Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge branch 'release-2.18.0'

  • Loading branch information...
commit bc48be4b533357c741f223683095e576f3d9ef0c 2 parents 0172b41 + cb76bf8
@danielgtaylor danielgtaylor authored
View
4 README.rst
@@ -1,9 +1,9 @@
####
boto
####
-boto 2.17.0
+boto 2.18.0
-Released: 14-November-2013
+Released: 22-November-2013
.. image:: https://travis-ci.org/boto/boto.png?branch=develop
:target: https://travis-ci.org/boto/boto
View
2  boto/__init__.py
@@ -36,7 +36,7 @@
import urlparse
from boto.exception import InvalidUriError
-__version__ = '2.17.0'
+__version__ = '2.18.0'
Version = __version__ # for backware compatibility
UserAgent = 'Boto/%s Python/%s %s/%s' % (
View
16 boto/beanstalk/layer1.py
@@ -245,14 +245,6 @@ def create_environment(self, application_name, environment_name,
version to be deployed. If no application is found with this name,
CreateEnvironment returns an InvalidParameterValue error.
- :type version_label: string
- :param version_label: The name of the application version to deploy. If
- the specified application has no associated application versions,
- AWS Elastic Beanstalk UpdateEnvironment returns an
- InvalidParameterValue error. Default: If not specified, AWS
- Elastic Beanstalk attempts to launch the most recently created
- application version.
-
:type environment_name: string
:param environment_name: A unique name for the deployment environment.
Used in the application URL. Constraint: Must be from 4 to 23
@@ -264,6 +256,14 @@ def create_environment(self, application_name, environment_name,
name becomes part of the CNAME, and therefore part of the visible
URL for your application.
+ :type version_label: string
+ :param version_label: The name of the application version to deploy. If
+ the specified application has no associated application versions,
+ AWS Elastic Beanstalk UpdateEnvironment returns an
+ InvalidParameterValue error. Default: If not specified, AWS
+ Elastic Beanstalk attempts to launch the most recently created
+ application version.
+
:type template_name: string
:param template_name: The name of the configuration template to
use in deployment. If no configuration template is found with this
View
4 boto/cloudtrail/layer1.py
@@ -128,7 +128,7 @@ def create_trail(self, trail=None):
**TrailAlreadyExists**
- At attempt was made to create a trail with a name that already
+ An attempt was made to create a trail with a name that already
exists.
**S3BucketDoesNotExist**
@@ -138,7 +138,7 @@ def create_trail(self, trail=None):
**InsufficientS3BucketPolicy**
Policy on Amazon S3 bucket does not permit CloudTrail to write
- to your bucket. See the AWS AWS CloudTrail User Guide for the
+ to your bucket. See the AWS CloudTrail User Guide for the
required bucket policy.
**InsufficientSnsTopicPolicy**
View
3  boto/connection.py
@@ -372,7 +372,8 @@ def authorize(self, connection, **kwargs):
for key in self.headers:
val = self.headers[key]
if isinstance(val, unicode):
- self.headers[key] = urllib.quote_plus(val.encode('utf-8'))
+ safe = '!"#$%&\'()*+,/:;<=>?@[\\]^`{|}~'
+ self.headers[key] = urllib.quote_plus(val.encode('utf-8'), safe)
connection._auth_handler.add_auth(self, **kwargs)
View
2  boto/ec2/cloudwatch/__init__.py
@@ -117,7 +117,7 @@ def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
validate_certs=validate_certs)
def _required_auth_capability(self):
- return ['ec2']
+ return ['hmac-v4']
def build_dimension_param(self, dimension, params):
prefix = 'Dimensions.member'
View
14 boto/ec2/connection.py
@@ -62,6 +62,7 @@
from boto.ec2.volumestatus import VolumeStatusSet
from boto.ec2.networkinterface import NetworkInterface
from boto.ec2.attributes import AccountAttribute, VPCAttribute
+from boto.ec2.blockdevicemapping import BlockDeviceMapping, BlockDeviceType
from boto.exception import EC2ResponseError
#boto.set_stream_logger('ec2')
@@ -260,7 +261,8 @@ def get_image(self, image_id, dry_run=False):
def register_image(self, name=None, description=None, image_location=None,
architecture=None, kernel_id=None, ramdisk_id=None,
root_device_name=None, block_device_map=None,
- dry_run=False, virtualization_type=None):
+ dry_run=False, virtualization_type=None,
+ snapshot_id=None):
"""
Register an image.
@@ -299,6 +301,11 @@ def register_image(self, name=None, description=None, image_location=None,
* paravirtual
* hvm
+ :type snapshot_id: string
+ :param snapshot_id: A snapshot ID for the snapshot to be used
+ as root device for the image. Mutually exclusive with
+ block_device_map, requires root_device_name
+
:rtype: string
:return: The new image id
"""
@@ -317,12 +324,17 @@ def register_image(self, name=None, description=None, image_location=None,
params['ImageLocation'] = image_location
if root_device_name:
params['RootDeviceName'] = root_device_name
+ if snapshot_id:
+ root_vol = BlockDeviceType(snapshot_id=snapshot_id)
+ block_device_map = BlockDeviceMapping()
+ block_device_map[root_device_name] = root_vol
if block_device_map:
block_device_map.ec2_build_list_params(params)
if dry_run:
params['DryRun'] = 'true'
if virtualization_type:
params['VirtualizationType'] = virtualization_type
+
rs = self.get_object('RegisterImage', params, ResultSet, verb='POST')
image_id = getattr(rs, 'imageId', None)
View
70 boto/ec2/elb/__init__.py
@@ -390,6 +390,76 @@ def disable_availability_zones(self, load_balancer_name, zones_to_remove):
params, LoadBalancerZones)
return obj.zones
+ def modify_lb_attribute(self, load_balancer_name, attribute, value):
+ """Changes an attribute of a Load Balancer
+
+ :type load_balancer_name: string
+ :param load_balancer_name: The name of the Load Balancer
+
+ :type attribute: string
+ :param attribute: The attribute you wish to change.
+
+ * crossZoneLoadBalancing - Boolean (true)
+
+ :type value: string
+ :param value: The new value for the attribute
+
+ :rtype: bool
+ :return: Whether the operation succeeded or not
+ """
+
+ bool_reqs = ('crosszoneloadbalancing',)
+ if attribute.lower() in bool_reqs:
+ if isinstance(value, bool):
+ if value:
+ value = 'true'
+ else:
+ value = 'false'
+
+ params = {'LoadBalancerName': load_balancer_name}
+ if attribute.lower() == 'crosszoneloadbalancing':
+ params['LoadBalancerAttributes.CrossZoneLoadBalancing.Enabled'
+ ] = value
+ else:
+ raise ValueError('InvalidAttribute', attribute)
+ return self.get_status('ModifyLoadBalancerAttributes', params,
+ verb='GET')
+
+ def get_all_lb_attributes(self, load_balancer_name):
+ """Gets all Attributes of a Load Balancer
+
+ :type load_balancer_name: string
+ :param load_balancer_name: The name of the Load Balancer
+
+ :rtype: boto.ec2.elb.attribute.LbAttributes
+ :return: The attribute object of the ELB.
