示例#1
0
    def test_env_profile_loads_profile(self):
        self.environ['AWS_PROFILE'] = 'foo'
        self.shared_config = {
            'default': {
                'aws_access_key_id': 'shared_access_key',
                'aws_secret_access_key': 'shared_secret_key',
            },
            'foo': {
                'aws_access_key_id': 'shared_access_key_foo',
                'aws_secret_access_key': 'shared_secret_key_foo',
            }
        }
        self.config = {
            'profile foo': {
                'aws_access_key_id': 'cfg_access_key_foo',
                'aws_secret_access_key': 'cfg_secret_key_foo',
            },
            'Credentials': {
                'aws_access_key_id': 'cfg_access_key',
                'aws_secret_access_key': 'cfg_secret_key',
            }
        }
        p = provider.Provider('aws')
        self.assertEqual(p.access_key, 'shared_access_key_foo')
        self.assertEqual(p.secret_key, 'shared_secret_key_foo')
        self.assertIsNone(p.security_token)

        self.shared_config = {}
        p = provider.Provider('aws')
        self.assertEqual(p.access_key, 'cfg_access_key_foo')
        self.assertEqual(p.secret_key, 'cfg_secret_key_foo')
        self.assertIsNone(p.security_token)
示例#2
0
 def test_config_profile_values_are_used(self):
     self.config = {
         'profile dev': {
             'aws_access_key_id': 'dev_access_key',
             'aws_secret_access_key': 'dev_secret_key',
         }, 'profile prod': {
             'aws_access_key_id': 'prod_access_key',
             'aws_secret_access_key': 'prod_secret_key',
         }, 'profile prod_withtoken': {
             'aws_access_key_id': 'prod_access_key',
             'aws_secret_access_key': 'prod_secret_key',
             'aws_security_token': 'prod_token',
         }, 'Credentials': {
             'aws_access_key_id': 'default_access_key',
             'aws_secret_access_key': 'default_secret_key'
         }
     }
     p = provider.Provider('aws', profile_name='prod')
     self.assertEqual(p.access_key, 'prod_access_key')
     self.assertEqual(p.secret_key, 'prod_secret_key')
     p = provider.Provider('aws', profile_name='prod_withtoken')
     self.assertEqual(p.access_key, 'prod_access_key')
     self.assertEqual(p.secret_key, 'prod_secret_key')
     self.assertEqual(p.security_token, 'prod_token')
     q = provider.Provider('aws', profile_name='dev')
     self.assertEqual(q.access_key, 'dev_access_key')
     self.assertEqual(q.secret_key, 'dev_secret_key')
示例#3
0
    def test_env_vars_security_token_beats_config_values(self):
        self.environ['AWS_ACCESS_KEY_ID'] = 'env_access_key'
        self.environ['AWS_SECRET_ACCESS_KEY'] = 'env_secret_key'
        self.environ['AWS_SECURITY_TOKEN'] = 'env_security_token'
        self.shared_config = {
            'default': {
                'aws_access_key_id': 'shared_access_key',
                'aws_secret_access_key': 'shared_secret_key',
                'aws_security_token': 'shared_security_token',
            }
        }
        self.config = {
            'Credentials': {
                'aws_access_key_id': 'cfg_access_key',
                'aws_secret_access_key': 'cfg_secret_key',
                'aws_security_token': 'cfg_security_token',
            }
        }
        p = provider.Provider('aws')
        self.assertEqual(p.access_key, 'env_access_key')
        self.assertEqual(p.secret_key, 'env_secret_key')
        self.assertEqual(p.security_token, 'env_security_token')

        self.environ.clear()
        p = provider.Provider('aws')
        self.assertEqual(p.security_token, 'shared_security_token')

        self.shared_config.clear()
        p = provider.Provider('aws')
        self.assertEqual(p.security_token, 'cfg_security_token')
示例#4
0
    def test_provider_google(self):
        self.environ['GS_ACCESS_KEY_ID'] = 'env_access_key'
        self.environ['GS_SECRET_ACCESS_KEY'] = 'env_secret_key'
        self.shared_config = {
            'default': {
                'gs_access_key_id': 'shared_access_key',
                'gs_secret_access_key': 'shared_secret_key',
            }
        }
        self.config = {
            'Credentials': {
                'gs_access_key_id': 'cfg_access_key',
                'gs_secret_access_key': 'cfg_secret_key',
            }
        }
        p = provider.Provider('google')
        self.assertEqual(p.access_key, 'env_access_key')
        self.assertEqual(p.secret_key, 'env_secret_key')

