class TestSigner(BaseSignerTest): def test_region_name(self): self.assertEqual(self.signer.region_name, 'region_name') def test_signature_version(self): self.assertEqual(self.signer.signature_version, 'v4') def test_signing_name(self): self.assertEqual(self.signer.signing_name, 'signing_name') def test_region_required_for_sigv4(self): self.signer = RequestSigner( 'service_name', None, 'signing_name', 'v4', self.credentials, self.emitter) with self.assertRaises(NoRegionError): self.signer.sign('operation_name', mock.Mock()) def test_get_auth(self): auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): auth = self.signer.get_auth('service_name', 'region_name') self.assertEqual(auth, auth_cls.return_value) auth_cls.assert_called_with( credentials=self.fixed_credentials, service_name='service_name', region_name='region_name') def test_get_auth_signature_override(self): auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4-custom': auth_cls}): auth = self.signer.get_auth( 'service_name', 'region_name', signature_version='v4-custom') self.assertEqual(auth, auth_cls.return_value) auth_cls.assert_called_with( credentials=self.fixed_credentials, service_name='service_name', region_name='region_name') def test_get_auth_bad_override(self): with self.assertRaises(UnknownSignatureVersionError): self.signer.get_auth('service_name', 'region_name', signature_version='bad') def test_emits_choose_signer(self): request = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': mock.Mock()}): self.signer.sign('operation_name', request) self.emitter.emit_until_response.assert_called_with( 'choose-signer.service_name.operation_name', signing_name='signing_name', region_name='region_name', signature_version='v4') def test_choose_signer_override(self): request = mock.Mock() auth = mock.Mock() auth.REQUIRES_REGION = False self.emitter.emit_until_response.return_value = (None, 'custom') with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'custom': auth}): self.signer.sign('operation_name', request) auth.assert_called_with(credentials=self.fixed_credentials) auth.return_value.add_auth.assert_called_with(request) def test_emits_before_sign(self): request = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': mock.Mock()}): self.signer.sign('operation_name', request) self.emitter.emit.assert_called_with( 'before-sign.service_name.operation_name', request=mock.ANY, signing_name='signing_name', region_name='region_name', signature_version='v4', request_signer=self.signer) def test_disable_signing(self): # Returning botocore.UNSIGNED from choose-signer disables signing! request = mock.Mock() auth = mock.Mock() self.emitter.emit_until_response.return_value = (None, botocore.UNSIGNED) with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth}): self.signer.sign('operation_name', request) auth.assert_not_called() def test_generate_url_emits_choose_signer(self): request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': mock.Mock()}): self.signer.generate_presigned_url(request_dict, 'operation_name') self.emitter.emit_until_response.assert_called_with( 'choose-signer.service_name.operation_name', signing_name='signing_name', region_name='region_name', signature_version='v4-query') def test_generate_url_choose_signer_override(self): request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } auth = mock.Mock() auth.REQUIRES_REGION = False self.emitter.emit_until_response.return_value = (None, 'custom') auth_types_map = {'custom': mock.Mock(), 'custom-query': auth} with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types_map): self.signer.generate_presigned_url(request_dict, 'operation_name') auth.assert_called_with(credentials=self.fixed_credentials, expires=3600) def test_generate_url_unsigned(self): request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } self.emitter.emit_until_response.return_value = ( None, botocore.UNSIGNED) url = self.signer.generate_presigned_url( request_dict, 'operation_name') self.assertEqual(url, 'https://foo.com') def test_generate_presigned_url(self): auth = mock.Mock() auth.REQUIRES_REGION = True request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4-query': auth}): presigned_url = self.signer.generate_presigned_url( request_dict, operation_name='operation_name') auth.assert_called_with( credentials=self.fixed_credentials, region_name='region_name', service_name='signing_name', expires=3600) self.assertEqual(presigned_url, 'https://foo.com') def test_generate_presigned_url_with_region_override(self): auth = mock.Mock() auth.REQUIRES_REGION = True request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4-query': auth}): presigned_url = self.signer.generate_presigned_url( request_dict, operation_name='operation_name', region_name='us-west-2') auth.assert_called_with( credentials=self.fixed_credentials, region_name='us-west-2', service_name='signing_name', expires=3600) self.assertEqual(presigned_url, 'https://foo.com') def test_generate_presigned_url_with_exipres_in(self): auth = mock.Mock() auth.REQUIRES_REGION = True request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4-query': auth}): presigned_url = self.signer.generate_presigned_url( request_dict, operation_name='operation_name', expires_in=900) auth.assert_called_with( credentials=self.fixed_credentials, region_name='region_name', expires=900, service_name='signing_name') self.assertEqual(presigned_url, 'https://foo.com') def test_presigned_url_throws_unsupported_signature_error(self): request_dict = { 'headers': {}, 'url': 'https://s3.amazonaws.com/mybucket/myobject', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } self.signer = RequestSigner( 'service_name', 'region_name', 'signing_name', 'foo', self.credentials, self.emitter) with self.assertRaises(UnsupportedSignatureVersionError): self.signer.generate_presigned_url( request_dict, operation_name='foo') def test_signer_with_refreshable_credentials_gets_credential_set(self): class FakeCredentials(Credentials): def get_frozen_credentials(self): return ReadOnlyCredentials('foo', 'bar', 'baz') self.credentials = FakeCredentials('a', 'b', 'c') self.signer = RequestSigner( 'service_name', 'region_name', 'signing_name', 'v4', self.credentials, self.emitter) auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): auth = self.signer.get_auth('service_name', 'region_name') self.assertEqual(auth, auth_cls.return_value) # Note we're called with 'foo', 'bar', 'baz', and *not* # 'a', 'b', 'c'. auth_cls.assert_called_with( credentials=ReadOnlyCredentials('foo', 'bar', 'baz'), service_name='service_name', region_name='region_name') def test_no_credentials_case_is_forwarded_to_signer(self): # If no credentials are given to the RequestSigner, we should # forward that fact on to the Auth class and let them handle # the error (which they already do). self.credentials = None self.signer = RequestSigner( 'service_name', 'region_name', 'signing_name', 'v4', self.credentials, self.emitter) auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): auth = self.signer.get_auth_instance( 'service_name', 'region_name', 'v4') auth_cls.assert_called_with( service_name='service_name', region_name='region_name', credentials=None, ) def test_sign_with_signing_type_standard(self): auth = mock.Mock() post_auth = mock.Mock() query_auth = mock.Mock() request = mock.Mock() auth_types = { 'v4-presign-post': post_auth, 'v4-query': query_auth, 'v4': auth } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): self.signer.sign('operation_name', request, signing_type='standard') self.assertFalse(post_auth.called) self.assertFalse(query_auth.called) auth.assert_called_with( credentials=ReadOnlyCredentials('key', 'secret', None), service_name='signing_name', region_name='region_name' ) def test_sign_with_signing_type_presign_url(self): auth = mock.Mock() post_auth = mock.Mock() query_auth = mock.Mock() request = mock.Mock() auth_types = { 'v4-presign-post': post_auth, 'v4-query': query_auth, 'v4': auth } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): self.signer.sign('operation_name', request, signing_type='presign-url') self.assertFalse(post_auth.called) self.assertFalse(auth.called) query_auth.assert_called_with( credentials=ReadOnlyCredentials('key', 'secret', None), service_name='signing_name', region_name='region_name' ) def test_sign_with_signing_type_presign_post(self): auth = mock.Mock() post_auth = mock.Mock() query_auth = mock.Mock() request = mock.Mock() auth_types = { 'v4-presign-post': post_auth, 'v4-query': query_auth, 'v4': auth } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): self.signer.sign('operation_name', request, signing_type='presign-post') self.assertFalse(auth.called) self.assertFalse(query_auth.called) post_auth.assert_called_with( credentials=ReadOnlyCredentials('key', 'secret', None), service_name='signing_name', region_name='region_name' ) def test_sign_with_region_name(self): request = mock.Mock() auth = mock.Mock() auth_types = { 'v4': auth } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): self.signer.sign('operation_name', request, region_name='foo') auth.assert_called_with( credentials=ReadOnlyCredentials('key', 'secret', None), service_name='signing_name', region_name='foo' ) def