+ """
+ from boto.ec2.elb.attributes import LbAttributes
+ params = {'LoadBalancerName': load_balancer_name}
+ return self.get_object('DescribeLoadBalancerAttributes',
+ params, LbAttributes)
+
+ def get_lb_attribute(self, load_balancer_name, attribute):
+ """Gets an attribute of a Load Balancer
+
+ This will make an EC2 call for each method call.
+
+ :type load_balancer_name: string
+ :param load_balancer_name: The name of the Load Balancer
+
+ :type attribute: string
+ :param attribute: The attribute you wish to see.
+
+ * crossZoneLoadBalancing - Boolean
+
+ :rtype: Attribute dependent
+ :return: The new value for the attribute
+ """
+ attributes = self.get_all_lb_attributes(load_balancer_name)
+ if attribute.lower() == 'crosszoneloadbalancing':
+ return attributes.cross_zone_load_balancing.enabled
+ return None
+
def register_instances(self, load_balancer_name, instances):
"""
Add new Instances to an existing Load Balancer.
View
61 boto/ec2/elb/attributes.py
@@ -0,0 +1,61 @@
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish, dis-
+# tribute, sublicense, and/or sell copies of the Software, and to permit
+# persons to whom the Software is furnished to do so, subject to the fol-
+# lowing conditions:
+#
+# The above copyright notice and this permission notice shall be included
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL-
+# ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+# SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+#
+# Created by Chris Huegle for TellApart, Inc.
+
+class CrossZoneLoadBalancingAttribute(object):
+ """
+ Represents the CrossZoneLoadBalancing segement of ELB Attributes.
+ """
+ def __init__(self, connection=None):
+ self.enabled = None
+
+ def __repr__(self):
+ return 'CrossZoneLoadBalancingAttribute(%s)' % (
+ self.enabled)
+
+ def startElement(self, name, attrs, connection):
+ pass
+
+ def endElement(self, name, value, connection):
+ if name == 'Enabled':
+ if value.lower() == 'true':
+ self.enabled = True
+ else:
+ self.enabled = False
+
+class LbAttributes(object):
+ """
+ Represents the Attributes of an Elastic Load Balancer.
+ """
+ def __init__(self, connection=None):
+ self.connection = connection
+ self.cross_zone_load_balancing = CrossZoneLoadBalancingAttribute(
+ self.connection)
+
+ def __repr__(self):
+ return 'LbAttributes(%s)' % (
+ repr(self.cross_zone_load_balancing))
+
+ def startElement(self, name, attrs, connection):
+ if name == 'CrossZoneLoadBalancing':
+ return self.cross_zone_load_balancing
+
+ def endElement(self, name, value, connection):
+ pass
View
53 boto/ec2/elb/loadbalancer.py
@@ -122,6 +122,7 @@ def __init__(self, connection=None, name=None, endpoints=None):
self.vpc_id = None
self.scheme = None
self.backends = None
+ self._attributes = None
def __repr__(self):
return 'LoadBalancer:%s' % self.name
@@ -203,6 +204,58 @@ def disable_zones(self, zones):
new_zones = self.connection.disable_availability_zones(self.name, zones)
self.availability_zones = new_zones
+ def get_attributes(self, force=False):
+ """
+ Gets the LbAttributes. The Attributes will be cached.
+
+ :type force: bool
+ :param force: Ignore cache value and reload.
+
+ :rtype: boto.ec2.elb.attributes.LbAttributes
+ :return: The LbAttribues object
+ """
+ if not self._attributes or force:
+ self._attributes = self.connection.get_all_lb_attributes(self.name)
+ return self._attributes
+
+ def is_cross_zone_load_balancing(self, force=False):
+ """
+ Identifies if the ELB is current configured to do CrossZone Balancing.
+
+ :type force: bool
+ :param force: Ignore cache value and reload.
+
+ :rtype: bool
+ :return: True if balancing is enabled, False if not.
+ """
+ return self.get_attributes(force).cross_zone_load_balancing.enabled
+
+ def enable_cross_zone_load_balancing(self):
+ """
+ Turns on CrossZone Load Balancing for this ELB.
+
+ :rtype: bool
+ :return: True if successful, False if not.
+ """
+ success = self.connection.modify_lb_attribute(
+ self.name, 'crossZoneLoadBalancing', True)
+ if success and self._attributes:
+ self._attributes.cross_zone_load_balancing.enabled = True
+ return success
+
+ def disable_cross_zone_load_balancing(self):
+ """
+ Turns off CrossZone Load Balancing for this ELB.
+
+ :rtype: bool
+ :return: True if successful, False if not.
+ """
+ success = self.connection.modify_lb_attribute(
+ self.name, 'crossZoneLoadBalancing', False)
+ if success and self._attributes:
+ self._attributes.cross_zone_load_balancing.enabled = False
+ return success
+
def register_instances(self, instances):
"""
Adds instances to this load balancer. All instances must be in the same
View
8 boto/gs/bucket.py
@@ -221,6 +221,14 @@ def list_versions(self, prefix='', delimiter='', marker='',
marker, generation_marker,
headers)
+ def validate_get_all_versions_params(self, params):
+ """
+ See documentation in boto/s3/bucket.py.
+ """
+ self.validate_kwarg_names(params,
+ ['version_id_marker', 'delimiter', 'marker',
+ 'generation_marker', 'prefix', 'max_keys'])
+
def delete_key(self, key_name, headers=None, version_id=None,
mfa_token=None, generation=None):
"""
View
125 boto/iam/connection.py
@@ -65,11 +65,16 @@ def get_response(self, action, params, path='/', parent=None,
body = response.read()
boto.log.debug(body)
if response.status == 200:
- e = boto.jsonresponse.Element(list_marker=list_marker,
- pythonize_name=True)
- h = boto.jsonresponse.XmlHandler(e, parent)
- h.parse(body)
- return e
+ if body:
+ e = boto.jsonresponse.Element(list_marker=list_marker,
+ pythonize_name=True)
+ h = boto.jsonresponse.XmlHandler(e, parent)
+ h.parse(body)
+ return e
+ else:
+ # Support empty responses, e.g. deleting a SAML provider
+ # according to the official documentation.
+ return {}
else:
boto.log.error('%s %s' % (response.status, response.reason))
boto.log.error('%s' % body)
@@ -1318,3 +1323,113 @@ def update_assume_role_policy(self, role_name, policy_document):
return self.get_response('UpdateAssumeRolePolicy',
{'RoleName': role_name,
'PolicyDocument': policy_document})
+
+ def create_saml_provider(self, saml_metadata_document, name):
+ """
+ Creates an IAM entity to describe an identity provider (IdP)
+ that supports SAML 2.0.
+
+ The SAML provider that you create with this operation can be
+ used as a principal in a role's trust policy to establish a
+ trust relationship between AWS and a SAML identity provider.
+ You can create an IAM role that supports Web-based single
+ sign-on (SSO) to the AWS Management Console or one that
+ supports API access to AWS.
+
+ When you create the SAML provider, you upload an a SAML
+ metadata document that you get from your IdP and that includes
+ the issuer's name, expiration information, and keys that can
+ be used to validate the SAML authentication response
+ (assertions) that are received from the IdP. You must generate
+ the metadata document using the identity management software
+ that is used as your organization's IdP.
