def test_create_log_stream_no_credentials_error(mocker): mocker.patch('mount_efs.cloudwatch_create_log_stream_helper', side_effect=[NoCredentialsError()]) is_completed = mount_efs.create_cloudwatch_log_stream( MOCK_AGENT['client'], DEFAULT_CLOUDWATCH_LOG_GROUP, DEFAULT_CLOUDWATCH_LOG_STREAM) assert is_completed == False
def test_put_retention_policy_no_credentials_error(mocker): mocker.patch('mount_efs.cloudwatch_put_retention_policy_helper', side_effect=[NoCredentialsError()]) is_completed = mount_efs.put_cloudwatch_log_retention_policy( MOCK_AGENT['client'], DEFAULT_CLOUDWATCH_LOG_GROUP, DEFAULT_RETENTION_DAYS) assert is_completed == False
def __init__(self, service="Testing", mode="run"): self.service = service self.mode = mode if self.mode == "run": for i in range(MAX_RETRIES): try: secret = get_secret(config[ENVIRONMENT]["kinesis"]["stream"]) self.stream = secret["streamName"] except NoCredentialsError: print("Credential retry:" + str(i)) time.sleep(10) continue else: break else: raise NoCredentialsError( "Unable to get credentials in specified number of retries" ) self.kinesis = boto3.client("kinesis", region_name="us-west-2") if self.mode == "test": self.stream = get_secret(config["test"]["kinesis"]["stream"])["streamName"] self.kinesis = boto3.client("kinesis", region_name="us-west-2") if self.mode == "events_off": self.logger = Logger(log_file=os.path.join(LOG_DIR, "Event_logger.log"))
def test_get_log_stream_next_token_no_credentials_error(mocker): mocker.patch( "mount_efs.cloudwatch_describe_log_streams_helper", side_effect=[NoCredentialsError()], ) token = mount_efs.get_log_stream_next_token(MOCK_AGENT) assert token == None
def _call(self, operation_object, parameters, parsed_globals): # We could get an error from get_endpoint() about not having # a region configured. Before this happens we want to check # for credentials so we can give a good error message. result = [] if not self._session.get_credentials(): raise NoCredentialsError() endpoint = operation_object.service.get_endpoint( region_name=parsed_globals.region, endpoint_url=parsed_globals.endpoint_url, verify=parsed_globals.verify_ssl) if operation_object.can_paginate and parsed_globals.paginate: pages = operation_object.paginate(endpoint, **parameters) key = None for page in pages: http_response = page[0] if http_response.status_code == 200: response_data = page[1] keys = response_data.keys() key = self.get_key_of_result(keys) if key is not None: result += response_data.get(key) if key is not None: return {key: result} else: return None else: http_response, response_data = operation_object.call( endpoint, **parameters) return response_data
def __init__(self, service='Testing', mode='run'): self.service = service self.mode = mode if self.mode == 'run': for i in range(MAX_RETRIES): try: self.stream = get_secret( config[ENVIRONMENT]['kinesis']['stream'])['streamName'] except NoCredentialsError: print('Credential retry:' + str(i)) time.sleep(10) continue else: break else: raise NoCredentialsError( "Unable to get credentials in specified number of retries") self.kinesis = boto3.client('kinesis', region_name='us-west-2') if self.mode == 'test': self.stream = get_secret( config['test']['kinesis']['stream'])['streamName'] self.kinesis = boto3.client('kinesis', region_name='us-west-2') if self.mode == 'events_off': self.logger = Logger( log_file=os.path.join(LOG_DIR, "Event_logger.log"))
def test_create_log_group_no_credentials_error(mocker): mocker.patch( "mount_efs.cloudwatch_create_log_group_helper", side_effect=[NoCredentialsError()], ) is_completed = mount_efs.create_cloudwatch_log_group( MOCK_AGENT, DEFAULT_CLOUDWATCH_LOG_GROUP) assert is_completed == False
def test_describe_availability_zones_dryrun_failed_no_credential_error(mocker): _test_describe_availability_zones_response( mocker, NoCredentialsError(), None, 1, desired_exception=mount_efs.FallbackException, desired_message='confirm your aws credentials are properly configured')
def _get_credentials(self): with self._lock: if self._loaded_credentials is None: loaded_creds = self._botocore_credential_provider\ .load_credentials() if loaded_creds is None: raise NoCredentialsError() self._loaded_credentials = loaded_creds return self._loaded_credentials
def test_commands_use_exception_handling(session, logger): session.side_effect = NoCredentialsError() for method in METHODS: with pytest.raises(SystemExit) as pytest_wrapped_e: cli.main([method, '--stack', STACK]) assert pytest_wrapped_e.value.code == 1 for method in NO_STACK_METHODS: with pytest.raises(SystemExit) as pytest_wrapped_e: cli.main([method]) assert pytest_wrapped_e.value.code == 1
