionError(
signature_version=signature_type)
request = create_request_object(request_dict)
# Fix s3 host for s3 sigv2 bucket names
fix_s3_host(request, signature_type, region_name)
auth.add_auth(request)
request.prepare()
return request.url
def test_dns_style_not_used_for_get_bucket_location(self):
original_url = 'https://s3-us-west-2.amazonaws.com/bucket?location'
request = AWSRequest(
method='GET',
headers={},
url=original_url,
)
signature_version = 's3'
region_name = 'us-west-2'
fix_s3_host(request=request,
signature_version=signature_version,
region_name=region_name)
# The request url should not have been modified because this is
# a request for GetBucketLocation.
self.assertEqual(request.url, original_url)
def test_no_endpoint_url_uses_request_url(self):
request = AWSRequest(
method='PUT', headers={},
url='https://s3-us-west-2.amazonaws.com/bucket/key.txt'
)
region_name = 'us-west-2'
signature_version = 's3'
fix_s3_host(
request=request, signature_version=signature_version,
region_name=region_name,
# A value of None means use the url in the current request.
default_endpoint_url=None,
)
self.assertEqual(request.url,
'https://bucket.s3-us-west-2.amazonaws.com/key.txt')
def generate_presigned_url(self, request_dict, expires_in=3600,
region_name=None):
"""Generates a presigned url
:type request_dict: dict
:param request_dict: The prepared request dictionary returned by
``botocore.awsrequest.prepare_request_dict()``
:type expires_in: int
:param expires_in: The number of seconds the presigned url is valid
for. By default it expires in an hour (3600 seconds)
:type region_name: string
:param region_name: The region name to sign the presigned url.
:returns: The presigned url
"""
if region_name is None:
region_name = self._region_name
query_prefix = '-query'
signature_version = self._signature_version
if not signature_version.endswith(query_prefix):
signature_version += query_prefix
kwargs = {'signing_name': self._signing_name,
'region_name': region_name,
'signature_version': signature_version,
'expires': expires_in}
signature_type = signature_version.split('-', 1)[0]
try:
auth = self.get_auth(**kwargs)
except UnknownSignatureVersionError:
raise UnsupportedSignatureVersionError(
signature_version=signature_type)
request = create_request_object(request_dict)
# Fix s3 host for s3 sigv2 bucket names
fix_s3_host(request, signature_type, region_name)
auth.add_auth(request)
request.prepare()
return request.url
def test_fix_s3_host_only_applied_once(self):
request = AWSRequest(
method='PUT',
headers={},
url='https://s3-us-west-2.amazonaws.com/bucket/key.txt')
region_name = 'us-west-2'
signature_version = 's3'
fix_s3_host(request=request,
signature_version=signature_version,
region_name=region_name)
# Calling the handler again should not affect the end result:
fix_s3_host(request=request,
signature_version=signature_version,
region_name=region_name)
self.assertEqual(request.url,
'https://bucket.s3.amazonaws.com/key.txt')
# This was a bug previously. We want to make sure that
# calling fix_s3_host() again does not alter the auth_path.
# Otherwise we'll get signature errors.
self.assertEqual(request.auth_path, '/bucket/key.txt')
def generate_presigned_post(self,
request_dict,
fields=None,
conditions=None,
expires_in=3600,
region_name=None):
"""Generates the url and the form fields used for a presigned s3 post
:type request_dict: dict
:param request_dict: The prepared request dictionary returned by
``botocore.awsrequest.prepare_request_dict()``
:type fields: dict
:param fields: A dictionary of prefilled form fields to build on top
of.
:type conditions: list
:param conditions: A list of conditions to include in the policy. Each
element can be either a list or a structure. For example:
[
{"acl": "public-read"},
{"bucket": "mybucket"},
["starts-with", "$key", "mykey"]
]
:type expires_in: int
:param expires_in: The number of seconds the presigned post is valid
for.
:type region_name: string
:param region_name: The region name to sign the presigned post to.
:rtype: dict
:returns: A dictionary with two elements: ``url`` and ``fields``.