+ This operation requires `Signature Version 4`_.
+ For more information, see `Giving Console Access Using SAML`_
+ and `Creating Temporary Security Credentials for SAML
+ Federation`_ in the Using Temporary Credentials guide.
+
+ :type saml_metadata_document: string
+ :param saml_metadata_document: An XML document generated by an identity
+ provider (IdP) that supports SAML 2.0. The document includes the
+ issuer's name, expiration information, and keys that can be used to
+ validate the SAML authentication response (assertions) that are
+ received from the IdP. You must generate the metadata document
+ using the identity management software that is used as your
+ organization's IdP.
+ For more information, see `Creating Temporary Security Credentials for
+ SAML Federation`_ in the Using Temporary Security Credentials
+ guide.
+
+ :type name: string
+ :param name: The name of the provider to create.
+
+ """
+ params = {
+ 'SAMLMetadataDocument': saml_metadata_document,
+ 'Name': name,
+ }
+ return self.get_response('CreateSAMLProvider', params)
+
+ def list_saml_providers(self):
+ """
+ Lists the SAML providers in the account.
+ This operation requires `Signature Version 4`_.
+ """
+ return self.get_response('ListSAMLProviders', {})
+
+ def get_saml_provider(self, saml_provider_arn):
+ """
+ Returns the SAML provider metadocument that was uploaded when
+ the provider was created or updated.
+ This operation requires `Signature Version 4`_.
+
+ :type saml_provider_arn: string
+ :param saml_provider_arn: The Amazon Resource Name (ARN) of the SAML
+ provider to get information about.
+
+ """
+ params = {'SAMLProviderArn': saml_provider_arn }
+ return self.get_response('GetSAMLProvider', params)
+
+ def update_saml_provider(self, saml_provider_arn, saml_metadata_document):
+ """
+ Updates the metadata document for an existing SAML provider.
+ This operation requires `Signature Version 4`_.
+
+ :type saml_provider_arn: string
+ :param saml_provider_arn: The Amazon Resource Name (ARN) of the SAML
+ provider to update.
+
+ :type saml_metadata_document: string
+ :param saml_metadata_document: An XML document generated by an identity
+ provider (IdP) that supports SAML 2.0. The document includes the
+ issuer's name, expiration information, and keys that can be used to
+ validate the SAML authentication response (assertions) that are
+ received from the IdP. You must generate the metadata document
+ using the identity management software that is used as your
+ organization's IdP.
+
+ """
+ params = {
+ 'SAMLMetadataDocument': saml_metadata_document,
+ 'SAMLProviderArn': saml_provider_arn,
+ }
+ return self.get_response('UpdateSAMLProvider', params)
+
+ def delete_saml_provider(self, saml_provider_arn):
+ """
+ Deletes a SAML provider.
+
+ Deleting the provider does not update any roles that reference
+ the SAML provider as a principal in their trust policies. Any
+ attempt to assume a role that references a SAML provider that
+ has been deleted will fail.
+ This operation requires `Signature Version 4`_.
+
+ :type saml_provider_arn: string
+ :param saml_provider_arn: The Amazon Resource Name (ARN) of the SAML
+ provider to delete.
+
+ """
+ params = {'SAMLProviderArn': saml_provider_arn }
+ return self.get_response('DeleteSAMLProvider', params)
View
42 boto/rds/__init__.py
@@ -516,6 +516,42 @@ def create_dbinstance_read_replica(self, id, source_id,
return self.get_object('CreateDBInstanceReadReplica',
params, DBInstance)
+
+ def promote_read_replica(self, id,
+ backup_retention_period=None,
+ preferred_backup_window=None):
+ """
+ Promote a Read Replica to a standalone DB Instance.
+
+ :type id: str
+ :param id: Unique identifier for the new instance.
+ Must contain 1-63 alphanumeric characters.
+ First character must be a letter.
+ May not end with a hyphen or contain two consecutive hyphens
+
+ :type backup_retention_period: int
+ :param backup_retention_period: The number of days for which automated
+ backups are retained. Setting this to
+ zero disables automated backups.
+
+ :type preferred_backup_window: str
+ :param preferred_backup_window: The daily time range during which
+ automated backups are created (if
+ enabled). Must be in h24:mi-hh24:mi
+ format (UTC).
+
+ :rtype: :class:`boto.rds.dbinstance.DBInstance`
+ :return: The new db instance.
+ """
+ params = {'DBInstanceIdentifier': id}
+ if backup_retention_period is not None:
+ params['BackupRetentionPeriod'] = backup_retention_period
+ if preferred_backup_window:
+ params['PreferredBackupWindow'] = preferred_backup_window
+
+ return self.get_object('PromoteReadReplica', params, DBInstance)
+
+
def modify_dbinstance(self, id, param_group=None, security_groups=None,
preferred_maintenance_window=None,
master_password=None, allocated_storage=None,
@@ -526,6 +562,7 @@ def modify_dbinstance(self, id, param_group=None, security_groups=None,
apply_immediately=False,
iops=None,
vpc_security_groups=None,
+ new_instance_id=None,
):
"""
Modify an existing DBInstance.
@@ -606,6 +643,9 @@ def modify_dbinstance(self, id, param_group=None, security_groups=None,
:param vpc_security_groups: List of VPC security group ids or a
VPCSecurityGroupMembership object this DBInstance should be a member of
+ :type new_instance_id: str
+ :param new_instance_id: New name to rename the DBInstance to.
+
:rtype: :class:`boto.rds.dbinstance.DBInstance`
:return: The modified db instance.
"""
@@ -648,6 +688,8 @@ def modify_dbinstance(self, id, param_group=None, security_groups=None,
params['ApplyImmediately'] = 'true'
if iops:
params['Iops'] = iops
+ if new_instance_id:
+ params['NewDBInstanceIdentifier'] = new_instance_id
return self.get_object('ModifyDBInstance', params, DBInstance)
View
37 boto/s3/bucket.py
@@ -342,10 +342,19 @@ def _get_all(self, element_map, initial_query_string='',
raise self.connection.provider.storage_response_error(
response.status, response.reason, body)
- def _validate_kwarg_names(self, kwargs, names):
+ def validate_kwarg_names(self, kwargs, names):
+ """
+ Checks that all named arguments are in the specified list of names.
+
+ :type kwargs: dict
+ :param kwargs: Dictionary of kwargs to validate.
+
+ :type names: list
+ :param names: List of possible named arguments.
+ """
for kwarg in kwargs:
if kwarg not in names:
- raise TypeError('Invalid argument %s!' % kwarg)
+ raise TypeError('Invalid argument "%s"!' % kwarg)
def get_all_keys(self, headers=None, **params):
"""
@@ -376,8 +385,8 @@ def get_all_keys(self, headers=None, **params):
:return: The result from S3 listing the keys requested
"""
- self._validate_kwarg_names(params, ['maxkeys', 'max_keys', 'prefix',
- 'marker', 'delimiter'])
+ self.validate_kwarg_names(params, ['maxkeys', 'max_keys', 'prefix',
+ 'marker', 'delimiter'])
return self._get_all([('Contents', self.key_class),
('CommonPrefixes', Prefix)],
'', headers, **params)
@@ -415,14 +424,24 @@ def get_all_versions(self, headers=None, **params):
:rtype: ResultSet
:return: The result from S3 listing the keys requested
"""
- self._validate_kwarg_names(params, ['maxkeys', 'max_keys', 'prefix',
- 'key_marker', 'version_id_marker',
- 'delimiter'])
+ self.validate_get_all_versions_params(params)
return self._get_all([('Version', self.key_class),
('CommonPrefixes', Prefix),
('DeleteMarker', DeleteMarker)],
'versions', headers, **params)
+ def validate_get_all_versions_params(self, params):
+ """
+ Validate that the parameters passed to get_all_versions are valid.