        self.environ.clear()
        p = provider.Provider('google')
        self.assertEqual(p.access_key, 'shared_access_key')
        self.assertEqual(p.secret_key, 'shared_secret_key')

        self.shared_config.clear()
        p = provider.Provider('google')
        self.assertEqual(p.access_key, 'cfg_access_key')
        self.assertEqual(p.secret_key, 'cfg_secret_key')
示例#5
0
    def test_shared_config_loading(self, load_from_path, exists):
        provider.Provider('aws')
        path = os.path.join(expanduser('~'), '.aws', 'credentials')
        exists.assert_called_once_with(path)
        load_from_path.assert_called_once_with(path)

        exists.reset_mock()
        load_from_path.reset_mock()

        provider.Provider('google')
        path = os.path.join(expanduser('~'), '.google', 'credentials')
        exists.assert_called_once_with(path)
        load_from_path.assert_called_once_with(path)
示例#6
0
    def test_refresh_credentials(self):
        now = datetime.utcnow()
        first_expiration = (now + timedelta(seconds=10)).strftime(
            "%Y-%m-%dT%H:%M:%SZ")
        credentials = {
            u'AccessKeyId': u'first_access_key',
            u'Code': u'Success',
            u'Expiration': first_expiration,
            u'LastUpdated': u'2012-08-31T21:43:40Z',
            u'SecretAccessKey': u'first_secret_key',
            u'Token': u'first_token',
            u'Type': u'AWS-HMAC'
        }
        instance_config = {'allowall': credentials}
        self.get_instance_metadata.return_value = instance_config
        p = provider.Provider('aws')
        self.assertEqual(p.access_key, 'first_access_key')
        self.assertEqual(p.secret_key, 'first_secret_key')
        self.assertEqual(p.security_token, 'first_token')
        self.assertIsNotNone(p._credential_expiry_time)

        # Now set the expiration to something in the past.
        expired = now - timedelta(seconds=20)
        p._credential_expiry_time = expired
        credentials['AccessKeyId'] = 'second_access_key'
        credentials['SecretAccessKey'] = 'second_secret_key'
        credentials['Token'] = 'second_token'
        self.get_instance_metadata.return_value = instance_config

        # Now upon attribute access, the credentials should be updated.
        self.assertEqual(p.access_key, 'second_access_key')
        self.assertEqual(p.secret_key, 'second_secret_key')
        self.assertEqual(p.security_token, 'second_token')
示例#7
0
    def get_auth_headers(self, url_path):
        creds, soon_expires = self._creds_soon_expiring()
        if soon_expires:
            creds = self._set_creds(creds=_get_credentials())

        handler = ZuluHmacAuthV3HTTPHandler(
            host=HOST,
            config={},
            provider=provider.Provider(
                name='aws',
                access_key=creds['accessKeyId'],
                secret_key=creds['secretAccessKey'],
                security_token=creds['sessionToken'],
            ))
        parsed_url = urlparse(url_path)
        params = {
            key: val[0]
            for key, val in parse_qs(parsed_url.query).items()
        }
        request = HTTPRequest(method='GET',
                              protocol='https',
                              host=HOST,
                              port=443,
                              path=parsed_url.path,
                              auth_path=None,
                              params=params,
                              headers={},
                              body='')
        handler.add_auth(req=request)
        headers = request.headers
        headers['User-Agent'] = USER_AGENT
        return headers
示例#8
0
 def test_no_credentials_provided(self):
     p = provider.Provider('aws', provider.NO_CREDENTIALS_PROVIDED,
                           provider.NO_CREDENTIALS_PROVIDED,
                           provider.NO_CREDENTIALS_PROVIDED)
     self.assertEqual(p.access_key, provider.NO_CREDENTIALS_PROVIDED)
     self.assertEqual(p.secret_key, provider.NO_CREDENTIALS_PROVIDED)
     self.assertEqual(p.security_token, provider.NO_CREDENTIALS_PROVIDED)
示例#9
0
 def test_environment_variables_are_used(self):
     self.environ['AWS_ACCESS_KEY_ID'] = 'env_access_key'
     self.environ['AWS_SECRET_ACCESS_KEY'] = 'env_secret_key'
     p = provider.Provider('aws')
     self.assertEqual(p.access_key, 'env_access_key')
     self.assertEqual(p.secret_key, 'env_secret_key')
     self.assertIsNone(p.security_token)
示例#10
0
    def test_keyring_is_used(self):
        self.config = {
            'Credentials': {
                'aws_access_key_id': 'cfg_access_key',
                'keyring': 'test',
            }
        }
        import sys
        try:
            import keyring
            imported = True
        except ImportError:
            sys.modules['keyring'] = keyring = type(mock)('keyring', '')
            imported = False