def manage_stack( region: str, stack_name: str, template_body: str, profile: Optional[str] = None, parameter_overrides: Optional[Dict[str, Union[str, List[str]]]] = None, ) -> List[Dict[str, str]]: """ get or create a CloudFormation stack Parameters ---------- region: str AWS region for the CloudFormation stack stack_name: str CloudFormation stack name template_body: str CloudFormation template's content profile: Optional[str] AWS named profile for the AWS account parameter_overrides: Optional[Dict[str, Union[str, List[str]]]] Values of template parameters, if any. Returns: Stack output section(list of OutputKey, OutputValue pairs) """ try: if profile: session = boto3.Session( profile_name=profile, region_name=region if region else None) # type: ignore cloudformation_client = session.client("cloudformation") else: cloudformation_client = boto3.client( "cloudformation", config=Config(region_name=region if region else None)) except ProfileNotFound as ex: raise ProfileNotFound( f"Error Setting Up Managed Stack Client: the provided AWS name profile '{profile}' is not found. " "please check the documentation for setting up a named profile: " "https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html" ) from ex except NoCredentialsError as ex: raise NoCredentialsError( "Error Setting Up Managed Stack Client: Unable to resolve credentials for the AWS SDK for Python client. " "Please see their documentation for options to pass in credentials: " "https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html" ) from ex except NoRegionError as ex: raise NoRegionError( "Error Setting Up Managed Stack Client: Unable to resolve a region. " "Please provide a region via the --region parameter or by the AWS_REGION environment variable." ) from ex return _create_or_get_stack(cloudformation_client, stack_name, template_body, parameter_overrides)
def test_fetch_layer_uri_fails_with_no_creds(self): lambda_client_mock = Mock() lambda_client_mock.get_layer_version.side_effect = NoCredentialsError() download_layers = LayerDownloader("/", ".", Mock(), lambda_client_mock) layer = Mock() layer.layer_arn = "arn" layer.version = 1 with self.assertRaises(CredentialsRequired): download_layers._fetch_layer_uri(layer=layer)
def call(session, operation_name, parameters, region_name=None, endpoint_url=None, verify=None): # We could get an error from get_endpoint() about not having # a region configured. Before this happens we want to check # for credentials so we can give a good error message. if session.get_credentials() is None: raise NoCredentialsError() client = session.create_client( 'emr', region_name=region_name, endpoint_url=endpoint_url, verify=verify) LOG.debug('Calling ' + str(operation_name)) return getattr(client, operation_name)(**parameters)
def add_auth(self, request): if self.credentials is None: raise NoCredentialsError() # Use utcnow() because that's what gets mocked by tests, but set # timezone because CRT assumes naive datetime is local time. datetime_now = datetime.datetime.utcnow().replace( tzinfo=datetime.timezone.utc) # Use existing 'X-Amz-Content-SHA256' header if able existing_sha256 = self._get_existing_sha256(request) self._modify_request_before_signing(request) credentials_provider = awscrt.auth.AwsCredentialsProvider.new_static( access_key_id=self.credentials.access_key, secret_access_key=self.credentials.secret_key, session_token=self.credentials.token) if self._should_sha256_sign_payload(request): if existing_sha256: explicit_payload = existing_sha256 else: explicit_payload = None # to be calculated during signing else: explicit_payload = UNSIGNED_PAYLOAD if self._should_add_content_sha256_header(explicit_payload): body_header = \ awscrt.auth.AwsSignedBodyHeaderType.X_AMZ_CONTENT_SHA_256 else: body_header = awscrt.auth.AwsSignedBodyHeaderType.NONE signing_config = awscrt.auth.AwsSigningConfig( algorithm=awscrt.auth.AwsSigningAlgorithm.V4, signature_type=self._SIGNATURE_TYPE, credentials_provider=credentials_provider, region=self._region_name, service=self._service_name, date=datetime_now, should_sign_header=self._should_sign_header, use_double_uri_encode=self._USE_DOUBLE_URI_ENCODE, should_normalize_uri_path=self._SHOULD_NORMALIZE_URI_PATH, signed_body_value=explicit_payload, signed_body_header_type=body_header, expiration_in_seconds=self._expiration_in_seconds, ) crt_request = self._crt_request_from_aws_request(request) future = awscrt.auth.aws_sign_request(crt_request, signing_config) future.result() self._apply_signing_changes(request, crt_request)
