requests-aws4auth


Namerequests-aws4auth JSON
Version 1.3.1 PyPI version JSON
download
home_pagehttps://github.com/tedder/requests-aws4auth
SummaryAWS4 authentication for Requests
upload_time2024-07-21 21:29:15
maintainerNone
docs_urlNone
authorTed Timmons
requires_python>=3.7
licenseMIT License
keywords requests authentication amazon web services aws s3 rest
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            [![image](https://img.shields.io/pypi/v/requests-aws4auth.svg)](https://pypi.python.org/pypi/requests-aws4auth)
[![image](https://img.shields.io/pypi/l/requests-aws4auth.svg)](https://pypi.python.org/pypi/requests-aws4auth)

Amazon Web Services version 4 authentication for the Python [Requests](https://github.com/kennethreitz/requests) library.

Features
========

-   Requests authentication for all AWS services that support AWS auth v4
-   Independent signing key objects
-   Automatic regeneration of keys when scope date boundary is passed
-   Support for STS temporary credentials

Implements header-based authentication, GET URL parameter and POST
parameter authentication are not supported.

Supported Services
==================

This package has been tested as working against:

AppStream, AppSync, Auto-Scaling, CloudFormation, CloudFront, CloudHSM,
CloudSearch, CloudTrail, CloudWatch Monitoring, CloudWatch Logs,
CodeDeploy, Cognito Identity, Cognito Sync, Config, DataPipeline, Direct
Connect, DynamoDB, Elastic Beanstalk, ElastiCache, EC2, EC2 Container
Service, Elastic Load Balancing, Elastic MapReduce, ElasticSearch,
Elastic Transcoder, Glacier, Identity and Access Management (IAM), Key
Management Service (KMS), Kinesis, Lambda, Opsworks, Redshift,
Relational Database Service (RDS), Route 53, Simple Storage Service
(S3), Simple Notification Service (SNS), Simple Queue Service (SQS),
Storage Gateway, Security Token Service (STS)

The following services do not support AWS auth version 4 and are not
usable with this package:

Simple Email Service (SES), Simple Workflow Service (SWF),
Import/Export, SimpleDB, DevPay, Mechanical Turk

The AWS Support API has not been tested as it requires a premium
subscription.

Python versions
========
In the 1.x semantic versions, the minimum python support will be gradually raised:

* 1.0.x: Support python2.7 and python3.3+.
* 1.1.x: python2.7 is not supported, is best-effort. Support python3.3+.
* 1.2.x: [Requires-Python](https://packaging.python.org/guides/dropping-older-python-versions/#specify-the-version-ranges-for-supported-python-distributions) will be set to python3.3+, explicitly removing earlier versions. python<3.7 is not supported, is best-effort.
* 1.3.x: [Requires-Python](https://packaging.python.org/guides/dropping-older-python-versions/#specify-the-version-ranges-for-supported-python-distributions) will be set to python3.7+, explicitly removing earlier versions. (best-effort is TBD)

Installation
============

Install via pip:

``` {.sourceCode .bash}
$ pip install requests-aws4auth
```

requests-aws4auth requires the
[Requests](https://github.com/kennethreitz/requests) library by Kenneth
Reitz.

requests-aws4auth is tested on Python 2.7 and 3.5 and up.

Behaviour changes in 0.8
========================

Version 0.8 introduces request date checking and automatic key
regeneration behaviour as default. This has implications for sharing
authentication objects between threads, and for storage of secret keys.
See the relevant sections below for details. See also the discussion in
[GitHub issue
\#10](https://github.com/sam-washington/requests-aws4auth/issues/10).

Basic usage
===========

``` {.sourceCode .python}
>>> import requests
>>> from requests_aws4auth import AWS4Auth
>>> endpoint = 'http://s3-eu-west-1.amazonaws.com'
>>> auth = AWS4Auth('<ACCESS ID>', '<ACCESS KEY>', 'eu-west-1', 's3')
>>> response = requests.get(endpoint, auth=auth)
>>> response.text
<?xml version="1.0" encoding="UTF-8"?>
    <ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01">
        <Owner>
        <ID>bcaf1ffd86f461ca5fb16fd081034f</ID>
        <DisplayName>webfile</DisplayName>
        ...
```

This example would list your buckets in the `eu-west-1` region of the
Amazon S3 service.

STS Temporary Credentials
=========================

``` {.sourceCode .python}
>>> from requests_aws4auth import AWS4Auth
>>> auth = AWS4Auth('<ACCESS ID>', '<ACCESS KEY>', 'eu-west-1', 's3',
                    session_token='<SESSION TOKEN>')
...
```

This example shows how to construct an AWS4Auth object for use with STS
temporary credentials. The `x-amz-security-token` header is added with
the session token. Temporary credential timeouts are not managed \-- in
case the temporary credentials expire, they need to be re-generated and
the AWS4Auth object re-constructed with the new credentials.

