Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement opt-in unsigned requests for clients. #448

Merged
merged 3 commits into from
Feb 5, 2015
Merged

Implement opt-in unsigned requests for clients. #448

merged 3 commits into from
Feb 5, 2015

Conversation

danielgtaylor
Copy link
Member

This change makes it possible to override the signature version at client
creation time using a parameter. It also introduces the concept of an
advanced configuration object for clients:

import botocore
from botocore.client import Config

config = Config(signature_version=botocore.UNSIGNED)
s3 = session.create_client('s3', config=config)

This does not move any existing parameters into the advanced
configuration object, and thus is not yet a breaking change. It
does include the following:

  • Adds botocore.UNSIGNED as a sentinel to disable signing
  • Updates botocore.handlers.disable_signing to use botocore.UNSIGNED
  • Adds a botocore.client.Config object to store signature version
  • Modifies client creation to use this new config
  • Updated / new unit tests

cc @jamesls @kyleknap

@danielgtaylor
Implement opt-in unsigned requests for clients.
50e044d 
This change makes it possible to override the signature version at client
creation time using a parameter. It also introduces the concept of an
advanced configuration object for clients:

```python
import botocore
from botocore.client import Config

config = Config(signature_version=botocore.UNSIGNED)
s3 = session.create_client('s3', config=config)
```

This does **not** move any existing parameters into the advanced
configuration object, and thus is not yet a breaking change. It
does include the following:

* Adds `botocore.UNSIGNED` as a sentinel to disable signing
* Updates `botocore.handlers.disable_signing` to use `botocore.UNSIGNED`
* Adds a `botocore.client.Config` object to store signature version
* Modifies client creation to use this new config
* Updated / new unit tests
@danielgtaylor danielgtaylor self-assigned this Feb 3, 2015
@coveralls
Copy link

Coverage Status

Coverage remained the same at 94.22% when pulling 50e044d on anon-clients into a61109f on develop.

jamesls
jamesls reviewed Feb 3, 2015
View reviewed changes
tests/unit/test_session.py
@@ -367,6 +367,15 @@ def test_credential_provider_not_called_when_creds_provided(self):
"explicit credentials were provided to the "
"create_client call.")

@mock.patch('botocore.client.ClientCreator')
def test_config_passed_to_client_creator(self, client_creator):
config = mock.Mock()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've discussed in the past not mocking value objects. Let's just use the actual Config object here.

@coveralls
Copy link

Coverage Status

Coverage remained the same at 94.22% when pulling ac0df2d on anon-clients into a61109f on develop.

@danielgtaylor
Copy link
Member Author

@jamesls @kyleknap please have another look 👍

kyleknap
kyleknap reviewed Feb 4, 2015
View reviewed changes
botocore/signers.py
@@ -86,7 +87,7 @@ def sign(self, operation_name, request):
signature_version=signature_version, request_signer=self)

# Sign the request if the signature version isn't None or blank
if signature_version:
if signature_version != botocore.UNSIGNED:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this affect the CLI? We set the endpoint's signature version to None. You can check real quick by running this test: https:/aws/aws-cli/blob/develop/tests/integration/customizations/s3/test_plugin.py#L1594

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given it's now a sentinel, we should be using identity checks instead of equality check (signature_version is not botocore.UNSIGNED)

@kyleknap
Copy link
Contributor

kyleknap commented Feb 4, 2015

This looks good to me. 🚢 If the integration test that I pointed out does fail, a subsequent pull request will have to be made to change None to UNSIGNED when using the --no-sign-request option.

@danielgtaylor danielgtaylor mentioned this pull request Feb 5, 2015
Merged
@danielgtaylor
Copy link
Member Author

@kyleknap good call. I've created an associated pull request with the CLI for this. After it's been reviewed I'll merge in both.

jamesls
jamesls reviewed Feb 5, 2015
View reviewed changes
tests/unit/test_signers.py
@@ -118,7 +119,8 @@ def test_disable_signing(self):
# Returning a blank string from choose-signer disabled signing!
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment is no longer accurate.

@jamesls
Copy link
Member

jamesls commented Feb 5, 2015

Looks good, just a couple small things. :shipit:

danielgtaylor added a commit that referenced this pull request Feb 5, 2015
@danielgtaylor
Merge pull request #448 from boto/anon-clients
8192ecf 
Implement opt-in unsigned requests for clients.
@danielgtaylor danielgtaylor merged commit 8192ecf into develop Feb 5, 2015
@danielgtaylor danielgtaylor deleted the anon-clients branch February 5, 2015 23:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@danielgtaylor danielgtaylor

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@danielgtaylor @coveralls @kyleknap @jamesls