PyPI - ominfra - Versions diffs - 0.0.0.dev10__tar.gz → 0.0.0.dev11__tar.gz - Mend

ominfra 0.0.0.dev10tar.gz → 0.0.0.dev11tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

{ominfra-0.0.0.dev10/ominfra.egg-info → ominfra-0.0.0.dev11}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ominfra
-Version: 0.0.0.dev10
+Version: 0.0.0.dev11
 Summary: ominfra
 Author: wrmsr
 License: BSD-3-Clause
@@ -12,7 +12,7 @@ Classifier: Operating System :: OS Independent
 Classifier: Operating System :: POSIX
 Requires-Python: >=3.12
 License-File: LICENSE
-Requires-Dist: omlish==0.0.0.dev10
+Requires-Dist: omlish==0.0.0.dev11
 Provides-Extra: all
 Requires-Dist: paramiko>=3.4; extra == "all"
 Requires-Dist: asyncssh>=2.16; python_version < "3.13" and extra == "all"

ominfra-0.0.0.dev11/README.rst ADDED Viewed

@@ -0,0 +1,5 @@
+*omlish*
+Packages installable from git via:
+::
+  pip install 'git+https://github.com/wrmsr/omlish@master#subdirectory=.pkg/<pkg>'

{ominfra-0.0.0.dev10 → ominfra-0.0.0.dev11}/ominfra/__about__.py RENAMED Viewed

@@ -15,7 +15,7 @@ class Project(ProjectBase):
         'ssh': [
             'paramiko >= 3.4',  # !! LGPL
-            "asyncssh >= 2.16; python_version < '3.13'",  # cffi
+            'asyncssh >= 2.16; python_version < "3.13"',  # cffi
         ],
     }

ominfra-0.0.0.dev11/ominfra/clouds/aws/auth.py ADDED Viewed

@@ -0,0 +1,222 @@
+"""
+https://docs.aws.amazon.com/IAM/latest/UserGuide/create-signed-request.html
+TODO:
+ - https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html
+  - boto / s3transfer upload_fileobj doesn't stream either lol - eagerly calcs Content-MD5
+ - sts tokens
+ - !! fix canonical_qs - sort params
+"""
+import dataclasses as dc
+import datetime
+import hashlib
+import hmac
+import typing as ta
+import urllib.parse
+from omlish import check
+##
+HttpMap: ta.TypeAlias = ta.Mapping[str, ta.Sequence[str]]
+def make_http_map(*kvs: tuple[str, str]) -> HttpMap:
+    out: dict[str, list[str]] = {}
+    for k, v in kvs:
+        out.setdefault(k, []).append(v)
+    return out
+#
+@dc.dataclass(frozen=True)
+class Credentials:
+    access_key: str
+    secret_key: str = dc.field(repr=False)
+@dc.dataclass(frozen=True)
+class Request:
+    method: str
+    url: str
+    headers: HttpMap = dc.field(default_factory=dict)
+    payload: bytes = b''
+##
+def _host_from_url(url: str) -> str:
+    url_parts = urllib.parse.urlsplit(url)
+    host = check.non_empty_str(url_parts.hostname)
+    default_ports = {
+        'http': 80,
+        'https': 443,
+    }
+    if url_parts.port is not None:
+        if url_parts.port != default_ports.get(url_parts.scheme):
+            host = '%s:%d' % (host, url_parts.port)
+    return host
+def _as_bytes(data: str | bytes) -> bytes:
+    return data if isinstance(data, bytes) else data.encode('utf-8')
+def _sha256(data: str | bytes) -> str:
+    return hashlib.sha256(_as_bytes(data)).hexdigest()
+def _sha256_sign(key: bytes, msg: str | bytes) -> bytes:
+    return hmac.new(key, _as_bytes(msg), hashlib.sha256).digest()
+def _sha256_sign_hex(key: bytes, msg: str | bytes) -> str:
+    return hmac.new(key, _as_bytes(msg), hashlib.sha256).hexdigest()
+_EMPTY_SHA256 = _sha256(b'')
+_ISO8601 = '%Y%m%dT%H%M%SZ'
+_SIGNED_HEADERS_BLACKLIST = frozenset([
+    'expect',
+    'user-agent',
+    'x-amzn-trace-id',
+])
+def _lower_case_http_map(d: HttpMap) -> HttpMap:
+    o: dict[str, list[str]] = {}
+    for k, vs in d.items():
+        o.setdefault(k.lower(), []).extend(vs)
+    return o
+class V4AwsSigner:
+    def __init__(
+            self,
+            creds: Credentials,
+            region_name: str,
+            service_name: str,
+    ) -> None:
+        super().__init__()
+        self._creds = creds
+        self._region_name = region_name
+        self._service_name = service_name
+    def _validate_request(self, req: Request) -> None:
+        check.non_empty_str(req.method)
+        check.equal(req.method.upper(), req.method)
+        for k, vs in req.headers.items():
+            check.equal(k.strip(), k)
+            for v in vs:
+                check.equal(v.strip(), v)
+    def sign(
+            self,
+            req: Request,
+            *,
+            sign_payload: bool = False,
+            utcnow: datetime.datetime | None = None,
+    ) -> HttpMap:
+        self._validate_request(req)
+        #
+        if utcnow is None:
+            utcnow = datetime.datetime.utcnow()  # noqa
+        req_dt = utcnow.strftime(_ISO8601)
+        #
+        parsed_url = urllib.parse.urlsplit(req.url)
+        canon_uri = parsed_url.path
+        canon_qs = parsed_url.query
+        #
+        headers_to_sign = {
+            k: v
+            for k, v in _lower_case_http_map(req.headers).items()
+            if k not in _SIGNED_HEADERS_BLACKLIST
+        }
+        if 'host' not in headers_to_sign:
+            headers_to_sign['host'] = [_host_from_url(req.url)]
+        headers_to_sign['x-amz-date'] = [req_dt]
+        hashed_payload = _sha256(req.payload) if req.payload else _EMPTY_SHA256
+        if sign_payload:
+            headers_to_sign['x-amz-content-sha256'] = [hashed_payload]
+        sorted_header_names = sorted(headers_to_sign)
+        canon_headers = ''.join([
+            ':'.join((k, ','.join(headers_to_sign[k]))) + '\n'
+            for k in sorted_header_names
+        ])
+        signed_headers = ';'.join(sorted_header_names)
+        #
+        canon_req = '\n'.join([
+            req.method,
+            canon_uri,
+            canon_qs,
+            canon_headers,
+            signed_headers,
+            hashed_payload,
+        ])
+        #
+        algorithm = 'AWS4-HMAC-SHA256'
+        scope_parts = [
+            req_dt[:8],
+            self._region_name,
+            self._service_name,
+            'aws4_request',
+        ]
+        scope = '/'.join(scope_parts)
+        hashed_canon_req = _sha256(canon_req)
+        string_to_sign = '\n'.join([
+            algorithm,
+            req_dt,
+            scope,
+            hashed_canon_req,
+        ])
+        #
+        key = self._creds.secret_key
+        key_date = _sha256_sign(f'AWS4{key}'.encode('utf-8'), req_dt[:8])  # noqa
+        key_region = _sha256_sign(key_date, self._region_name)
+        key_service = _sha256_sign(key_region, self._service_name)
+        key_signing = _sha256_sign(key_service, 'aws4_request')
+        sig = _sha256_sign_hex(key_signing, string_to_sign)
+        #
+        cred_scope = '/'.join([
+            self._creds.access_key,
+            *scope_parts,
+        ])
+        auth = f'{algorithm} ' + ', '.join([
+            f'Credential={cred_scope}',
+            f'SignedHeaders={signed_headers}',
+            f'Signature={sig}',
+        ])
+        #
+        out = {
+            'Authorization': [auth],
+            'X-Amz-Date': [req_dt],
+        }
+        if sign_payload:
+            out['X-Amz-Content-SHA256'] = [hashed_payload]
+        return out