Dynamic STS Credentials using botocore RefreshableCredentials
=============================================================

``` {.sourceCode .python}
>>> from requests_aws4auth import AWS4Auth
>>> from botocore.session import Session
>>> credentials = Session().get_credentials()
>>> auth = AWS4Auth(region='eu-west-1', service='es',
                    refreshable_credentials=credentials)
...
```

This example shows how to construct an AWS4Auth instance with
automatically refreshing credentials, suitable for long-running
applications using AWS IAM assume-role.
The RefreshableCredentials instance is used to generate valid static
credentials per-request, eliminating the need to recreate the AWS4Auth
instance when temporary credentials expire.

Date handling
=============

If an HTTP request to be authenticated contains a `Date` or `X-Amz-Date`
header, AWS will only accept the authorised request if the date in the
header matches the scope date of the signing key (see the [AWS REST API date
docs](http://docs.aws.amazon.com/general/latest/gr/sigv4-date-handling.html).)).

From version 0.8 of requests-aws4auth, if the header date does not match
the scope date, an `AWS4Auth` instance will automatically regenerate its
signing key, using the same scope parameters as the previous key except
for the date, which will be changed to match the request date. If a
request does not include a date, the current date is added to the
request in an `X-Amz-Date` header, and the signing key is regenerated if
this differs from the scope date.

This means that `AWS4Auth` now extracts and parses dates from the values
of `X-Amz-Date` and `Date` headers. Supported date formats are:

-   RFC 7231 (e.g. Mon, 09 Sep 2011 23:36:00 GMT)
-   RFC 850 (e.g. Sunday, 06-Nov-94 08:49:37 GMT)
-   C time (e.g. Wed Dec 4 00:00:00 2002)
-   Amz-Date format (e.g. 20090325T010101Z)
-   ISO 8601 / RFC 3339 (e.g. 2009-03-25T10:11:12.13-01:00)

If either header is present but `AWS4Auth` cannot extract a date because
all present date headers are in an unrecognisable format, `AWS4Auth`
will delete any `X-Amz-Date` and `Date` headers present and replace with
a single `X-Amz-Date` header containing the current date. This behaviour
can be modified using the `raise_invalid_date` keyword argument of the
`AWS4Auth` constructor.

Automatic key regeneration
==========================

If you do not want the signing key to be automatically regenerated when
a mismatch between the request date and the scope date is encountered,
use the alternative `StrictAWS4Auth` class, which is identical to
`AWS4Auth` except that upon encountering a date mismatch it just raises
a `DateMismatchError`. You can also use the `PassiveAWS4Auth` class,
which mimics the `AWS4Auth` behaviour prior to version 0.8 and just
signs and sends the request, whether the date matches or not. In this
case it is up to the calling code to handle an authentication failure
response from AWS caused by the date mismatch.

Secret key storage
==================

To allow automatic key regeneration, the secret key is stored in the
`AWS4Auth` instance, in the signing key object. If you do not want this
to occur, instantiate the instance using an `AWS4Signing` key which was
created with the `store_secret_key` parameter set to False:

``` {.sourceCode .python}
>>> sig_key = AWS4SigningKey(secret_key, region, service, date, False)
>>> auth = StrictAWS4Auth(access_id, sig_key)
```

The `AWS4Auth` class will then raise a `NoSecretKeyError` when it
attempts to regenerate its key. A slightly more conceptually elegant way
to handle this is to use the alternative `StrictAWS4Auth` class, again
instantiating it with an `AWS4SigningKey` instance created with
`store_secret_key = False`.

Multithreading
==============

If you share `AWS4Auth` (or even `StrictAWS4Auth`) instances between
threads you are likely to encounter problems. Because `AWS4Auth`
instances may unpredictably regenerate their signing key as part of
signing a request, threads using the same instance may find the key
changed by another thread halfway through the signing process, which may
result in undefined behaviour.

It may be possible to rig up a workable instance sharing mechanism using
locking primitives and the `StrictAWS4Auth` class, however this poor
author can\'t think of a scenario which works safely yet doesn\'t suffer
from at some point blocking all threads for at least the duration of an
HTTP request, which could be several seconds. If several requests come
in in close succession which all require key regenerations then the
system could be forced into serial operation for quite a length of time.

In short, it\'s probably best to create a thread-local instance of
`AWS4Auth` for each thread that needs to do authentication.

API reference
=============

See the doctrings in `aws4auth.py` and `aws4signingkey.py`.

Testing
=======

A test suite is included in the test folder.

The package passes all tests in the AWS auth v4
[test_suite](http://docs.aws.amazon.com/general/latest/gr/signature-v4-test-suite.html),
and contains tests against the supported live services. See docstrings
in `test/requests_aws4auth_test.py` for details about running the tests.

