def retrieve(self):
"""Retrieve credential value and its expiry from IAM EC2."""
# Get role names.
creds_path = "/latest/meta-data/iam/security-credentials"
url = self._endpoint + creds_path
res = self._http_client.urlopen("GET", url)
if res.status != 200:
raise HTTPError(
"request failed with status {0}".format(res.status), )
role_names = res.data.decode("utf-8").split("\n")
if not role_names:
raise ResponseError("no role names found in response")
# Get credentials of first role.
url = self._endpoint + creds_path + "/" + role_names[0]
res = self._http_client.urlopen("GET", url)
if res.status != 200:
raise HTTPError(
"request failed with status {0}".format(res.status), )
data = json.loads(res.data)
if data["Code"] != "Success":
raise ResponseError(
"credential retrieval failed with code {0}".format(
data["Code"]), )
try:
expiration = datetime.strptime(data["Expiration"], RFC3339NANO)
except ValueError:
expiration = datetime.strptime(data["Expiration"], RFC3339)
return Value(
data["AccessKeyId"],
data["SecretAccessKey"],
session_token=data["Token"],
), expiration - self._expiry_delta
def increment(self,
method=None,
url=None,
response=None,
error=None,
_pool=None,
_stacktrace=None):
"""Return a new Retry object with incremented retry counters."""
if self.retry_timeout < datetime.now():
raise MaxRetryError(
_pool, url, error or ResponseError("max_retry_time exceeded"))
new_retry = super().increment(method, url, response, error, _pool,
_stacktrace)
if response is not None:
parsed_error = InfluxDBError(response=response)
elif error is not None:
parsed_error = error
else:
parsed_error = f"Failed request to: {url}"
message = f"The retriable error occurred during request. Reason: '{parsed_error}'."
if isinstance(parsed_error, InfluxDBError):
message += f" Retry in {parsed_error.retry_after}s."
if self.retry_callback:
self.retry_callback(parsed_error)
logger.warning(message)
return new_retry
def retrieve(self):
"""
Retrieve credential value and its expiry from IAM EC2 instance role
or ECS task role.
"""
if not self._is_ecs_task:
# Get role names and get the first role for EC2.
creds_path = "/latest/meta-data/iam/security-credentials"
url = self._endpoint + creds_path
res = self._http_client.urlopen("GET", url)
if res.status != 200:
raise HTTPError(
"request failed with status {0}".format(res.status), )
role_names = res.data.decode("utf-8").split("\n")
if not role_names:
raise ResponseError("no role names found in response")
credentials_url = self._endpoint + creds_path + "/" + role_names[0]
else:
# This URL directly gives the credentials for an ECS task
relative_url_var = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
creds_path = os.environ.get(relative_url_var) or ""
credentials_url = self._endpoint + creds_path
# Get credentials of role.
res = self._http_client.urlopen("GET", credentials_url)
if res.status != 200:
raise HTTPError(
"request failed with status {0}".format(res.status), )
data = json.loads(res.data)
# Note the response in ECS does not include the "Code" key.
if not self._is_ecs_task and data["Code"] != "Success":
raise ResponseError(
"credential retrieval failed with code {0}".format(
data["Code"]), )
try:
expiration = datetime.strptime(data["Expiration"], RFC3339NANO)
except ValueError:
expiration = datetime.strptime(data["Expiration"], RFC3339)
return Value(
data["AccessKeyId"],
data["SecretAccessKey"],
session_token=data["Token"],
), expiration - self._expiry_delta
def handle_response(self, response):
if response.status_code == 200:
try:
data = json.loads(response.content)
except json.decoder.JSONDecodeError:
raise TypeError(f"转换失败, {response} 不是json 对象")
return data
else:
raise ResponseError(
f"response 的响应值错误, 响应码为{response.status_code},响应信息为{response.content}"
)
def urlopen(self, method, url, redirect=True, **kw):
"""
Same as :meth:`urllib3.connectionpool.HTTPConnectionPool.urlopen`
with custom cross-host redirect logic and only sends the request-uri
portion of the ``url``.