+ Overridden by subclasses that allow a different set of parameters.
+
+ :type params: dict
+ :param params: Parameters to validate.
+ """
+ self.validate_kwarg_names(
+ params, ['maxkeys', 'max_keys', 'prefix', 'key_marker',
+ 'version_id_marker', 'delimiter'])
+
def get_all_multipart_uploads(self, headers=None, **params):
"""
A lower-level, version-aware method for listing active
@@ -461,8 +480,8 @@ def get_all_multipart_uploads(self, headers=None, **params):
:return: The result from S3 listing the uploads requested
"""
- self._validate_kwarg_names(params, ['max_uploads', 'key_marker',
- 'upload_id_marker'])
+ self.validate_kwarg_names(params, ['max_uploads', 'key_marker',
+ 'upload_id_marker'])
return self._get_all([('Upload', MultiPartUpload),
('CommonPrefixes', Prefix)],
'uploads', headers, **params)
View
13 boto/s3/key.py
@@ -1623,17 +1623,16 @@ def get_contents_to_filename(self, filename, headers=None,
with the stored object in the response. See
http://goo.gl/EWOPb for details.
"""
- fp = open(filename, 'wb')
try:
- self.get_contents_to_file(fp, headers, cb, num_cb, torrent=torrent,
- version_id=version_id,
- res_download_handler=res_download_handler,
- response_headers=response_headers)
+ with open(filename, 'wb') as fp:
+ self.get_contents_to_file(fp, headers, cb, num_cb,
+ torrent=torrent,
+ version_id=version_id,
+ res_download_handler=res_download_handler,
+ response_headers=response_headers)
except Exception:
os.remove(filename)
raise
- finally:
- fp.close()
# if last_modified date was sent from s3, try to set file's timestamp
if self.last_modified != None:
try:
View
109 boto/sts/connection.py
@@ -338,6 +338,115 @@ def assume_role(self, role_arn, role_session_name, policy=None,
params['ExternalId'] = external_id
return self.get_object('AssumeRole', params, AssumedRole, verb='POST')
+ def assume_role_with_saml(self, role_arn, principal_arn, saml_assertion,
+ policy=None, duration_seconds=None):
+ """
+ Returns a set of temporary security credentials for users who
+ have been authenticated via a SAML authentication response.
+ This operation provides a mechanism for tying an enterprise
+ identity store or directory to role-based AWS access without
+ user-specific credentials or configuration.
+
+ The temporary security credentials returned by this operation
+ consist of an access key ID, a secret access key, and a
+ security token. Applications can use these temporary security
+ credentials to sign calls to AWS services. The credentials are
+ valid for the duration that you specified when calling
+ `AssumeRoleWithSAML`, which can be up to 3600 seconds (1 hour)
+ or until the time specified in the SAML authentication
+ response's `NotOnOrAfter` value, whichever is shorter.
+
+ The maximum duration for a session is 1 hour, and the minimum
+ duration is 15 minutes, even if values outside this range are
+ specified.
+
+ Optionally, you can pass an AWS IAM access policy to this
+ operation. The temporary security credentials that are
+ returned by the operation have the permissions that are
+ associated with the access policy of the role being assumed,
+ except for any permissions explicitly denied by the policy you
+ pass. This gives you a way to further restrict the permissions
+ for the federated user. These policies and any applicable
+ resource-based policies are evaluated when calls to AWS are
+ made using the temporary security credentials.
+
+ Before your application can call `AssumeRoleWithSAML`, you
+ must configure your SAML identity provider (IdP) to issue the
+ claims required by AWS. Additionally, you must use AWS
+ Identity and Access Management (AWS IAM) to create a SAML
+ provider entity in your AWS account that represents your
+ identity provider, and create an AWS IAM role that specifies
+ this SAML provider in its trust policy.
+
+ Calling `AssumeRoleWithSAML` does not require the use of AWS
+ security credentials. The identity of the caller is validated
+ by using keys in the metadata document that is uploaded for
+ the SAML provider entity for your identity provider.
+
+ For more information, see the following resources:
+
+
+ + `Creating Temporary Security Credentials for SAML
+ Federation`_ in the Using Temporary Security Credentials
+ guide.
+ + `SAML Providers`_ in the Using IAM guide.
+ + `Configuring a Relying Party and Claims in the Using IAM
+ guide. `_
+ + `Creating a Role for SAML-Based Federation`_ in the Using
+ IAM guide.
+
+ :type role_arn: string
+ :param role_arn: The Amazon Resource Name (ARN) of the role that the
+ caller is assuming.
+
+ :type principal_arn: string
+ :param principal_arn: The Amazon Resource Name (ARN) of the SAML
+ provider in AWS IAM that describes the IdP.
+
+ :type saml_assertion: string
+ :param saml_assertion: The base-64 encoded SAML authentication response
+ provided by the IdP.
+ For more information, see `Configuring a Relying Party and Adding
+ Claims`_ in the Using IAM guide.
+
+ :type policy: string
+ :param policy:
+ An AWS IAM policy in JSON format.
+
+ The temporary security credentials that are returned by this operation
+ have the permissions that are associated with the access policy of
+ the role being assumed, except for any permissions explicitly
+ denied by the policy you pass. These policies and any applicable
+ resource-based policies are evaluated when calls to AWS are made
+ using the temporary security credentials.
+
+ The policy must be 2048 bytes or shorter, and its packed size must be
+ less than 450 bytes.
+
+ :type duration_seconds: integer
+ :param duration_seconds:
+ The duration, in seconds, of the role session. The value can range from
+ 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the
+ value is set to 3600 seconds. An expiration can also be specified
+ in the SAML authentication response's `NotOnOrAfter` value. The
+ actual expiration time is whichever value is shorter.
+
+ The maximum duration for a session is 1 hour, and the minimum duration
+ is 15 minutes, even if values outside this range are specified.
+
+ """
+ params = {
+ 'RoleArn': role_arn,
+ 'PrincipalArn': principal_arn,
+ 'SAMLAssertion': saml_assertion,
+ }
+ if policy is not None:
+ params['Policy'] = policy
+ if duration_seconds is not None:
+ params['DurationSeconds'] = duration_seconds
+ return self.get_object('AssumeRoleWithSAML', params, AssumedRole,
+ verb='POST')
+
def assume_role_with_web_identity(self, role_arn, role_session_name,
web_identity_token, provider_id=None,
policy=None, duration_seconds=None):
View
4 docs/source/dynamodb2_tut.rst
@@ -204,8 +204,8 @@ three choices.
