[jira] [Commented] (LIBCLOUD-839) ELB driver doesn't support IAM role temporary credentials
[ https://issues.apache.org/jira/browse/LIBCLOUD-839?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15400642#comment-15400642 ] ASF GitHub Bot commented on LIBCLOUD-839: - Github user asfgit closed the pull request at: https://github.com/apache/libcloud/pull/843 > ELB driver doesn't support IAM role temporary credentials > - > > Key: LIBCLOUD-839 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-839 > Project: Libcloud > Issue Type: Improvement > Components: LoadBalancer >Reporter: Anton Kozyrev >Priority: Minor > > Token parameter is not accepted by the driver: > {code} > class ElasticLBDriver(Driver): > name = 'Amazon Elastic Load Balancing' > website = 'http://aws.amazon.com/elasticloadbalancing/' > connectionCls = ELBConnection > signature_version = '4' > def __init__(self, access_id, secret, region): > super(ElasticLBDriver, self).__init__(access_id, secret) > self.region = region > self.region_name = region > self.connection.host = HOST % (region) > {code} > This way it's impossible to use temporary IAM role creds with AWS ELB driver. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[2/3] libcloud git commit: removed assertIn to fix test_driver_with_token_signature_version test in python 2.6
removed assertIn to fix test_driver_with_token_signature_version test in python 2.6 Closes #843 Signed-off-by: Tomaz MurausProject: http://git-wip-us.apache.org/repos/asf/libcloud/repo Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/2761ca96 Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/2761ca96 Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/2761ca96 Branch: refs/heads/trunk Commit: 2761ca96eb1d48c5b8b437a3716ee63d5692e161 Parents: 2163e75 Author: Anton Kozyrev Authored: Fri Jul 22 18:26:26 2016 +0300 Committer: Tomaz Muraus Committed: Sat Jul 30 13:22:53 2016 +0200 -- libcloud/test/loadbalancer/test_elb.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/libcloud/blob/2761ca96/libcloud/test/loadbalancer/test_elb.py -- diff --git a/libcloud/test/loadbalancer/test_elb.py b/libcloud/test/loadbalancer/test_elb.py index fc42e77..c7afc7c 100644 --- a/libcloud/test/loadbalancer/test_elb.py +++ b/libcloud/test/loadbalancer/test_elb.py @@ -46,7 +46,7 @@ class ElasticLBTests(unittest.TestCase): token = 'temporary_credentials_token' driver = ElasticLBDriver(*LB_ELB_PARAMS, **{'token': token}) kwargs = driver._ex_connection_class_kwargs() -self.assertIn('signature_version', kwargs) +self.assertTrue(('signature_version' in kwargs), 'Driver has no attribute signature_version') self.assertEquals('4', kwargs['signature_version'], 'Signature version is not 4 with temporary credentials') def test_list_protocols(self):
[1/3] libcloud git commit: added iam temp creds token support to ElasticLBDriver
Repository: libcloud Updated Branches: refs/heads/trunk f6227ddd1 -> 90f967c64 added iam temp creds token support to ElasticLBDriver Closes #843 Signed-off-by: Tomaz MurausProject: http://git-wip-us.apache.org/repos/asf/libcloud/repo Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/2163e759 Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/2163e759 Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/2163e759 Branch: refs/heads/trunk Commit: 2163e759053762e25d3b59f20f560ff07da50447 Parents: f6227dd Author: Anton Kozyrev Authored: Fri Jul 22 16:59:50 2016 +0300 Committer: Tomaz Muraus Committed: Sat Jul 30 13:22:49 2016 +0200 -- libcloud/loadbalancer/drivers/elb.py | 12 +--- libcloud/test/loadbalancer/test_elb.py | 13 + 2 files changed, 22 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/libcloud/blob/2163e759/libcloud/loadbalancer/drivers/elb.py -- diff --git a/libcloud/loadbalancer/drivers/elb.py b/libcloud/loadbalancer/drivers/elb.py index ed88fac..68a94cb 100644 --- a/libcloud/loadbalancer/drivers/elb.py +++ b/libcloud/loadbalancer/drivers/elb.py @@ -53,8 +53,9 @@ class ElasticLBDriver(Driver): connectionCls = ELBConnection signature_version = '4' -def __init__(self, access_id, secret, region): -super(ElasticLBDriver, self).