Connection parameters are included in the tests for the AWS Support API,
should you have access and want to try it. The documentation says it
supports auth v4 so it should work if you have a subscription. Do pass
on your results!

Unsupported AWS features / todo
===============================

-   Currently does not support Amazon S3 chunked uploads
-   Tests for new AWS services
-   Requires Requests library to be present even if only using
    AWS4SigningKey
-   Coherent documentation

Version release notes
=====================

- update `HISTORY.md`
- update `requests_aws4auth/__init__.py`
- create a [release](https://github.com/tedder/requests-aws4auth/releases) on github

docker env:
```
docker run -v `pwd`:/opt/app/ -v ~/.pypirc:/root/.pypirc  -it python:3.12 /bin/bash
```

prep:
```
python3 -m pip install --user --upgrade setuptools wheel testresources twine
```

build and release, creds in `~/.pypirc`:
```
rm -f dist/*; \
python3 setup.py sdist bdist_wheel && \
python3 -m twine upload --repository testpypi dist/* && \
python3 -m twine upload --repository pypi dist/*
```



1.3.1 (2024-07-21)
=========

**Changes**

- explicitly set python requirement to 3.7.

1.3.0 (2024-07-21)
=========

**Changes**

- test against 3.12. Currently supporting 3.8-3.12.
- add nonstandard port test, #68. Thanks @phillipberndt.
- remove `six` and support for any python before 3.7, #73. Thanks @hugovk.

1.2.3 (2023-05-03)
=========

**Changes**

- Add manifest file so tarball installs succeed, #66. Thanks @jantman.

1.2.2 (2023-02-02)
=========

**Bugfixes**

- The 1.2.0/1.2.1 releases had a regression error. The fix of #63 has been reverted.

1.2.1 (2023-01-25)
=========

**Bugfixes**

- Actually fix #34. Build 1.2.0 was not fully released.


1.2.0 (2023-01-20)
=========

**Bugfixes**

- Fix #34, port numbers on header, with #63. Thanks @phillipberndt.

**Changes**

- test against 3.10. Currently supporting 3.8-3.10.
- small fixup to flake8 config

1.1.2 (2022-03-24)
=========

**Changes**

- don't install markdown files, and especially not outside of our lib dir, see #51. Thanks @benjaminp.
- prevent unquoting of query string reserved characters, see #60. Thanks @mliarakos.
- Add support for files as request body, see see #58. Thanks @USSRLivesOn.
- remove deprecated python 2.7 and python 3.5. Currently testing against 3.8 and 3.9.
- renamed main branch to 'main'


1.1.1 (2021-06-04)
=========

**Bugfixes**

- secondary fix to query string ordering, documented in #49. It would fail with multiple values for the same key. Thanks @martinamps.
- fix minor deprecation warning in a regex.

**Package changes**

- none

**Tests**

- Added tests for #49 secondary fix for string ordering.



1.1.0 (2021-05-21)
=========

**New features**

- query string ordering has been fixed. Documented in #21, fixed in #23. Thanks @zen4ever.
- test for spaces before calling shlex on them in `amz_norm_whitespace`. shlex doesn't like to split whitespace on a string without whitespace, taking several orders of magnitude longer to parse through it. #35, thanks @noamkush.
- added `refreshable_credentials`, see #37, thanks @teemuy.

**Package changes**

- Removed python2.7 support. Usage of py2.7 is not supported. `Requires-Python` will be set to py3.3+ in the next minor release.

**Tests**

- none


1.0.1 (2020-09-28)
=========

**New features**

- none

**Package changes**

- bump to proper X.Y.Z semver syntax
- bump project to stable (#33)

**Tests**

- none

1.0 (2020-06-06)
=========

**New features**

- none!

**Package changes**

- add flake8 config
- convert docs to markdown
- Removed bundled six.py.
- Taken over ownership via [PEP451](https://www.python.org/dev/peps/pep-0541/#continue-maintenance); [pypi issue here](https://github.com/pypa/pypi-support/issues/393), [successfully contacted Sam](https://github.com/sam-washington/requests-aws4auth/issues/40).

**Tests**

- remove sys path hacking from tests.
- Ensure they work now.
- Github Actions are in place for continuous integration.
- Allow longer flake8 line length in tests.

0.9 (2016-02-07)
================

**New features**

-   Support for STS temporary credentials. Thanks to
    <https://github.com/magdalene>

**Tests**

-   Tests for the STS temporary credentials functionality
-   Fixed `AWS4SigningKey.amz_date` deprecation warning test
-   Elastic MapReduce live service test no longer using deprecated DescribeJobFlows action

0.8 (2015-12-31)
================

This version introduces some behaviour changes designed to reduce the legwork needed when a signing key goes out of date. This has implications for multithreading and secret key storage. See the README for further details.