The first is sending all the data with the expectation nothing has changed
since you read the data. DynamoDB will verify the data is in the original state
-and, if so, will all of the item's data. If that expectation fails, the call
-will fail::
+and, if so, will send all of the item's data. If that expectation fails, the
+call will fail::
>>> johndoe = users.get_item(username='johndoe')
>>> johndoe['first_name'] = 'Johann'
View
1  docs/source/index.rst
@@ -115,6 +115,7 @@ Release Notes
.. toctree::
:titlesonly:
+ releasenotes/v2.18.0
releasenotes/v2.17.0
releasenotes/v2.16.0
releasenotes/v2.15.0
View
41 docs/source/releasenotes/v2.18.0.rst
@@ -0,0 +1,41 @@
+boto v2.18.0
+============
+
+:date: 2013/11/22
+
+This release adds support for new AWS Identity and Access Management (IAM),
+AWS Security Token Service (STS), Elastic Load Balancing (ELB), Amazon Elastic
+Compute Cloud (EC2), Amazon Relational Database Service (RDS), and Amazon
+Elastic Transcoder APIs and parameters. Amazon Redshift SNS notifications are
+now supported. CloudWatch is updated to use signature version four, issues
+encoding HTTP headers are fixed and several services received documentation
+fixes.
+
+
+Features
+--------
+* Add support for new STS and IAM calls related to SAML. (:issue:`1867`,
+ :issue:`1867`, :sha:`1c51d17`)
+* Add SigV4 support to Cloudwatch (:sha:`ef43035`)
+* Add support for ELB Attributes and Cross Zone Balancing. (:issue:`1852`,
+ :issue:`1852`, :sha:`76f8b7f`)
+* Add RDS promote and rename support. (:issue:`1857`, :issue:`1857`,
+ :sha:`0b62c70`)
+* Update EC2 ``get_all_snapshots`` and add support for registering an image
+ with a snapshot. (:issue:`1850`, :issue:`1850`, :sha:`3007956`)
+
+
+Bugfixes
+--------
+* Fix issues related to encoding of values in HTTP headers when using
+ unicode. (:issue:`1864`, :issue:`1864`, :issue:`1839`, :issue:`1829`,
+ :issue:`1828`, :issue:`702`, :sha:`5610dd7`)
+* Fix order of Beanstalk documetation to match param order. (:issue:`1863`,
+ :issue:`1863`, :sha:`a3a29f8`)
+* Make sure file is closed before attempting to delete it when downloading
+ an S3 key. (:issue:`1791`, :sha:`0e6dcbe`)
+* Fix minor CloudTrail documentation typos. (:issue:`1861`, :issue:`1861`,
+ :sha:`256a115`)
+* Fix DynamoDBv2 tutorial sentence with missing verb. (:issue:`1859`,
+ :issue:`1825`, :issue:`1859`, :sha:`0fd5300`)
+* Fix parameter validation for gs (:issue:`1858`, :sha:`6b9a869`)
View
2  setup.cfg
@@ -0,0 +1,2 @@
+[wheel]
+universal = 1
View
138 tests/integration/rds/test_promote_modify.py
@@ -0,0 +1,138 @@
+# Author: Bruce Pennypacker
+#
+# Create a temporary RDS database instance, then create a read-replica of the
+# instance. Once the replica is available, promote it and verify that the
+# promotion succeeds, then rename it. Delete the databases upon completion i
+# of the tests.
+#
+# For each step (creating the databases, promoting, etc) we loop for up
+# to 15 minutes to wait for the instance to become available. It should
+# never take that long for any of the steps to complete.
+
+"""
+Check that promotion of read replicas and renaming instances works as expected
+"""
+
+import unittest
+import time
+from boto.rds import RDSConnection
+
+class PromoteReadReplicaTest(unittest.TestCase):
+ rds = True
+
+ def setUp(self):
+ self.conn = RDSConnection()
+ self.masterDB_name = "boto-db-%s" % str(int(time.time()))
+ self.replicaDB_name = "replica-%s" % self.masterDB_name
+ self.renamedDB_name = "renamed-replica-%s" % self.masterDB_name
+
+
+ def tearDown(self):
+ instances = self.conn.get_all_dbinstances()
+ for db in [self.masterDB_name, self.replicaDB_name, self.renamedDB_name]:
+ for i in instances:
+ if i.id == db:
+ self.conn.delete_dbinstance(db, skip_final_snapshot=True)
+
+ def test_promote(self):
+ print '--- running RDS promotion & renaming tests ---'
+ self.masterDB = self.conn.create_dbinstance(self.masterDB_name, 5, 'db.t1.micro', 'root', 'bototestpw')
+
+ # Wait up to 15 minutes for the masterDB to become available
+ print '--- waiting for "%s" to become available ---' % self.masterDB_name
+ wait_timeout = time.time() + (15 * 60)
+ time.sleep(60)
+
+ instances = self.conn.get_all_dbinstances(self.masterDB_name)
+ inst = instances[0]
+
+ while wait_timeout > time.time() and inst.status != 'available':
+ time.sleep(15)
+ instances = self.conn.get_all_dbinstances(self.masterDB_name)
+ inst = instances[0]
+
+ self.assertTrue(inst.status == 'available')
+
+ self.replicaDB = self.conn.create_dbinstance_read_replica(self.replicaDB_name, self.masterDB_name)
+
+ # Wait up to 15 minutes for the replicaDB to become available
+ print '--- waiting for "%s" to become available ---' % self.replicaDB_name
+ wait_timeout = time.time() + (15 * 60)
+ time.sleep(60)
+
+ instances = self.conn.get_all_dbinstances(self.replicaDB_name)
+ inst = instances[0]
+
+ while wait_timeout > time.time() and inst.status != 'available':
+ time.sleep(15)
+ instances = self.conn.get_all_dbinstances(self.replicaDB_name)
+ inst = instances[0]
+
+ self.assertTrue(inst.status == 'available')
+
+ # Promote the replicaDB and wait for it to become available
+ self.replicaDB = self.conn.promote_read_replica(self.replicaDB_name)
+
+ # Wait up to 15 minutes for the replicaDB to become available
+ print '--- waiting for "%s" to be promoted and available ---' % self.replicaDB_name
+ wait_timeout = time.time() + (15 * 60)
+ time.sleep(60)
+
+ instances = self.conn.get_all_dbinstances(self.replicaDB_name)
+ inst = instances[0]
+
+ while wait_timeout > time.time() and inst.status != 'available':
+ time.sleep(15)
+ instances = self.conn.get_all_dbinstances(self.replicaDB_name)
+ inst = instances[0]
+
+ # Verify that the replica is now a standalone instance and no longer
+ # functioning as a read replica
+ self.assertTrue(inst)
+ self.assertTrue(inst.status == 'available')
+ self.assertFalse(inst.status_infos)
+
+ # Verify that the master no longer has any read replicas
+ instances = self.conn.get_all_dbinstances(self.masterDB_name)
+ inst = instances[0]
+ self.assertFalse(inst.read_replica_dbinstance_identifiers)
+
+ print '--- renaming "%s" to "%s" ---' % ( self.replicaDB_name, self.renamedDB_name )
+
+ self.renamedDB = self.conn.modify_dbinstance(self.replicaDB_name, new_instance_id=self.renamedDB_name, apply_immediately=True)
+
+ # Wait up to 15 minutes for the masterDB to become available
+ print '--- waiting for "%s" to exist ---' % self.renamedDB_name
+
+ wait_timeout = time.time() + (15 * 60)
+ time.sleep(60)
+
+ # Wait up to 15 minutes until the new name shows up in the instance table
+ found = False
+ while found == False and wait_timeout > time.time():
+ instances = self.conn.get_all_dbinstances()
+ for i in instances:
+ if i.id == self.renamedDB_name:
+ found = True
+ if found == False:
+ time.sleep(15)
+
+ self.assertTrue(found)
+
+ print '--- waiting for "%s" to become available ---' % self.renamedDB_name
+
+ instances = self.conn.get_all_dbinstances(self.renamedDB_name)
+ inst = instances[0]
+
+ # Now wait for the renamed instance to become available
+ while wait_timeout > time.time() and inst.status != 'available':
+ time.sleep(15)
+ instances = self.conn.get_all_dbinstances(self.renamedDB_name)
+ inst = instances[0]
+
+ self.assertTrue(inst.status == 'available')
+
+ # Since the replica DB was renamed...
