Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement opt-in unsigned requests for clients. #448

Merged
merged 3 commits into from
Feb 5, 2015
Merged

Conversation

danielgtaylor
Copy link
Member

This change makes it possible to override the signature version at client
creation time using a parameter. It also introduces the concept of an
advanced configuration object for clients:

import botocore
from botocore.client import Config

config = Config(signature_version=botocore.UNSIGNED)
s3 = session.create_client('s3', config=config)

This does not move any existing parameters into the advanced
configuration object, and thus is not yet a breaking change. It
does include the following:

  • Adds botocore.UNSIGNED as a sentinel to disable signing
  • Updates botocore.handlers.disable_signing to use botocore.UNSIGNED
  • Adds a botocore.client.Config object to store signature version
  • Modifies client creation to use this new config
  • Updated / new unit tests

cc @jamesls @kyleknap

This change makes it possible to override the signature version at client
creation time using a parameter. It also introduces the concept of an
advanced configuration object for clients:

```python
import botocore
from botocore.client import Config

config = Config(signature_version=botocore.UNSIGNED)
s3 = session.create_client('s3', config=config)
```

This does **not** move any existing parameters into the advanced
configuration object, and thus is not yet a breaking change. It
does include the following:

* Adds `botocore.UNSIGNED` as a sentinel to disable signing
* Updates `botocore.handlers.disable_signing` to use `botocore.UNSIGNED`
* Adds a `botocore.client.Config` object to store signature version
* Modifies client creation to use this new config
* Updated / new unit tests
@danielgtaylor danielgtaylor self-assigned this Feb 3, 2015
@coveralls
Copy link

Coverage Status

Coverage remained the same at 94.22% when pulling 50e044d on anon-clients into a61109f on develop.

@@ -367,6 +367,15 @@ def test_credential_provider_not_called_when_creds_provided(self):
"explicit credentials were provided to the "
"create_client call.")

@mock.patch('botocore.client.ClientCreator')
def test_config_passed_to_client_creator(self, client_creator):
config = mock.Mock()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've discussed in the past not mocking value objects. Let's just use the actual Config object here.

@coveralls
Copy link

Coverage Status

Coverage remained the same at 94.22% when pulling ac0df2d on anon-clients into a61109f on develop.

@danielgtaylor
Copy link
Member Author

@jamesls @kyleknap please have another look 👍

@@ -86,7 +87,7 @@ def sign(self, operation_name, request):
signature_version=signature_version, request_signer=self)

# Sign the request if the signature version isn't None or blank
if signature_version:
if signature_version != botocore.UNSIGNED:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this affect the CLI? We set the endpoint's signature version to None. You can check real quick by running this test: https://github.com/aws/aws-cli/blob/develop/tests/integration/customizations/s3/test_plugin.py#L1594

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given it's now a sentinel, we should be using identity checks instead of equality check (signature_version is not botocore.UNSIGNED)

@kyleknap
Copy link
Contributor

kyleknap commented Feb 4, 2015

This looks good to me. 🚢 If the integration test that I pointed out does fail, a subsequent pull request will have to be made to change None to UNSIGNED when using the --no-sign-request option.

@danielgtaylor
Copy link
Member Author

@kyleknap good call. I've created an associated pull request with the CLI for this. After it's been reviewed I'll merge in both.

@@ -118,7 +119,8 @@ def test_disable_signing(self):
# Returning a blank string from choose-signer disabled signing!
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment is no longer accurate.

@jamesls
Copy link
Member

jamesls commented Feb 5, 2015

Looks good, just a couple small things. :shipit:

danielgtaylor added a commit that referenced this pull request Feb 5, 2015
Implement opt-in unsigned requests for clients.
@danielgtaylor danielgtaylor merged commit 8192ecf into develop Feb 5, 2015
@danielgtaylor danielgtaylor deleted the anon-clients branch February 5, 2015 23:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants