def _resolve_signature_version(self, service_name, resolved):
# Client config overrides everything.
client = self.client_config
if client and client.signature_version is not None:
return client.signature_version
# Scoped config overrides picking from the endpoint metadata.
scoped = self.scoped_config
if scoped is not None:
service_config = scoped.get(service_name)
if service_config is not None and isinstance(service_config, dict):
version = service_config.get('signature_version')
if version:
logger.debug(
"Switching signature version for service %s "
"to version %s based on config file override.",
service_name, version)
return version
# Pick a signature version from the endpoint metadata if present.
if 'signatureVersions' in resolved:
potential_versions = resolved['signatureVersions']
if service_name == 's3':
# We currently prefer s3 over s3v4.
if 's3' in potential_versions:
return 's3'
elif 's3v4' in potential_versions:
return 's3v4'
if 'v4' in potential_versions:
return 'v4'
# Now just iterate over the signature versions in order until we
# find the first one that is known to Botocore.
for known in AUTH_TYPE_MAPS:
if known in potential_versions:
return known
raise UnknownSignatureVersionError(
signature_version=resolved.get('signatureVersions'))
def get_auth_instance(self,
signing_name,
region_name,
signature_version=None,
**kwargs):
"""
Get an auth instance which can be used to sign a request
using the given signature version.
:type signing_name: string
:param signing_name: Service signing name. This is usually the
same as the service name, but can differ. E.g.
``emr`` vs. ``elasticmapreduce``.
:type region_name: string
:param region_name: Name of the service region, e.g. ``us-east-1``
:type signature_version: string
:param signature_version: Signature name like ``v4``.
:rtype: :py:class:`~ibm_botocore.auth.BaseSigner`
:return: Auth instance to sign a request.
"""
if signature_version is None:
signature_version = self._signature_version
cls = ibm_botocore.auth.AUTH_TYPE_MAPS.get(signature_version)
if cls is None:
raise UnknownSignatureVersionError(
signature_version=signature_version)
# If there's no credentials provided (i.e credentials is None),
# then we'll pass a value of "None" over to the auth classes,
# which already handle the cases where no credentials have
# been provided.
frozen_credentials = None
if self._credentials is not None:
frozen_credentials = self._credentials.get_frozen_credentials()
kwargs['credentials'] = frozen_credentials
if cls.REQUIRES_REGION:
if self._region_name is None:
raise ibm_botocore.exceptions.NoRegionError()
kwargs['region_name'] = region_name
kwargs['service_name'] = signing_name
auth = cls(**kwargs)
return auth
def _resolve_signature_version(self, service_name, resolved):
configured_version = _get_configured_signature_version(
service_name, self.client_config, self.scoped_config)
if configured_version is not None:
return configured_version
# Pick a signature version from the endpoint metadata if present.
if 'signatureVersions' in resolved:
potential_versions = resolved['signatureVersions']
if service_name == 's3':
return 's3v4'
if 'v4' in potential_versions:
return 'v4'
# Now just iterate over the signature versions in order until we
# find the first one that is known to Botocore.
for known in potential_versions:
if known in AUTH_TYPE_MAPS:
return known
raise UnknownSignatureVersionError(
signature_version=resolved.get('signatureVersions'))