osc_sdk_python 0.39.2__py3-none-any.whl

osc_sdk_python/VERSION

@@ -0,0 +1 @@
+0.39.2

osc_sdk_python/__init__.py

@@ -0,0 +1,31 @@
+from .outscale_gateway import OutscaleGateway as Gateway
+from .outscale_gateway import LOG_NONE
+from .outscale_gateway import LOG_STDERR
+from .outscale_gateway import LOG_STDIO
+from .outscale_gateway import LOG_MEMORY
+from .version import get_version
+from .problem import Problem, ProblemDecoder
+from .limiter import RateLimiter
+from .retry import Retry
+
+# what to Log
+from .outscale_gateway import LOG_ALL
+from .outscale_gateway import LOG_KEEP_ONLY_LAST_REQ
+
+__author__ = "Outscale SAS"
+__version__ = get_version()
+__all__ = [
+    "__version__",
+    "__author__",
+    "Gateway",
+    "LOG_NONE",
+    "LOG_STDERR",
+    "LOG_STDIO",
+    "LOG_MEMORY",
+    "LOG_ALL",
+    "LOG_KEEP_ONLY_LAST_REQ",
+    "Problem",
+    "ProblemDecoder",
+    "RateLimiter",
+    "Retry",
+]

osc_sdk_python/authentication.py

@@ -0,0 +1,176 @@
+import datetime
+import hashlib
+import hmac
+import base64
+
+from .version import get_version
+from .credentials import Profile
+
+VERSION: str = get_version()
+DEFAULT_USER_AGENT = "osc-sdk-python/" + VERSION
+
+
+class Authentication:
+    def __init__(
+        self,
+        credentials: Profile,
+        host: str,
+        method="POST",
+        service="api",
+        content_type="application/json; charset=utf-8",
+        algorithm="OSC4-HMAC-SHA256",
+        signed_headers="content-type;host;x-osc-date",
+        user_agent=DEFAULT_USER_AGENT,
+    ):
+        self.access_key = credentials.access_key
+        self.secret_key = credentials.secret_key
+        self.login = credentials.login
+        self.password = credentials.password
+        self.host = host
+        self.region = credentials.region
+        self.content_type = content_type
+        self.method = method
+        self.service = service
+        self.algorithm = algorithm
+        self.signed_headers = signed_headers
+        self.user_agent = user_agent
+        self.x509_client_cert = credentials.x509_client_cert
+
+    def forge_headers_signed(self, uri, request_data):
+        date_iso, date = self.build_dates()
+        credential_scope = "{}/{}/{}/osc4_request".format(
+            date, self.region, self.service
+        )
+
+        canonical_request = self.build_canonical_request(date_iso, uri, request_data)
+        str_to_sign = self.create_string_to_sign(
+            date_iso, credential_scope, canonical_request
+        )
+        signature = self.compute_signature(date, str_to_sign)
+        authorisation = self.build_authorization_header(credential_scope, signature)
+
+        return {
+            "Content-Type": self.content_type,
+            "X-Osc-Date": date_iso,
+            "Authorization": authorisation,
+            "User-Agent": self.user_agent,
+        }
+
+    def build_dates(self):
+        """Return YYYYMMDDTHHmmssZ, YYYYMMDD"""
+        t = datetime.datetime.now(datetime.timezone.utc)
+        return t.strftime("%Y%m%dT%H%M%SZ"), t.strftime("%Y%m%d")
+
+    def sign(self, key, msg):
+        return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
+
+    def get_signature_key(self, key, date_stamp_value):
+        k_date = self.sign(("OSC4" + key).encode("utf-8"), date_stamp_value)
+        k_region = self.sign(k_date, self.region)
+        k_service = self.sign(k_region, self.service)
+        k_signing = self.sign(k_service, "osc4_request")
+        return k_signing
+
+    def build_canonical_request(self, date_iso, canonical_uri, request_data):
+        #
+        # Step 1 is to define the verb (GET, POST, etc.)--already done.
+        # Step 2: Create canonical URI--the part of the URI from domain to query
+        #         string (use '/' if no path)
+        #         canonical_uri = '/'
