Generate url #504
Generate url #504
Conversation
| # We only want to include relevant headers in the query string. | ||
| # These can be anything that starts with x-amz, is Content-MD5, | ||
| # or is Content-Type. | ||
| elif lk.startswith('x-amz-') or lk in ['content-md5', |
There was a problem hiding this comment.
I considered abstracting a public method out in HmacV1Auth, but I was trying to avoid touching existing code. The bottom line is that the auth class picks what headers it will sign for (much like the sigv4 signer), but it just does not have a public headers_to_sign method. I can add one though.
|
So the commits I recently pushed are for the ability to presign s3 post (both sigv2 and sigv4). The public method is One thing that would be great to get your opinions on is the interface in general. I feel that it is a little weird that the method is attached to the general signing class, but only applies to s3. Ideally for me, there would be some isolation between this method and the general signer class (because it only applies to s3 posts) but I have not been able to think of a better way. Maybe I can check that the service of the signer is |
|
In the latest commit, I exposed some client level methods, |
| if conditions is None: | ||
| conditions = [] | ||
|
|
||
| request_signer = client._request_signer |
There was a problem hiding this comment.
I realize that these are internal. However, we will get access to them when we add the appropriate event for adding methods to classes.
|
|
||
| # We choose the CreateBucket operation model because its url gets | ||
| # serialized to what a presign post requires. | ||
| operation_model = client.meta.service_model.operation_model('CreateBucket') |
There was a problem hiding this comment.
I considered creating my own model for this. However, I felt CreateBucket is suitable. All I really need is the url when I serialize the request and the CreateBucket serialization is exactly how I need the url serialized. Let me know if you want me to change this.
| [{"acl": "public-read"}, | ||
| {"bucket": "mybucket"}, | ||
| ["starts-with", "$key", "mykey"]]) | ||
| self.assertIn('signature', result_fields) |
There was a problem hiding this comment.
I did not assert do assert equal because we dump a dictionary to json and there is no guarantee that gets dumped the same each time unless you order the json elements, which is not needed functionality-wise.
| @@ -23,6 +23,7 @@ | |||
| import functools | |||
| import time | |||
| import calendar | |||
| import json | |||
There was a problem hiding this comment.
from botocore.compat import json
|
Overall looks good, just some minor review feedback. As far as the interface goes, I'd prefer to just have a separate class that does the s3 post forms stuff. I agree that it doesn't feel right having it in the general signer class. |
Allows users to presign a url. Converted existing customizations and tests to use the presigner as well.
The presigner only supports get requests.
Also updated code based on feedback.
|
Alright in the very latest commit I did two things:
With these additions presigning is officially available in boto3 as well. Let me know what you think. @jamesls @danielgtaylor |
| @@ -1,6 +1,7 @@ | |||
| """Abstractions to interact with service models.""" | |||
| from collections import defaultdict | |||
|
|
|||
| from botocore import xform_name | |||
There was a problem hiding this comment.
Nah. It did not get cleaned up after I removed the client_name_to_operation_name function I added to the model. Will remove
|
Just a few minor comments. LGTM 👍 |
|
Just some small stuff, otherwise looks good. |
|
@danielgtaylor |
|
Thanks, LGTM 🚢-it! |
|
It would be great, if the method would allow also absolute expiration time. Adding additional parameter |
So this pull request is to expose an interface for supporting presigned url. Note that this PR does not include support for s3's presigned POST's. With this interface, in order to generate a presigned url. All you need is a
RequestSigner. With theRequestSigneryou can callgenerate_url()method that takes in a request dictionary (from the serializer and prepare_request_dict) and will return a url that is presigned. Note that I considered calling the methodpresign_url(), but I decided to name it how boto does. You also have the option to specify how many seconds till the url expires and if you want to sign with a different region name.Also, this PR removes the last of the skips in the integration test for the clients-only branch.
cc @jamesls @danielgtaylor