{ "info": { "author": "Sam Washington", "author_email": "codegreen@aethris.net", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Natural Language :: English", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Topic :: Internet :: WWW/HTTP" ], "description": "requests-aws4auth\n=================\n\n.. image:: https://img.shields.io/pypi/v/requests-aws4auth.svg\n :target: https://pypi.python.org/pypi/requests-aws4auth\n\n.. image:: https://img.shields.io/pypi/l/requests-aws4auth.svg\n :target: https://pypi.python.org/pypi/requests-aws4auth\n\nAmazon Web Services version 4 authentication for the Python `Requests`_\nlibrary.\n\n.. _Requests: https://github.com/kennethreitz/requests\n\nFeatures\n--------\n* Requests authentication for all AWS services that support AWS auth v4\n* Independent signing key objects\n* Automatic regeneration of keys when scope date boundary is passed \n* Support for STS temporary credentials\n\nImplements header-based authentication, GET URL parameter and POST parameter\nauthentication are not supported.\n\nSupported Services\n------------------\nThis package has been tested as working against:\n\nAppStream, Auto-Scaling, CloudFormation, CloudFront, CloudHSM, CloudSearch,\nCloudTrail, CloudWatch Monitoring, CloudWatch Logs, CodeDeploy, Cognito\nIdentity, Cognito Sync, Config, DataPipeline, Direct Connect, DynamoDB, Elastic\nBeanstalk, ElastiCache, EC2, EC2 Container Service, Elastic Load Balancing,\nElastic MapReduce, ElasticSearch, Elastic Transcoder, Glacier, Identity and\nAccess Management (IAM), Key Management Service (KMS), Kinesis, Lambda,\nOpsworks, Redshift, Relational Database Service (RDS), Route 53, Simple Storage\nService (S3), Simple Notification Service (SNS), Simple Queue Service (SQS),\nStorage Gateway, Security Token Service (STS)\n\nThe following services do not support AWS auth version 4 and are not usable\nwith this package:\n\nSimple Email Service (SES), Simple Workflow Service (SWF), Import/Export,\nSimpleDB, DevPay, Mechanical Turk\n\nThe AWS Support API has not been tested as it requires a premium subscription.\n\nInstallation\n------------\nInstall via pip:\n\n.. code-block:: bash\n\n $ pip install requests-aws4auth\n\nrequests-aws4auth requires the `Requests`_ library by Kenneth Reitz.\n\nrequests-aws4auth is tested on Python 2.7 and 3.3 and up.\n\nBehaviour changes in 0.8\n------------------------\nVersion 0.8 introduces request date checking and automatic key regeneration\nbehaviour as default. This has implications for sharing authentication objects\nbetween threads, and for storage of secret keys. See the relevant sections\nbelow for details. See also the discussion in `GitHub issue #10`_.\n\n.. _GitHub issue #10: https://github.com/sam-washington/requests-aws4auth/issues/10\n\nBasic usage\n-----------\n.. code-block:: python\n\n >>> import requests\n >>> from requests_aws4auth import AWS4Auth\n >>> endpoint = 'http://s3-eu-west-1.amazonaws.com'\n >>> auth = AWS4Auth('', '', 'eu-west-1', 's3')\n >>> response = requests.get(endpoint, auth=auth)\n >>> response.text\n \n \n \n bcaf1ffd86f461ca5fb16fd081034f\n webfile\n ...\n\nThis example would list your buckets in the ``eu-west-1`` region of the Amazon\nS3 service.\n\nSTS Temporary Credentials\n-------------------------\n.. code-block:: python\n\n >>> from requests_aws4auth import AWS4Auth\n >>> auth = AWS4Auth('', '', 'eu-west-1', 's3',\n session_token='')\n ...\n\nThis example shows how to construct an AWS4Auth object for use with STS\ntemporary credentials. The ``x-amz-security-token`` header is added with\nthe session token. Temporary credential timeouts are not managed -- in\ncase the temporary credentials expire, they need to be re-generated and\nthe AWS4Auth object re-constructed with the new credentials.\n\nDate handling\n-------------\nIf an HTTP request to be authenticated contains a ``Date`` or ``X-Amz-Date``\nheader, AWS will only accept the authorised request if the date in the header\nmatches the scope date of the signing key (see the `AWS REST API date docs`_).