__init__(access_id, secret) +def __init__(self, access_id, secret, region, token=None): +self.token = token +super(ElasticLBDriver, self).__init__(access_id, secret, token=token) self.region = region self.region_name = region self.connection.host = HOST % (region) @@ -354,5 +355,10 @@ class ElasticLBDriver(Driver): def _ex_connection_class_kwargs(self): kwargs = super(ElasticLBDriver, self)._ex_connection_class_kwargs() -kwargs['signature_version'] = self.signature_version +if hasattr(self, 'token') and self.token is not None: +kwargs['token'] = self.token +kwargs['signature_version'] = '4' +else: +kwargs['signature_version'] = self.signature_version + return kwargs http://git-wip-us.apache.org/repos/asf/libcloud/blob/2163e759/libcloud/test/loadbalancer/test_elb.py -- diff --git a/libcloud/test/loadbalancer/test_elb.py b/libcloud/test/loadbalancer/test_elb.py index 88f..fc42e77 100644 --- a/libcloud/test/loadbalancer/test_elb.py +++ b/libcloud/test/loadbalancer/test_elb.py @@ -36,6 +36,19 @@ class ElasticLBTests(unittest.TestCase): self.driver = ElasticLBDriver(*LB_ELB_PARAMS) +def test_instantiate_driver_with_token(self): +token = 'temporary_credentials_token' +driver = ElasticLBDriver(*LB_ELB_PARAMS, **{'token': token}) +self.assertTrue(hasattr(driver, 'token'), 'Driver has no attribute token') +self.assertEquals(token, driver.token, "Driver token does not match with provided token") + +def test_driver_with_token_signature_version(self): +token = 'temporary_credentials_token' +driver = ElasticLBDriver(*LB_ELB_PARAMS, **{'token': token}) +kwargs = driver._ex_connection_class_kwargs() +self.assertIn('signature_version', kwargs) +self.assertEquals('4', kwargs['signature_version'], 'Signature version is not 4 with temporary credentials') + def test_list_protocols(self): protocols = self.driver.list_protocols()
[3/3] libcloud git commit: Update changelog.
Update changelog. Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/90f967c6 Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/90f967c6 Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/90f967c6 Branch: refs/heads/trunk Commit: 90f967c646df83daef7fa29a2ca12e63d24da7ad Parents: 2761ca9 Author: Tomaz MurausAuthored: Sat Jul 30 13:24:35 2016 +0200 Committer: Tomaz Muraus Committed: Sat Jul 30 13:24:35 2016 +0200 -- CHANGES.rst | 7 +++ 1 file changed, 7 insertions(+) -- http://git-wip-us.apache.org/repos/asf/libcloud/blob/90f967c6/CHANGES.rst -- diff --git a/CHANGES.rst b/CHANGES.rst index e14f672..dc2f626 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -41,6 +41,13 @@ Compute (GITHUB-838) [Rene Kjellerup] +Load balancer +~ + +- Add support for temporary IAM role credentials (token) to the AWS ELB driver. + (GITHUB-843) + [Anton Kozyrev] + DNS ~~~
[jira] [Resolved] (LIBCLOUD-835) Malformed auth token causes fatal exception in Google Storage driver
[ https://issues.apache.org/jira/browse/LIBCLOUD-835?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tomaz Muraus resolved LIBCLOUD-835. --- Resolution: Fixed Assignee: Tomaz Muraus Merged, thanks! > Malformed auth token causes fatal exception in Google Storage driver > > > Key: LIBCLOUD-835 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-835 > Project: Libcloud > Issue Type: Bug >Reporter: Paul Tiplady >Assignee: Tomaz Muraus >Priority: Critical > > One of my Django instances has started hitting a libcloud error which is > causing a fatal exception, bringing down the instance. > It looks like libcloud is writing invalid JSON into the auth token, which > then causes a JSON parse error when it is subsequently read back in. > Here's the token that's written: > {code} > $ cat /root/.google_libcloud_auth. > {"access_token": "", "token_type": "Bearer", "expire_time": > "2016-07-12T16:45:09Z", "expires_in": 3559}09Z", "expires_in": 3537} > {code} > Note the two "expires_in" keys, one with a nonsense value of `3559}09Z"` > Environment: > Python 3.4.4 > apache-libcloud==1.0.0 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
libcloud git commit: Fix typo.
