def authenticate(self, timeout=20):
""" Make authentication request to AWS STS service
Timeout defaults to 20 seconds"""
if self.validate_certs:
conn = CertValidatingHTTPSConnection(self.host, self.port, timeout=timeout, **self.kwargs)
else:
conn = httplib.HTTPSConnection(self.host, self.port, timeout=timeout)
headers = {"Content-type": "application/x-www-form-urlencoded"}
try:
conn.request('POST', '', self.package, headers)
response = conn.getresponse()
if response.status != 200:
raise urllib2.HTTPError(url='', code=response.status, msg=response.reason, hdrs=None, fp=None)
body = response.read()
# parse AccessKeyId, SecretAccessKey and SessionToken
creds = Credentials()
h = BotoXmlHandler(creds, None)
parseString(body, h)
return creds
except SSLError as err:
if err.message != '':
raise urllib2.URLError(err.message)
else:
raise urllib2.URLError(err[1])
except socket.error as err:
raise urllib2.URLError(err.message)
def __init__(self, *args, **kwargs):
# No super, it's an old-style class
CertValidatingHTTPSConnection.__init__(self, *args, **kwargs)
# Defaults to cert validation
self.ssl_ctx = ssl.create_default_context(cafile=self.ca_certs)
if self.cert_file is not None:
self.ssl_ctx.load_cert_chain(certfile=self.cert_file,
keyfile=self.key_file)
def __init__(self, *args, **kwargs):
# No super, it's an old-style class
CertValidatingHTTPSConnection.__init__(self, *args, **kwargs)
# Defaults to cert validation
self.ssl_ctx = ssl.create_default_context(cafile=self.ca_certs)
if self.cert_file is not None:
self.ssl_ctx.load_cert_chain(certfile=self.cert_file,
keyfile=self.key_file)
def _authenticate_(self, account, user, passwd, new_passwd=None, timeout=15, duration=3600):
if user == 'admin' and duration > 3600: # admin cannot have more than 1 hour duration
duration = 3600
# because of the variability, we need to keep this here, not in __init__
auth_path = self.TEMPLATE.format(dur=duration)
if not self.dns_enabled:
auth_path = self.NON_DNS_QUERY_PATH + auth_path
else:
auth_path = '/' + auth_path
host = self.host
if self.dns_enabled:
host = 'tokens.{0}'.format(host)
if self.validate_certs:
conn = CertValidatingHTTPSConnection(host, self.port, timeout=timeout, **self.kwargs)
else:
conn = HttpsConnectionFactory(self.port).https_connection_factory(host, timeout=timeout)
if new_passwd:
auth_string = u"{user}@{account};{pw}@{new_pw}".format(
user=base64.b64encode(user),
account=base64.b64encode(account),
pw=base64.b64encode(passwd),
new_pw=new_passwd
)
else:
auth_string = u"{user}@{account}:{pw}".format(
user=base64.b64encode(user),
account=base64.b64encode(account),
pw=passwd
)
encoded_auth = base64.b64encode(auth_string)
headers = {'Authorization': "Basic %s" % encoded_auth}
try:
conn.request('GET', auth_path, '', headers)
response = conn.getresponse()
if response.status != 200:
raise urllib2.HTTPError(url='', code=response.status, msg=response.reason, hdrs=None, fp=None)
body = response.read()
# parse AccessKeyId, SecretAccessKey and SessionToken
creds = Credentials()
h = BotoXmlHandler(creds, None)
parseString(body, h)
return creds
except SSLError as err:
if err.message != '':
raise urllib2.URLError(str(err))
else:
raise urllib2.URLError(err[1])
except socket.error as err:
# when dns enabled, but path cloud, we get here with
# err=gaierror(8, 'nodename nor servname provided, or not known')
# when dns disabled, but path cloud, we get here with
# err=gaierror(8, 'nodename nor servname provided, or not known')
raise urllib2.URLError(str(err))
def test_boto_stubs(tmpdir):
with vcr.use_cassette(str(tmpdir.join('boto-stubs.yml'))):
# Perform the imports within the patched context so that
# CertValidatingHTTPSConnection refers to the patched version.
from boto.https_connection import CertValidatingHTTPSConnection
from vcr.stubs.boto_stubs import VCRCertValidatingHTTPSConnection
# Prove that the class was patched by the stub and that we can instantiate it.
assert issubclass(CertValidatingHTTPSConnection, VCRCertValidatingHTTPSConnection)
CertValidatingHTTPSConnection('hostname.does.not.matter')
def authenticate(self, timeout=20):
""" Make authentication request to AWS STS service
Timeout defaults to 20 seconds"""
if self.validate_certs:
conn = CertValidatingHTTPSConnection(self.host,
self.port,
timeout=timeout,
**self.kwargs)
else:
conn = httplib.HTTPSConnection(self.host,
self.port,
timeout=timeout)
headers = {"Content-type": "application/x-www-form-urlencoded"}
try:
conn.request('POST', '', self.package, headers)
response = conn.getresponse()
if response.status != 200:
raise urllib2.HTTPError(url='',
code=response.status,
msg=response.reason,
hdrs=None,
fp=None)
body = response.read()
# parse AccessKeyId, SecretAccessKey and SessionToken
creds = Credentials()
h = BotoXmlHandler(creds, None)
parseString(body, h)
return creds
except SSLError as err:
if err.message != '':
raise urllib2.URLError(err.message)
else:
raise urllib2.URLError(err[1])
except socket.error as err:
raise urllib2.URLError(err.message)
def _authenticate_(self,
account,
user,
passwd,
new_passwd=None,
timeout=15,
duration=3600):
auth_path = self.TEMPLATE.format(dur=duration)
if not self.dns_enabled:
auth_path = self.NON_DNS_QUERY_PATH + auth_path
else:
auth_path = '/' + auth_path
host = self.host
if self.dns_enabled:
host = 'tokens.{0}'.format(host)
if self.validate_certs:
conn = CertValidatingHTTPSConnection(host,
self.port,
timeout=timeout,
**self.kwargs)
else:
conn = HttpsConnectionFactory(self.port).https_connection_factory(
host, timeout=timeout)
if new_passwd:
auth_string = u"{user}@{account};{pw}@{new_pw}".format(
user=base64.b64encode(user),
account=base64.b64encode(account),
pw=base64.b64encode(passwd),
new_pw=new_passwd)
else:
auth_string = u"{user}@{account}:{pw}".format(
user=base64.b64encode(user),
account=base64.b64encode(account),
pw=passwd)
encoded_auth = base64.b64encode(auth_string)
headers = {'Authorization': "Basic %s" % encoded_auth}
try:
conn.request('GET', auth_path, '', headers)
response = conn.getresponse()
if response.status != 200:
raise urllib2.HTTPError(url='',
code=response.status,
msg=response.reason,
hdrs=None,
fp=None)
body = response.read()
# parse AccessKeyId, SecretAccessKey and SessionToken
creds = Credentials()
h = BotoXmlHandler(creds, None)
parseString(body, h)
return creds
except SSLError as err:
if err.message != '':
raise urllib2.URLError(str(err))
else:
raise urllib2.URLError(err[1])
except socket.error as err:
# when dns enabled, but path cloud, we get here with
# err=gaierror(8, 'nodename nor servname provided, or not known')
# when dns disabled, but path cloud, we get here with
# err=gaierror(8, 'nodename nor servname provided, or not known')
raise urllib2.URLError(str(err))