+ self.replicaDB = None
+
+ print '--- tests completed ---'
View
18 tests/integration/s3/test_key.py
@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
# Copyright (c) 2012 Mitch Garnaat http://garnaat.org/
# All rights reserved.
#
@@ -27,6 +28,7 @@
from tests.unit import unittest
import time
import StringIO
+import urllib
from boto.s3.connection import S3Connection
from boto.s3.key import Key
from boto.exception import S3ResponseError
@@ -394,3 +396,19 @@ def test_header_casing(self):
check = self.bucket.get_key('test_header_case')
self.assertEqual(check.content_type, 'application/json')
+
+ def test_header_encoding(self):
+ key = self.bucket.new_key('test_header_encoding')
+
+ key.set_metadata('Cache-control', 'public, max-age=500')
+ key.set_metadata('Content-disposition', u'filename=Schöne Zeit.txt')
+ key.set_contents_from_string('foo')
+
+ check = self.bucket.get_key('test_header_encoding')
+
+ self.assertEqual(check.cache_control, 'public, max-age=500')
+ self.assertEqual(check.content_disposition, 'filename=Sch%C3%B6ne+Zeit.txt')
+ self.assertEqual(
+ urllib.unquote_plus(check.content_disposition).decode('utf-8'),
+ 'filename=Schöne Zeit.txt'.decode('utf-8')
+ )
View
8 tests/integration/s3/test_multipart.py
@@ -73,13 +73,7 @@ def test_complete_japanese(self):
mpu.upload_part_from_file(fp, part_num=1)
fp.close()
cmpu = mpu.complete_upload()
- # LOL... just found an Amazon bug when it returns the
- # key in the completemultipartupload result. AWS returns
- # ??? instead of the correctly encoded key name. We should
- # fix this to the comment line below when amazon fixes this
- # and this test starts failing due to below assertion.
- self.assertEqual(cmpu.key_name, "???")
- #self.assertEqual(cmpu.key_name, key_name)
+ self.assertEqual(cmpu.key_name, key_name)
self.assertNotEqual(cmpu.etag, None)
def test_list_japanese(self):
View
178 tests/unit/ec2/elb/test_attribute.py
@@ -0,0 +1,178 @@
+from tests.unit import unittest
+
+import mock
+
+from boto.ec2.elb import ELBConnection
+from boto.ec2.elb import LoadBalancer
+from boto.ec2.elb.attributes import LbAttributes
+
+ATTRIBUTE_GET_TRUE_CZL_RESPONSE = r"""<?xml version="1.0" encoding="UTF-8"?>
+<DescribeLoadBalancerAttributesResponse xmlns="http://elasticloadbalancing.amazonaws.com/doc/2012-06-01/">
+ <DescribeLoadBalancerAttributesResult>
+ <LoadBalancerAttributes>
+ <CrossZoneLoadBalancing>
+ <Enabled>true</Enabled>
+ </CrossZoneLoadBalancing>
+ </LoadBalancerAttributes>
+ </DescribeLoadBalancerAttributesResult>
+<ResponseMetadata>
+ <RequestId>83c88b9d-12b7-11e3-8b82-87b12EXAMPLE</RequestId>
+</ResponseMetadata>
+</DescribeLoadBalancerAttributesResponse>
+"""
+
+ATTRIBUTE_GET_FALSE_CZL_RESPONSE = r"""<?xml version="1.0" encoding="UTF-8"?>
+<DescribeLoadBalancerAttributesResponse xmlns="http://elasticloadbalancing.amazonaws.com/doc/2012-06-01/">
+ <DescribeLoadBalancerAttributesResult>
+ <LoadBalancerAttributes>
+ <CrossZoneLoadBalancing>
+ <Enabled>false</Enabled>
+ </CrossZoneLoadBalancing>
+ </LoadBalancerAttributes>
+ </DescribeLoadBalancerAttributesResult>
+<ResponseMetadata>
+ <RequestId>83c88b9d-12b7-11e3-8b82-87b12EXAMPLE</RequestId>
+</ResponseMetadata>
+</DescribeLoadBalancerAttributesResponse>
+"""
+
+ATTRIBUTE_SET_RESPONSE = r"""<?xml version="1.0" encoding="UTF-8"?>
+<ModifyLoadBalancerAttributesResponse xmlns="http://elasticloadbalancing.amazonaws.com/doc/2012-06-01/">
+<ModifyLoadBalancerAttributesResult/>
+<ResponseMetadata>
+ <RequestId>83c88b9d-12b7-11e3-8b82-87b12EXAMPLE</RequestId>
+</ResponseMetadata>
+</ModifyLoadBalancerAttributesResponse>
+"""
+
+# make_request arguments for setting attributes.
+# Format: (API_COMMAND, API_PARAMS, API_PATH, API_METHOD)
+ATTRIBUTE_SET_CZL_TRUE_REQUEST = (
+ 'ModifyLoadBalancerAttributes',
+ {'LoadBalancerAttributes.CrossZoneLoadBalancing.Enabled': 'true',
+ 'LoadBalancerName': 'test_elb'}, mock.ANY, mock.ANY)
+ATTRIBUTE_SET_CZL_FALSE_REQUEST = (
+ 'ModifyLoadBalancerAttributes',
+ {'LoadBalancerAttributes.CrossZoneLoadBalancing.Enabled': 'false',
+ 'LoadBalancerName': 'test_elb'}, mock.ANY, mock.ANY)
+
+# Tests to be run on an LbAttributes
+# Format:
+# (EC2_RESPONSE_STRING, list( (string_of_attribute_to_test, value) ) )
+ATTRIBUTE_TESTS = [
+ (ATTRIBUTE_GET_TRUE_CZL_RESPONSE,
+ [('cross_zone_load_balancing.enabled', True)]),
+ (ATTRIBUTE_GET_FALSE_CZL_RESPONSE,
+ [('cross_zone_load_balancing.enabled', False)]),
+ ]
+
+class TestLbAttributes(unittest.TestCase):
+ """Tests LB Attributes."""
+ def _setup_mock(self):
+ """Sets up a mock elb request.