+        # Step 3: Create the canonical query string. In this example, request
+        #         parameters are passed in the body of the request and the query string
+        #         is blank.
+        # Step 4: Create the canonical headers. Header names must be trimmed
+        #         and lowercase, and sorted in code point order from low to high.
+        #         Note that there is a trailing \n.
+        # Step 5: Create the list of signed headers. This lists the headers
+        #         in the canonical_headers list, delimited with ";" and in alpha order.
+        #         Note: The request can include any headers; canonical_headers and
+        #         signed_headers include those that you want to be included in the
+        #         hash of the request. "Host" and "x-amz-date" are always required.
+        # Step 6: Create payload hash. In this example, the payload (body of
+        #         the request) contains the request parameters.
+        # Step 7: Combine elements to create canonical request
+        canonical_querystring = ""
+        canonical_headers = (
+            "content-type:"
+            + self.content_type
+            + "\n"
+            + "host:"
+            + self.host
+            + "\n"
+            + "x-osc-date:"
+            + date_iso
+            + "\n"
+        )
+        payload_hash = hashlib.sha256(request_data.encode("utf-8")).hexdigest()
+        return (
+            self.method
+            + "\n"
+            + canonical_uri
+            + "\n"
+            + canonical_querystring
+            + "\n"
+            + canonical_headers
+            + "\n"
+            + self.signed_headers
+            + "\n"
+            + payload_hash
+        )
+
+    def create_string_to_sign(self, date_iso, credential_scope, canonical_request):
+        # ************* TASK 2: CREATE THE STRING TO SIGN*************
+        # Match the algorithm to the hashing algorithm you use, either SHA-1 or
+        # SHA-256 (recommended)
+        return (
+            self.algorithm
+            + "\n"
+            + date_iso
+            + "\n"
+            + credential_scope
+            + "\n"
+            + hashlib.sha256(canonical_request.encode("utf-8")).hexdigest()
+        )
+
+    def compute_signature(self, date, string_to_sign):
+        # ************* TASK 3: CALCULATE THE SIGNATURE *************
+        # Create the signing key using the function defined above.
+        signing_key = self.get_signature_key(self.secret_key, date)
+
+        # Sign the string_to_sign using the signing_key
+        return hmac.new(
+            signing_key, string_to_sign.encode("utf-8"), hashlib.sha256
+        ).hexdigest()
+
+    def build_authorization_header(self, credential_scope, signature):
+        # ************* TASK 4: ADD SIGNING INFORMATION TO THE REQUEST *************
+        # Put the signature information in a header named Authorization.
+        return (
+            self.algorithm
+            + " "
+            + "Credential="
+            + self.access_key
+            + "/"
+            + credential_scope
+            + ", "
+            + "SignedHeaders="
+            + self.signed_headers
+            + ", "
+            + "Signature="
+            + signature
+        )
+
+    def is_basic_auth_configured(self):
+        return self.login is not None and self.password is not None
+
+    def get_basic_auth_header(self):
+        if not self.is_basic_auth_configured():
+            raise Exception("email or password not set")
+        creds = self.login + ":" + self.password
+        b64_creds = str(base64.b64encode(creds.encode("utf-8")), "utf-8")
+        date_iso, _ = self.build_dates()
+        return {
+            "Content-Type": self.content_type,
+            "X-Osc-Date": date_iso,
+            "Authorization": "Basic " + b64_creds,
+        }

