From 774d40d1147802efdea407f07576993582e4b179 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Wed, 27 Feb 2019 11:40:07 -0500 Subject: [PATCH 1/4] boto3: use getboolean() for is_secure Signed-off-by: Casey Bodley --- s3tests_boto3/functional/__init__.py | 2 +- s3tests_boto3/functional/test_s3.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/s3tests_boto3/functional/__init__.py b/s3tests_boto3/functional/__init__.py index 9b5abf9..33abfa6 100644 --- a/s3tests_boto3/functional/__init__.py +++ b/s3tests_boto3/functional/__init__.py @@ -155,7 +155,7 @@ def setup(): # vars from the DEFAULT section config.default_host = defaults.get("host") config.default_port = int(defaults.get("port")) - config.default_is_secure = defaults.get("is_secure") + config.default_is_secure = cfg.getboolean('DEFAULT', "is_secure") # vars from the main section config.main_access_key = cfg.get('s3 main',"access_key") diff --git a/s3tests_boto3/functional/test_s3.py b/s3tests_boto3/functional/test_s3.py index 7ba4545..13fb300 100644 --- a/s3tests_boto3/functional/test_s3.py +++ b/s3tests_boto3/functional/test_s3.py @@ -6189,7 +6189,7 @@ def _simple_http_req_100_cont(host, port, is_secure, method, resource): ) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - if(is_secure == True): + if is_secure: s = ssl.wrap_socket(s); s.settimeout(5) s.connect((host, port)) From ac18365f7527e2fcf76ad763502130ef4e535ca5 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Tue, 26 Feb 2019 15:57:19 -0500 Subject: [PATCH 2/4] boto3: use https:// for secure endpoints Signed-off-by: Casey Bodley --- s3tests_boto3/functional/__init__.py | 34 ++++++++-------------------- 1 file changed, 10 insertions(+), 24 deletions(-) diff --git a/s3tests_boto3/functional/__init__.py b/s3tests_boto3/functional/__init__.py index 33abfa6..54bf0d1 100644 --- a/s3tests_boto3/functional/__init__.py +++ b/s3tests_boto3/functional/__init__.py @@ -157,6 +157,9 @@ def setup(): config.default_port = int(defaults.get("port")) config.default_is_secure = cfg.getboolean('DEFAULT', "is_secure") + proto = 'https' if config.default_is_secure else 'http' + config.default_endpoint = "%s://%s:%d" % (proto, config.default_host, config.default_port) + # vars from the main section config.main_access_key = cfg.get('s3 main',"access_key") config.main_secret_key = cfg.get('s3 main',"secret_key") @@ -211,25 +214,20 @@ def get_client(client_config=None): if client_config == None: client_config = Config(signature_version='s3v4') - endpoint_url = "http://%s:%d" % (config.default_host, config.default_port) - client = boto3.client(service_name='s3', aws_access_key_id=config.main_access_key, aws_secret_access_key=config.main_secret_key, - endpoint_url=endpoint_url, + endpoint_url=config.default_endpoint, use_ssl=config.default_is_secure, verify=False, config=client_config) return client def get_v2_client(): - - endpoint_url = "http://%s:%d" % (config.default_host, config.default_port) - client = boto3.client(service_name='s3', aws_access_key_id=config.main_access_key, aws_secret_access_key=config.main_secret_key, - endpoint_url=endpoint_url, + endpoint_url=config.default_endpoint, use_ssl=config.default_is_secure, verify=False, config=Config(signature_version='s3')) @@ -239,12 +237,10 @@ def get_alt_client(client_config=None): if client_config == None: client_config = Config(signature_version='s3v4') - endpoint_url = "http://%s:%d" % (config.default_host, config.default_port) - client = boto3.client(service_name='s3', aws_access_key_id=config.alt_access_key, aws_secret_access_key=config.alt_secret_key, - endpoint_url=endpoint_url, + endpoint_url=config.default_endpoint, use_ssl=config.default_is_secure, verify=False, config=client_config) @@ -254,38 +250,30 @@ def get_tenant_client(client_config=None): if client_config == None: client_config = Config(signature_version='s3v4') - endpoint_url = "http://%s:%d" % (config.default_host, config.default_port) - client = boto3.client(service_name='s3', aws_access_key_id=config.tenant_access_key, aws_secret_access_key=config.tenant_secret_key, - endpoint_url=endpoint_url, + endpoint_url=config.default_endpoint, use_ssl=config.default_is_secure, verify=False, config=client_config) return client def get_unauthenticated_client(): - - endpoint_url = "http://%s:%d" % (config.default_host, config.default_port) - client = boto3.client(service_name='s3', aws_access_key_id='', aws_secret_access_key='', - endpoint_url=endpoint_url, + endpoint_url=config.default_endpoint, use_ssl=config.default_is_secure, verify=False, config=Config(signature_version=UNSIGNED)) return client def get_bad_auth_client(aws_access_key_id='badauth'): - - endpoint_url = "http://%s:%d" % (config.default_host, config.default_port) - client = boto3.client(service_name='s3', aws_access_key_id=aws_access_key_id, aws_secret_access_key='roflmao', - endpoint_url=endpoint_url, + endpoint_url=config.default_endpoint, use_ssl=config.default_is_secure, verify=False, config=Config(signature_version='s3v4')) @@ -314,12 +302,10 @@ def get_new_bucket_resource(name=None): Always recreates a bucket from scratch. This is useful to also reset ACLs and such. """ - endpoint_url = "http://%s:%d" % (config.default_host, config.default_port) - s3 = boto3.resource('s3', use_ssl=False, verify=False, - endpoint_url=endpoint_url, + endpoint_url=config.default_endpoint, aws_access_key_id=config.main_access_key, aws_secret_access_key=config.main_secret_key) if name is None: From 7f49adda30c2b68c7bb94c823f0522c0c91d8e96 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Tue, 26 Feb 2019 16:25:28 -0500 Subject: [PATCH 3/4] boto3: _get_post_url() uses config endpoint Signed-off-by: Casey Bodley --- s3tests_boto3/functional/__init__.py | 3 +++ s3tests_boto3/functional/test_s3.py | 15 +++------------ 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/s3tests_boto3/functional/__init__.py b/s3tests_boto3/functional/__init__.py index 54bf0d1..78109ac 100644 --- a/s3tests_boto3/functional/__init__.py +++ b/s3tests_boto3/functional/__init__.py @@ -339,6 +339,9 @@ def get_config_host(): def get_config_port(): return config.default_port +def get_config_endpoint(): + return config.default_endpoint + def get_main_aws_access_key(): return config.main_access_key diff --git a/s3tests_boto3/functional/test_s3.py b/s3tests_boto3/functional/test_s3.py index 13fb300..3038a84 100644 --- a/s3tests_boto3/functional/test_s3.py +++ b/s3tests_boto3/functional/test_s3.py @@ -50,6 +50,7 @@ from . import ( get_config_is_secure, get_config_host, get_config_port, + get_config_endpoint, get_main_aws_access_key, get_main_aws_secret_key, get_main_display_name, @@ -1360,18 +1361,8 @@ def test_object_write_file(): eq(body, 'bar') def _get_post_url(bucket_name): - protocol='http' - is_secure = get_config_is_secure() - - if is_secure is True: - protocol='https' - - host = get_config_host() - port = get_config_port() - - url = '{protocol}://{host}:{port}/{bucket_name}'.format(protocol=protocol,\ - host=host, port=port, bucket_name=bucket_name) - return url + endpoint = get_config_endpoint() + return '{endpoint}/{bucket_name}'.format(endpoint=endpoint, bucket_name=bucket_name) @attr(resource='object') @attr(method='post') From 0e04dcd6aa62d75a7ed29c6f86e54327d2a34ee0 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Wed, 27 Feb 2019 11:41:28 -0500 Subject: [PATCH 4/4] boto3: verify certificates for ssl connections Signed-off-by: Casey Bodley --- s3tests_boto3/functional/__init__.py | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/s3tests_boto3/functional/__init__.py b/s3tests_boto3/functional/__init__.py index 78109ac..9f7f193 100644 --- a/s3tests_boto3/functional/__init__.py +++ b/s3tests_boto3/functional/__init__.py @@ -219,7 +219,6 @@ def get_client(client_config=None): aws_secret_access_key=config.main_secret_key, endpoint_url=config.default_endpoint, use_ssl=config.default_is_secure, - verify=False, config=client_config) return client @@ -229,7 +228,6 @@ def get_v2_client(): aws_secret_access_key=config.main_secret_key, endpoint_url=config.default_endpoint, use_ssl=config.default_is_secure, - verify=False, config=Config(signature_version='s3')) return client @@ -242,7 +240,6 @@ def get_alt_client(client_config=None): aws_secret_access_key=config.alt_secret_key, endpoint_url=config.default_endpoint, use_ssl=config.default_is_secure, - verify=False, config=client_config) return client @@ -255,7 +252,6 @@ def get_tenant_client(client_config=None): aws_secret_access_key=config.tenant_secret_key, endpoint_url=config.default_endpoint, use_ssl=config.default_is_secure, - verify=False, config=client_config) return client @@ -265,7 +261,6 @@ def get_unauthenticated_client(): aws_secret_access_key='', endpoint_url=config.default_endpoint, use_ssl=config.default_is_secure, - verify=False, config=Config(signature_version=UNSIGNED)) return client @@ -275,7 +270,6 @@ def get_bad_auth_client(aws_access_key_id='badauth'): aws_secret_access_key='roflmao', endpoint_url=config.default_endpoint, use_ssl=config.default_is_secure, - verify=False, config=Config(signature_version='s3v4')) return client @@ -303,11 +297,10 @@ def get_new_bucket_resource(name=None): reset ACLs and such. """ s3 = boto3.resource('s3', - use_ssl=False, - verify=False, - endpoint_url=config.default_endpoint, aws_access_key_id=config.main_access_key, - aws_secret_access_key=config.main_secret_key) + aws_secret_access_key=config.main_secret_key, + endpoint_url=config.default_endpoint, + use_ssl=config.default_is_secure) if name is None: name = get_new_bucket_name() bucket = s3.Bucket(name)