\n\n.. _AWS REST API date docs: http://docs.aws.amazon.com/general/latest/gr/sigv4-date-handling.html).\n\nFrom version 0.8 of requests-aws4auth, if the header date does not match the\nscope date, an ``AWS4Auth`` instance will automatically regenerate its signing\nkey, using the same scope parameters as the previous key except for the date,\nwhich will be changed to match the request date. If a request does not include\na date, the current date is added to the request in an ``X-Amz-Date`` header,\nand the signing key is regenerated if this differs from the scope date.\n\nThis means that ``AWS4Auth`` now extracts and parses dates from the values of\n``X-Amz-Date`` and ``Date`` headers. Supported date formats are:\n\n* RFC 7231 (e.g. Mon, 09 Sep 2011 23:36:00 GMT)\n* RFC 850 (e.g. Sunday, 06-Nov-94 08:49:37 GMT)\n* C time (e.g. Wed Dec 4 00:00:00 2002)\n* Amz-Date format (e.g. 20090325T010101Z)\n* ISO 8601 / RFC 3339 (e.g. 2009-03-25T10:11:12.13-01:00)\n\nIf either header is present but ``AWS4Auth`` cannot extract a date because all\npresent date headers are in an unrecognisable format, ``AWS4Auth`` will delete\nany ``X-Amz-Date`` and ``Date`` headers present and replace with a single\n``X-Amz-Date`` header containing the current date. This behaviour can be\nmodified using the ``raise_invalid_date`` keyword argument of the ``AWS4Auth``\nconstructor.\n\nAutomatic key regeneration\n--------------------------\nIf you do not want the signing key to be automatically regenerated when a\nmismatch between the request date and the scope date is encountered, use the\nalternative ``StrictAWS4Auth`` class, which is identical to ``AWS4Auth`` except\nthat upon encountering a date mismatch it just raises a ``DateMismatchError``.\nYou can also use the ``PassiveAWS4Auth`` class, which mimics the ``AWS4Auth``\nbehaviour prior to version 0.8 and just signs and sends the request, whether\nthe date matches or not. In this case it is up to the calling code to handle an\nauthentication failure response from AWS caused by the date mismatch.\n\nSecret key storage\n------------------\nTo allow automatic key regeneration, the secret key is stored in the\n``AWS4Auth`` instance, in the signing key object. If you do not want this to\noccur, instantiate the instance using an ``AWS4Signing`` key which was created\nwith the store_secret_key parameter set to False:\n\n.. code-block:: python\n\n >>> sig_key = AWS4SigningKey(secret_key, region, service, date, False)\n >>> auth = StrictAWS4Auth(access_id, sig_key)\n\nThe ``AWS4Auth`` class will then raise a ``NoSecretKeyError`` when it attempts\nto regenerate its key. A slightly more conceptually elegant way to handle this\nis to use the alternative ``StrictAWS4Auth`` class, again instantiating it with\nan ``AWS4SigningKey`` instance created with ``store_secret_key = False``.\n\nMultithreading\n--------------\nIf you share ``AWS4Auth`` (or even ``StrictAWS4Auth``) instances between\nthreads you are likely to encounter problems. Because ``AWS4Auth`` instances\nmay unpredictably regenerate their signing key as part of signing a request,\nthreads using the same instance may find the key changed by another thread\nhalfway through the signing process, which may result in undefined behaviour.\n\nIt may be possible to rig up a workable instance sharing mechanism using\nlocking primitives and the ``StrictAWS4Auth`` class, however this poor author\ncan't think of a scenario which works safely yet doesn't suffer from at some\npoint blocking all threads for at least the duration of an HTTP request, which\ncould be several seconds. If several requests come in in close succession which\nall require key regenerations then the system could be forced into serial\noperation for quite a length of time.