def test__get_account_info(self, mock_session, mock__get_region, mock__get_partition, mock_boto3): mock__get_region.return_value = "us-east-1" session = boto3.Session() session.get_available_regions = mock.Mock() session.client = mock.Mock() sts = mock.Mock() sts.get_caller_identity.return_value = {"Account": "123412341234"} session.client.return_value = sts mock_session.return_value = session mock_boto3.session.Session = mock.Mock() mock_boto3.session.Session.return_value = session cache = Boto3Cache(_boto3=mock_boto3) mock__get_partition.return_value = ("aws-us-gov", "us-gov-east-1") partition = cache._get_account_info("default")["partition"] self.assertEqual(partition, "aws-us-gov") mock__get_partition.return_value = ("aws-cn", "cn-north-1") partition = cache._get_account_info("default")["partition"] self.assertEqual(partition, "aws-cn") mock__get_partition.return_value = ("aws", "us-east-1") partition = cache._get_account_info("default")["partition"] self.assertEqual(partition, "aws") self.assertEqual(3, sts.get_caller_identity.call_count) sts.get_caller_identity.side_effect = ClientError( error_response={"Error": { "Code": "test" }}, operation_name="test") with self.assertRaises(ClientError): cache._get_account_info("default") sts.get_caller_identity.side_effect = ClientError( error_response={"Error": { "Code": "AccessDenied" }}, operation_name="test") with self.assertRaises(TaskCatException): cache._get_account_info("default") sts.get_caller_identity.side_effect = NoCredentialsError() with self.assertRaises(TaskCatException): cache._get_account_info("default") sts.get_caller_identity.side_effect = ProfileNotFound( profile="non-existent_profile") with self.assertRaises(TaskCatException): cache._get_account_info("default")
def call(session, operation_object, parameters, region_name=None, endpoint_url=None, verify=None): # We could get an error from get_endpoint() about not having # a region configured. Before this happens we want to check # for credentials so we can give a good error message. if session.get_credentials() is None: raise NoCredentialsError() endpoint = operation_object.service.get_endpoint( region_name=region_name, endpoint_url=endpoint_url, verify=verify) LOG.debug('Calling ' + str(operation_object) + ' with endpoint: ' + endpoint.host) return operation_object.call(endpoint, **parameters)
def _call(self, operation_object, parameters, parsed_globals): # We could get an error from get_endpoint() about not having # a region configured. Before this happens we want to check # for credentials so we can give a good error message. result = [] if not self._session.get_credentials(): raise NoCredentialsError() endpoint = operation_object.service.get_endpoint( region_name=parsed_globals.region, endpoint_url=parsed_globals.endpoint_url, verify=parsed_globals.verify_ssl) http_response, response_data = operation_object.call( endpoint, **parameters) return response_data
def test_integration_test_s3(): try: import fs_s3fs from botocore.exceptions import NoCredentialsError except ImportError: raise ImportError( "https://github.com/PyFilesystem/s3fs must be installed for this test." ) try: dp = load_datapackage(fs_or_obj=open_fs("s3://bwprocessing")) check_metadata(dp, False) check_data(dp) except NoCredentialsError: raise NoCredentialsError( "Supply AWS credentials (https://boto3.amazonaws.com/v1/documentation/api/latest/guide/quickstart.html)" )
def add_auth(self, request): if self.credentials is None: raise NoCredentialsError() datetime_now = datetime.datetime.utcnow() request.context['timestamp'] = datetime_now.strftime(SIGV4_TIMESTAMP) # This could be a retry. Make sure the previous # authorization header is removed first. self._modify_request_before_signing(request) canonical_request = self.canonical_request(request) logger.debug("Calculating signature using v4 auth.") logger.debug('CanonicalRequest:\n%s', canonical_request) string_to_sign = self.string_to_sign(request, canonical_request) logger.debug('StringToSign:\n%s', string_to_sign) signature = self.signature(string_to_sign, request) logger.debug('Signature:\n%s', signature) self._inject_signature_to_request(request, signature)