**New features**

-   AWS4Auth class now checks request header date against signing key
    scope date, and automatically regenerates the signing key with the
    request date if they don't match
-   Added exceptions module with new exceptions:
    RequestsAWS4AuthException, DateMismatchError, NoSecretKeyError, DateFormatError
-   Added StrictAWS4Auth and PassiveAWS4Auth classes

**AWS4Auth changes**

-   Added `regenerate_signing_key()` method, to allow regeneration of
    current signing key with parameter overrides
-   Added methods for checking and extracting dates from requests:
    `get_request_date()`, `parse_date()`, `handle_date_mismatch()`
-   `__call__()` now checks for a date header in the request and
    attempts to automatically regenerate the signing key with the
    request date if request date differs from the signing key date
-   Can now supply a date to the constructor
-   Changed default included sig headers to include `Date` header if
    present

**AWS4SigningKey changes**

-   Added new `store_secret_key` instantiation parameter which allows
    control of whether the secret key is stored in the instance
-   Deprecated the `amz_date` property in favour of just `date`
-   Spelling typo fix in AWS4AuthSigningKey module docstring. Thanks to jhgorrell

**Package changes**

-   Dropped support for Python 3.2. Now only supported on Python 2.7 and
    3.3 and up, to match versions supported by Requests.

**Tests**

-   Many new tests for the new functionality
-   Added tests for generating canonical path, including test for fix
    added in 0.7 for percent encoding of paths
-   Added tests for generating canonical querystrings

0.7 (2015-11-02)
================

**Bugfixes**

-   Fixed percent encoded characters in URL paths not being encoded
    again for signature generation, as is expected for all services
    except S3. This was causing authentication failures whenever these
    characters appeared in a URL. Thanks to ipartola and cristi23 for
    the report.
-   Two bugfixes for ElasticSearch, thanks to Matthew Thompson for both:
    -   No longer setting body to `b''` during signing if it's None
    -   Now stripping port from URL netloc for signature generation

**Modules**

-   Upgraded the included version of six.py to 1.10

**Tests**

-   Fixed a couple of broken Unicode tests on Python 2
-   Added a couple more tests for encoding Unicode request bodies

0.6 (2015-09-07)
================

**Bugfixes**

-   Included HISTORY.rst in built package to fix pip source install
    failure. Thanks to Beirdo for the bug report.

0.5 (2015-04-29)
================

**Bugfixes**

-   Fixed bug when uploading to S3 with x-amz-acl header which caused
    authentication failure - headers used in signature are now: host,
    content-type and all `x-amz-*` headers (except for
    x-amz-client-context which breaks Mobile Analytics auth if included)

