Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[raz] Do not hardcode the user in the client
  • Loading branch information
romainr authored and huebuild committed Jun 4, 2021
1 parent dddaec0 commit 2ca3a6d
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 10 deletions.
18 changes: 15 additions & 3 deletions desktop/core/src/desktop/lib/raz/clients.py
Expand Up @@ -29,14 +29,26 @@

class S3RazClient():

def __init__(self, username):
self.username = username

def get_url(self, action='GET', path=None, perm='read'):
'''
Example of headers:
{
u'x-amz-content-sha256': u'UNSIGNED-PAYLOAD',
u'Host': u'prakashmowdev1.s3-us-west-2.amazonaws.com',
u'X-Amz-Security-Token': u'IQoJb3JpZ2luX2Vj...C',
u'X-Amz-Date': u'20210604T102022Z',
u'Authorization': u'AWS4-HMAC-SHA256 Credential=ASIAYO3P24NAOAYMMDNN/20210604/us-west-2/s3/aws4_request, SignedHeaders=host;user-agent;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=d341a194c2998c64b6fc726b69d0c3c2b97d520265f80df7e1bc1ac59a21ef94',
u'User-Agent': u'user:csso_romain'
}
'''
c = get_raz_client(
raz_url=RAZ.API_URL.get(),
username='csso_romain',
username=self.username,
auth=RAZ.API_AUTHENTICATION.get(),
service='s3',
service_name='cm_s3',
cluster_name='prakashdh62'
)

return c.check_access(method=action, url=path)
Expand Down
2 changes: 1 addition & 1 deletion desktop/libs/aws/src/aws/client.py
Expand Up @@ -45,7 +45,7 @@ def _make_client(identifier, user):

if RAZ.IS_ENABLED.get() and not aws_conf.IS_SELF_SIGNING_ENABLED.get():
host = client_conf.HOST.get()
s3_client = RazS3Connection(host=host) # Note: Remaining AWS configuration is fully skipped
s3_client = RazS3Connection(username=user.username, host=host) # Note: Remaining AWS configuration is fully skipped
s3_client_expiration = None
else:
s3_client_builder = Client.from_config(client_conf, get_credential_provider(identifier, user))
Expand Down
8 changes: 4 additions & 4 deletions desktop/libs/aws/src/aws/s3/s3connection.py
Expand Up @@ -59,7 +59,7 @@ class SignedUrlS3Connection(S3Connection):
Example of a presigned S3 Url declaring a `list all buckets` call:
https://s3-us-west-1.amazonaws.com/?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA23E77ZX2HVY76YGL%2F20210505%2Fus-west-1%2Fs3%2Faws4_request&X-Amz-Date=20210505T171457Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=994d0ec2ca19a00aa2925fe62cab0e727591b1951a8a47504b2b9124facbd6cf
"""
def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
def __init__(self, username, aws_access_key_id=None, aws_secret_access_key=None,
is_secure=True, port=None, proxy=None, proxy_port=None,
proxy_user=None, proxy_pass=None,
host=NoHostProvided, debug=0, https_connection_factory=None,
Expand All @@ -68,6 +68,8 @@ def __init__(self, aws_access_key_id=None, aws_secret_access_key=None,
suppress_consec_slashes=True, anon=False,
validate_certs=None, profile_name=None):

self.username = username

# No auth handler with RAZ
anon = RAZ.IS_ENABLED.get() and not IS_SELF_SIGNING_ENABLED.get()

Expand Down Expand Up @@ -109,7 +111,6 @@ def make_request(self, method, bucket='', key='', headers=None, data='',
auth_path = self.calling_format.build_auth_path(bucket, key)
boto.log.debug('auth_path=%s' % auth_path)
host = self.calling_format.build_host(self.server_name(), bucket)
#host = self.calling_format.build_host(self.server_name(), '') # As using signed Url we keep the same hostname as there
if query_args:
path += '?' + query_args
boto.log.debug('path=%s' % path)
Expand All @@ -130,7 +131,6 @@ def make_request(self, method, bucket='', key='', headers=None, data='',
LOG.debug('Raz returned those headers: %s' % headers)

if headers is not None:
# We override instead of re-creating an HTTPRequest
http_request.headers.update(headers)
else:
LOG.error('We got back empty header from Raz for the request %s' % http_request)
Expand All @@ -142,7 +142,7 @@ def make_request(self, method, bucket='', key='', headers=None, data='',


def get_signed_url(self, action='GET', url=None):
raz_client = S3RazClient()
raz_client = S3RazClient(username=self.username)

return raz_client.get_url(action, url)

Expand Down
4 changes: 2 additions & 2 deletions desktop/libs/aws/src/aws/s3/s3connection_test.py
Expand Up @@ -59,7 +59,7 @@ def test_list_buckets(self):
}
_mexe.return_value = ['<Bucket: demo-gethue>', '<Bucket: gethue-test>']

client = RazS3Connection(host='s3-us-west-1.amazonaws.com')
client = RazS3Connection(username='test', host='s3-us-west-1.amazonaws.com')

buckets = client.make_request(method='GET', bucket='', key='',)

Expand Down Expand Up @@ -100,7 +100,7 @@ def test_get_file(self):
'&Signature=3lhK%2BwtQ9Q2u5VDIqb4MEpoY3X4%3D&Expires=1617207304'
_mexe.return_value = '[<Bucket: demo-gethue>, <Bucket: gethue-test>]'

client = SelfSignedUrlS3Connection()
client = SelfSignedUrlS3Connection(username='test')
http_request = Mock(
path='/gethue/data/customer.csv',
protocol='https',
Expand Down

0 comments on commit 2ca3a6d

Please sign in to comment.