+ Returns: response, elb connection and LoadBalancer
+ """
+ mock_response = mock.Mock()
+ mock_response.status = 200
+ elb = ELBConnection(aws_access_key_id='aws_access_key_id',
+ aws_secret_access_key='aws_secret_access_key')
+ elb.make_request = mock.Mock(return_value=mock_response)
+ return mock_response, elb, LoadBalancer(elb, 'test_elb')
+
+ def _verify_attributes(self, attributes, attr_tests):
+ """Verifies an LbAttributes object."""
+ for attr, result in attr_tests:
+ attr_result = attributes
+ for sub_attr in attr.split('.'):
+ attr_result = getattr(attr_result, sub_attr, None)
+ self.assertEqual(attr_result, result)
+
+ def test_get_all_lb_attributes(self):
+ """Tests getting the LbAttributes from the elb.connection."""
+ mock_response, elb, _ = self._setup_mock()
+
+ for response, attr_tests in ATTRIBUTE_TESTS:
+ mock_response.read.return_value = response
+ attributes = elb.get_all_lb_attributes('test_elb')
+ self.assertTrue(isinstance(attributes, LbAttributes))
+ self._verify_attributes(attributes, attr_tests)
+
+ def test_get_lb_attribute(self):
+ """Tests getting a single attribute from elb.connection."""
+ mock_response, elb, _ = self._setup_mock()
+
+ tests = [
+ ('crossZoneLoadBalancing', True, ATTRIBUTE_GET_TRUE_CZL_RESPONSE),
+ ('crossZoneLoadBalancing', False, ATTRIBUTE_GET_FALSE_CZL_RESPONSE),
+ ]
+
+
+ for attr, value, response in tests:
+ mock_response.read.return_value = response
+ status = elb.get_lb_attribute('test_elb', attr)
+ self.assertEqual(status, value)
+
+ def test_modify_lb_attribute(self):
+ """Tests setting the attributes from elb.connection."""
+ mock_response, elb, _ = self._setup_mock()
+
+ tests = [
+ ('crossZoneLoadBalancing', True, ATTRIBUTE_SET_CZL_TRUE_REQUEST),
+ ('crossZoneLoadBalancing', False, ATTRIBUTE_SET_CZL_FALSE_REQUEST),
+ ]
+
+ for attr, value, args in tests:
+ mock_response.read.return_value = ATTRIBUTE_SET_RESPONSE
+ result = elb.modify_lb_attribute('test_elb', attr, value)
+ self.assertTrue(result)
+ elb.make_request.assert_called_with(*args)
+
+ def test_lb_get_attributes(self):
+ """Tests the LbAttributes from the ELB object."""
+ mock_response, _, lb = self._setup_mock()
+
+ for response, attr_tests in ATTRIBUTE_TESTS:
+ mock_response.read.return_value = response
+ attributes = lb.get_attributes(force=True)
+ self.assertTrue(isinstance(attributes, LbAttributes))
+ self._verify_attributes(attributes, attr_tests)
+
+ def test_lb_is_cross_zone_load_balancing(self):
+ """Tests checking is_cross_zone_load_balancing."""
+ mock_response, _, lb = self._setup_mock()
+
+ tests = [
+ # Format: (method, args, result, response)
+ # Gets a true result.
+ (lb.is_cross_zone_load_balancing, [], True,
+ ATTRIBUTE_GET_TRUE_CZL_RESPONSE),
+ # Returns the previous calls cached value.
+ (lb.is_cross_zone_load_balancing, [], True,
+ ATTRIBUTE_GET_FALSE_CZL_RESPONSE),
+ # Gets a false result.
+ (lb.is_cross_zone_load_balancing, [True], False,
+ ATTRIBUTE_GET_FALSE_CZL_RESPONSE),
+ ]
+
+ for method, args, result, response in tests:
+ mock_response.read.return_value = response
+ self.assertEqual(method(*args), result)
+
+ def test_lb_enable_cross_zone_load_balancing(self):
+ """Tests enabling cross zone balancing from LoadBalancer."""
+ mock_response, elb, lb = self._setup_mock()
+
+ mock_response.read.return_value = ATTRIBUTE_SET_RESPONSE
+ self.assertTrue(lb.enable_cross_zone_load_balancing())
+ elb.make_request.assert_called_with(*ATTRIBUTE_SET_CZL_TRUE_REQUEST)
+
+ def test_lb_disable_cross_zone_load_balancing(self):
+ """Tests disabling cross zone balancing from LoadBalancer."""
+ mock_response, elb, lb = self._setup_mock()
+
+ mock_response.read.return_value = ATTRIBUTE_SET_RESPONSE
+ self.assertTrue(lb.disable_cross_zone_load_balancing())
+ elb.make_request.assert_called_with(*ATTRIBUTE_SET_CZL_FALSE_REQUEST)
+
+if __name__ == '__main__':
+ unittest.main()
View
0  tests/unit/iam/__init__.py
No changes.
View
166 tests/unit/iam/test_connection.py
@@ -0,0 +1,166 @@
+#!/usr/bin/env python
+# Copyright (c) 2012 Amazon.com, Inc. or its affiliates. All Rights Reserved
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish, dis-
+# tribute, sublicense, and/or sell copies of the Software, and to permit
+# persons to whom the Software is furnished to do so, subject to the fol-
+# lowing conditions:
+#
+# The above copyright notice and this permission notice shall be included
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL-
+# ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+# SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+#
+
+from tests.unit import unittest
+from boto.iam.connection import IAMConnection
+from tests.unit import AWSMockServiceTestCase
+
+
+class TestCreateSamlProvider(AWSMockServiceTestCase):
+ connection_class = IAMConnection
+
+ def default_body(self):
+ return """
+ <CreateSAMLProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
+ <CreateSAMLProviderResult>
+ <SAMLProviderArn>arn</SAMLProviderArn>
+ </CreateSAMLProviderResult>
+ <ResponseMetadata>
+ <RequestId>29f47818-99f5-11e1-a4c3-27EXAMPLE804</RequestId>
+ </ResponseMetadata>
+ </CreateSAMLProviderResponse>
+ """
+
+ def test_create_saml_provider(self):
+ self.set_http_response(status_code=200)
+ response = self.service_connection.create_saml_provider('document', 'name')
+
+ self.assert_request_parameters(
+ {'Action': 'CreateSAMLProvider',
+ 'SAMLMetadataDocument': 'document',
+ 'Name': 'name'},
+ ignore_params_values=['Version'])
+
+ self.assertEqual(response['create_saml_provider_response']\
+ ['create_saml_provider_result']\
+ ['saml_provider_arn'], 'arn')
+
+
+class TestListSamlProviders(AWSMockServiceTestCase):
+ connection_class = IAMConnection
+
+ def default_body(self):
+ return """
+ <ListSAMLProvidersResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
+ <ListSAMLProvidersResult>
+ <SAMLProviderList>
+ <member>
