| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
PEP8 fixes to various common modules. Fixes #2611.
|
| | |
|
|/
|
|
| |
For Sigv4 urls, custom metadata headers were not being presigned correctly.
|
| |
|
|
|
|
|
|
| |
This fixes #2520 by checking whether headers are `bytes` and decoding
them before performing string operations. It adds a new test covering
this functionality which now passes on all supported Python versions.
|
| |
|
|
|
|
|
|
| |
2.32.0 introduces this error - several updates to encode
self._provider.secret_key, but one too many that attempt to encode
self._provider itself.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This updates most of the code to be forward-compatible with Python 3.3 and
3.4 while still continuing to support 2.6 and 2.7. It **drops** support for
Python 2.5.
Python 3 support is added for common Boto modules (`boto/*.py`) as well as
S3, SQS, Kinesis and CloudTrail. Several other modules may work but have
not been thoroughly tested.
The `tox` configuration has been updated to run tests for all supported
environments, and for now a whitelist is used for Python 3 unit tests.
A new porting guide is included to help community members port other
modules to Python 3, and both the README and Sphinx index list which
modules currently support Python 3.
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
Prevent implicit string decode in hmac-v4 handlers. Fixes #2037, #2033.
|
| | |
|
| | |
|
|\ \
| | |
| | |
| | | |
Fixes #2042, #1943.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The if/else logic in add_auth on line 491 only handles if qs and POST.
But if you're POSTing with no query string, execution falls into the else condition on line 497 and an unnecessary '?' is added with a blank query string.
My elastictranscoder.create_job calls were failing due to the unnecessary '?' in the path. It would return:
JSONResponseError: 403 Forbidden
{u'message': u"When Content-Type:application/x-www-form-urlencoded, URL cannot include query-string parameters (after '?'): '/2012-09-25/jobs?'"}
I'm not sure why, but the bug only happens when running on Google App Engine. My local dev_appserver was able to make the create_job request just fine.
|
| | | |
|
| |/
|/| |
|
| | |
|
|/ |
|
|\ |
|
| | |
|
| |
| |
| | |
Just a bit.
|
| | |
|
| | |
|
|\ \ |
|
| |/ |
|
|/
|
|
| |
Fixes #1918.
|
|
|
|
| |
new connections.
|
| |
|
|
|
|
|
|
|
|
| |
added region information to the __init__.py for each service
additional updates supporting govcloud functionality:
- update auth.py HmacAuthV4Handler to return the correct region name
- update iam/connection.py to return the correct IAM signin url for govcloud
|
|
|
|
|
|
| |
normpath in windows used backslashes '\' instead of '/' which cause dynamodb connection to fail
Conflicts:
boto/auth.py
|
| |
|
|
|
|
| |
This reverts commit dec541f7e56506342394e466fa6e9d9805dd77fb.
|
| |
|
|
|
|
| |
os.path.normpath converts forward-slashes to backward-slashes
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
When picking up credentials from an IAM instance role,
need to add header x-amz-security-token to the request.
Otherwise you get InvalidClientTokenId.
|
|
|
|
| |
requested capability
|
|
|
|
|
|
|
|
| |
For Signature version 4, you can now explicitly set
the region_name/service_name that's used for generating
the signature. If these attributes are set, then the
endpoint url is not used for determining the appropriate
credential scope.
|
|
|
|
|
|
| |
The sigv4 spec states that the canonical_query_string
should be sorted by the param keys only. Boto was
previously using 'key=value' as the sort key.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I ran into this problem when digging into why AWS was returning HTTP 505 Version Not Supported
responses for autoscaling's CreateLaunchConfiguration action. In past cases it looks like this
error has occurred when the query string of GET requests exceed some threshold (AWS likely reads a
fixed size and takes the last 5 bytes on the first line as the HTTP version). Although the
AWSQueryConnection.get_object call was set to use POST the actual request consisted of a POST with
all of the parameters in the query string.
In researching this I figured out the logic to actually map request parameters into the query string
(GET requests) or into the request body (POST requests) actually occurs in the add_auth call in
_mexe shortly before the request is issued to Amazon. For HmacAuthV4Handler there was no special
POST request handling so parameters always came in as query strings with the method 'POST'.
This patch does the following:
(1) Moves the query string / request body manipulation on HmacAuthV4Handler to before the
canonical_request is calculated so that the request body signature is correctly generated.
(2) Updates the canonical_uri to look at req.auth_path instead of req.path. Since the query
string manipulation is occuring before the request is signed now we need to use the cached version
of this field that is set aside for authentication already.
(3) Modify canonical_query_string to return '' when a POST request is used. This is because the
parameters in a POST request will now be part of the body when calculating the canonical_request to
sign.
This appears to do the right thing in the cases I've tested. It does blow away the contents of
request.body when their is a query string present so if anything ever attempts to make a POST call
with both params and data set bad things could happen. This is just copying the behaviour already
present in QuerySignatureHelper when a POST request is processed.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For sigv4, when computing the cononical headers, any inner
whitespace should be condensed to a single whitespace:
'x-amz-foo: foo bar baz'
'x-amx-foo: foo bar baz'
Otherwise the signature will be incorrect.
|