ominfra-0.0.0.dev11/ominfra/pyremote/__init__.py ADDED Viewed

File without changes

ominfra-0.0.0.dev11/ominfra/tools/__init__.py ADDED Viewed

File without changes

{ominfra-0.0.0.dev10 → ominfra-0.0.0.dev11/ominfra.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ominfra
-Version: 0.0.0.dev10
+Version: 0.0.0.dev11
 Summary: ominfra
 Author: wrmsr
 License: BSD-3-Clause
@@ -12,7 +12,7 @@ Classifier: Operating System :: OS Independent
 Classifier: Operating System :: POSIX
 Requires-Python: >=3.12
 License-File: LICENSE
-Requires-Dist: omlish==0.0.0.dev10
+Requires-Dist: omlish==0.0.0.dev11
 Provides-Extra: all
 Requires-Dist: paramiko>=3.4; extra == "all"
 Requires-Dist: asyncssh>=2.16; python_version < "3.13" and extra == "all"

{ominfra-0.0.0.dev10 → ominfra-0.0.0.dev11}/ominfra.egg-info/SOURCES.txt RENAMED Viewed

@@ -13,6 +13,9 @@ ominfra.egg-info/requires.txt
 ominfra.egg-info/top_level.txt
 ominfra/bootstrap/__init__.py
 ominfra/bootstrap/bootstrap.py
+ominfra/clouds/__init__.py
+ominfra/clouds/aws/__init__.py
+ominfra/clouds/aws/auth.py
 ominfra/deploy/__init__.py
 ominfra/deploy/_executor.py
 ominfra/deploy/configs.py

{ominfra-0.0.0.dev10 → ominfra-0.0.0.dev11}/ominfra.egg-info/requires.txt RENAMED Viewed

@@ -1,4 +1,4 @@
-omlish==0.0.0.dev10
+omlish==0.0.0.dev11
 [all]
 paramiko>=3.4

{ominfra-0.0.0.dev10 → ominfra-0.0.0.dev11}/pyproject.toml RENAMED Viewed

@@ -12,7 +12,7 @@ authors = [
 urls = {source = 'https://github.com/wrmsr/omlish'}
 license = {text = 'BSD-3-Clause'}
 requires-python = '>=3.12'
-version = '0.0.0.dev10'
+version = '0.0.0.dev11'
 classifiers = [
     'License :: OSI Approved :: BSD License',
     'Development Status :: 2 - Pre-Alpha',
@@ -22,17 +22,17 @@ classifiers = [
 ]
 description = 'ominfra'
 dependencies = [
-    'omlish == 0.0.0.dev10',
+    'omlish == 0.0.0.dev11',
 ]
 [project.optional-dependencies]
 all = [
     'paramiko >= 3.4',
-    "asyncssh >= 2.16; python_version < '3.13'",
+    'asyncssh >= 2.16; python_version < "3.13"',
 ]
 ssh = [
     'paramiko >= 3.4',
-    "asyncssh >= 2.16; python_version < '3.13'",
+    'asyncssh >= 2.16; python_version < "3.13"',
 ]
 [tool.setuptools]