Added boto/ to depot_tools/third_party

third_party/boto/provider.py

+# Copyright (c) 2010 Mitch Garnaat http://garnaat.org/
+# Copyright 2010 Google Inc.
+# Copyright (c) 2010, Eucalyptus Systems, Inc.
+# Copyright (c) 2011, Nexenta Systems Inc.
+# All rights reserved.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish, dis-
+# tribute, sublicense, and/or sell copies of the Software, and to permit
+# persons to whom the Software is furnished to do so, subject to the fol-
+# lowing conditions:
+#
+# The above copyright notice and this permission notice shall be included
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL-
+# ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+# SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+"""
+This class encapsulates the provider-specific header differences.
+"""
+
+import os
+from datetime import datetime
+
+import boto
+from boto import config
+from boto.gs.acl import ACL
+from boto.gs.acl import CannedACLStrings as CannedGSACLStrings
+from boto.s3.acl import CannedACLStrings as CannedS3ACLStrings
+from boto.s3.acl import Policy
+
+
+HEADER_PREFIX_KEY = 'header_prefix'
+METADATA_PREFIX_KEY = 'metadata_prefix'
+
+AWS_HEADER_PREFIX = 'x-amz-'
+GOOG_HEADER_PREFIX = 'x-goog-'
+
+ACL_HEADER_KEY = 'acl-header'
+AUTH_HEADER_KEY = 'auth-header'
+COPY_SOURCE_HEADER_KEY = 'copy-source-header'
+COPY_SOURCE_VERSION_ID_HEADER_KEY = 'copy-source-version-id-header'
+COPY_SOURCE_RANGE_HEADER_KEY = 'copy-source-range-header'
+DELETE_MARKER_HEADER_KEY = 'delete-marker-header'
+DATE_HEADER_KEY = 'date-header'
+METADATA_DIRECTIVE_HEADER_KEY = 'metadata-directive-header'
+RESUMABLE_UPLOAD_HEADER_KEY = 'resumable-upload-header'
+SECURITY_TOKEN_HEADER_KEY = 'security-token-header'
+STORAGE_CLASS_HEADER_KEY = 'storage-class'
+MFA_HEADER_KEY = 'mfa-header'
+SERVER_SIDE_ENCRYPTION_KEY = 'server-side-encryption-header'
+VERSION_ID_HEADER_KEY = 'version-id-header'
+
+STORAGE_COPY_ERROR = 'StorageCopyError'
+STORAGE_CREATE_ERROR = 'StorageCreateError'
+STORAGE_DATA_ERROR = 'StorageDataError'
+STORAGE_PERMISSIONS_ERROR = 'StoragePermissionsError'
+STORAGE_RESPONSE_ERROR = 'StorageResponseError'
+
+
+class Provider(object):
+
+    CredentialMap = {
+        'aws':    ('aws_access_key_id', 'aws_secret_access_key'),
+        'google': ('gs_access_key_id',  'gs_secret_access_key'),
+    }
+
+    AclClassMap = {
+        'aws':    Policy,
+        'google': ACL
+    }
+
+    CannedAclsMap = {
+        'aws':    CannedS3ACLStrings,
+        'google': CannedGSACLStrings
+    }
+
+    HostKeyMap = {
+        'aws':    's3',
+        'google': 'gs'
+    }
+
+    ChunkedTransferSupport = {
+        'aws':    False,
+        'google': True
+    }
+
+    MetadataServiceSupport = {
+        'aws': True,
+        'google': False
+    }
+
+    # If you update this map please make sure to put "None" for the
+    # right-hand-side for any headers that don't apply to a provider, rather
+    # than simply leaving that header out (which would cause KeyErrors).