osc_sdk_python/call.py

@@ -0,0 +1,96 @@
+from .authentication import Authentication
+from .authentication import DEFAULT_USER_AGENT
+from .credentials import Profile
+from .requester import Requester
+from requests import Session
+from urllib3.util import parse_url
+from datetime import timedelta
+from .limiter import RateLimiter
+
+import json
+import warnings
+
+
+class Call(object):
+    def __init__(self, logger=None, limiter=None, **kwargs):
+        self.version = kwargs.pop("version", "latest")
+        self.host = kwargs.pop("host", None)
+        self.ssl = kwargs.pop("_ssl", True)
+        self.user_agent = kwargs.pop("user_agent", DEFAULT_USER_AGENT)
+        self.logger = logger
+        self.limiter: RateLimiter | None = limiter
+        self.retry_kwargs = {}
+        self.session = Session()
+
+        kwargs = self.update_limiter(**kwargs)
+        kwargs = self.update_retry(**kwargs)
+        self.update_profile(**kwargs)
+
+    def update_credentials(self, **kwargs):
+        warnings.warn(
+            "update_credentials is deprecated, use update_profile instead",
+            DeprecationWarning,
+            stacklevel=2,
+        )
+        return self.update_profile(**kwargs)
+
+    def update_profile(self, **kwargs):
+        self.profile = Profile.from_standard_configuration(
+            kwargs.pop("path", None), kwargs.pop("profile", None)
+        )
+        self.profile.merge(Profile(**kwargs))
+        return kwargs
+
+    def update_limiter(self, **kwargs):
+        limiter_window = kwargs.pop("limiter_window", None)
+        if limiter_window is not None and self.limiter is not None:
+            self.limiter.window = timedelta(seconds=int(limiter_window))
+
+        limiter_max_requests = kwargs.pop("limiter_max_requests", None)
+        if limiter_max_requests is not None and self.limiter is not None:
+            self.limiter.max_requests = limiter_max_requests
+
+        return kwargs
+
+    def update_retry(self, **kwargs):
+        max_retries = kwargs.pop("max_retries", None)
+        if max_retries is not None:
+            self.retry_kwargs["max_retries"] = int(max_retries)
+
+        for key in ["backoff_factor", "backoff_jitter", "backoff_max"]:
+            value = kwargs.pop(f"retry_{key}", None)
+            if value is not None:
+                self.retry_kwargs[key] = float(value)
+        return kwargs
+
+    def api(self, action, service="api", **data):
+        try:
+            endpoint = self.profile.get_endpoint(service) + "/" + action
+            parsed_url = parse_url(endpoint)
+            uri = parsed_url.path
+            host = parsed_url.host
+
+            if self.limiter is not None:
+                self.limiter.acquire()
+
+            requester = Requester(
+                self.session,
+                Authentication(
+                    self.profile,
+                    host,
+                    user_agent=self.user_agent,
+                ),
+                endpoint,
+                **self.retry_kwargs,
+            )
+            if self.logger is not None:
+                self.logger.do_log(
+                    "uri: " + uri + "\npayload:\n" + json.dumps(data, indent=2)
+                )
+            return requester.send(uri, json.dumps(data))
+        except Exception as err:
+            raise err
+
+    def close(self):
+        if self.session:
+            self.session.close()