test_sign_with_expires_in(self): request = mock.Mock() auth = mock.Mock() auth_types = { 'v4': auth } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): self.signer.sign('operation_name', request, expires_in=2) auth.assert_called_with( credentials=ReadOnlyCredentials('key', 'secret', None), service_name='signing_name', region_name='region_name', expires=2 ) def test_unknown_signer_raises_unknown_on_standard(self): request = mock.Mock() auth = mock.Mock() auth_types = { 'v4': auth } self.emitter.emit_until_response.return_value = (None, 'custom') with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): with self.assertRaises(UnknownSignatureVersionError): self.signer.sign('operation_name', request, signing_type='standard') def test_unknown_signer_raises_unsupported_when_not_standard(self): request = mock.Mock() auth = mock.Mock() auth_types = { 'v4': auth } self.emitter.emit_until_response.return_value = (None, 'custom') with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): with self.assertRaises(UnsupportedSignatureVersionError): self.signer.sign('operation_name', request, signing_type='presign-url') with self.assertRaises(UnsupportedSignatureVersionError): self.signer.sign('operation_name', request, signing_type='presign-post')
class TestSigner(BaseSignerTest): def test_region_name(self): self.assertEqual(self.signer.region_name, 'region_name') def test_signature_version(self): self.assertEqual(self.signer.signature_version, 'v4') def test_signing_name(self): self.assertEqual(self.signer.signing_name, 'signing_name') def test_region_required_for_sigv4(self): self.signer = RequestSigner( 'service_name', None, 'signing_name', 'v4', self.credentials, self.emitter) with self.assertRaises(NoRegionError): self.signer.sign('operation_name', mock.Mock()) def test_get_auth(self): auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): auth = self.signer.get_auth('service_name', 'region_name') self.assertEqual(auth, auth_cls.return_value) auth_cls.assert_called_with( credentials=self.credentials, service_name='service_name', region_name='region_name') def test_get_auth_cached(self): def side_effect(*args, **kwargs): return mock.Mock() auth_cls = mock.Mock(side_effect=side_effect) with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): auth1 = self.signer.get_auth('service_name', 'region_name') auth2 = self.signer.get_auth('service_name', 'region_name') self.assertEqual(auth1, auth2) def test_get_auth_cached_expires(self): def side_effect(*args, **kwargs): return mock.Mock() auth_cls = mock.Mock(side_effect=side_effect) with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): auth1 = self.signer.get_auth('service_name', 'region_name', expires=60) auth2 = self.signer.get_auth('service_name', 'region_name', expires=90) self.assertNotEqual(auth1, auth2) def test_get_auth_signature_override(self): auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4-custom': auth_cls}): auth = self.signer.get_auth( 'service_name', 'region_name', signature_version='v4-custom') self.assertEqual(auth, auth_cls.return_value) auth_cls.assert_called_with( credentials=self.credentials, service_name='service_name', region_name='region_name') def test_get_auth_bad_override(self): with self.assertRaises(UnknownSignatureVersionError): self.signer.get_auth('service_name', 'region_name', signature_version='bad') def test_emits_choose_signer(self): request = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': mock.Mock()}): self.signer.sign('operation_name', request) self.emitter.emit_until_response.assert_called_with( 'choose-signer.service_name.operation_name', signing_name='signing_name', region_name='region_name', signature_version='v4') def test_choose_signer_override(self): request = mock.Mock() auth = mock.Mock() auth.REQUIRES_REGION = False self.emitter.emit_until_response.return_value = (None, 'custom') with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'custom': auth}): self.signer.sign('operation_name', request) auth.assert_called_with(credentials=self.credentials) auth.return_value.add_auth.assert_called_with(request=request) def test_emits_before_sign(self): request = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': mock.Mock()}): self.signer.sign('operation_name', request) self.emitter.emit.assert_called_with( 'before-sign.service_name.operation_name', request=mock.ANY, signing_name='signing_name', region_name='region_name', signature_version='v4', request_signer=self.signer) def test_disable_signing(self): # Returning botocore.UNSIGNED from choose-signer disables signing! request = mock.Mock() auth = mock.Mock() self.emitter.emit_until_response.return_value = (None, botocore.UNSIGNED) with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth}): self.signer.sign('operation_name', request) auth.assert_not_called() def test_generate_presigned_url(self): auth = mock.Mock() auth.REQUIRES_REGION = True request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET' } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4-query': auth}): presigned_url = self.signer.generate_presigned_url(request_dict) auth.assert_called_with( credentials=self.credentials, region_name='region_name', service_name='signing_name', expires=3600) self.assertEqual(presigned_url, 'https://foo.com') def test_generate_presigned_url_with_region_override(self): auth = mock.Mock() auth.REQUIRES_REGION = True request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET' } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4-query': auth}): presigned_url = self.signer.generate_presigned_url( request_dict, region_name='us-west-2') auth.assert_called_with( credentials=self.credentials, region_name='us-west-2', service_name='signing_name', expires=3600) self.assertEqual(presigned_url, 'https://foo.com') def test_generate_presigned_url_with_exipres_in(self): auth = mock.Mock() auth.REQUIRES_REGION = True request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET' } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4-query': auth}): presigned_url = self.signer.generate_presigned_url( request_dict, expires_in=900) auth.assert_called_with( credentials=self.credentials, region_name='region_name', expires=900, service_name='signing_name') self.assertEqual(presigned_url, 'https://foo.com') def test_generate_presigned_url_fixes_s3_host(self): self.signer = RequestSigner( 'service_name', 'region_name', 'signing_name', 's3', self.credentials, self.emitter) auth = mock.Mock() auth.REQUIRES_REGION = True request_dict = { 'headers': {}, 'url': 'https://s3.amazonaws.com/mybucket/myobject', 'body': b'', 'url_path': '/', 'method': 'GET' } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'s3-query': auth}): presigned_url = self.signer.generate_presigned_url( request_dict, expires_in=900) auth.assert_called_with( credentials=self.credentials, region_name='region_name', expires=900, service_name='signing_name') self.assertEqual(presigned_url, 'https://mybucket.s3.amazonaws.com/myobject') def test_presigned_url_throws_unsupported_signature_error(self): self.signer = RequestSigner( 'service_name', 'region_name', 'signing_name', 'foo', self.credentials, self.emitter) with self.assertRaises(UnsupportedSignatureVersionError): self.signer.generate_presigned_url({})
class TestSigner(unittest.TestCase): def setUp(self): self.credentials = Credentials('key', 'secret') self.emitter = mock.Mock() self.emitter.emit_until_response.return_value = (None, None) self.signer = RequestSigner( 'service_name', 'region_name', 'signing_name', 'v4', self.credentials, self.emitter) def test_region_required_for_sigv4(self): self.signer = RequestSigner( 'service_name', None, 'signing_name', 'v4', self.credentials, self.emitter) with self.assertRaises(NoRegionError): self.signer.sign('operation_name', mock.Mock()) def test_get_auth(self): auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): auth = self.signer.get_auth('service_name', 'region_name') self.assertEqual(auth, auth_cls.return_value) auth_cls.assert_called_with( credentials=self.credentials, service_name='service_name', region_name='region_name') def test_get_auth_cached(self): auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): auth1 = self.signer.get_auth('service_name', 'region_name') auth2 = self.signer.get_auth('service_name', 'region_name') self.assertEqual(auth1, auth2) def test_get_auth_signature_override(self): auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4-custom': auth_cls}): auth = self.signer.get_auth( 'service_name', 'region_name', signature_version='v4-custom') self.assertEqual(auth, auth_cls.return_value) auth_cls.assert_called_with( credentials=self.credentials, service_name='service_name', region_name='region_name') def test_get_auth_bad_override(self): with self.assertRaises(UnknownSignatureVersionError): self.signer.get_auth('service_name', 'region_name', signature_version='bad') def test_emits_choose_signer(self): request = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': mock.Mock()}): self.signer.sign('operation_name', request) self.emitter.emit_until_response.assert_called_with( 'choose-signer.service_name.operation_name', signing_name='signing_name', region_name='region_name', signature_version='v4') def