[raz] Do not hardcode the user in the client

cloudera · Jun 4, 2021 · 2ca3a6d · 2ca3a6d
1 parent dddaec0
commit 2ca3a6d
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 10 deletions.
diff --git a/desktop/core/src/desktop/lib/raz/clients.py b/desktop/core/src/desktop/lib/raz/clients.py
@@ -29,14 +29,26 @@
 
 class S3RazClient():
 
+  def __init__(self, username):
+    self.username = username
+
   def get_url(self, action='GET', path=None, perm='read'):
+    '''
+    Example of headers:
+    {
+      u'x-amz-content-sha256': u'UNSIGNED-PAYLOAD',
+      u'Host': u'prakashmowdev1.s3-us-west-2.amazonaws.com',
+      u'X-Amz-Security-Token': u'IQoJb3JpZ2luX2Vj...C',
+      u'X-Amz-Date': u'20210604T102022Z',
+      u'Authorization': u'AWS4-HMAC-SHA256 Credential=ASIAYO3P24NAOAYMMDNN/20210604/us-west-2/s3/aws4_request, SignedHeaders=host;user-agent;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=d341a194c2998c64b6fc726b69d0c3c2b97d520265f80df7e1bc1ac59a21ef94',
+      u'User-Agent': u'user:csso_romain'
+    }
+    '''
     c = get_raz_client(
       raz_url=RAZ.API_URL.get(),
-      username='csso_romain',
+      username=self.username,
       auth=RAZ.API_AUTHENTICATION.get(),
       service='s3',
-      service_name='cm_s3',
-      cluster_name='prakashdh62'
     )
 
     return c.check_access(method=action, url=path)

diff --git a/desktop/libs/aws/src/aws/client.py b/desktop/libs/aws/src/aws/client.py
@@ -45,7 +45,7 @@ def _make_client(identifier, user):
 
   if RAZ.IS_ENABLED.get() and not aws_conf.IS_SELF_SIGNING_ENABLED.get():
     host = client_conf.HOST.get()
-    s3_client = RazS3Connection(host=host)  # Note: Remaining AWS configuration is fully skipped
+    s3_client = RazS3Connection(username=user.username, host=host)  # Note: Remaining AWS configuration is fully skipped
     s3_client_expiration = None
   else:
     s3_client_builder = Client.from_config(client_conf, get_credential_provider(identifier, user))

diff --git a/desktop/libs/aws/src/aws/s3/s3connection.py b/desktop/libs/aws/src/aws/s3/s3connection.py
@@ -59,7 +59,7 @@ class SignedUrlS3Connection(S3Connection):
   Example of a presigned S3 Url declaring a `list all buckets` call:
   https://s3-us-west-1.amazonaws.com/?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA23E77ZX2HVY76YGL%2F20210505%2Fus-west-1%2Fs3%2Faws4_request&X-Amz-Date=20210505T171457Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=994d0ec2ca19a00aa2925fe62cab0e727591b1951a8a47504b2b9124facbd6cf
   """
-  def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
+  def __init__(self, username, aws_access_key_id=None, aws_secret_access_key=None,
                 is_secure=True, port=None, proxy=None, proxy_port=None,
                 proxy_user=None, proxy_pass=None,
                 host=NoHostProvided, debug=0, https_connection_factory=None,
@@ -68,6 +68,8 @@ def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
                 suppress_consec_slashes=True, anon=False,
                 validate_certs=None, profile_name=None):
 
+    self.username = username
+
     # No auth handler with RAZ
     anon = RAZ.IS_ENABLED.get() and not IS_SELF_SIGNING_ENABLED.get()
 
@@ -109,7 +111,6 @@ def make_request(self, method, bucket='', key='', headers=None, data='',
     auth_path = self.calling_format.build_auth_path(bucket, key)
     boto.log.debug('auth_path=%s' % auth_path)
     host = self.calling_format.build_host(self.server_name(), bucket)
-    #host = self.calling_format.build_host(self.server_name(), '')  # As using signed Url we keep the same hostname as there
     if query_args:
         path += '?' + query_args
         boto.log.debug('path=%s' % path)
@@ -130,7 +131,6 @@ def make_request(self, method, bucket='', key='', headers=None, data='',
     LOG.debug('Raz returned those headers: %s' % headers)
 
     if headers is not None:
-      # We override instead of re-creating an HTTPRequest
       http_request.headers.update(headers)
     else:
       LOG.error('We got back empty header from Raz for the request %s' % http_request)
@@ -142,7 +142,7 @@ def make_request(self, method, bucket='', key='', headers=None, data='',
 
 
   def get_signed_url(self, action='GET', url=None):
-    raz_client = S3RazClient()
+    raz_client = S3RazClient(username=self.username)
 
     return raz_client.get_url(action, url)
 

diff --git a/desktop/libs/aws/src/aws/s3/s3connection_test.py b/desktop/libs/aws/src/aws/s3/s3connection_test.py
@@ -59,7 +59,7 @@ def test_list_buckets(self):
         }
         _mexe.return_value = ['<Bucket: demo-gethue>', '<Bucket: gethue-test>']
 
-        client = RazS3Connection(host='s3-us-west-1.amazonaws.com')
+        client = RazS3Connection(username='test', host='s3-us-west-1.amazonaws.com')
 
         buckets = client.make_request(method='GET', bucket='', key='',)
 
@@ -100,7 +100,7 @@ def test_get_file(self):
               '&Signature=3lhK%2BwtQ9Q2u5VDIqb4MEpoY3X4%3D&Expires=1617207304'
           _mexe.return_value = '[<Bucket: demo-gethue>, <Bucket: gethue-test>]'
 
-          client = SelfSignedUrlS3Connection()
+          client = SelfSignedUrlS3Connection(username='test')
           http_request = Mock(
             path='/gethue/data/customer.csv',
             protocol='https',