Url is the url to post to. Fields is a dictionary filled with
the form fields and respective values to use when submitting the
post. For example:
{'url': 'https://mybucket.s3.amazonaws.com
'fields': {'acl': 'public-read',
'key': 'mykey',
'signature': 'mysignature',
'policy': 'mybase64 encoded policy'}
}
"""
if fields is None:
fields = {}
if conditions is None:
conditions = []
if region_name is None:
region_name = self._request_signer.region_name
# Create the policy for the post.
policy = {}
# Create an expiration date for the policy
datetime_now = datetime.datetime.utcnow()
expire_date = datetime_now + datetime.timedelta(seconds=expires_in)
policy['expiration'] = expire_date.strftime(botocore.auth.ISO8601)
# Append all of the conditions that the user supplied.
policy['conditions'] = []
for condition in conditions:
policy['conditions'].append(condition)
# Obtain the appropriate signer.
query_prefix = '-presign-post'
signature_version = self._request_signer.signature_version
if not signature_version.endswith(query_prefix):
signature_version += query_prefix
kwargs = {
'signing_name': self._request_signer.signing_name,
'region_name': region_name,
'signature_version': signature_version
}
signature_type = signature_version.split('-', 1)[0]
try:
auth = self._request_signer.get_auth_instance(**kwargs)
except UnknownSignatureVersionError:
raise UnsupportedSignatureVersionError(
signature_version=signature_type)
# Store the policy and the fields in the request for signing
request = create_request_object(request_dict)
request.context['s3-presign-post-fields'] = fields
request.context['s3-presign-post-policy'] = policy
auth.add_auth(request)
# Fix s3 host for s3 sigv2 bucket names
fix_s3_host(request, signature_type, region_name)
# Return the url and the fields for th form to post.
return {'url': request.url, 'fields': fields}
def generate_presigned_post(self, request_dict, fields=None,
conditions=None, expires_in=3600,
region_name=None):
"""Generates the url and the form fields used for a presigned s3 post
:type request_dict: dict
:param request_dict: The prepared request dictionary returned by
``botocore.awsrequest.prepare_request_dict()``
:type fields: dict
:param fields: A dictionary of prefilled form fields to build on top
of.
:type conditions: list
:param conditions: A list of conditions to include in the policy. Each
element can be either a list or a structure. For example:
[
{"acl": "public-read"},
{"bucket": "mybucket"},
["starts-with", "$key", "mykey"]
]
:type expires_in: int
:param expires_in: The number of seconds the presigned post is valid
for.
:type region_name: string
:param region_name: The region name to sign the presigned post to.
:rtype: dict
:returns: A dictionary with two elements: ``url`` and ``fields``.
Url is the url to post to. Fields is a dictionary filled with
the form fields and respective values to use when submitting the
post. For example:
{'url': 'https://mybucket.s3.amazonaws.com
'fields': {'acl': 'public-read',
'key': 'mykey',
'signature': 'mysignature',
'policy': 'mybase64 encoded policy'}
}
"""
if fields is None:
fields = {}
if conditions is None:
conditions = []
if region_name is None:
region_name = self._request_signer.region_name
# Create the policy for the post.
policy = {}
# Create an expiration date for the policy
datetime_now = datetime.datetime.utcnow()
expire_date = datetime_now + datetime.timedelta(seconds=expires_in)
policy['expiration'] = expire_date.strftime(botocore.auth.ISO8601)
# Append all of the conditions that the user supplied.
policy['conditions'] = []
for condition in conditions:
policy['conditions'].append(condition)
# Obtain the appropriate signer.
query_prefix = '-presign-post'
signature_version = self._request_signer.signature_version
if not signature_version.endswith(query_prefix):
signature_version += query_prefix
kwargs = {'signing_name': self._request_signer.signing_name,
'region_name': region_name,
'signature_version': signature_version}
signature_type = signature_version.split('-', 1)[0]
try:
auth = self._request_signer.get_auth(**kwargs)
except UnknownSignatureVersionError:
raise UnsupportedSignatureVersionError(
signature_version=signature_type)
# Store the policy and the fields in the request for signing
request = create_request_object(request_dict)
request.context['s3-presign-post-fields'] = fields
request.context['s3-presign-post-policy'] = policy
auth.add_auth(request)
# Fix s3 host for s3 sigv2 bucket names
fix_s3_host(request, signature_type, region_name)
# Return the url and the fields for th form to post.
return {'url': request.url, 'fields': fields}