test_choose_signer_override(self): request = mock.Mock() auth = mock.Mock() auth.REQUIRES_REGION = False self.emitter.emit_until_response.return_value = (None, 'custom') with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'custom': auth}): self.signer.sign('operation_name', request) auth.assert_called_with(credentials=self.credentials) auth.return_value.add_auth.assert_called_with(request=request) def test_emits_before_sign(self): request = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': mock.Mock()}): self.signer.sign('operation_name', request) self.emitter.emit.assert_called_with( 'before-sign.service_name.operation_name', request=mock.ANY, signing_name='signing_name', region_name='region_name', signature_version='v4', request_signer=self.signer) def test_disable_signing(self): # Returning botocore.UNSIGNED from choose-signer disables signing! request = mock.Mock() auth = mock.Mock() self.emitter.emit_until_response.return_value = (None, botocore.UNSIGNED) with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth}): self.signer.sign('operation_name', request) auth.assert_not_called()
class TestSigner(BaseSignerTest): def test_region_name(self): self.assertEqual(self.signer.region_name, 'region_name') def test_signature_version(self): self.assertEqual(self.signer.signature_version, 'v4') def test_signing_name(self): self.assertEqual(self.signer.signing_name, 'signing_name') def test_region_required_for_sigv4(self): self.signer = RequestSigner( ServiceId('service_name'), None, 'signing_name', 'v4', self.credentials, self.emitter ) with self.assertRaises(NoRegionError): self.signer.sign('operation_name', self.request) def test_get_auth(self): auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): auth = self.signer.get_auth('service_name', 'region_name') self.assertEqual(auth, auth_cls.return_value) auth_cls.assert_called_with( credentials=self.fixed_credentials, service_name='service_name', region_name='region_name') def test_get_auth_signature_override(self): auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4-custom': auth_cls}): auth = self.signer.get_auth( 'service_name', 'region_name', signature_version='v4-custom') self.assertEqual(auth, auth_cls.return_value) auth_cls.assert_called_with( credentials=self.fixed_credentials, service_name='service_name', region_name='region_name') def test_get_auth_bad_override(self): with self.assertRaises(UnknownSignatureVersionError): self.signer.get_auth('service_name', 'region_name', signature_version='bad') def test_emits_choose_signer(self): with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': mock.Mock()}): self.signer.sign('operation_name', self.request) self.emitter.emit_until_response.assert_called_with( 'choose-signer.service_name.operation_name', signing_name='signing_name', region_name='region_name', signature_version='v4', context=mock.ANY) def test_choose_signer_override(self): auth = mock.Mock() auth.REQUIRES_REGION = False self.emitter.emit_until_response.return_value = (None, 'custom') with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'custom': auth}): self.signer.sign('operation_name', self.request) auth.assert_called_with(credentials=self.fixed_credentials) auth.return_value.add_auth.assert_called_with(self.request) def test_emits_before_sign(self): with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': mock.Mock()}): self.signer.sign('operation_name', self.request) self.emitter.emit.assert_called_with( 'before-sign.service_name.operation_name', request=self.request, signing_name='signing_name', region_name='region_name', signature_version='v4', request_signer=self.signer, operation_name='operation_name') def test_disable_signing(self): # Returning botocore.UNSIGNED from choose-signer disables signing! auth = mock.Mock() self.emitter.emit_until_response.return_value = (None, botocore.UNSIGNED) with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth}): self.signer.sign('operation_name', self.request) auth.assert_not_called() def test_generate_url_emits_choose_signer(self): request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': mock.Mock()}): self.signer.generate_presigned_url(request_dict, 'operation_name') self.emitter.emit_until_response.assert_called_with( 'choose-signer.service_name.operation_name', signing_name='signing_name', region_name='region_name', signature_version='v4-query', context=mock.ANY) def test_choose_signer_passes_context(self): self.request.context = {'foo': 'bar'} with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': mock.Mock()}): self.signer.sign('operation_name', self.request) self.emitter.emit_until_response.assert_called_with( 