Skip to content

Commit

Permalink
Deprecate SSL common name (#2804)
Browse files Browse the repository at this point in the history 
* remove ssl common name deprecation and tests

* changelog
  • Loading branch information
@dlm6693
dlm6693 authored Nov 1, 2022
1 parent 7ff9092 commit 0e52189
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 87 deletions.
5 changes: 5 additions & 0 deletions .changes/next-release/Enhancement-Endpoints-62816.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
"type": "Enhancement",
"category": "Endpoints",
"description": "Discontinued use of `sslCommonName` hosts as detailed in 1.27.0 (see `#2705 <https://github.com/boto/botocore/issues/2705>`__ for more info)"
}
25 changes: 3 additions & 22 deletions botocore/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@
# ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
import logging
import os
import warnings

from botocore import waiter, xform_name
from botocore.args import ClientArgsCreator
Expand Down Expand Up @@ -598,27 +596,10 @@ def _create_endpoint(
resolved, region_name, endpoint_url
)
if endpoint_url is None:
sslCommonName = resolved.get('sslCommonName')
hostname = resolved.get('hostname')
is_disabled = ensure_boolean(
os.environ.get('BOTO_DISABLE_COMMONNAME', False)
)
if (
not is_disabled
and sslCommonName is not None
and sslCommonName != hostname
):
warnings.warn(
f'The {service_name} client is currently using a '
f'deprecated endpoint: {sslCommonName}. In the next '
f'minor version this will be moved to {hostname}. '
'See https://github.com/boto/botocore/issues/2705 '
'for more details.',
category=FutureWarning,
)
hostname = sslCommonName
endpoint_url = self._make_url(
hostname, is_secure, resolved.get('protocols', [])
resolved.get('hostname'),
is_secure,
resolved.get('protocols', []),
)
signature_version = self._resolve_signature_version(
service_name, resolved
Expand Down
38 changes: 19 additions & 19 deletions tests/functional/test_regions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
'elasticache': 'elasticache.ap-northeast-1.amazonaws.com',
'elasticbeanstalk': 'elasticbeanstalk.ap-northeast-1.amazonaws.com',
'elasticloadbalancing': 'elasticloadbalancing.ap-northeast-1.amazonaws.com',
'elasticmapreduce': 'ap-northeast-1.elasticmapreduce.amazonaws.com',
'elasticmapreduce': 'elasticmapreduce.ap-northeast-1.amazonaws.com',
'elastictranscoder': 'elastictranscoder.ap-northeast-1.amazonaws.com',
'glacier': 'glacier.ap-northeast-1.amazonaws.com',
'iot': 'iot.ap-northeast-1.amazonaws.com',
Expand All @@ -56,7 +56,7 @@
's3': 's3.ap-northeast-1.amazonaws.com',
'sdb': 'sdb.ap-northeast-1.amazonaws.com',
'sns': 'sns.ap-northeast-1.amazonaws.com',
'sqs': 'ap-northeast-1.queue.amazonaws.com',
'sqs': 'sqs.ap-northeast-1.amazonaws.com',
'storagegateway': 'storagegateway.ap-northeast-1.amazonaws.com',
'streams.dynamodb': 'streams.dynamodb.ap-northeast-1.amazonaws.com',
'sts': 'sts.ap-northeast-1.amazonaws.com',
Expand All @@ -77,7 +77,7 @@
'elasticache': 'elasticache.ap-southeast-1.amazonaws.com',
'elasticbeanstalk': 'elasticbeanstalk.ap-southeast-1.amazonaws.com',
'elasticloadbalancing': 'elasticloadbalancing.ap-southeast-1.amazonaws.com',
'elasticmapreduce': 'ap-southeast-1.elasticmapreduce.amazonaws.com',
'elasticmapreduce': 'elasticmapreduce.ap-southeast-1.amazonaws.com',
'elastictranscoder': 'elastictranscoder.ap-southeast-1.amazonaws.com',
'kinesis': 'kinesis.ap-southeast-1.amazonaws.com',
'kms': 'kms.ap-southeast-1.amazonaws.com',
Expand All @@ -88,7 +88,7 @@
's3': 's3.ap-southeast-1.amazonaws.com',