\n\nIn short, it's probably best to create a thread-local instance of ``AWS4Auth``\nfor each thread that needs to do authentication.\n\nAPI reference\n-------------\nSee the doctrings in ``aws4auth.py`` and ``aws4signingkey.py``.\n\nTesting\n-------\nA test suite is included in the test folder. \n\nThe package passes all tests in the AWS auth v4 `test_suite`_, and contains\ntests against the supported live services. See docstrings in \n``test/requests_aws4auth_test.py`` for details about running the tests.\n\nConnection parameters are included in the tests for the AWS Support API, should\nyou have access and want to try it. The documentation says it supports auth v4\nso it should work if you have a subscription. Do pass on your results!\n\n.. _test_suite: http://docs.aws.amazon.com/general/latest/gr/signature-v4-test-suite.html\n\nUnsupported AWS features / todo\n-------------------------------\n* Currently does not support Amazon S3 chunked uploads\n* Tests for new AWS services\n* Requires Requests library to be present even if only using AWS4SigningKey\n* Coherent documentation\n\n\nRelease History\n---------------\n\n0.9 (2016-02-07)\n++++++++++++++++\n\n**New features**\n\n- Support for STS temporary credentials. Thanks to https://github.com/magdalene\n\n**Tests**\n\n- Tests for the STS temporary credentials functionality\n- Fixed AWS4SigningKey.amz_date deprecation warning test\n- Elastic MapReduce live service test no longer using deprecated\n DescribeJobFlows action\n\n\n0.8 (2015-12-31)\n++++++++++++++++\n\nThis version introduces some behaviour changes designed to reduce the legwork\nneeded when a signing key goes out of date. This has implications for\nmultithreading and secret key storage. See the README for further details.\n\n**New features**\n\n- AWS4Auth class now checks request header date against signing key scope\n date, and automatically regenerates the signing key with the request\n date if they don't match\n- Added exceptions module with new exceptions: RequestsAWS4AuthException,\n DateMismatchError, NoSecretKeyError, DateFormatError\n- Added StrictAWS4Auth and PassiveAWS4Auth classes\n\n**AWS4Auth changes**\n\n- Added regenerate_signing_key() method, to allow regeneration of\n current signing key with parameter overrides\n- Added methods for checking and extracting dates from requests:\n get_request_date(), parse_date(), handle_date_mismatch()\n- __call__() now checks for a date header in the request and attempts\n to automatically regenerate the signing key with the request date if\n request date differs from the signing key date\n- Can now supply a date to the constructor\n- Changed default included sig headers to include 'Date' header if\n present\n\n**AWS4SigningKey changes**\n\n- Added new store_secret_key instantiation parameter which allows\n control of whether the secret key is stored in the instance\n- Deprecated the amz_date property in favour of just 'date'\n- Spelling typo fix in AWS4AuthSigningKey module docstring. Thanks\n to jhgorrell\n\n**Package changes**\n\n- Dropped support for Python 3.2. Now only supported on Python 2.7 and 3.3 and\n up, to match versions supported by Requests.\n\n**Tests**\n\n- Many new tests for the new functionality\n- Added tests for generating canonical path, including test for fix\n added in 0.7 for percent encoding of paths\n- Added tests for generating canonical querystrings\n\n\n0.7 (2015-11-02)\n++++++++++++++++\n\n**Bugfixes**\n\n- Fixed percent encoded characters in URL paths not being encoded again\n for signature generation, as is expected for all services except S3.\n This was causing authentication failures whenever these characters\n appeared in a URL. Thanks to ipartola and cristi23 for the report.