+    HeaderInfoMap = {
+        'aws': {
+            HEADER_PREFIX_KEY: AWS_HEADER_PREFIX,
+            METADATA_PREFIX_KEY: AWS_HEADER_PREFIX + 'meta-',
+            ACL_HEADER_KEY: AWS_HEADER_PREFIX + 'acl',
+            AUTH_HEADER_KEY: 'AWS',
+            COPY_SOURCE_HEADER_KEY: AWS_HEADER_PREFIX + 'copy-source',
+            COPY_SOURCE_VERSION_ID_HEADER_KEY: AWS_HEADER_PREFIX +
+                                                'copy-source-version-id',
+            COPY_SOURCE_RANGE_HEADER_KEY: AWS_HEADER_PREFIX +
+                                           'copy-source-range',
+            DATE_HEADER_KEY: AWS_HEADER_PREFIX + 'date',
+            DELETE_MARKER_HEADER_KEY: AWS_HEADER_PREFIX + 'delete-marker',
+            METADATA_DIRECTIVE_HEADER_KEY: AWS_HEADER_PREFIX +
+                                            'metadata-directive',
+            RESUMABLE_UPLOAD_HEADER_KEY: None,
+            SECURITY_TOKEN_HEADER_KEY: AWS_HEADER_PREFIX + 'security-token',
+            SERVER_SIDE_ENCRYPTION_KEY: AWS_HEADER_PREFIX + 'server-side-encryption',
+            VERSION_ID_HEADER_KEY: AWS_HEADER_PREFIX + 'version-id',
+            STORAGE_CLASS_HEADER_KEY: AWS_HEADER_PREFIX + 'storage-class',
+            MFA_HEADER_KEY: AWS_HEADER_PREFIX + 'mfa',
+        },
+        'google': {
+            HEADER_PREFIX_KEY: GOOG_HEADER_PREFIX,
+            METADATA_PREFIX_KEY: GOOG_HEADER_PREFIX + 'meta-',
+            ACL_HEADER_KEY: GOOG_HEADER_PREFIX + 'acl',
+            AUTH_HEADER_KEY: 'GOOG1',
+            COPY_SOURCE_HEADER_KEY: GOOG_HEADER_PREFIX + 'copy-source',
+            COPY_SOURCE_VERSION_ID_HEADER_KEY: GOOG_HEADER_PREFIX +
+                                                'copy-source-version-id',
+            COPY_SOURCE_RANGE_HEADER_KEY: None,
+            DATE_HEADER_KEY: GOOG_HEADER_PREFIX + 'date',
+            DELETE_MARKER_HEADER_KEY: GOOG_HEADER_PREFIX + 'delete-marker',
+            METADATA_DIRECTIVE_HEADER_KEY: GOOG_HEADER_PREFIX  +
+                                            'metadata-directive',
+            RESUMABLE_UPLOAD_HEADER_KEY: GOOG_HEADER_PREFIX + 'resumable',
+            SECURITY_TOKEN_HEADER_KEY: GOOG_HEADER_PREFIX + 'security-token',
+            SERVER_SIDE_ENCRYPTION_KEY: None,
+            # Note that this version header is not to be confused with
+            # the Google Cloud Storage 'x-goog-api-version' header.