**Docs**

-   Minor docstring and comment updates

**License**

-   Changed content of LICENSE to vanilla MIT license

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/tedder/requests-aws4auth",
    "name": "requests-aws4auth",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.7",
    "maintainer_email": null,
    "keywords": "requests authentication amazon web services aws s3 REST",
    "author": "Ted Timmons",
    "author_email": "ted@tedder.dev",
    "download_url": "https://files.pythonhosted.org/packages/e5/0e/af3754c15e79a6279df256b56a805f8c7512f641839f68c2aa63dafc8f3c/requests_aws4auth-1.3.1.tar.gz",
    "platform": null,
    "description": "[![image](https://img.shields.io/pypi/v/requests-aws4auth.svg)](https://pypi.python.org/pypi/requests-aws4auth)\n[![image](https://img.shields.io/pypi/l/requests-aws4auth.svg)](https://pypi.python.org/pypi/requests-aws4auth)\n\nAmazon Web Services version 4 authentication for the Python [Requests](https://github.com/kennethreitz/requests) library.\n\nFeatures\n========\n\n-   Requests authentication for all AWS services that support AWS auth v4\n-   Independent signing key objects\n-   Automatic regeneration of keys when scope date boundary is passed\n-   Support for STS temporary credentials\n\nImplements header-based authentication, GET URL parameter and POST\nparameter authentication are not supported.\n\nSupported Services\n==================\n\nThis package has been tested as working against:\n\nAppStream, AppSync, Auto-Scaling, CloudFormation, CloudFront, CloudHSM,\nCloudSearch, CloudTrail, CloudWatch Monitoring, CloudWatch Logs,\nCodeDeploy, Cognito Identity, Cognito Sync, Config, DataPipeline, Direct\nConnect, DynamoDB, Elastic Beanstalk, ElastiCache, EC2, EC2 Container\nService, Elastic Load Balancing, Elastic MapReduce, ElasticSearch,\nElastic Transcoder, Glacier, Identity and Access Management (IAM), Key\nManagement Service (KMS), Kinesis, Lambda, Opsworks, Redshift,\nRelational Database Service (RDS), Route 53, Simple Storage Service\n(S3), Simple Notification Service (SNS), Simple Queue Service (SQS),\nStorage Gateway, Security Token Service (STS)\n\nThe following services do not support AWS auth version 4 and are not\nusable with this package:\n\nSimple Email Service (SES), Simple Workflow Service (SWF),\nImport/Export, SimpleDB, DevPay, Mechanical Turk\n\nThe AWS Support API has not been tested as it requires a premium\nsubscription.\n\nPython versions\n========\nIn the 1.x semantic versions, the minimum python support will be gradually raised:\n\n* 1.0.x: Support python2.7 and python3.3+.\n* 1.1.x: python2.7 is not supported, is best-effort. Support python3.3+.\n* 1.2.x: [Requires-Python](https://packaging.python.org/guides/dropping-older-python-versions/#specify-the-version-ranges-for-supported-python-distributions) will be set to python3.3+, explicitly removing earlier versions. python<3.7 is not supported, is best-effort.\n* 1.3.x: [Requires-Python](https://packaging.python.org/guides/dropping-older-python-versions/#specify-the-version-ranges-for-supported-python-distributions) will be set to python3.7+, explicitly removing earlier versions. (best-effort is TBD)\n\nInstallation\n============\n\nInstall via pip:\n\n``` {.sourceCode .bash}\n$ pip install requests-aws4auth\n```\n\nrequests-aws4auth requires the\n[Requests](https://github.com/kennethreitz/requests) library by Kenneth\nReitz.\n\nrequests-aws4auth is tested on Python 2.7 and 3.5 and up.\n\nBehaviour changes in 0.8\n========================\n\nVersion 0.8 introduces request date checking and automatic key\nregeneration behaviour as default. This has implications for sharing\nauthentication objects between threads, and for storage of secret keys.\nSee the relevant sections below for details. See also the discussion in\n[GitHub issue\n\\#10](https://github.com/sam-washington/requests-aws4auth/issues/10).\n\nBasic usage\n===========\n\n``` {.sourceCode .python}\n>>> import requests\n>>> from requests_aws4auth import AWS4Auth\n>>> endpoint = 'http://s3-eu-west-1.amazonaws.com'\n>>> auth = AWS4Auth('<ACCESS ID>', '<ACCESS KEY>', 'eu-west-1', 's3')\n>>> response = requests.get(endpoint, auth=auth)\n>>> response.text\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n    <ListAllMyBucketsResult xmlns=\"http://s3.amazonaws.com/doc/2006-03-01\">\n        <Owner>\n        <ID>bcaf1ffd86f461ca5fb16fd081034f</ID>\n        <DisplayName>webfile</DisplayName>\n        ...\n```\n\nThis example would list your buckets in the `eu-west-1` region of the\nAmazon S3 service.\n\nSTS Temporary Credentials\n=========================\n\n``` {.sourceCode .python}\n>>> from requests_aws4auth import AWS4Auth\n>>> auth = AWS4Auth('<ACCESS ID>', '<ACCESS KEY>', 'eu-west-1', 's3',\n                    session_token='<SESSION TOKEN>')\n...\n```\n\nThis example shows how to construct an AWS4Auth object for use with STS\ntemporary credentials. The `x-amz-security-token` header is added with\nthe session token. Temporary credential timeouts are not managed \\-- in\ncase the temporary credentials expire, they need to be re-generated and\nthe AWS4Auth object re-constructed with the new credentials.