Add support for temp. IAM credentials for S3 access #69
Conversation
| if self.iam_token is None \ | ||
| or self.iam_token_expiration > datetime.utcnow() + timedelta(0, 300): | ||
| # Step 1: fetch the instance role name | ||
| api_connection = httplib.HTTPConnection('169.254.169.254') |
There was a problem hiding this comment.
From where does this IP com from ?
|
Damn you tests! I will push a single commit once all the tests pass (and I manage to stop adding errors) |
|
Hi! I have tried to run this file in a project that uses S3 as tiles storage. I get the following error stack: |
|
What's the relation with this pull request ? |
|
Or you copy the code in the existing egg ? |
Right! |
| % (response.status, response.reason)) | ||
| credentials = json.loads(response.read()) | ||
| self.access_key = credentials['AccessKeyId'] | ||
| self.secret_access_key = credentials['SecretAccessKey'] |
There was a problem hiding this comment.
@asaunier can you try to replace the upper line with:
print credentials['AccessKeyId']
print credentials['SecretAccessKey']
print type(credentials['AccessKeyId'])
print type(credentials['SecretAccessKey'])
self.secret_access_key = str(credentials['SecretAccessKey'])
There was a problem hiding this comment.
I don't know if it is safe to paste here the access keys :P so I obfuscate them a bit:
A******************Q
G********************************2
<type 'unicode'>
<type 'unicode'>
There was a problem hiding this comment.
We should have a look together tomorrow it will be easier !
There was a problem hiding this comment.
Oops, I forgot to add the str().
The error mentioned above no longer occurs but I get the original problem back:
Traceback (most recent call last):
File "./buildout/bin/generate_controller", line 20, in <module>
tilecloud_chain.controller.main()
File "/home/alex/geoportal/buildout/eggs/tilecloud_chain-0.7.1-py2.7.egg/tilecloud_chain/controller.py", line 85, in main
_generate_wmts_capabilities(gene)
File "/home/alex/geoportal/buildout/eggs/tilecloud_chain-0.7.1-py2.7.egg/tilecloud_chain/controller.py", line 209, in _generate_wmts_capabilities
_send(capabilities, cache['wmtscapabilities_file'], 'application/xml', cache)
File "/home/alex/geoportal/buildout/eggs/tilecloud_chain-0.7.1-py2.7.egg/tilecloud_chain/controller.py", line 104, in _send
s3key.put()
File "/home/alex/geoportal/buildout/eggs/tilecloud-0.2dev_20131025-py2.7.egg/tilecloud/lib/s3.py", line 128, in put
return self.bucket.put(self.name, self.headers, self.body)
File "/home/alex/geoportal/buildout/eggs/tilecloud-0.2dev_20131025-py2.7.egg/tilecloud/lib/s3.py", line 188, in put
return self.connection.put(self.name, '/' + key_name, headers, body)
File "/home/alex/geoportal/buildout/eggs/tilecloud-0.2dev_20131025-py2.7.egg/tilecloud/lib/s3.py", line 285, in put
return self.request('PUT', bucket_name, url, body=body, headers=headers)
File "/home/alex/geoportal/buildout/eggs/tilecloud-0.2dev_20131025-py2.7.egg/tilecloud/lib/s3.py", line 305, in request
raise S3Error(method, url, body, headers, response)
tilecloud.lib.s3.S3Error: InvalidAccessKeyId: The AWS Access Key Id you provided does not exist in our records.
|
According to this http://bugs.python.org/issue5285 (assuming it also applies to python 2.7), we should probably convert to the strings passed to hmac.new to String objects, one or both of them are probably Unicode now. I'd happily take some time to check that out with you guys. |
|
@ckaenzig thanks for updating the pull request! For info, you can run the tests locally with the command: This is much quicker than waiting for Travis to run... |
These credentials are generated and rotated by Amazon for EC2 instances that have an instance role attributed. They are fetched through the EC2 metadata API.
|
Many thanks for this nice functionality! |
Add support for temp. IAM credentials for S3 access
These credentials are generated and rotated by Amazon for EC2
instances that have an instance role attributed. They are fetched
through the EC2 metadata API.
Note: this code is not fully tested yet and feedback about coding style is also welcome!