+            VERSION_ID_HEADER_KEY: GOOG_HEADER_PREFIX + 'version-id',
+            STORAGE_CLASS_HEADER_KEY: None,
+            MFA_HEADER_KEY: None,
+        }
+    }
+
+    ErrorMap = {
+        'aws': {
+            STORAGE_COPY_ERROR: boto.exception.S3CopyError,
+            STORAGE_CREATE_ERROR: boto.exception.S3CreateError,
+            STORAGE_DATA_ERROR: boto.exception.S3DataError,
+            STORAGE_PERMISSIONS_ERROR: boto.exception.S3PermissionsError,
+            STORAGE_RESPONSE_ERROR: boto.exception.S3ResponseError,
+        },
+        'google': {
+            STORAGE_COPY_ERROR: boto.exception.GSCopyError,
+            STORAGE_CREATE_ERROR: boto.exception.GSCreateError,
+            STORAGE_DATA_ERROR: boto.exception.GSDataError,
+            STORAGE_PERMISSIONS_ERROR: boto.exception.GSPermissionsError,
+            STORAGE_RESPONSE_ERROR: boto.exception.GSResponseError,
+        }
+    }
+
+    def __init__(self, name, access_key=None, secret_key=None,
+                 security_token=None):
+        self.host = None
+        self.access_key = access_key
+        self.secret_key = secret_key
+        self.security_token = security_token
+        self.name = name
+        self.acl_class = self.AclClassMap[self.name]
+        self.canned_acls = self.CannedAclsMap[self.name]
+        self._credential_expiry_time = None
+        self.get_credentials(access_key, secret_key)
+        self.configure_headers()
+        self.configure_errors()
+        # allow config file to override default host
+        host_opt_name = '%s_host' % self.HostKeyMap[self.name]
+        if config.has_option('Credentials', host_opt_name):
+            self.host = config.get('Credentials', host_opt_name)
+
+    def get_access_key(self):
+        if self._credentials_need_refresh():
+            self._populate_keys_from_metadata_server()
+        return self._access_key
+
+    def set_access_key(self, value):
+        self._access_key = value
+
+    access_key = property(get_access_key, set_access_key)
+
+    def get_secret_key(self):
+        if self._credentials_need_refresh():
+            self._populate_keys_from_metadata_server()
+        return self._secret_key
+
+    def set_secret_key(self, value):
+        self._secret_key = value
+
+    secret_key = property(get_secret_key, set_secret_key)
+
+    def get_security_token(self):
+        if self._credentials_need_refresh():
+            self._populate_keys_from_metadata_server()
+        return self._security_token
+
+    def set_security_token(self, value):
+        self._security_token = value
+
+    security_token = property(get_security_token, set_security_token)
+
+    def _credentials_need_refresh(self):
+        if self._credential_expiry_time is None:
+            return False
+        else:
+            # The credentials should be refreshed if they're going to expire
+            # in less than 5 minutes.
+            delta = self._credential_expiry_time - datetime.utcnow()
+            # python2.6 does not have timedelta.total_seconds() so we have
+            # to calculate this ourselves.  This is straight from the
+            # datetime docs.
+            seconds_left = (
+                (delta.microseconds + (delta.seconds + delta.days * 24 * 3600)
+                 * 10**6) / 10**6)
+            if seconds_left < (5 * 60):
+                boto.log.debug("Credentials need to be refreshed.")
+                return True
+            else:
+                return False
+
+    def get_credentials(self, access_key=None, secret_key=None):
+        access_key_name, secret_key_name = self.CredentialMap[self.name]
+        if access_key is not None:
+            self.access_key = access_key
+            boto.log.debug("Using access key provided by client.")
+        elif access_key_name.upper() in os.environ:
+            self.access_key = os.environ[access_key_name.upper()]
+            boto.log.debug("Using access key found in environment variable.")
+        elif config.has_option('Credentials', access_key_name):
+            self.access_key = config.get('Credentials', access_key_name)
+            boto.log.debug("Using access key found in config file.")
+
+        if secret_key is not None:
+            self.secret_key = secret_key
+            boto.log.debug("Using secret key provided by client.")
+        elif secret_key_name.upper() in os.environ:
+            self.secret_key = os.environ[secret_key_name.upper()]
+            boto.log.debug("Using secret key found in environment variable.")
+        elif config.has_option('Credentials', secret_key_name):
+            self.secret_key = config.get('Credentials', secret_key_name)
+            boto.log.debug("Using secret key found in config file.")
+        elif config.has_option('Credentials', 'keyring'):
+            keyring_name = config.get('Credentials', 'keyring')
+            try:
+                import keyring
+            except ImportError:
+                boto.log.error("The keyring module could not be imported. "
+                               "For keyring support, install the keyring "
+                               "module.")
+                raise
+            self.secret_key = keyring.get_password(
+                keyring_name, self.access_key)
+            boto.log.debug("Using secret key found in keyring.")