osc_sdk_python/credentials.py

@@ -0,0 +1,186 @@
+import json
+import os
+import warnings
+
+ORIGINAL_PATH = os.path.join(os.path.expanduser("~"), ".oapi_credentials")
+STD_PATH = os.path.join(os.path.expanduser("~"), ".osc/config.json")
+DEFAULT_REGION = "eu-west-2"
+DEFAULT_PROFILE = "default"
+
+
+class Endpoint:
+    def __init__(self, **kwargs):
+        self.api: str = kwargs.pop("api", None)
+        self.oks: str = kwargs.pop("oks", None)
+        self.lbu: str = kwargs.pop("lbu", None)
+        self.oos: str = kwargs.pop("oos", None)
+        self.fcu: str = kwargs.pop("fcu", None)
+        self.eim: str = kwargs.pop("eim", None)
+        self.direct_link: str = kwargs.pop("direct_link", None)
+
+        if kwargs:
+            unexpected = ", ".join(f"'{k}'" for k in kwargs.keys())
+            raise TypeError(
+                f"Endpoint() got unexpected keyword arguments: {unexpected}"
+            )
+
+
+class Profile:
+    def __init__(self, **kwargs):
+        self.access_key: str = kwargs.pop("access_key", None)
+        self.secret_key: str = kwargs.pop("secret_key", None)
+        self.access_key_v2: str = kwargs.pop("access_key_v2", None)
+        self.secret_key_v2: str = kwargs.pop("secret_key_v2", None)
+        self.iam_v2_services: list[str] = kwargs.pop("iam_v2_services", [])
+        self.x509_client_cert: str = kwargs.pop("x509_client_cert", None)
+        self.x509_client_cert_b64: str = kwargs.pop("x509_client_cert_b64", None)
+        self.x509_client_key: str = kwargs.pop("x509_client_key", None)
+        self.x509_client_key_b64: str = kwargs.pop("x509_client_key_b64", None)
+        self.tls_skip_verify: bool = kwargs.pop("tls_skip_verify", False)
+        self.login: str = kwargs.pop("login", None) or kwargs.pop("email", None)
+        self.password: str = kwargs.pop("password", None)
+        self.protocol: str = kwargs.pop("protocol", None)
+        self.region: str = kwargs.pop("region", None)
+        self.endpoints: "Endpoint" = kwargs.pop(
+            "endpoints", Endpoint()
+        )  # Forward reference
+
+        if kwargs:
+            unexpected = ", ".join(f"'{k}'" for k in kwargs.keys())
+            raise TypeError(f"Profile() got unexpected keyword arguments: {unexpected}")
+
+    @property
+    def email(self) -> str:
+        # For some reason, login is called email
+        return self.login
+
+    def get_endpoint(self, service: str) -> str:
+        endpoint = getattr(self.endpoints, service)
+        if not endpoint:
+            endpoint = self.get_default_endpoint(service)
+
+        return endpoint
+
+    def get_default_endpoint(self, service: str) -> str:
+        if service == "oks":
+            return f"{self.protocol}://api.{self.region}.oks.outscale.com/api/v2"
+        elif service == "api":
+            return f"{self.protocol}://api.{self.region}.outscale.com/api/v1"
+        elif service == "lbu":
+            return f"{self.protocol}://lbu.{self.region}.outscale.com"
+        elif service == "oos":
+            return f"{self.protocol}://oos.{self.region}.outscale.com"
+        elif service == "fcu":
+            return f"{self.protocol}://fcu.{self.region}.outscale.com"
+        elif service == "eim":
+            return f"{self.protocol}://eim.{self.region}.outscale.com"
+        elif service == "directlink":
+            return f"{self.protocol}://directlink.{self.region}.outscale.com"
+        else:
+            raise ValueError("Unknown service")
+
+    @staticmethod
+    def from_env() -> "Profile":
+        endpoint_kwargs = {
+            "api": os.environ.get("OSC_ENDPOINT_API"),
+            "oks": os.environ.get("OSC_ENDPOINT_OKS"),
+            "lbu": os.environ.get("OSC_ENDPOINT_LBU"),
+            "oos": os.environ.get("OSC_ENDPOINT_OOS"),
+            "fcu": os.environ.get("OSC_ENDPOINT_FCU"),
+            "eim": os.environ.get("OSC_ENDPOINT_EIM"),
+            "direct_link": os.environ.get("OSC_ENDPOINT_DIRECT_LINK"),
+        }
+
+        profile_kwargs = {
+            "access_key": os.environ.get("OSC_ACCESS_KEY"),
+            "secret_key": os.environ.get("OSC_SECRET_KEY"),
+            "access_key_v2": os.environ.get("OSC_ACCESS_KEY_V2"),