Repository: libcloud Updated Branches: refs/heads/trunk 25c414e33 -> f6227ddd1 Fix typo. Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/f6227ddd Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/f6227ddd Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/f6227ddd Branch: refs/heads/trunk Commit: f6227ddd10a3819051ac14bb39843a2722bc42ab Parents: 25c414e Author: Tomaz MurausAuthored: Sat Jul 30 13:20:13 2016 +0200 Committer: Tomaz Muraus Committed: Sat Jul 30 13:20:13 2016 +0200 -- libcloud/common/google.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/libcloud/blob/f6227ddd/libcloud/common/google.py -- diff --git a/libcloud/common/google.py b/libcloud/common/google.py index 96a0acb..75f342c 100644 --- a/libcloud/common/google.py +++ b/libcloud/common/google.py @@ -704,7 +704,7 @@ class GoogleOAuth2Credential(object): int('600', 8)), 'w') as f: f.write(data) except: -# Note: Failed to write (cache) token in a file is not fatal. It +# Note: Failure to write (cache) token in a file is not fatal. It # simply means degraded performance since we will need to acquire a # new token each time script runs. e = sys.exc_info()[1]
[jira] [Commented] (LIBCLOUD-835) Malformed auth token causes fatal exception in Google Storage driver
[ https://issues.apache.org/jira/browse/LIBCLOUD-835?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15400637#comment-15400637 ] ASF subversion and git services commented on LIBCLOUD-835: -- Commit 78df34cf8db8706440ee594c571d80de8613433e in libcloud's branch refs/heads/trunk from [~paul.tiplady] [ https://git-wip-us.apache.org/repos/asf?p=libcloud.git;h=78df34c ] Fix caching of Google auth tokens _write_token_to_file was not zeroing the file before writing a new token, causing corruption. FIXES: LIBCLOUD-835 Closes #844 Signed-off-by: Tomaz Muraus> Malformed auth token causes fatal exception in Google Storage driver > > > Key: LIBCLOUD-835 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-835 > Project: Libcloud > Issue Type: Bug >Reporter: Paul Tiplady >Priority: Critical > > One of my Django instances has started hitting a libcloud error which is > causing a fatal exception, bringing down the instance. > It looks like libcloud is writing invalid JSON into the auth token, which > then causes a JSON parse error when it is subsequently read back in. > Here's the token that's written: > {code} > $ cat /root/.google_libcloud_auth. > {"access_token": "", "token_type": "Bearer", "expire_time": > "2016-07-12T16:45:09Z", "expires_in": 3559}09Z", "expires_in": 3537} > {code} > Note the two "expires_in" keys, one with a nonsense value of `3559}09Z"` > Environment: > Python 3.4.4 > apache-libcloud==1.0.0 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[GitHub] libcloud pull request #844: [LIBCLOUD-835] Fix caching of Google auth tokens
Github user asfgit closed the pull request at: https://github.com/apache/libcloud/pull/844 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Commented] (LIBCLOUD-835) Malformed auth token causes fatal exception in Google Storage driver
[ https://issues.apache.org/jira/browse/LIBCLOUD-835?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15400638#comment-15400638 ] ASF GitHub Bot commented on LIBCLOUD-835: - Github user asfgit closed the pull request at: https://github.com/apache/libcloud/pull/844 > Malformed auth token causes fatal exception in Google Storage driver > > > Key: LIBCLOUD-835 > URL: https://issues.apache.org/jira/browse/LIBCLOUD-835 > Project: Libcloud > Issue Type: Bug >Reporter: Paul Tiplady >Priority: Critical > > One of my Django instances has started hitting a libcloud error which is > causing a fatal exception, bringing down the instance. > It looks like libcloud is writing invalid JSON into the auth token, which > then causes a JSON parse error when it is subsequently read back in. > Here's the token that's written: > {code} > $ cat /root/.google_libcloud_auth. > {"access_token": "", "token_type": "Bearer", "expire_time": > "2016-07-12T16:45:09Z", "expires_in": 3559}09Z", "expires_in": 3537} > {code} > Note the two "expires_in" keys, one with a nonsense value of `3559}09Z"` > Environment: > Python 3.4.4 > apache-libcloud==1.0.0 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[2/4] libcloud git commit: Update changelog.
