def test_fetch_credentials_and_request_fail(self):
cfg_client = httpclient.AsyncHTTPClient()
role = uuid.uuid4().hex
access_key = uuid.uuid4().hex
secret_key = uuid.uuid4().hex
token = uuid.uuid4().hex
url = self.get_url(
'/latest/meta-data/iam/security-credentials/{}?role={}&access_'
'key={}&secret_key={}&token={}'.format(
role, role, access_key, secret_key, token))
with mock.patch('tornado_aws.config.INSTANCE_ENDPOINT', url):
cfg = config.Authorization('default', client=cfg_client)
with mock.patch.object(cfg, '_get_role_async') as get_role:
role_future = concurrent.Future()
role_future.set_result(role)
get_role.return_value = role_future
with self.client_with_default_creds(
's3', endpoint=self.get_url('/api')) as obj:
obj._auth_config = cfg
with mock.patch.object(obj._client, 'fetch') as fetch:
future1 = concurrent.Future()
future1.set_exception(self.mock_auth_exception())
future2 = concurrent.Future()
future2.set_exception(self.mock_error_exception())
fetch.side_effect = [future1, future2]
with self.assertRaises(exceptions.AWSError):
yield obj.fetch('GET', '/api')
def test_fetch_expired_credentials(self):
cfg_client = httpclient.AsyncHTTPClient()
role = uuid.uuid4().hex
access_key = uuid.uuid4().hex
secret_key = uuid.uuid4().hex
token = uuid.uuid4().hex
url = self.get_url(
'/latest/meta-data/iam/security-credentials/{}?role={}&access_'
'key={}&secret_key={}&token={}'.format(
role, role, access_key, secret_key, token))
os.environ['AWS_SHARED_CREDENTIALS_FILE'] = '/tmp/{}'.format(
access_key)
with mock.patch('tornado_aws.config.INSTANCE_ENDPOINT', url):
cfg = config.Authorization('default', client=cfg_client)
with self.client_with_default_creds(
's3', endpoint=self.get_url('/api')) as obj:
obj._auth_config = cfg
with mock.patch.object(obj._client, 'fetch') as fetch:
future1 = concurrent.Future()
future1.set_exception(self.mock_auth_exception())
future2 = concurrent.Future()
future2.set_result(self.mock_ok_response())
fetch.side_effect = [future1, future2]
result = yield obj.fetch('GET', '/api')
self.assertEqual(result.code, 200)
def make_request(self, expectation):
url = self.get_url(
'/latest/meta-data/iam/security-credentials/?role=%s' %
expectation)
with mock.patch('tornado_aws.config.INSTANCE_ENDPOINT', url):
obj = config.Authorization('default',
client=httpclient.HTTPClient())
return obj._get_role()
def test_error_case(self):
ini_values = {'default': {'region': uuid.uuid4().hex}}
with tempfile.NamedTemporaryFile() as handle:
handle.write(utils.build_ini(ini_values))
handle.flush()
os.environ['AWS_SHARED_CREDENTIALS_FILE'] = handle.name
with self.assertRaises(exceptions.NoProfileError):
config.Authorization('foo', client=httpclient.HTTPClient())
def make_request(self, role, access_key, secret_key, token):
url = self.get_url(
'/latest/meta-data/iam/security-credentials/{}?role={}&access_'
'key={}&secret_key={}&token={}'.format(role, role, access_key,
secret_key, token))
with mock.patch('tornado_aws.config.INSTANCE_ENDPOINT', url):
obj = config.Authorization('default',
client=httpclient.HTTPClient())
return obj._get_instance_credentials(role)
def test_async_request(self):
expectation = str(uuid.uuid4().hex)
url = self.get_url(
'/latest/meta-data/iam/security-credentials/?role=%s' %
expectation)
with mock.patch('tornado_aws.config.INSTANCE_ENDPOINT', url):
obj = config.Authorization('default',
client=httpclient.AsyncHTTPClient())
value = yield obj._get_role_async()
self.assertEqual(value, expectation)
def test_async_request_error(self):
client = httpclient.AsyncHTTPClient()
expectation = str(uuid.uuid4().hex)
url = self.get_url('/latest/meta-data/iam/'
'security-credentials/?role={}'.format(expectation))
with mock.patch('tornado_aws.config.INSTANCE_ENDPOINT', url):
obj = config.Authorization('default', client=client)
with mock.patch.object(obj._client, 'fetch') as fetch:
future = concurrent.Future()
future.set_exception(httpclient.HTTPError(599))
fetch.return_value = future
with self.assertRaises(httpclient.HTTPError):
yield obj._get_role_async()
def make_err_request(self, role, access_key, secret_key, token):
url = self.get_url(
'/latest/meta-data/iam/security-credentials/{}?role={}&access_'
'key={}&secret_key={}&token={}'.format(role, role, access_key,
secret_key, token))
with mock.patch('tornado_aws.config.INSTANCE_ENDPOINT', url):
client = httpclient.HTTPClient()
obj = config.Authorization('default', client=client)
with mock.patch.object(obj, '_get_role') as get_role:
get_role.return_value = role
with mock.patch.object(client, 'fetch') as fetch:
fetch.side_effect = httpclient.HTTPError(599)
obj.refresh()
return obj
def __init__(self,
service,
profile=None,
region=None,
access_key=None,
secret_key=None,
endpoint=None):
self._client = self._get_client_adapter()
self._service = service
self._profile = profile or os.getenv('AWS_DEFAULT_PROFILE', 'default')