def describe_services(self, cluster_name, service_name): if not self.access_key_id or not self.secret_access_key: raise NoCredentialsError() if cluster_name != u'test-cluster': error_response = {u'Error': {u'Code': u'ClusterNotFoundException', u'Message': u'Cluster not found.'}} raise ClientError(error_response, u'DescribeServices') if service_name != u'test-service': return {u'services': []} if self.deployment_errors: return { u"services": [PAYLOAD_SERVICE_WITH_ERRORS], u"failures": [] } return { u"services": [PAYLOAD_SERVICE], u"failures": [] }
def invoke(self, operation_object, parameters, parsed_globals): # We could get an error from get_endpoint() about not having # a region configured. Before this happens we want to check # for credentials so we can give a good error message. if not self._session.get_credentials(): raise NoCredentialsError() endpoint = operation_object.service.get_endpoint( region_name=parsed_globals.region, endpoint_url=parsed_globals.endpoint_url, verify=parsed_globals.verify_ssl) if operation_object.can_paginate and parsed_globals.paginate: pages = operation_object.paginate(endpoint, **parameters) self._display_response(operation_object, pages, parsed_globals) else: http_response, response_data = operation_object.call( endpoint, **parameters) self._display_response(operation_object, response_data, parsed_globals) return 0
def add_auth(self, request): if self.credentials is None: raise NoCredentialsError() if 'Date' in request.headers: del request.headers['Date'] request.headers['Date'] = formatdate(usegmt=True) if self.credentials.token: if 'X-Amz-Security-Token' in request.headers: del request.headers['X-Amz-Security-Token'] request.headers['X-Amz-Security-Token'] = self.credentials.token new_hmac = hmac.new(self.credentials.secret_key.encode('utf-8'), digestmod=sha256) new_hmac.update(request.headers['Date'].encode('utf-8')) encoded_signature = encodebytes(new_hmac.digest()).strip() signature = ('AWS3-HTTPS AWSAccessKeyId=%s,Algorithm=%s,Signature=%s' % (self.credentials.access_key, 'HmacSHA256', encoded_signature.decode('utf-8'))) if 'X-Amzn-Authorization' in request.headers: del request.headers['X-Amzn-Authorization'] request.headers['X-Amzn-Authorization'] = signature
def cli(profile): """Webotron deploys websites to AWS.""" global session, bucket_manager, domain_manager, cert_manager, dist_manager session_cfg = {} if profile: session_cfg['profile_name'] = profile try: session = boto3.Session(**session_cfg) bucket_manager = BucketManager(session) domain_manager = DomainManager(session) cert_manager = CertificateManager(session) dist_manager = DistributionManager(session) except ProfileNotFound as e: print(e) exit() else: raise NoCredentialsError( "Please input profile name with --profile flag" ) exit()
def add_auth(self, request): # The auth handler is the last thing called in the # preparation phase of a prepared request. # Because of this we have to parse the query params # from the request body so we can update them with # the sigv2 auth params. if self.credentials is None: raise NoCredentialsError() if request.data: # POST params = request.data else: # GET params = request.params params['AWSAccessKeyId'] = self.credentials.access_key params['SignatureVersion'] = '2' params['SignatureMethod'] = 'HmacSHA256' params['Timestamp'] = time.strftime(ISO8601, time.gmtime()) if self.credentials.token: params['SecurityToken'] = self.credentials.token qs, signature = self.calc_signature(request, params) params['Signature'] = signature return request
def get_queue_by_name(self, **kwargs): raise NoCredentialsError()
def raise_exception(*args, **kwargs): raise NoCredentialsError()
def test_catches_common_aws_exceptions(session, stack_waiter): session.side_effect = NoCredentialsError() with pytest.raises(SystemExit) as pytest_wrapped_e: cli.main(['deploy', '--stack', STACK]) assert pytest_wrapped_e.value.code == 1
def test_put_log_events_no_credentials_error(mocker): mocker.patch('mount_efs.get_log_stream_next_token', return_value='ABCDEF') mocker.patch('mount_efs.cloudwatch_put_log_events_helper', side_effect=[NoCredentialsError()]) is_completed = mount_efs.publish_cloudwatch_log(MOCK_AGENT, 'Test') assert is_completed == False
def test_constructor_no_credentials_throws_exception(self, mockdriver): mockdriver.list_tables.side_effect = NoCredentialsError() with self.assertRaises(NoCredentialError): QldbShell(None, mockdriver)
def _no_credentials_error(): raise NoCredentialsError()