'sdb': 'sdb.ap-southeast-1.amazonaws.com',
'sns': 'sns.ap-southeast-1.amazonaws.com',
'sqs': 'ap-southeast-1.queue.amazonaws.com',
'sqs': 'sqs.ap-southeast-1.amazonaws.com',
'storagegateway': 'storagegateway.ap-southeast-1.amazonaws.com',
'streams.dynamodb': 'streams.dynamodb.ap-southeast-1.amazonaws.com',
'sts': 'sts.ap-southeast-1.amazonaws.com',
Expand All @@ -112,7 +112,7 @@
'elasticache': 'elasticache.ap-southeast-2.amazonaws.com',
'elasticbeanstalk': 'elasticbeanstalk.ap-southeast-2.amazonaws.com',
'elasticloadbalancing': 'elasticloadbalancing.ap-southeast-2.amazonaws.com',
'elasticmapreduce': 'ap-southeast-2.elasticmapreduce.amazonaws.com',
'elasticmapreduce': 'elasticmapreduce.ap-southeast-2.amazonaws.com',
'glacier': 'glacier.ap-southeast-2.amazonaws.com',
'kinesis': 'kinesis.ap-southeast-2.amazonaws.com',
'kms': 'kms.ap-southeast-2.amazonaws.com',
Expand All @@ -123,7 +123,7 @@
's3': 's3.ap-southeast-2.amazonaws.com',
'sdb': 'sdb.ap-southeast-2.amazonaws.com',
'sns': 'sns.ap-southeast-2.amazonaws.com',
'sqs': 'ap-southeast-2.queue.amazonaws.com',
'sqs': 'sqs.ap-southeast-2.amazonaws.com',
'storagegateway': 'storagegateway.ap-southeast-2.amazonaws.com',
'streams.dynamodb': 'streams.dynamodb.ap-southeast-2.amazonaws.com',
'sts': 'sts.ap-southeast-2.amazonaws.com',
Expand All @@ -149,7 +149,7 @@
'rds': 'rds.cn-north-1.amazonaws.com.cn',
's3': 's3.cn-north-1.amazonaws.com.cn',
'sns': 'sns.cn-north-1.amazonaws.com.cn',
'sqs': 'cn-north-1.queue.amazonaws.com.cn',
'sqs': 'sqs.cn-north-1.amazonaws.com.cn',
'storagegateway': 'storagegateway.cn-north-1.amazonaws.com.cn',
'streams.dynamodb': 'streams.dynamodb.cn-north-1.amazonaws.com.cn',
'sts': 'sts.cn-north-1.amazonaws.com.cn',
Expand Down Expand Up @@ -179,7 +179,7 @@
'redshift': 'redshift.eu-central-1.amazonaws.com',
's3': 's3.eu-central-1.amazonaws.com',
'sns': 'sns.eu-central-1.amazonaws.com',
'sqs': 'eu-central-1.queue.amazonaws.com',
'sqs': 'sqs.eu-central-1.amazonaws.com',
'storagegateway': 'storagegateway.eu-central-1.amazonaws.com',
'streams.dynamodb': 'streams.dynamodb.eu-central-1.amazonaws.com',
'sts': 'sts.eu-central-1.amazonaws.com',
Expand All @@ -205,7 +205,7 @@
'elasticache': 'elasticache.eu-west-1.amazonaws.com',
'elasticbeanstalk': 'elasticbeanstalk.eu-west-1.amazonaws.com',
'elasticloadbalancing': 'elasticloadbalancing.eu-west-1.amazonaws.com',
'elasticmapreduce': 'eu-west-1.elasticmapreduce.amazonaws.com',
'elasticmapreduce': 'elasticmapreduce.eu-west-1.amazonaws.com',
'elastictranscoder': 'elastictranscoder.eu-west-1.amazonaws.com',
'email': 'email.eu-west-1.amazonaws.com',
'glacier': 'glacier.eu-west-1.amazonaws.com',
Expand All @@ -221,7 +221,7 @@
's3': 's3.eu-west-1.amazonaws.com',
'sdb': 'sdb.eu-west-1.amazonaws.com',
'sns': 'sns.eu-west-1.amazonaws.com',
'sqs': 'eu-west-1.queue.amazonaws.com',
'sqs': 'sqs.eu-west-1.amazonaws.com',
'ssm': 'ssm.eu-west-1.amazonaws.com',
'storagegateway': 'storagegateway.eu-west-1.amazonaws.com',
'streams.dynamodb': 'streams.dynamodb.eu-west-1.amazonaws.com',
Expand All @@ -243,14 +243,14 @@
'elasticache': 'elasticache.sa-east-1.amazonaws.com',
'elasticbeanstalk': 'elasticbeanstalk.sa-east-1.amazonaws.com',
'elasticloadbalancing': 'elasticloadbalancing.sa-east-1.amazonaws.com',
'elasticmapreduce': 'sa-east-1.elasticmapreduce.amazonaws.com',
'elasticmapreduce': 'elasticmapreduce.sa-east-1.amazonaws.com',
'kms': 'kms.sa-east-1.amazonaws.com',
'monitoring': 'monitoring.sa-east-1.amazonaws.com',
'rds': 'rds.sa-east-1.amazonaws.com',
's3': 's3.sa-east-1.amazonaws.com',
'sdb': 'sdb.sa-east-1.amazonaws.com',