Update changelog. Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/43eeed66 Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/43eeed66 Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/43eeed66 Branch: refs/heads/trunk Commit: 43eeed66d86d7bbed26a8dcd6ed1d396c410d0f1 Parents: 78df34c Author: Tomaz MurausAuthored: Sat Jul 30 12:58:35 2016 +0200 Committer: Tomaz Muraus Committed: Sat Jul 30 12:58:35 2016 +0200 -- CHANGES.rst | 10 ++ 1 file changed, 10 insertions(+) -- http://git-wip-us.apache.org/repos/asf/libcloud/blob/43eeed66/CHANGES.rst -- diff --git a/CHANGES.rst b/CHANGES.rst index 410b0ff..e14f672 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -4,6 +4,16 @@ Changes in current version of Apache Libcloud - +General +~~~ + +- Fix caching of auth tokens in the Google Compute Engine drivers. Now we make + sure that the file is truncated before writing a new token. Not truncating + the file would cause issues if the new token is shorted then the existing one + which is cached in the file. + (GITHUB-844, LIBCLOUD-835) + [Paul Tiplady] + Compute ~~~
[4/4] libcloud git commit: Log a message if we fail to read or write auth token from file.
Log a message if we fail to read or write auth token from file. Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/25c414e3 Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/25c414e3 Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/25c414e3 Branch: refs/heads/trunk Commit: 25c414e33526bb647f93db4f2adb8ad0120b4957 Parents: 2f02aec Author: Tomaz MurausAuthored: Sat Jul 30 13:06:08 2016 +0200 Committer: Tomaz Muraus Committed: Sat Jul 30 13:10:53 2016 +0200 -- libcloud/common/google.py | 17 + 1 file changed, 13 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/libcloud/blob/25c414e3/libcloud/common/google.py -- diff --git a/libcloud/common/google.py b/libcloud/common/google.py index 4b896c6..96a0acb 100644 --- a/libcloud/common/google.py +++ b/libcloud/common/google.py @@ -72,6 +72,7 @@ try: except ImportError: import json +import logging import base64 import errno import time @@ -101,6 +102,8 @@ except ImportError: UTC_TIMESTAMP_FORMAT = '%Y-%m-%dT%H:%M:%SZ' +LOG = logging.getLogger(__name__) + def _utcnow(): """ @@ -680,7 +683,10 @@ class GoogleOAuth2Credential(object): except (IOError, ValueError): # Note: File related errors (IOError) and errors related to json # parsing of the data (ValueError) are not fatal. -pass +e = sys.exc_info()[1] +LOG.info('Failed to read cached auth token from file "%s": %s', + filename, str(e)) + return token def _write_token_to_file(self): @@ -688,9 +694,10 @@ class GoogleOAuth2Credential(object): Write token to credential file. Mocked in libcloud.test.common.google.GoogleTestCase. """ +filename = os.path.expanduser(self.credential_file) +filename = os.path.realpath(filename) + try: -filename = os.path.expanduser(self.credential_file) -filename = os.path.realpath(filename) data = json.dumps(self.token) write_flags = os.O_CREAT | os.O_WRONLY | os.O_TRUNC with os.fdopen(os.open(filename, write_flags, @@ -700,7 +707,9 @@ class GoogleOAuth2Credential(object): # Note: Failed to write (cache) token in a file is not fatal. It # simply means degraded performance since we will need to acquire a # new token each time script runs. -pass +e = sys.exc_info()[1] +LOG.info('Failed to write auth token to file "%s": %s', + filename, str(e)) class GoogleBaseConnection(ConnectionUserAndKey, PollingConnection):
[1/4] libcloud git commit: Fix caching of Google auth tokens