        try:
            with mock.patch('keyring.get_password', create=True):
                keyring.get_password.side_effect = (
                    lambda kr, login: kr+login+'pw')
                p = provider.Provider('aws')
                self.assertEqual(p.access_key, 'cfg_access_key')
                self.assertEqual(p.secret_key, 'testcfg_access_keypw')
                self.assertIsNone(p.security_token)
        finally:
            if not imported:
                del sys.modules['keyring']
示例#11
0
 def test_metadata_server_credentials(self):
     self.get_instance_metadata.return_value = INSTANCE_CONFIG
     p = provider.Provider('aws')
     self.assertEqual(p.access_key, 'iam_access_key')
     self.assertEqual(p.secret_key, 'iam_secret_key')
     self.assertEqual(p.security_token, 'iam_token')
     self.assertEqual(self.get_instance_metadata.call_args[1]['data'],
                      'meta-data/iam/security-credentials/')
示例#12
0
 def test_passed_in_values_beat_env_vars(self):
     self.environ['AWS_ACCESS_KEY_ID'] = 'env_access_key'
     self.environ['AWS_SECRET_ACCESS_KEY'] = 'env_secret_key'
     self.environ['AWS_SECURITY_TOKEN'] = 'env_security_token'
     p = provider.Provider('aws', 'access_key', 'secret_key')
     self.assertEqual(p.access_key, 'access_key')
     self.assertEqual(p.secret_key, 'secret_key')
     self.assertEqual(p.security_token, None)
示例#13
0
 def test_environment_variable_aws_security_token(self):
     self.environ['AWS_ACCESS_KEY_ID'] = 'env_access_key'
     self.environ['AWS_SECRET_ACCESS_KEY'] = 'env_secret_key'
     self.environ['AWS_SECURITY_TOKEN'] = 'env_security_token'
     p = provider.Provider('aws')
     self.assertEqual(p.access_key, 'env_access_key')
     self.assertEqual(p.secret_key, 'env_secret_key')
     self.assertEqual(p.security_token, 'env_security_token')
示例#14
0
def get_client_settings():
    creds = provider.Provider('aws')
    client_settings = {
        'signerUrl': reverse('sign_request'),
        'awsKey': creds.access_key,
        'awsToken': creds.security_token,
        'awsBucket': settings.AWS_BUCKET_NAME,
    }
    return client_settings
示例#15
0
 def test_metadata_server_returns_missing_keys(self):
     self.get_instance_metadata.return_value = {
         'allowall': {
             u'AccessKeyId': u'iam_access_key',
             # Missing SecretAccessKey.
             u'Token': u'iam_token',
             u'Expiration': u'2012-09-01T03:57:34Z',
         }
     }
     with self.assertRaises(InvalidInstanceMetadataError):
         p = provider.Provider('aws')
示例#16
0
 def test_metadata_config_params(self, config_float, config_int):
     config_int.return_value = 10
     config_float.return_value = 4.0
     self.get_instance_metadata.return_value = INSTANCE_CONFIG
     p = provider.Provider('aws')
     self.assertEqual(p.access_key, 'iam_access_key')
     self.assertEqual(p.secret_key, 'iam_secret_key')
     self.assertEqual(p.security_token, 'iam_token')
     self.get_instance_metadata.assert_called_with(
         timeout=4.0, num_retries=10,
         data='meta-data/iam/security-credentials/')
示例#17
0
 def test_config_values_are_used(self):
     self.config = {
         'Credentials': {
             'aws_access_key_id': 'cfg_access_key',
             'aws_secret_access_key': 'cfg_secret_key',
         }
     }
     p = provider.Provider('aws')
     self.assertEqual(p.access_key, 'cfg_access_key')
     self.assertEqual(p.secret_key, 'cfg_secret_key')
     self.assertIsNone(p.security_token)
示例#18
0
 def test_env_vars_beat_config_values(self):
     self.environ['AWS_ACCESS_KEY_ID'] = 'env_access_key'
     self.environ['AWS_SECRET_ACCESS_KEY'] = 'env_secret_key'
     self.config = {
         'Credentials': {
             'aws_access_key_id': 'cfg_access_key',
             'aws_secret_access_key': 'cfg_secret_key',
         }
     }
     p = provider.Provider('aws')
     self.assertEqual(p.access_key, 'env_access_key')
     self.assertEqual(p.secret_key, 'env_secret_key')