'sns': 'sns.sa-east-1.amazonaws.com',
'sqs': 'sa-east-1.queue.amazonaws.com',
'sqs': 'sqs.sa-east-1.amazonaws.com',
'storagegateway': 'storagegateway.sa-east-1.amazonaws.com',
'streams.dynamodb': 'streams.dynamodb.sa-east-1.amazonaws.com',
'sts': 'sts.sa-east-1.amazonaws.com',
Expand Down Expand Up @@ -295,14 +295,14 @@
'mobileanalytics': 'mobileanalytics.us-east-1.amazonaws.com',
'monitoring': 'monitoring.us-east-1.amazonaws.com',
'opsworks': 'opsworks.us-east-1.amazonaws.com',
'rds': 'rds.amazonaws.com',
'rds': 'rds.us-east-1.amazonaws.com',
'redshift': 'redshift.us-east-1.amazonaws.com',
'route53': 'route53.amazonaws.com',
'route53domains': 'route53domains.us-east-1.amazonaws.com',
's3': 's3.us-east-1.amazonaws.com',
'sdb': 'sdb.amazonaws.com',
'sns': 'sns.us-east-1.amazonaws.com',
'sqs': 'queue.amazonaws.com',
'sqs': 'sqs.us-east-1.amazonaws.com',
'ssm': 'ssm.us-east-1.amazonaws.com',
'storagegateway': 'storagegateway.us-east-1.amazonaws.com',
'streams.dynamodb': 'streams.dynamodb.us-east-1.amazonaws.com',
Expand Down Expand Up @@ -330,7 +330,7 @@
'redshift': 'redshift.us-gov-west-1.amazonaws.com',
's3': 's3.us-gov-west-1.amazonaws.com',
'sns': 'sns.us-gov-west-1.amazonaws.com',
'sqs': 'us-gov-west-1.queue.amazonaws.com',
'sqs': 'sqs.us-gov-west-1.amazonaws.com',
'sts': 'sts.us-gov-west-1.amazonaws.com',
'swf': 'swf.us-gov-west-1.amazonaws.com',
},
Expand All @@ -347,7 +347,7 @@
'elasticache': 'elasticache.us-west-1.amazonaws.com',
'elasticbeanstalk': 'elasticbeanstalk.us-west-1.amazonaws.com',
'elasticloadbalancing': 'elasticloadbalancing.us-west-1.amazonaws.com',
'elasticmapreduce': 'us-west-1.elasticmapreduce.amazonaws.com',
'elasticmapreduce': 'elasticmapreduce.us-west-1.amazonaws.com',
'elastictranscoder': 'elastictranscoder.us-west-1.amazonaws.com',
'glacier': 'glacier.us-west-1.amazonaws.com',
'kinesis': 'kinesis.us-west-1.amazonaws.com',
Expand All @@ -358,7 +358,7 @@
's3': 's3.us-west-1.amazonaws.com',
'sdb': 'sdb.us-west-1.amazonaws.com',
'sns': 'sns.us-west-1.amazonaws.com',
'sqs': 'us-west-1.queue.amazonaws.com',
'sqs': 'sqs.us-west-1.amazonaws.com',
'storagegateway': 'storagegateway.us-west-1.amazonaws.com',
'streams.dynamodb': 'streams.dynamodb.us-west-1.amazonaws.com',
'sts': 'sts.us-west-1.amazonaws.com',
Expand All @@ -385,7 +385,7 @@
'elasticbeanstalk': 'elasticbeanstalk.us-west-2.amazonaws.com',
'elasticfilesystem': 'elasticfilesystem.us-west-2.amazonaws.com',
'elasticloadbalancing': 'elasticloadbalancing.us-west-2.amazonaws.com',
'elasticmapreduce': 'us-west-2.elasticmapreduce.amazonaws.com',
'elasticmapreduce': 'elasticmapreduce.us-west-2.amazonaws.com',
'elastictranscoder': 'elastictranscoder.us-west-2.amazonaws.com',
'email': 'email.us-west-2.amazonaws.com',
'glacier': 'glacier.us-west-2.amazonaws.com',
Expand All @@ -400,7 +400,7 @@
's3': 's3.us-west-2.amazonaws.com',
'sdb': 'sdb.us-west-2.amazonaws.com',
'sns': 'sns.us-west-2.amazonaws.com',
'sqs': 'us-west-2.queue.amazonaws.com',
'sqs': 'sqs.us-west-2.amazonaws.com',
'ssm': 'ssm.us-west-2.amazonaws.com',
'storagegateway': 'storagegateway.us-west-2.amazonaws.com',
'streams.dynamodb': 'streams.dynamodb.us-west-2.amazonaws.com',
Expand Down
46 changes: 0 additions & 46 deletions tests/unit/test_client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,6 @@
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
# ANY KIND, either express or implied. See the License for the specific
# language governing permissions and limitations under the License.
import os
import warnings
from contextlib import closing