'choose-signer.service_name.operation_name', signing_name='signing_name', region_name='region_name', signature_version='v4', context={'foo': 'bar'}) def test_generate_url_choose_signer_override(self): request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } auth = mock.Mock() auth.REQUIRES_REGION = False self.emitter.emit_until_response.return_value = (None, 'custom') auth_types_map = {'custom': mock.Mock(), 'custom-query': auth} with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types_map): self.signer.generate_presigned_url(request_dict, 'operation_name') auth.assert_called_with(credentials=self.fixed_credentials, expires=3600) def test_generate_url_unsigned(self): request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } self.emitter.emit_until_response.return_value = ( None, botocore.UNSIGNED) url = self.signer.generate_presigned_url( request_dict, 'operation_name') self.assertEqual(url, 'https://foo.com') def test_generate_presigned_url(self): auth = mock.Mock() auth.REQUIRES_REGION = True request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4-query': auth}): presigned_url = self.signer.generate_presigned_url( request_dict, operation_name='operation_name') auth.assert_called_with( credentials=self.fixed_credentials, region_name='region_name', service_name='signing_name', expires=3600) self.assertEqual(presigned_url, 'https://foo.com') def test_generate_presigned_url_with_region_override(self): auth = mock.Mock() auth.REQUIRES_REGION = True request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4-query': auth}): presigned_url = self.signer.generate_presigned_url( request_dict, operation_name='operation_name', region_name='us-west-2') auth.assert_called_with( credentials=self.fixed_credentials, region_name='us-west-2', service_name='signing_name', expires=3600) self.assertEqual(presigned_url, 'https://foo.com') def test_generate_presigned_url_with_exipres_in(self): auth = mock.Mock() auth.REQUIRES_REGION = True request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4-query': auth}): presigned_url = self.signer.generate_presigned_url( request_dict, operation_name='operation_name', expires_in=900) auth.assert_called_with( credentials=self.fixed_credentials, region_name='region_name', expires=900, service_name='signing_name') self.assertEqual(presigned_url, 'https://foo.com') def test_presigned_url_throws_unsupported_signature_error(self): request_dict = { 'headers': {}, 'url': 'https://s3.amazonaws.com/mybucket/myobject', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } self.signer = RequestSigner( ServiceId('service_name'), 'region_name', 'signing_name', 'foo', self.credentials, self.emitter) with self.assertRaises(UnsupportedSignatureVersionError): self.signer.generate_presigned_url( request_dict, operation_name='foo') def test_signer_with_refreshable_credentials_gets_credential_set(self): class FakeCredentials(Credentials): def get_frozen_credentials(self): return ReadOnlyCredentials('foo', 'bar', 'baz') self.credentials = FakeCredentials('a', 'b', 'c') self.signer = RequestSigner( ServiceId('service_name'), 'region_name', 'signing_name', 'v4', self.credentials, self.emitter) auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): auth = self.signer.get_auth('service_name', 'region_name') self.assertEqual(auth, auth_cls.return_value) # Note we're called with 'foo', 'bar', 'baz', and *not* # 'a', 'b', 'c'. auth_cls.assert_called_with( credentials=ReadOnlyCredentials('foo', 'bar', 'baz'), service_name='service_name', region_name='region_name') def test_no_credentials_case_is_forwarded_to_signer(self): # If no credentials are given to the RequestSigner, we should # forward that fact on to the Auth class and let them handle # the error (which they already do). self.credentials = None self.signer = RequestSigner( ServiceId('service_name'), 'region_name', 'signing_name', 'v4', self.credentials, self.emitter) auth_cls = mock.Mock() with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4': auth_cls}): auth = self.signer.get_auth_instance( 'service_name', 'region_name', 'v4') auth_cls.assert_called_with( service_name='service_name', region_name='region_name', credentials=None, ) def test_sign_with_signing_type_standard(self): auth = mock.Mock() post_auth = mock.Mock() query_auth = mock.Mock() auth_types = { 'v4-presign-post': post_auth, 'v4-query': query_auth, 'v4': auth } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): self.signer.sign('operation_name', self.request, signing_type='standard') self.assertFalse(post_auth.called) self.assertFalse(query_auth.called) auth.assert_called_with( credentials=ReadOnlyCredentials('key', 