\n\n- Two bugfixes for ElasticSearch, thanks to Matthew Thompson for both:\n * No longer setting body to b'' during signing if it's None\n * Now stripping port from URL netloc for signature generation\n\n**Modules**\n\n- Upgraded the included version of six.py to 1.10\n\n**Tests**\n\n- Fixed a couple of broken Unicode tests on Python 2\n\n- Added a couple more tests for encoding Unicode request bodies\n\n\n0.6 (2015-09-07)\n++++++++++++++++\n\n**Bugfixes**\n\n- Included HISTORY.rst in built package to fix pip source install failure.\n Thanks to Beirdo for the bug report.\n\n\n0.5 (2015-04-29)\n++++++++++++++++\n\n**Bugfixes**\n\n- Fixed bug when uploading to S3 with x-amz-acl header which caused\n authentication failure - headers used in signature are now: host,\n content-type and all x-amz-* headers (except for x-amz-client-context which\n breaks Mobile Analytics auth if included)\n\n**Docs**\n\n- Minor docstring and comment updates\n\n**License**\n\n- Changed content of LICENSE to vanilla MIT license", "description_content_type": null, "docs_url": null, "download_url": "https://github.com/sam-washington/requests-aws4auth/tarball/0.40", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/sam-washington/requests-aws4auth", "keywords": "requests authentication amazon web services aws s3 REST", "license": "MIT License", "maintainer": null, "maintainer_email": null, "name": "requests-aws4auth-redux", "package_url": "https://pypi.org/project/requests-aws4auth-redux/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/requests-aws4auth-redux/", "project_urls": { "Download": "https://github.com/sam-washington/requests-aws4auth/tarball/0.40", "Homepage": "https://github.com/sam-washington/requests-aws4auth" }, "release_url": "https://pypi.org/project/requests-aws4auth-redux/0.40/", "requires_dist": null, "requires_python": null, "summary": "AWS4 authentication for Requests", "version": "0.40" }, "last_serial": 2262466, "releases": { "0.20": [ { "comment_text": "", "digests": { "md5": "afd3881b36b2c7013e5a6c384a09e103", "sha256": "7760891150c99846fbb6addccda3cf346ddb34c62711e82e03f352d55768e6df" }, "downloads": -1, "filename": "requests-aws4auth-redux-0.20.tar.gz", "has_sig": false, "md5_digest": "afd3881b36b2c7013e5a6c384a09e103", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 40019, "upload_time": "2016-07-19T20:07:04", "url": "https://files.pythonhosted.org/packages/a6/84/12c31dc45b6ff669a7952478bc9ae24668d03fab824d1ebd031efa15d09c/requests-aws4auth-redux-0.20.tar.gz" } ], "0.30": [ { "comment_text": "", "digests": { "md5": "03f966d53941b174c121b02071edc87f", "sha256": "f55f1e7ac8a631da855fc9bb9175657e64e28ec8a1ef533363bb2acebb3b482a" }, "downloads": -1, "filename": "requests-aws4auth-redux-0.30.tar.gz", "has_sig": false, "md5_digest": "03f966d53941b174c121b02071edc87f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 40085, "upload_time": "2016-08-02T20:59:17", "url": "https://files.pythonhosted.org/packages/c4/51/8ba87b31ce3c2654b101fa88a1e06da6c386ae4e9915e19b56db7e4de3ce/requests-aws4auth-redux-0.30.tar.gz" } ], "0.40": [ { "comment_text": "", "digests": { "md5": "8a340669c6719083dbe72284f45225d4", "sha256": "434e202f5921ef90bf73a59e3a0d6e500328ccaef2517376ceb06f9f1f83338a" }, "downloads": -1, "filename": "requests-aws4auth-redux-0.40.tar.gz", "has_sig": false, "md5_digest": "8a340669c6719083dbe72284f45225d4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 40005, "upload_time": "2016-08-04T17:51:03", "url": "https://files.pythonhosted.org/packages/cf/42/f6d5adf4464cbd8e92c9ad39aef90172806f5d55aadc7ac67b790d86e396/requests-aws4auth-redux-0.40.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "8a340669c6719083dbe72284f45225d4", "sha256": "434e202f5921ef90bf73a59e3a0d6e500328ccaef2517376ceb06f9f1f83338a" }, "downloads": -1, "filename": "requests-aws4auth-redux-0.40.tar.gz", "has_sig": false, "md5_digest": "8a340669c6719083dbe72284f45225d4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 40005, "upload_time": "2016-08-04T17:51:03", "url": "https://files.pythonhosted.org/packages/cf/42/f6d5adf4464cbd8e92c9ad39aef90172806f5d55aadc7ac67b790d86e396/requests-aws4auth-redux-0.40.tar.gz" } ] }