import botocore
Expand Down Expand Up @@ -1665,34 +1663,6 @@ def test_client_close_context_manager(self):

self.endpoint.close.assert_called_once_with()

def test_sslCommonName_warning(self):
creator = self.create_client_creator()
self.endpoint_data['sslCommonName'] = 'bar'

with self.assertWarns(FutureWarning) as warning:
creator.create_client(
'myservice', 'us-west-2', credentials=self.credentials
)
self.assertEqual(len(warning.warnings), 1)

@mock.patch.dict(os.environ, {'BOTO_DISABLE_COMMONNAME': 'true'})
def test_BOTO_DISABLE_COMMONNAME(self):
creator = self.create_client_creator()
self.endpoint_data['sslCommonName'] = 'bar'

with warnings.catch_warnings(record=True) as captured_warnings:
creator.create_client(
'myservice', 'us-west-2', credentials=self.credentials
)

deprecated_endpoint_warnings = [
w
for w in captured_warnings
if w.category == FutureWarning
and 'deprecated endpoint' in str(w.message)
]
self.assertEqual(len(deprecated_endpoint_warnings), 0)


class TestClientErrors(TestAutoGeneratedClient):
def add_error_response(self, error_response):
Expand Down Expand Up @@ -2040,22 +2010,6 @@ def test_can_use_endpoint_url_with_resolved_endpoint(self):
self.assertEqual('https://foo', resolved['endpoint_url'])
self.assertEqual('v2', resolved['signature_version'])

def test_uses_ssl_common_name_over_hostname_if_present(self):
resolver = mock.Mock()
resolver.construct_endpoint.return_value = {
'partition': 'aws',
'hostname': 'do-not-use-this',
'signatureVersions': ['v4'],
'sslCommonName': 'common-name.com',
'endpointName': 'us-west-2',
'protocols': ['https'],
}
bridge = ClientEndpointBridge(resolver)
resolved = bridge.resolve('myservice', 'us-west-2')
self.assertEqual('us-west-2', resolved['region_name'])
self.assertEqual('us-west-2', resolved['signing_region'])
self.assertEqual('https://common-name.com', resolved['endpoint_url'])

def test_can_create_http_urls(self):
resolver = mock.Mock()
resolver.construct_endpoint.return_value = {
Expand Down

0 comments on commit 0e52189

Please sign in to comment.