|
62 | 62 | get_service_module_name, |
63 | 63 | ) |
64 | 64 |
|
65 | | -_LEGACY_SIGNATURE_VERSIONS = frozenset( |
66 | | - ( |
67 | | - 'v2', |
68 | | - 'v3', |
69 | | - 'v3https', |
70 | | - 'v4', |
71 | | - 's3', |
72 | | - 's3v4', |
73 | | - ) |
74 | | -) |
75 | | - |
76 | | - |
77 | 65 | logger = logging.getLogger(__name__) |
78 | 66 | history_recorder = get_global_history_recorder() |
79 | 67 |
|
@@ -174,6 +162,7 @@ def create_client( |
174 | 162 | self._register_s3_events(service_client, client_config, scoped_config) |
175 | 163 | self._register_s3express_events(client=service_client) |
176 | 164 | self._register_s3_control_events(service_client) |
| 165 | + self._register_importexport_events(client=service_client) |
177 | 166 | self._register_endpoint_discovery( |
178 | 167 | service_client, endpoint_url, client_config |
179 | 168 | ) |
@@ -332,6 +321,42 @@ def _register_s3_control_events(self, client): |
332 | 321 | return |
333 | 322 | S3ControlArnParamHandlerv2().register(client.meta.events) |
334 | 323 |
|
| 324 | + def _register_importexport_events( |
| 325 | + self, |
| 326 | + client, |
| 327 | + endpoint_bridge=None, |
| 328 | + endpoint_url=None, |
| 329 | + client_config=None, |
| 330 | + scoped_config=None, |
| 331 | + ): |
| 332 | + if client.meta.service_model.service_name != 'importexport': |
| 333 | + return |
| 334 | + self._set_importexport_signature_version( |
| 335 | + client.meta, client_config, scoped_config |
| 336 | + ) |
| 337 | + |
| 338 | + def _set_importexport_signature_version( |
| 339 | + self, client_meta, client_config, scoped_config |
| 340 | + ): |
| 341 | + # This will return the manually configured signature version, or None |
| 342 | + # if none was manually set. If a customer manually sets the signature |
| 343 | + # version, we always want to use what they set. |
| 344 | + configured_signature_version = _get_configured_signature_version( |
| 345 | + 'importexport', client_config, scoped_config |
| 346 | + ) |
| 347 | + if configured_signature_version is not None: |
| 348 | + return |
| 349 | + |
| 350 | + # importexport has a modeled signatureVersion of v2, but we |
| 351 | + # previously switched to v4 via endpoint.json before endpoint rulesets. |
| 352 | + # Override the model's signatureVersion for backwards compatability. |
| 353 | + client_meta.events.register( |
| 354 | + 'choose-signer.importexport', self._default_signer_to_sigv4 |
| 355 | + ) |
| 356 | + |
| 357 | + def _default_signer_to_sigv4(self, signature_version, **kwargs): |
| 358 | + return 'v4' |
| 359 | + |
335 | 360 | def _get_client_args( |
336 | 361 | self, |
337 | 362 | service_model, |
@@ -669,27 +694,28 @@ def _resolve_signature_version(self, service_name, resolved): |
669 | 694 | if configured_version is not None: |
670 | 695 | return configured_version |
671 | 696 |
|
672 | | - potential_versions = resolved.get('signatureVersions', []) |
673 | | - if ( |
674 | | - self.service_signature_version is not None |
675 | | - and self.service_signature_version |
676 | | - not in _LEGACY_SIGNATURE_VERSIONS |
677 | | - ): |
678 | | - # Prefer the service model as most specific |
679 | | - # source of truth for new signature versions. |
680 | | - potential_versions = [self.service_signature_version] |
| 697 | + # These have since added the "auth" key to the service model |
| 698 | + # with "aws.auth#sigv4", but preserve existing behavior from |
| 699 | + # when we preferred endpoints.json over the service models |
| 700 | + if service_name in ('s3', 's3-control'): |
| 701 | + return 's3v4' |
681 | 702 |
|
682 | | - # Pick a signature version from the endpoint metadata if present. |
683 | | - if 'signatureVersions' in resolved: |
684 | | - if service_name == 's3': |
685 | | - return 's3v4' |
| 703 | + if self.service_signature_version is not None: |
| 704 | + # Prefer the service model |
| 705 | + potential_versions = [self.service_signature_version] |
| 706 | + else: |
| 707 | + # Fall back to endpoints.json to preserve existing behavior, which |
| 708 | + # may be useful for users who have custom service models |
| 709 | + potential_versions = resolved.get('signatureVersions', []) |
| 710 | + # This was added for the V2 -> V4 transition, |
| 711 | + # for services that added V4 after V2 in endpoints.json |
686 | 712 | if 'v4' in potential_versions: |
687 | 713 | return 'v4' |
688 | | - # Now just iterate over the signature versions in order until we |
689 | | - # find the first one that is known to Botocore. |
690 | | - for known in potential_versions: |
691 | | - if known in AUTH_TYPE_MAPS: |
692 | | - return known |
| 714 | + # Now just iterate over the signature versions in order until we |
| 715 | + # find the first one that is known to Botocore. |
| 716 | + for known in potential_versions: |
| 717 | + if known in AUTH_TYPE_MAPS: |
| 718 | + return known |
693 | 719 | raise UnknownSignatureVersionError( |
694 | 720 | signature_version=potential_versions |
695 | 721 | ) |
|
0 commit comments