def get_s3_auth_headers(creds, url, method, data=None):
# TODO: blocking function call
# When there is data this function might recalc hashes
req = AWSRequest(method=method, url=url, data=data)
sig = S3SigV4Auth(Credentials(**creds), 's3', 'us-east-1')
sig.headers_to_sign(req)
sig.add_auth(req)
return dict(req.headers.items())
def _sign_headers(self, method, url, headers={}):
# Hijack botocore's machinery to sign the request. This is a complicated
# process that involves reformatting the request data according to specific
# rules, and we don't want to implement that ourselves.
# This code will need to be modified if we ever need to send requests
# with data.
request = AWSRequest(method=method, url=url, headers=headers)
S3SigV4Auth(self._credentials, "s3", self._region).add_auth(request)
return dict(request.headers.items())
def maybe_refresh_credentials():
nonlocal credentials
nonlocal auth
if not managed_credentials:
return
creds = managed_credentials.get_frozen_credentials()
if creds is credentials:
return
log.debug("Refreshed credentials (s3_get_object_request_maker)")
credentials = creds
auth = S3SigV4Auth(credentials, "s3", region_name)
def s3_get_object_request_maker(region_name=None, credentials=None, ssl=True):
from botocore.session import get_session
from botocore.auth import S3SigV4Auth
from botocore.awsrequest import AWSRequest
from urllib.request import Request
session = get_session()
if region_name is None:
region_name = auto_find_region()
if credentials is None:
credentials = session.get_credentials().get_frozen_credentials()
protocol = 'https' if ssl else 'http'
auth = S3SigV4Auth(credentials, 's3', region_name)
def build_request(bucket=None, key=None, url=None, Range=None):
if key is None and url is None:
if bucket is None:
raise ValueError('Have to supply bucket,key or url')
# assume bucket is url
url = bucket
if url is not None:
bucket, key = s3_url_parse(url)
if isinstance(Range, (tuple, list)):
Range = 'bytes={}-{}'.format(Range[0], Range[1] - 1)
headers = {}
if Range is not None:
headers['Range'] = Range
req = AWSRequest(method='GET',
url='{}://s3.{}.amazonaws.com/{}/{}'.format(
protocol, region_name, bucket, key),
headers=headers)
auth.add_auth(req)
return Request(req.url, headers=dict(**req.headers), method='GET')
return build_request
def get_headers(self, url, method, body=None, acl=None):
"""
Returns the necessary headers to do a http request to AWS S3.
:param url: The full url of the file from S3
:param method: The HTTP method to to be used (PUT, DELETE)
:param body: The body to upload, as bytes (only for PUT)
:param acl: The S3 ACL
:return: The necessary headers to do an HTTP request to S3
:rtype: dict
"""
keys = ['X-Amz-Date',
'X-Amz-Content-SHA256',
'Authorization', ]
headers = {}
if method == 'PUT':
headers = {
'Content-MD5': self.getBodyMd5(body),
'Expect': '100-continue',
}
keys = keys + ['Expect', 'Content-MD5']
if acl:
headers['x-amz-acl'] = acl
keys.append('x-amz-acl')
request = AWSRequest(method.upper(), url, data=body, headers=headers)
signer = S3SigV4Auth(credentials=self.credentials, service_name='s3', region_name=self.region)
signer.add_auth(request)
allHeaders = {}
for key in keys:
allHeaders[key] = request.headers[key]
return allHeaders
def s3_get_object_request_maker(region_name=None, credentials=None, ssl=True):
from botocore.session import get_session
from botocore.auth import S3SigV4Auth
from botocore.awsrequest import AWSRequest
from urllib.request import Request
session = get_session()
if region_name is None:
region_name = auto_find_region(session)
if credentials is None:
managed_credentials = session.get_credentials()
credentials = managed_credentials.get_frozen_credentials()
else:
managed_credentials = None
protocol = "https" if ssl else "http"
auth = S3SigV4Auth(credentials, "s3", region_name)
def maybe_refresh_credentials():
nonlocal credentials
nonlocal auth
if not managed_credentials:
return
creds = managed_credentials.get_frozen_credentials()
if creds is credentials:
return
log.debug("Refreshed credentials (s3_get_object_request_maker)")
credentials = creds
auth = S3SigV4Auth(credentials, "s3", region_name)
def build_request(bucket=None, key=None, url=None, Range=None):
if key is None and url is None:
if bucket is None:
raise ValueError("Have to supply bucket,key or url")
# assume bucket is url
url = bucket
if url is not None:
bucket, key = s3_url_parse(url)
if isinstance(Range, (tuple, list)):
Range = "bytes={}-{}".format(Range[0], Range[1] - 1)
maybe_refresh_credentials()
headers = {}
if Range is not None:
headers["Range"] = Range
req = AWSRequest(
method="GET",
url="{}://s3.{}.amazonaws.com/{}/{}".format(
protocol, region_name, bucket, key),
headers=headers,
)
auth.add_auth(req)
return Request(req.url, headers=dict(**req.headers), method="GET")
return build_request
def _create_auth(self, credentials):
return S3SigV4Auth(credentials, self._service, self._region)
def __call__(self, request: AWSRequest):
# Method hard coded to 'GET' as this prevents making accidental 'POSTS'
aws_request = AWSRequest(method='GET', url=self.url, data=request.body)
S3SigV4Auth(self.credentials, 's3', self.region).add_auth(aws_request)
request.headers.update(dict(aws_request.headers.items()))
return request
def __init__(self, fh, total_bytes, credentials, service_name,
region_name):
S3SigV4Auth.__init__(self, credentials, service_name, region_name)
self.fh = fh
self.total_bytes = total_bytes