The given ``url`` parameter must be absolute, such that an appropriate
:class:`urllib3.connectionpool.ConnectionPool` can be chosen for it.
"""
#===============================================================================================================
# add by mz
error_type = kw.get('error_type')
if error_type:
from urllib3.exceptions import LocationValueError, HostChangedError, LocationParseError, ConnectTimeoutError
from urllib3.exceptions import ProxyError, TimeoutError, ReadTimeoutError, ProtocolError, DecodeError
from urllib3.exceptions import ResponseError, ResponseNotChunked, SSLError, HTTPError, HTTPWarning, PoolError
from urllib3.exceptions import RequestError, MaxRetryError, TimeoutStateError, NewConnectionError
from urllib3.exceptions import EmptyPoolError, ClosedPoolError, SecurityWarning, SubjectAltNameWarning
from urllib3.exceptions import InsecureRequestWarning, SystemTimeWarning, InsecurePlatformWarning
from urllib3.exceptions import SNIMissingWarning, DependencyWarning, ProxySchemeUnknown, HeaderParsingError
get_error = {
"LocationValueError":
LocationValueError(),
"HostChangedError":
HostChangedError(pool=1, url=2),
"LocationParseError":
LocationParseError(url),
"ConnectTimeoutError":
ConnectTimeoutError(),
"ProxyError":
ProxyError(),
"TimeoutError":
TimeoutError(),
"ReadTimeoutError":
ReadTimeoutError(pool=1, url=2, message="ReadTimeoutError"),
"ProtocolError":
ProtocolError(),
"DecodeError":
DecodeError(),
"ResponseError":
ResponseError(),
"ResponseNotChunked":
ResponseNotChunked(),
"SSLError":
SSLError(),
"HTTPError":
HTTPError(),
"HTTPWarning":
HTTPWarning(),
"PoolError":
PoolError(pool=1, message=2),
"RequestError":
RequestError(pool=1, url=2, message="RequestError"),
"MaxRetryError":
MaxRetryError(pool=1, url=2, reason=None),
"TimeoutStateError":
TimeoutStateError(),
"NewConnectionError":
NewConnectionError(pool=1, message="NewConnectionError"),
"EmptyPoolError":
EmptyPoolError(pool=1, message="EmptyPoolError"),
"ClosedPoolError":
ClosedPoolError(pool=1, message="ClosedPoolError"),
"SecurityWarning":
SecurityWarning(),
"SubjectAltNameWarning":
SubjectAltNameWarning(),
"InsecureRequestWarning":
InsecureRequestWarning(),
"SystemTimeWarning":
SystemTimeWarning(),
"InsecurePlatformWarning":
InsecurePlatformWarning(),
"SNIMissingWarning":
SNIMissingWarning(),
"DependencyWarning":
DependencyWarning(),
"ProxySchemeUnknown":
ProxySchemeUnknown(scheme=1),
"HeaderParsingError":
HeaderParsingError(defects=1, unparsed_data=2)
}
error_ = get_error[error_type]
raise error_
#===============================================================================================================
u = parse_url(url)
conn = self.connection_from_host(u.host, port=u.port, scheme=u.scheme)
kw['assert_same_host'] = False
kw['redirect'] = False
if 'headers' not in kw:
kw['headers'] = self.headers
if self.proxy is not None and u.scheme == "http":
response = conn.urlopen(method, url, **kw)
else:
response = conn.urlopen(method, u.request_uri, **kw)
redirect_location = redirect and response.get_redirect_location()
if not redirect_location:
return response
# Support relative URLs for redirecting.
redirect_location = urljoin(url, redirect_location)
# RFC 2616, Section 10.3.4
if response.status == 303:
method = 'GET'
log.info("Redirecting %s -> %s" % (url, redirect_location))
kw['retries'] = kw.get('retries', 3) - 1 # Persist retries countdown
kw['redirect'] = redirect
return self.urlopen(method, redirect_location, **kw)