+
+        if ((self._access_key is None or self._secret_key is None) and
+                self.MetadataServiceSupport[self.name]):
+            self._populate_keys_from_metadata_server()
+        self._secret_key = self._convert_key_to_str(self._secret_key)
+
+    def _populate_keys_from_metadata_server(self):
+        # get_instance_metadata is imported here because of a circular
+        # dependency.
+        boto.log.debug("Retrieving credentials from metadata server.")
+        from boto.utils import get_instance_metadata
+        timeout = config.getfloat('Boto', 'metadata_service_timeout', 1.0)
+        metadata = get_instance_metadata(timeout=timeout, num_retries=1)
+        # I'm assuming there's only one role on the instance profile.
+        if metadata and 'iam' in metadata:
+            security = metadata['iam']['security-credentials'].values()[0]
+            self._access_key = security['AccessKeyId']
+            self._secret_key = self._convert_key_to_str(security['SecretAccessKey'])
+            self._security_token = security['Token']
+            expires_at = security['Expiration']
+            self._credential_expiry_time = datetime.strptime(
+                expires_at, "%Y-%m-%dT%H:%M:%SZ")
+            boto.log.debug("Retrieved credentials will expire in %s at: %s",
+                           self._credential_expiry_time - datetime.now(), expires_at)
+
+    def _convert_key_to_str(self, key):
+        if isinstance(key, unicode):
+            # the secret key must be bytes and not unicode to work
+            #  properly with hmac.new (see http://bugs.python.org/issue5285)
+            return str(key)
+        return key
+
+    def configure_headers(self):
+        header_info_map = self.HeaderInfoMap[self.name]
+        self.metadata_prefix = header_info_map[METADATA_PREFIX_KEY]
+        self.header_prefix = header_info_map[HEADER_PREFIX_KEY]
+        self.acl_header = header_info_map[ACL_HEADER_KEY]
+        self.auth_header = header_info_map[AUTH_HEADER_KEY]
+        self.copy_source_header = header_info_map[COPY_SOURCE_HEADER_KEY]
+        self.copy_source_version_id = header_info_map[
+            COPY_SOURCE_VERSION_ID_HEADER_KEY]
+        self.copy_source_range_header = header_info_map[
+            COPY_SOURCE_RANGE_HEADER_KEY]
+        self.date_header = header_info_map[DATE_HEADER_KEY]
+        self.delete_marker = header_info_map[DELETE_MARKER_HEADER_KEY]
+        self.metadata_directive_header = (
+            header_info_map[METADATA_DIRECTIVE_HEADER_KEY])
+        self.security_token_header = header_info_map[SECURITY_TOKEN_HEADER_KEY]
+        self.resumable_upload_header = (
+            header_info_map[RESUMABLE_UPLOAD_HEADER_KEY])
+        self.server_side_encryption_header = header_info_map[SERVER_SIDE_ENCRYPTION_KEY]
+        self.storage_class_header = header_info_map[STORAGE_CLASS_HEADER_KEY]
+        self.version_id = header_info_map[VERSION_ID_HEADER_KEY]
+        self.mfa_header = header_info_map[MFA_HEADER_KEY]
+
+    def configure_errors(self):
+        error_map = self.ErrorMap[self.name]
+        self.storage_copy_error = error_map[STORAGE_COPY_ERROR]
+        self.storage_create_error = error_map[STORAGE_CREATE_ERROR]
+        self.storage_data_error = error_map[STORAGE_DATA_ERROR]
+        self.storage_permissions_error = error_map[STORAGE_PERMISSIONS_ERROR]
+        self.storage_response_error = error_map[STORAGE_RESPONSE_ERROR]
+
+    def get_provider_name(self):
+        return self.HostKeyMap[self.name]
+
+    def supports_chunked_transfer(self):
+        return self.ChunkedTransferSupport[self.name]
+
+# Static utility method for getting default Provider.
+def get_default():
+    return Provider('aws')