Skip to content

Implement opt-in unsigned requests for clients. #448

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
danielgtaylor merged 3 commits into from
Feb 5, 2015
Merged

Implement opt-in unsigned requests for clients. #448

danielgtaylor merged 3 commits into from
Feb 5, 2015

Conversation

@danielgtaylor
Copy link
Contributor

@danielgtaylor danielgtaylor commented Feb 3, 2015

This change makes it possible to override the signature version at client
creation time using a parameter. It also introduces the concept of an
advanced configuration object for clients:

import botocore
from botocore.client import Config

config = Config(signature_version=botocore.UNSIGNED)
s3 = session.create_client('s3', config=config)

This does not move any existing parameters into the advanced
configuration object, and thus is not yet a breaking change. It
does include the following:

  • Adds botocore.UNSIGNED as a sentinel to disable signing
  • Updates botocore.handlers.disable_signing to use botocore.UNSIGNED
  • Adds a botocore.client.Config object to store signature version
  • Modifies client creation to use this new config
  • Updated / new unit tests

cc @jamesls @kyleknap

@danielgtaylor
Implement opt-in unsigned requests for clients.
50e044d 
This change makes it possible to override the signature version at client
creation time using a parameter. It also introduces the concept of an
advanced configuration object for clients:

```python
import botocore
from botocore.client import Config

config = Config(signature_version=botocore.UNSIGNED)
s3 = session.create_client('s3', config=config)
```

This does **not** move any existing parameters into the advanced
configuration object, and thus is not yet a breaking change. It
does include the following:

* Adds `botocore.UNSIGNED` as a sentinel to disable signing
* Updates `botocore.handlers.disable_signing` to use `botocore.UNSIGNED`
* Adds a `botocore.client.Config` object to store signature version
* Modifies client creation to use this new config
* Updated / new unit tests
@danielgtaylor danielgtaylor self-assigned this Feb 3, 2015
@coveralls
Copy link

coveralls commented Feb 3, 2015

Coverage Status

Coverage remained the same at 94.22% when pulling 50e044d on anon-clients into a61109f on develop.

jamesls
jamesls reviewed Feb 3, 2015
View reviewed changes
tests/unit/test_session.py Outdated
Copy link
Member

@jamesls jamesls Feb 3, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've discussed in the past not mocking value objects. Let's just use the actual Config object here.

@coveralls
Copy link

coveralls commented Feb 4, 2015

Coverage Status

Coverage remained the same at 94.22% when pulling ac0df2d on anon-clients into a61109f on develop.

@danielgtaylor
Copy link
Contributor Author

danielgtaylor commented Feb 4, 2015

@jamesls @kyleknap please have another look 👍

kyleknap
kyleknap reviewed Feb 4, 2015
View reviewed changes
botocore/signers.py
Copy link
Contributor

@kyleknap kyleknap Feb 4, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this affect the CLI? We set the endpoint's signature version to None. You can check real quick by running this test: https://github.com/aws/aws-cli/blob/develop/tests/integration/customizations/s3/test_plugin.py#L1594

Copy link
Member

@jamesls jamesls Feb 5, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given it's now a sentinel, we should be using identity checks instead of equality check (signature_version is not botocore.UNSIGNED)

@kyleknap
Copy link
Contributor

kyleknap commented Feb 4, 2015

This looks good to me. 🚢 If the integration test that I pointed out does fail, a subsequent pull request will have to be made to change None to UNSIGNED when using the --no-sign-request option.

@danielgtaylor danielgtaylor mentioned this pull request Feb 5, 2015
Merged
@danielgtaylor
Copy link
Contributor Author

danielgtaylor commented Feb 5, 2015

@kyleknap good call. I've created an associated pull request with the CLI for this. After it's been reviewed I'll merge in both.

jamesls
jamesls reviewed Feb 5, 2015
View reviewed changes
tests/unit/test_signers.py Outdated
Copy link
Member

@jamesls jamesls Feb 5, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment is no longer accurate.

@jamesls
Copy link
Member

jamesls commented Feb 5, 2015

Looks good, just a couple small things. :shipit:

danielgtaylor added a commit that referenced this pull request Feb 5, 2015
@danielgtaylor
Merge pull request #448 from boto/anon-clients
8192ecf 
Implement opt-in unsigned requests for clients.
@danielgtaylor danielgtaylor merged commit 8192ecf into develop Feb 5, 2015
@danielgtaylor danielgtaylor deleted the anon-clients branch February 5, 2015 23:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@danielgtaylor danielgtaylor

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@danielgtaylor @coveralls @kyleknap @jamesls