     self.assertIsNone(p.security_token)
示例#19
0
 def test_env_vars_beat_shared_creds_values(self):
     self.environ['AWS_ACCESS_KEY_ID'] = 'env_access_key'
     self.environ['AWS_SECRET_ACCESS_KEY'] = 'env_secret_key'
     self.shared_config = {
         'default': {
             'aws_access_key_id': 'shared_access_key',
             'aws_secret_access_key': 'shared_secret_key',
         }
     }
     p = provider.Provider('aws')
     self.assertEqual(p.access_key, 'env_access_key')
     self.assertEqual(p.secret_key, 'env_secret_key')
     self.assertIsNone(p.security_token)
示例#20
0
 def test_shared_creds_profile_beats_defaults(self):
     self.shared_config = {
         'default': {
             'aws_access_key_id': 'shared_access_key',
             'aws_secret_access_key': 'shared_secret_key',
         },
         'foo': {
             'aws_access_key_id': 'foo_access_key',
             'aws_secret_access_key': 'foo_secret_key',
         }
     }
     p = provider.Provider('aws', profile_name='foo')
     self.assertEqual(p.access_key, 'foo_access_key')
     self.assertEqual(p.secret_key, 'foo_secret_key')
     self.assertIsNone(p.security_token)
示例#21
0
 def test_config_missing_profile(self):
     # None of these default profiles should be loaded!
     self.shared_config = {
         'default': {
             'aws_access_key_id': 'shared_access_key',
             'aws_secret_access_key': 'shared_secret_key',
         }
     }
     self.config = {
         'Credentials': {
             'aws_access_key_id': 'default_access_key',
             'aws_secret_access_key': 'default_secret_key'
         }
     }
     with self.assertRaises(provider.ProfileNotFoundError):
         provider.Provider('aws', profile_name='doesntexist')
示例#22
0
 def test_shared_creds_beat_config_values(self):
     self.shared_config = {
         'default': {
             'aws_access_key_id': 'shared_access_key',
             'aws_secret_access_key': 'shared_secret_key',
         }
     }
     self.config = {
         'Credentials': {
             'aws_access_key_id': 'cfg_access_key',
             'aws_secret_access_key': 'cfg_secret_key',
         }
     }
     p = provider.Provider('aws')
     self.assertEqual(p.access_key, 'shared_access_key')
     self.assertEqual(p.secret_key, 'shared_secret_key')
     self.assertIsNone(p.security_token)
示例#23
0
 def test_metadata_server_credentials(self):
     instance_config = {
         'iam': {
             'security-credentials': {
                 'allowall': {u'AccessKeyId': u'iam_access_key',
                              u'Code': u'Success',
                              u'Expiration': u'2012-09-01T03:57:34Z',
                              u'LastUpdated': u'2012-08-31T21:43:40Z',
                              u'SecretAccessKey': u'iam_secret_key',
                              u'Token': u'iam_token',
                              u'Type': u'AWS-HMAC'}
             }
         }
     }
     self.get_instance_metadata.return_value = instance_config
     p = provider.Provider('aws')
     self.assertEqual(p.access_key, 'iam_access_key')
     self.assertEqual(p.secret_key, 'iam_secret_key')
     self.assertEqual(p.security_token, 'iam_token')
示例#24
0
 def test_metadata_server_returns_empty_string(self):
     self.get_instance_metadata.return_value = {'rolename': ''}
     with self.assertRaises(InvalidInstanceMetadataError):
         p = provider.Provider('aws')
示例#25
0
 def test_passed_in_values_are_used(self):
     p = provider.Provider('aws', 'access_key', 'secret_key', 'security_token')
     self.assertEqual(p.access_key, 'access_key')
     self.assertEqual(p.secret_key, 'secret_key')
     self.assertEqual(p.security_token, 'security_token')
示例#26
0
 def test_metadata_server_returns_bad_type(self):
     self.get_instance_metadata.return_value = {
         'rolename': [],
     }
     with self.assertRaises(InvalidInstanceMetadataError):
         p = provider.Provider('aws')