'secret', None), service_name='signing_name', region_name='region_name' ) def test_sign_with_signing_type_presign_url(self): auth = mock.Mock() post_auth = mock.Mock() query_auth = mock.Mock() auth_types = { 'v4-presign-post': post_auth, 'v4-query': query_auth, 'v4': auth } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): self.signer.sign('operation_name', self.request, signing_type='presign-url') self.assertFalse(post_auth.called) self.assertFalse(auth.called) query_auth.assert_called_with( credentials=ReadOnlyCredentials('key', 'secret', None), service_name='signing_name', region_name='region_name' ) def test_sign_with_signing_type_presign_post(self): auth = mock.Mock() post_auth = mock.Mock() query_auth = mock.Mock() auth_types = { 'v4-presign-post': post_auth, 'v4-query': query_auth, 'v4': auth } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): self.signer.sign('operation_name', self.request, signing_type='presign-post') self.assertFalse(auth.called) self.assertFalse(query_auth.called) post_auth.assert_called_with( credentials=ReadOnlyCredentials('key', 'secret', None), service_name='signing_name', region_name='region_name' ) def test_sign_with_region_name(self): auth = mock.Mock() auth_types = { 'v4': auth } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): self.signer.sign('operation_name', self.request, region_name='foo') auth.assert_called_with( credentials=ReadOnlyCredentials('key', 'secret', None), service_name='signing_name', region_name='foo' ) def test_sign_override_region_from_context(self): auth = mock.Mock() auth_types = { 'v4': auth } self.request.context = {'signing': {'region': 'my-override-region'}} with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): self.signer.sign('operation_name', self.request) auth.assert_called_with( credentials=ReadOnlyCredentials('key', 'secret', None), service_name='signing_name', region_name='my-override-region' ) def test_sign_with_region_name_overrides_context(self): auth = mock.Mock() auth_types = { 'v4': auth } self.request.context = {'signing': {'region': 'context-override'}} with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): self.signer.sign('operation_name', self.request, region_name='param-override') auth.assert_called_with( credentials=ReadOnlyCredentials('key', 'secret', None), service_name='signing_name', region_name='param-override' ) def test_sign_with_expires_in(self): auth = mock.Mock() auth_types = { 'v4': auth } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): self.signer.sign('operation_name', self.request, expires_in=2) auth.assert_called_with( credentials=ReadOnlyCredentials('key', 'secret', None), service_name='signing_name', region_name='region_name', expires=2 ) def test_sign_with_custom_signing_name(self): auth = mock.Mock() auth_types = { 'v4': auth } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): self.signer.sign('operation_name', self.request, signing_name='foo') auth.assert_called_with( credentials=ReadOnlyCredentials('key', 'secret', None), service_name='foo', region_name='region_name' ) def test_presign_with_custom_signing_name(self): auth = mock.Mock() auth.REQUIRES_REGION = True request_dict = { 'headers': {}, 'url': 'https://foo.com', 'body': b'', 'url_path': '/', 'method': 'GET', 'context': {} } with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, {'v4-query': auth}): presigned_url = self.signer.generate_presigned_url( request_dict, operation_name='operation_name', signing_name='foo') auth.assert_called_with( credentials=self.fixed_credentials, region_name='region_name', expires=3600, service_name='foo') self.assertEqual(presigned_url, 'https://foo.com') def test_unknown_signer_raises_unknown_on_standard(self): auth = mock.Mock() auth_types = { 'v4': auth } self.emitter.emit_until_response.return_value = (None, 'custom') with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): with self.assertRaises(UnknownSignatureVersionError): self.signer.sign('operation_name', self.request, signing_type='standard') def test_unknown_signer_raises_unsupported_when_not_standard(self): auth = mock.Mock() auth_types = { 'v4': auth } self.emitter.emit_until_response.return_value = (None, 'custom') with mock.patch.dict(botocore.auth.AUTH_TYPE_MAPS, auth_types): with self.assertRaises(UnsupportedSignatureVersionError): self.signer.sign('operation_name', self.request, signing_type='presign-url') with self.assertRaises(UnsupportedSignatureVersionError): self.signer.sign('operation_name', self.request, signing_type='presign-post')