\n\nDynamic STS Credentials using botocore RefreshableCredentials\n=============================================================\n\n``` {.sourceCode .python}\n>>> from requests_aws4auth import AWS4Auth\n>>> from botocore.session import Session\n>>> credentials = Session().get_credentials()\n>>> auth = AWS4Auth(region='eu-west-1', service='es',\n                    refreshable_credentials=credentials)\n...\n```\n\nThis example shows how to construct an AWS4Auth instance with\nautomatically refreshing credentials, suitable for long-running\napplications using AWS IAM assume-role.\nThe RefreshableCredentials instance is used to generate valid static\ncredentials per-request, eliminating the need to recreate the AWS4Auth\ninstance when temporary credentials expire.\n\nDate handling\n=============\n\nIf an HTTP request to be authenticated contains a `Date` or `X-Amz-Date`\nheader, AWS will only accept the authorised request if the date in the\nheader matches the scope date of the signing key (see the [AWS REST API date\ndocs](http://docs.aws.amazon.com/general/latest/gr/sigv4-date-handling.html).)).\n\nFrom version 0.8 of requests-aws4auth, if the header date does not match\nthe scope date, an `AWS4Auth` instance will automatically regenerate its\nsigning key, using the same scope parameters as the previous key except\nfor the date, which will be changed to match the request date. If a\nrequest does not include a date, the current date is added to the\nrequest in an `X-Amz-Date` header, and the signing key is regenerated if\nthis differs from the scope date.\n\nThis means that `AWS4Auth` now extracts and parses dates from the values\nof `X-Amz-Date` and `Date` headers. Supported date formats are:\n\n-   RFC 7231 (e.g. Mon, 09 Sep 2011 23:36:00 GMT)\n-   RFC 850 (e.g. Sunday, 06-Nov-94 08:49:37 GMT)\n-   C time (e.g. Wed Dec 4 00:00:00 2002)\n-   Amz-Date format (e.g. 20090325T010101Z)\n-   ISO 8601 / RFC 3339 (e.g. 2009-03-25T10:11:12.13-01:00)\n\nIf either header is present but `AWS4Auth` cannot extract a date because\nall present date headers are in an unrecognisable format, `AWS4Auth`\nwill delete any `X-Amz-Date` and `Date` headers present and replace with\na single `X-Amz-Date` header containing the current date. This behaviour\ncan be modified using the `raise_invalid_date` keyword argument of the\n`AWS4Auth` constructor.\n\nAutomatic key regeneration\n==========================\n\nIf you do not want the signing key to be automatically regenerated when\na mismatch between the request date and the scope date is encountered,\nuse the alternative `StrictAWS4Auth` class, which is identical to\n`AWS4Auth` except that upon encountering a date mismatch it just raises\na `DateMismatchError`. You can also use the `PassiveAWS4Auth` class,\nwhich mimics the `AWS4Auth` behaviour prior to version 0.8 and just\nsigns and sends the request, whether the date matches or not. In this\ncase it is up to the calling code to handle an authentication failure\nresponse from AWS caused by the date mismatch.\n\nSecret key storage\n==================\n\nTo allow automatic key regeneration, the secret key is stored in the\n`AWS4Auth` instance, in the signing key object. If you do not want this\nto occur, instantiate the instance using an `AWS4Signing` key which was\ncreated with the `store_secret_key` parameter set to False:\n\n``` {.sourceCode .python}\n>>> sig_key = AWS4SigningKey(secret_key, region, service, date, False)\n>>> auth = StrictAWS4Auth(access_id, sig_key)\n```\n\nThe `AWS4Auth` class will then raise a `NoSecretKeyError` when it\nattempts to regenerate its key. A slightly more conceptually elegant way\nto handle this is to use the alternative `StrictAWS4Auth` class, again\ninstantiating it with an `AWS4SigningKey` instance created with\n`store_secret_key = False`.\n\nMultithreading\n==============\n\nIf you share `AWS4Auth` (or even `StrictAWS4Auth`) instances between\nthreads you are likely to encounter problems. Because `AWS4Auth`\ninstances may unpredictably regenerate their signing key as part of\nsigning a request, threads using the same instance may find the key\nchanged by another thread halfway through the signing process, which may\nresult in undefined behaviour.\n\nIt may be possible to rig up a workable instance sharing mechanism using\nlocking primitives and the `StrictAWS4Auth` class, however this poor\nauthor can\\'t think of a scenario which works safely yet doesn\\'t suffer\nfrom at some point blocking all threads for at least the duration of an\nHTTP request, which could be several seconds. If several requests come\nin in close succession which all require key regenerations then the\nsystem could be forced into serial operation for quite a length of time.\n\nIn short, it\\'s probably best to create a thread-local instance of\n`AWS4Auth` for each thread that needs to do authentication.\n\nAPI reference\n=============\n\nSee the doctrings in `aws4auth.py` and `aws4signingkey.py`.\n\nTesting\n=======\n\nA test suite is included in the test folder.\n\nThe package passes all tests in the AWS auth v4\n[test_suite](http://docs.aws.amazon.com/general/latest/gr/signature-v4-test-suite.html),\nand contains tests against the supported live services. See docstrings\nin `test/requests_aws4auth_test.py` for details about running the tests.