+            "secret_key_v2": os.environ.get("OSC_SECRET_KEY_V2"),
+            "x509_client_cert": os.environ.get("OSC_X509_CLIENT_CERT"),
+            "x509_client_cert_b64": os.environ.get("OSC_X509_CLIENT_CERT_B64"),
+            "x509_client_key": os.environ.get("OSC_X509_CLIENT_KEY"),
+            "x509_client_key_b64": os.environ.get("OSC_X509_CLIENT_KEY_B64"),
+            "tls_skip_verify": os.environ.get("OSC_TLS_SKIP_VERIFY", "False").lower()
+            in ("true"),
+            "login": os.environ.get("OSC_LOGIN"),
+            "password": os.environ.get("OSC_PASSWORD"),
+            "protocol": os.environ.get("OSC_PROTOCOL"),
+            "region": os.environ.get("OSC_REGION"),
+            "endpoints": Endpoint(**endpoint_kwargs),
+        }
+
+        iam_v2_services_env = os.environ.get("OSC_IAM_V2_SERVICES", "")
+        if iam_v2_services_env:
+            profile_kwargs["iam_v2_services"] = [
+                s.strip() for s in iam_v2_services_env.split(",")
+            ]
+
+        return Profile(**profile_kwargs)
+
+    @staticmethod
+    def __from_file(path: str, profile: str) -> "Profile":
+        with open(path) as f:
+            config = json.load(f)
+            kwargs_profile = config.get(profile)
+            kwargs_endpoints = kwargs_profile.get("endpoints", {})
+            kwargs_profile["endpoints"] = Endpoint(**kwargs_endpoints)
+            return Profile(**kwargs_profile)
+
+    def merge(self, other: "Profile"):
+        self.__dict__.update(
+            {
+                k: v
+                for k, v in other.__dict__.items()
+                if v is not None and k != "endpoints"
+            }
+        )
+        self.endpoints.__dict__.update(
+            {k: v for k, v in other.endpoints.__dict__.items() if v is not None}
+        )
+
+    @staticmethod
+    def from_standard_configuration(path: str, profile: str) -> "Profile":
+        # 1. Load profile from environmental
+        merged_profile = Profile.from_env()
+
+        # 2. Load additional config from environment
+        if not profile:
+            value = os.environ.get("OSC_PROFILE")
+            if value:
+                profile = value
+            else:
+                profile = "default"
+
+        if not path:
+            value = os.environ.get("OSC_CONFIG_FILE")
+            if value:
+                path = value
+            else:
+                path = STD_PATH
+
+        # 3. Load profile for config file
+        try:
+            file_profile = Profile.__from_file(path, profile)
+            merged_profile.merge(file_profile)
+        except Exception as e:
+            if path != STD_PATH or profile != "default":
+                raise e
+
+        # 4. Load default
+        if not merged_profile.protocol:
+            merged_profile.protocol = "https"
+
+        if not merged_profile.region:
+            merged_profile.region = "eu-west-2"
+
+        return merged_profile
+
+
+class Credentials(Profile):
+    def __init__(self, **kwargs):
+        warnings.warn(
+            "Credentials class is deprecated. Use Profile class instead.",
+            DeprecationWarning,
+            stacklevel=2,
+        )
+        super().__init__(**kwargs)

osc_sdk_python/limiter.py

@@ -0,0 +1,29 @@
+from datetime import datetime, timezone, timedelta
+import time
+
+
+class RateLimiter:
+    def __init__(self, window: timedelta, max_requests: int, datetime_cls=datetime):
+        self.datetime_cls = datetime_cls
+        self.window: timedelta = window
+        self.max_requests: int = max_requests
+        self.requests = []
+
+    def acquire(self):
+        now = self.datetime_cls.now(timezone.utc)
+
+        self.clean_old_requests(now)
+
+        if len(self.requests) >= self.max_requests:
+            oldest = self.requests[0]
+            wait_time = self.window - (now - oldest)
+            time.sleep(wait_time.total_seconds())
+
+            now = self.datetime_cls.now(timezone.utc)
+            self.clean_old_requests(now)
+
+        self.requests.append(now)
+
+    def clean_old_requests(self, now):
+        while len(self.requests) > 0 and self.requests[0] <= now - self.window:
+            self.requests.pop(0)