def test_context_config_is_a_singleton(self):
first = context_config.create_context_config(self.mock_logger)
with self.assertRaises(
context_config.ContextConfigSingletonAlreadyExistsError):
context_config.create_context_config(self.mock_logger)
second = context_config.get_context_config()
self.assertEqual(first, second)
def GetNewHttp(http_class=httplib2.Http, **kwargs):
"""Creates and returns a new httplib2.Http instance.
Args:
http_class: Optional custom Http class to use.
**kwargs: Arguments to pass to http_class constructor.
Returns:
An initialized httplib2.Http instance.
"""
##Get Proxy configuration from boto file, defaults are None, 0 and False
proxy_host = config.get('Boto', 'proxy', None) #needed for if clause below
boto_proxy_config = {
'proxy_host':
proxy_host,
'proxy_type':
config.get('Boto', 'proxy_type', 'http'),
'proxy_port':
config.getint('Boto', 'proxy_port'),
'proxy_user':
config.get('Boto', 'proxy_user', None),
'proxy_pass':
config.get('Boto', 'proxy_pass', None),
'proxy_rdns':
config.get('Boto', 'proxy_rdns', True if proxy_host else None)
}
#Use SetProxyInfo to convert boto config to httplib2.proxyinfo object
proxy_info = SetProxyInfo(boto_proxy_config)
# Some installers don't package a certs file with httplib2, so use the
# one included with gsutil.
kwargs['ca_certs'] = GetCertsFile()
# Use a non-infinite SSL timeout to avoid hangs during network flakiness.
kwargs['timeout'] = SSL_TIMEOUT_SEC
http = http_class(proxy_info=proxy_info, **kwargs)
http.disable_ssl_certificate_validation = (not config.getbool(
'Boto', 'https_validate_certificates'))
global_context_config = context_config.get_context_config()
if global_context_config and global_context_config.use_client_certificate:
http.add_certificate(
key=global_context_config.client_cert_path,
cert=global_context_config.client_cert_path,
domain='',
password=global_context_config.client_cert_password)
return http
def GetApiSelector(self, provider=None):
"""Returns a cs_api_map.ApiSelector based on input and configuration.
Args:
provider: Provider to return the ApiSelector for. If None, class-wide
default is used.
Returns:
cs_api_map.ApiSelector that will be used for calls to the delegator
for this provider.
"""
selected_provider = provider or self.provider
if not selected_provider:
raise ArgumentException('No provider selected for CloudApi')
if (selected_provider not in self.api_map[ApiMapConstants.DEFAULT_MAP]
or self.api_map[ApiMapConstants.DEFAULT_MAP][selected_provider]
not in self.api_map[ApiMapConstants.API_MAP][selected_provider]
):
raise ArgumentException(
'No default api available for provider %s' % selected_provider)
if selected_provider not in self.api_map[ApiMapConstants.SUPPORT_MAP]:
raise ArgumentException(
'No supported apis available for provider %s' %
selected_provider)
api = self.api_map[ApiMapConstants.DEFAULT_MAP][selected_provider]
using_gs_hmac = (
provider == 'gs'
and not config.has_option('Credentials', 'gs_oauth2_refresh_token')
and
not (config.has_option('Credentials', 'gs_service_client_id')
and config.has_option('Credentials', 'gs_service_key_file'))
and (config.has_option('Credentials', 'gs_access_key_id')
and config.has_option('Credentials', 'gs_secret_access_key')))
configured_encryption = (
provider == 'gs'
and (config.has_option('GSUtil', 'encryption_key')
or config.has_option('GSUtil', 'decryption_key1')))
if using_gs_hmac and configured_encryption:
raise CommandException(
'gsutil does not support HMAC credentials with customer-supplied '
'encryption keys (CSEK) or customer-managed KMS encryption keys '
'(CMEK). Please generate and include non-HMAC credentials '
'in your .boto configuration file, or to access public encrypted '
'objects, remove your HMAC credentials.')
# If we have only HMAC credentials for Google Cloud Storage, we must use
# the XML API as the JSON API does not support HMAC.
#
# Technically if we have only HMAC credentials, we should still be able to
# access public read resources via the JSON API, but the XML API can do
# that just as well. It is better to use it than inspect the credentials on
# every HTTP call.
elif using_gs_hmac:
api = ApiSelector.XML
# CSEK and CMEK encryption keys are currently only supported in the
# JSON API implementation (GcsJsonApi). We can't stop XML API users from
# interacting with encrypted objects, since we don't know the object is
# encrypted until after the API call is made, but if they specify
# configuration values we will use JSON.
elif configured_encryption:
api = ApiSelector.JSON
# Try to force the user's preference to a supported API.
elif self.prefer_api in (
self.api_map[ApiMapConstants.SUPPORT_MAP][selected_provider]):
api = self.prefer_api
if (api == ApiSelector.XML and context_config.get_context_config() and
context_config.get_context_config().use_client_certificate):
raise ArgumentException(
'User enabled mTLS by setting "use_client_certificate", but mTLS'
' is not supported for the selected XML API. Try configuring for '
' the GCS JSON API or setting "use_client_certificate" to "False" in'
' the Boto config.')
return api