self._region = region or config.get_region(self._profile)
self._auth_config = config.Authorization(self._profile, access_key,
secret_key, self._client)
self._endpoint_url = self._endpoint(endpoint)
self._host = self._hostname(self._endpoint_url)
def test_async_request(self):
role = uuid.uuid4().hex
access_key = uuid.uuid4().hex
secret_key = uuid.uuid4().hex
token = uuid.uuid4().hex
url = self.get_url(
'/latest/meta-data/iam/security-credentials/{}?role={}&access_'
'key={}&secret_key={}&token={}'.format(role, role, access_key,
secret_key, token))
with mock.patch('tornado_aws.config.INSTANCE_ENDPOINT', url):
obj = config.Authorization('default',
client=httpclient.AsyncHTTPClient())
value = yield obj._get_instance_credentials_async(role)
self.assertEqual(value['AccessKeyId'], access_key)
self.assertEqual(value['SecretAccessKey'], secret_key)
self.assertEqual(value['Token'], token)
def test_fetch_needs_credentials(self):
role = uuid.uuid4().hex
access_key = uuid.uuid4().hex
secret_key = uuid.uuid4().hex
token = uuid.uuid4().hex
url = self.get_url(
'/latest/meta-data/iam/security-credentials/{}?role={}&access_'
'key={}&secret_key={}&token={}'.format(
role, role, access_key, secret_key, token))
with mock.patch('tornado_aws.config.INSTANCE_ENDPOINT', url):
cfg = config.Authorization(
'default', client=httpclient.AsyncHTTPClient())
with self.client_with_default_creds(
's3', endpoint=self.get_url('/api')) as obj:
obj._auth_config = cfg
result = yield obj.fetch(
'GET', '/?expectation={}'.format(token))
self.assertEqual(result.code, 200)
def test_async_role_error(self):
client = httpclient.AsyncHTTPClient()
role = uuid.uuid4().hex
access_key = uuid.uuid4().hex
secret_key = uuid.uuid4().hex
token = uuid.uuid4().hex
url = self.get_url(
'/latest/meta-data/iam/security-credentials/{}?role={}&access_'
'key={}&secret_key={}&token={}'.format(role, role, access_key,
secret_key, token))
with mock.patch('tornado_aws.config.INSTANCE_ENDPOINT', url):
obj = config.Authorization('default', client=client)
with mock.patch.object(obj, '_get_role_async') as get_role:
future = concurrent.Future()
future.set_exception(httpclient.HTTPError(599))
get_role.return_value = future
with self.assertRaises(exceptions.NoCredentialsError):
yield obj.refresh()
def test_async_request(self):
client = httpclient.AsyncHTTPClient()
role = uuid.uuid4().hex
access_key = uuid.uuid4().hex
secret_key = uuid.uuid4().hex
token = uuid.uuid4().hex
url = self.get_url(
'/latest/meta-data/iam/security-credentials/{}?role={}&access_'
'key={}&secret_key={}&token={}'.format(role, role, access_key,
secret_key, token))
with mock.patch('tornado_aws.config.INSTANCE_ENDPOINT', url):
obj = config.Authorization('default', client=client)
with mock.patch.object(obj, '_get_role_async') as get_role:
role_future = concurrent.Future()
role_future.set_result(role)
get_role.return_value = role_future
yield obj.refresh()
self.assertEqual(obj.access_key, access_key)
self.assertEqual(obj.secret_key, secret_key)
self.assertEqual(obj.security_token, token)
def test_assignment_and_reset(self):
obj = config.Authorization('default', client=httpclient.HTTPClient())
access_key = uuid.uuid4().hex
secret_key = uuid.uuid4().hex
token = uuid.uuid4().hex
expiration = datetime.datetime.now().isoformat()
obj._assign_credentials({
'AccessKeyId': access_key,
'SecretAccessKey': secret_key,
'Expiration': expiration,
'Token': token
})
self.assertEqual(obj.access_key, access_key)
self.assertEqual(obj.secret_key, secret_key)
self.assertEqual(obj._expiration, expiration)
self.assertEqual(obj.security_token, token)
obj.reset()
self.assertIsNone(obj.access_key)
self.assertIsNone(obj.secret_key)
self.assertIsNone(obj._expiration)
self.assertIsNone(obj.security_token)
def test_fetch_refresh_failure(self):
cfg_client = httpclient.AsyncHTTPClient()
role = uuid.uuid4().hex
access_key = uuid.uuid4().hex
secret_key = uuid.uuid4().hex
token = uuid.uuid4().hex
url = self.get_url(
'/latest/meta-data/iam/security-credentials/{}?role={}&access_'
'key={}&secret_key={}&token={}'.format(role, role, access_key,
secret_key, token))
with mock.patch('tornado_aws.config.INSTANCE_ENDPOINT', url):
cfg = config.Authorization('default', client=cfg_client)
with self.client_with_default_creds(
's3', endpoint=self.get_url('/api')) as obj:
obj._auth_config = cfg
cfg.reset()
with mock.patch.object(cfg, 'refresh') as refresh:
future = concurrent.Future()
future.set_exception(httpclient.HTTPError(599))
refresh.return_value = future
with self.assertRaises(httpclient.HTTPError):
yield obj.fetch('GET', '/api')
def test_reset_raises_for_local_credentials(self):
obj = config.Authorization('default', client=httpclient.HTTPClient())
obj._local_credentials = True
with self.assertRaises(exceptions.LocalCredentialsError):
obj.reset()