\n\nConnection parameters are included in the tests for the AWS Support API,\nshould you have access and want to try it. The documentation says it\nsupports auth v4 so it should work if you have a subscription. Do pass\non your results!\n\nUnsupported AWS features / todo\n===============================\n\n-   Currently does not support Amazon S3 chunked uploads\n-   Tests for new AWS services\n-   Requires Requests library to be present even if only using\n    AWS4SigningKey\n-   Coherent documentation\n\nVersion release notes\n=====================\n\n- update `HISTORY.md`\n- update `requests_aws4auth/__init__.py`\n- create a [release](https://github.com/tedder/requests-aws4auth/releases) on github\n\ndocker env:\n```\ndocker run -v `pwd`:/opt/app/ -v ~/.pypirc:/root/.pypirc  -it python:3.12 /bin/bash\n```\n\nprep:\n```\npython3 -m pip install --user --upgrade setuptools wheel testresources twine\n```\n\nbuild and release, creds in `~/.pypirc`:\n```\nrm -f dist/*; \\\npython3 setup.py sdist bdist_wheel && \\\npython3 -m twine upload --repository testpypi dist/* && \\\npython3 -m twine upload --repository pypi dist/*\n```\n\n\n\n1.3.1 (2024-07-21)\n=========\n\n**Changes**\n\n- explicitly set python requirement to 3.7.\n\n1.3.0 (2024-07-21)\n=========\n\n**Changes**\n\n- test against 3.12. Currently supporting 3.8-3.12.\n- add nonstandard port test, #68. Thanks @phillipberndt.\n- remove `six` and support for any python before 3.7, #73. Thanks @hugovk.\n\n1.2.3 (2023-05-03)\n=========\n\n**Changes**\n\n- Add manifest file so tarball installs succeed, #66. Thanks @jantman.\n\n1.2.2 (2023-02-02)\n=========\n\n**Bugfixes**\n\n- The 1.2.0/1.2.1 releases had a regression error. The fix of #63 has been reverted.\n\n1.2.1 (2023-01-25)\n=========\n\n**Bugfixes**\n\n- Actually fix #34. Build 1.2.0 was not fully released.\n\n\n1.2.0 (2023-01-20)\n=========\n\n**Bugfixes**\n\n- Fix #34, port numbers on header, with #63. Thanks @phillipberndt.\n\n**Changes**\n\n- test against 3.10. Currently supporting 3.8-3.10.\n- small fixup to flake8 config\n\n1.1.2 (2022-03-24)\n=========\n\n**Changes**\n\n- don't install markdown files, and especially not outside of our lib dir, see #51. Thanks @benjaminp.\n- prevent unquoting of query string reserved characters, see #60. Thanks @mliarakos.\n- Add support for files as request body, see see #58. Thanks @USSRLivesOn.\n- remove deprecated python 2.7 and python 3.5. Currently testing against 3.8 and 3.9.\n- renamed main branch to 'main'\n\n\n1.1.1 (2021-06-04)\n=========\n\n**Bugfixes**\n\n- secondary fix to query string ordering, documented in #49. It would fail with multiple values for the same key. Thanks @martinamps.\n- fix minor deprecation warning in a regex.\n\n**Package changes**\n\n- none\n\n**Tests**\n\n- Added tests for #49 secondary fix for string ordering.\n\n\n\n1.1.0 (2021-05-21)\n=========\n\n**New features**\n\n- query string ordering has been fixed. Documented in #21, fixed in #23. Thanks @zen4ever.\n- test for spaces before calling shlex on them in `amz_norm_whitespace`. shlex doesn't like to split whitespace on a string without whitespace, taking several orders of magnitude longer to parse through it. #35, thanks @noamkush.\n- added `refreshable_credentials`, see #37, thanks @teemuy.\n\n**Package changes**\n\n- Removed python2.7 support. Usage of py2.7 is not supported. `Requires-Python` will be set to py3.3+ in the next minor release.\n\n**Tests**\n\n- none\n\n\n1.0.1 (2020-09-28)\n=========\n\n**New features**\n\n- none\n\n**Package changes**\n\n- bump to proper X.Y.Z semver syntax\n- bump project to stable (#33)\n\n**Tests**\n\n- none\n\n1.0 (2020-06-06)\n=========\n\n**New features**\n\n- none!\n\n**Package changes**\n\n- add flake8 config\n- convert docs to markdown\n- Removed bundled six.py.\n- Taken over ownership via [PEP451](https://www.python.org/dev/peps/pep-0541/#continue-maintenance); [pypi issue here](https://github.com/pypa/pypi-support/issues/393), [successfully contacted Sam](https://github.com/sam-washington/requests-aws4auth/issues/40).\n\n**Tests**\n\n- remove sys path hacking from tests.\n- Ensure they work now.\n- Github Actions are in place for continuous integration.\n- Allow longer flake8 line length in tests.\n\n0.9 (2016-02-07)\n================\n\n**New features**\n\n-   Support for STS temporary credentials. Thanks to\n    <https://github.com/magdalene>\n\n**Tests**\n\n-   Tests for the STS temporary credentials functionality\n-   Fixed `AWS4SigningKey.amz_date` deprecation warning test\n-   Elastic MapReduce live service test no longer using deprecated DescribeJobFlows action\n\n0.8 (2015-12-31)\n================\n\nThis version introduces some behaviour changes designed to reduce the legwork needed when a signing key goes out of date. This has implications for multithreading and secret key storage. See the README for further details.