+ <Arn>arn:aws:iam::123456789012:instance-profile/application_abc/component_xyz/Database</Arn>
+ <ValidUntil>2032-05-09T16:27:11Z</ValidUntil>
+ <CreateDate>2012-05-09T16:27:03Z</CreateDate>
+ </member>
+ <member>
+ <Arn>arn:aws:iam::123456789012:instance-profile/application_abc/component_xyz/Webserver</Arn>
+ <ValidUntil>2015-03-11T13:11:02Z</ValidUntil>
+ <CreateDate>2012-05-09T16:27:11Z</CreateDate>
+ </member>
+ </SAMLProviderList>
+ </ListSAMLProvidersResult>
+ <ResponseMetadata>
+ <RequestId>fd74fa8d-99f3-11e1-a4c3-27EXAMPLE804</RequestId>
+ </ResponseMetadata>
+ </ListSAMLProvidersResponse>
+ """
+
+ def test_list_saml_providers(self):
+ self.set_http_response(status_code=200)
+ response = self.service_connection.list_saml_providers()
+
+ self.assert_request_parameters(
+ {'Action': 'ListSAMLProviders'},
+ ignore_params_values=['Version'])
+
+
+class TestGetSamlProvider(AWSMockServiceTestCase):
+ connection_class = IAMConnection
+
+ def default_body(self):
+ return """
+ <GetSAMLProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
+ <GetSAMLProviderResult>
+ <CreateDate>2012-05-09T16:27:11Z</CreateDate>
+ <ValidUntil>2015-12-31T211:59:59Z</ValidUntil>
+ <SAMLMetadataDocument>Pd9fexDssTkRgGNqs...DxptfEs==</SAMLMetadataDocument>
+ </GetSAMLProviderResult>
+ <ResponseMetadata>
+ <RequestId>29f47818-99f5-11e1-a4c3-27EXAMPLE804</RequestId>
+ </ResponseMetadata>
+ </GetSAMLProviderResponse>
+ """
+
+ def test_get_saml_provider(self):
+ self.set_http_response(status_code=200)
+ response = self.service_connection.get_saml_provider('arn')
+
+ self.assert_request_parameters(
+ {
+ 'Action': 'GetSAMLProvider',
+ 'SAMLProviderArn': 'arn'
+ },
+ ignore_params_values=['Version'])
+
+
+class TestUpdateSamlProvider(AWSMockServiceTestCase):
+ connection_class = IAMConnection
+
+ def default_body(self):
+ return """
+ <UpdateSAMLProviderResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
+ <UpdateSAMLProviderResult>
+ <SAMLProviderArn>arn:aws:iam::123456789012:saml-metadata/MyUniversity</SAMLProviderArn>
+ </UpdateSAMLProviderResult>
+ <ResponseMetadata>
+ <RequestId>29f47818-99f5-11e1-a4c3-27EXAMPLE804</RequestId>
+ </ResponseMetadata>
+ </UpdateSAMLProviderResponse>
+ """
+
+ def test_update_saml_provider(self):
+ self.set_http_response(status_code=200)
+ response = self.service_connection.update_saml_provider('arn', 'doc')
+
+ self.assert_request_parameters(
+ {
+ 'Action': 'UpdateSAMLProvider',
+ 'SAMLMetadataDocument': 'doc',
+ 'SAMLProviderArn': 'arn'
+ },
+ ignore_params_values=['Version'])
+
+
+class TestDeleteSamlProvider(AWSMockServiceTestCase):
+ connection_class = IAMConnection
+
+ def default_body(self):
+ return ""
+
+ def test_delete_saml_provider(self):
+ self.set_http_response(status_code=200)
+ response = self.service_connection.delete_saml_provider('arn')
+
+ self.assert_request_parameters(
+ {
+ 'Action': 'DeleteSAMLProvider',
+ 'SAMLProviderArn': 'arn'
+ },
+ ignore_params_values=['Version'])
View
16 tests/unit/s3/test_key.py
@@ -20,6 +20,8 @@
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
#
+from __future__ import with_statement
+
try:
from cStringIO import StringIO
except ImportError:
@@ -32,6 +34,7 @@
from boto.exception import BotoServerError
from boto.s3.connection import S3Connection
from boto.s3.bucket import Bucket
+from boto.s3.key import Key
class TestS3Key(AWSMockServiceTestCase):
@@ -147,5 +150,18 @@ def test_504_gateway_timeout(self, sleep_mock):
self.assertTrue(k.should_retry.count, 1)
+class TestFileError(unittest.TestCase):
+ def test_file_error(self):
+ key = Key()
+
+ class CustomException(Exception): pass
+
+ key.get_contents_to_file = mock.Mock(
+ side_effect=CustomException('File blew up!'))
+
+ # Ensure our exception gets raised instead of a file or IO error
+ with self.assertRaises(CustomException):
+ key.get_contents_to_filename('foo.txt')
+
if __name__ == '__main__':
unittest.main()
View
59 tests/unit/sts/test_connection.py
@@ -158,5 +158,64 @@ def test_assume_role_with_web_identity(self):
)
+class TestSTSSAMLConnection(AWSMockServiceTestCase):
+ connection_class = STSConnection
+
+ def setUp(self):
+ super(TestSTSSAMLConnection, self).setUp()
+
+ def default_body(self):
+ return """
+<AssumeRoleWithSAMLResponse xmlns="https://sts.amazonaws.com/doc/
+2011-06-15/">
+ <AssumeRoleWithSAMLResult>
+ <Credentials>
+ <SessionToken>session_token</SessionToken>
+ <SecretAccessKey>secretkey</SecretAccessKey>
+ <Expiration>2011-07-15T23:28:33.359Z</Expiration>
+ <AccessKeyId>accesskey</AccessKeyId>
+ </Credentials>
+ <AssumedRoleUser>
+ <Arn>arn:role</Arn>
+ <AssumedRoleId>roleid:myrolesession</AssumedRoleId>
+ </AssumedRoleUser>
+ <PackedPolicySize>6</PackedPolicySize>
+ </AssumeRoleWithSAMLResult>
+ <ResponseMetadata>
+ <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
+ </ResponseMetadata>
+</AssumeRoleWithSAMLResponse>
+"""
+
+ def test_assume_role_with_saml(self):
+ arn = 'arn:aws:iam::000240903217:role/Test'
+ principal = 'arn:aws:iam::000240903217:role/Principal'
+ assertion = 'test'
+
+ self.set_http_response(status_code=200)
+ response = self.service_connection.assume_role_with_saml(
+ role_arn=arn,
+ principal_arn=principal,
+ saml_assertion=assertion
+ )
+ self.assert_request_parameters({
+ 'RoleArn': arn,
+ 'PrincipalArn': principal,
+ 'SAMLAssertion': assertion,
+ 'Action': 'AssumeRoleWithSAML'
+ }, ignore_params_values=[
+ 'AWSAccessKeyId',
+ 'SignatureMethod',
+ 'Timestamp',
+ 'SignatureVersion',
+ 'Version',
+ ])
+ self.assertEqual(response.credentials.access_key, 'accesskey')
+ self.assertEqual(response.credentials.secret_key, 'secretkey')
+ self.assertEqual(response.credentials.session_token, 'session_token')
+ self.assertEqual(response.user.arn, 'arn:role')
+ self.assertEqual(response.user.assume_role_id, 'roleid:myrolesession')
+
+
if __name__ == '__main__':
unittest.main()
Please sign in to comment.
Something went wrong with that request. Please try again.