Repository: libcloud Updated Branches: refs/heads/trunk dcb4cd998 -> 25c414e33 Fix caching of Google auth tokens _write_token_to_file was not zeroing the file before writing a new token, causing corruption. FIXES: LIBCLOUD-835 Closes #844 Signed-off-by: Tomaz MurausProject: http://git-wip-us.apache.org/repos/asf/libcloud/repo Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/78df34cf Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/78df34cf Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/78df34cf Branch: refs/heads/trunk Commit: 78df34cf8db8706440ee594c571d80de8613433e Parents: dcb4cd9 Author: Paul Tiplady Authored: Fri Jul 22 11:32:27 2016 -0700 Committer: Tomaz Muraus Committed: Sat Jul 30 12:56:00 2016 +0200 -- libcloud/common/google.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/libcloud/blob/78df34cf/libcloud/common/google.py -- diff --git a/libcloud/common/google.py b/libcloud/common/google.py index 2912817..68aa77c 100644 --- a/libcloud/common/google.py +++ b/libcloud/common/google.py @@ -688,7 +688,7 @@ class GoogleOAuth2Credential(object): """ filename = os.path.realpath(os.path.expanduser(self.credential_file)) data = json.dumps(self.token) -with os.fdopen(os.open(filename, os.O_CREAT | os.O_WRONLY, +with os.fdopen(os.open(filename, os.O_CREAT | os.O_WRONLY | os.O_TRUNC, int('600', 8)), 'w') as f: f.write(data)
[3/4] libcloud git commit: Make sure that writing auth token from a file and reading it from a file is not fatal if a token file is corrupted or similar.
Make sure that writing auth token from a file and reading it from a file is not fatal if a token file is corrupted or similar. Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/2f02aece Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/2f02aece Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/2f02aece Branch: refs/heads/trunk Commit: 2f02aecebc4ba371b1239378961675a477ab9086 Parents: 43eeed6 Author: Tomaz MurausAuthored: Sat Jul 30 13:02:30 2016 +0200 Committer: Tomaz Muraus Committed: Sat Jul 30 13:02:30 2016 +0200 -- libcloud/common/google.py | 22 -- 1 file changed, 16 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/libcloud/blob/2f02aece/libcloud/common/google.py -- diff --git a/libcloud/common/google.py b/libcloud/common/google.py index 68aa77c..4b896c6 100644 --- a/libcloud/common/google.py +++ b/libcloud/common/google.py @@ -677,7 +677,9 @@ class GoogleOAuth2Credential(object): with open(filename, 'r') as f: data = f.read() token = json.loads(data) -except IOError: +except (IOError, ValueError): +# Note: File related errors (IOError) and errors related to json +# parsing of the data (ValueError) are not fatal. pass return token @@ -686,11 +688,19 @@ class GoogleOAuth2Credential(object): Write token to credential file. Mocked in libcloud.test.common.google.GoogleTestCase. """ -filename = os.path.realpath(os.path.expanduser(self.credential_file)) -data = json.dumps(self.token) -with os.fdopen(os.open(filename, os.O_CREAT | os.O_WRONLY | os.O_TRUNC, - int('600', 8)), 'w') as f: -f.write(data) +try: +filename = os.path.expanduser(self.credential_file) +filename = os.path.realpath(filename) +data = json.dumps(self.token) +write_flags = os.O_CREAT | os.O_WRONLY | os.O_TRUNC +with os.fdopen(os.open(filename, write_flags, + int('600', 8)), 'w') as f: +f.write(data) +except: +# Note: Failed to write (cache) token in a file is not fatal. It +# simply means degraded performance since we will need to acquire a +# new token each time script runs. +pass class GoogleBaseConnection(ConnectionUserAndKey, PollingConnection):