\n\n**New features**\n\n-   AWS4Auth class now checks request header date against signing key\n    scope date, and automatically regenerates the signing key with the\n    request date if they don't match\n-   Added exceptions module with new exceptions:\n    RequestsAWS4AuthException, DateMismatchError, NoSecretKeyError, DateFormatError\n-   Added StrictAWS4Auth and PassiveAWS4Auth classes\n\n**AWS4Auth changes**\n\n-   Added `regenerate_signing_key()` method, to allow regeneration of\n    current signing key with parameter overrides\n-   Added methods for checking and extracting dates from requests:\n    `get_request_date()`, `parse_date()`, `handle_date_mismatch()`\n-   `__call__()` now checks for a date header in the request and\n    attempts to automatically regenerate the signing key with the\n    request date if request date differs from the signing key date\n-   Can now supply a date to the constructor\n-   Changed default included sig headers to include `Date` header if\n    present\n\n**AWS4SigningKey changes**\n\n-   Added new `store_secret_key` instantiation parameter which allows\n    control of whether the secret key is stored in the instance\n-   Deprecated the `amz_date` property in favour of just `date`\n-   Spelling typo fix in AWS4AuthSigningKey module docstring. Thanks to jhgorrell\n\n**Package changes**\n\n-   Dropped support for Python 3.2. Now only supported on Python 2.7 and\n    3.3 and up, to match versions supported by Requests.\n\n**Tests**\n\n-   Many new tests for the new functionality\n-   Added tests for generating canonical path, including test for fix\n    added in 0.7 for percent encoding of paths\n-   Added tests for generating canonical querystrings\n\n0.7 (2015-11-02)\n================\n\n**Bugfixes**\n\n-   Fixed percent encoded characters in URL paths not being encoded\n    again for signature generation, as is expected for all services\n    except S3. This was causing authentication failures whenever these\n    characters appeared in a URL. Thanks to ipartola and cristi23 for\n    the report.\n-   Two bugfixes for ElasticSearch, thanks to Matthew Thompson for both:\n    -   No longer setting body to `b''` during signing if it's None\n    -   Now stripping port from URL netloc for signature generation\n\n**Modules**\n\n-   Upgraded the included version of six.py to 1.10\n\n**Tests**\n\n-   Fixed a couple of broken Unicode tests on Python 2\n-   Added a couple more tests for encoding Unicode request bodies\n\n0.6 (2015-09-07)\n================\n\n**Bugfixes**\n\n-   Included HISTORY.rst in built package to fix pip source install\n    failure. Thanks to Beirdo for the bug report.\n\n0.5 (2015-04-29)\n================\n\n**Bugfixes**\n\n-   Fixed bug when uploading to S3 with x-amz-acl header which caused\n    authentication failure - headers used in signature are now: host,\n    content-type and all `x-amz-*` headers (except for\n    x-amz-client-context which breaks Mobile Analytics auth if included)\n\n**Docs**\n\n-   Minor docstring and comment updates\n\n**License**\n\n-   Changed content of LICENSE to vanilla MIT license\n",
    "bugtrack_url": null,
    "license": "MIT License",
    "summary": "AWS4 authentication for Requests",
    "version": "1.3.1",
    "project_urls": {
        "Download": "https://github.com/tedder/requests-aws4auth/tarball/1.3.1",
        "Homepage": "https://github.com/tedder/requests-aws4auth"
    },
    "split_keywords": [
        "requests",
        "authentication",
        "amazon",
        "web",
        "services",
        "aws",
        "s3",
        "rest"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "5741bd1b81fd1e5a59c3afdf50c678a028498dd7c4197637f27406be0d1b55d2",
                "md5": "1880265df1312df44d0a3f3fc177c42a",
                "sha256": "2969b5379ae6e60ee666638caf6cb94a32d67033f6bfcf0d50c95cd5474f2419"
            },
            "downloads": -1,
            "filename": "requests_aws4auth-1.3.1-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "1880265df1312df44d0a3f3fc177c42a",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.7",
            "size": 24584,
            "upload_time": "2024-07-21T21:29:14",
            "upload_time_iso_8601": "2024-07-21T21:29:14.216139Z",
            "url": "https://files.pythonhosted.org/packages/57/41/bd1b81fd1e5a59c3afdf50c678a028498dd7c4197637f27406be0d1b55d2/requests_aws4auth-1.3.1-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "e50eaf3754c15e79a6279df256b56a805f8c7512f641839f68c2aa63dafc8f3c",
                "md5": "8920a2c37bb5fe97f7d73b7f0d91dc45",
                "sha256": "b6ad4882310e03ba2538ebf94d1f001ca9feabc5c52618539cf1eb6d5af76791"
            },
            "downloads": -1,
            "filename": "requests_aws4auth-1.3.1.tar.gz",
            "has_sig": false,
            "md5_digest": "8920a2c37bb5fe97f7d73b7f0d91dc45",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.7",
            "size": 25886,
            "upload_time": "2024-07-21T21:29:15",
            "upload_time_iso_8601": "2024-07-21T21:29:15.383183Z",
            "url": "https://files.pythonhosted.org/packages/e5/0e/af3754c15e79a6279df256b56a805f8c7512f641839f68c2aa63dafc8f3c/requests_aws4auth-1.3.1.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-07-21 21:29:15",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "tedder",
    "github_project": "requests-aws4auth",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "requests-aws4auth"
}
        
Elapsed time: 0.51298s