Adds support for setting secrets using environment variables

martynp · Mar 17, 2023 · 52fc769 · 52fc769
1 parent fda04d0
commit 52fc769
Show file tree

Hide file tree

Showing 5 changed files with 79 additions and 43 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -15,6 +15,21 @@ jobs:
           python-version: "3.11"
       - name: flake8 Lint
         uses: py-actions/flake8@v2
+  aws-test:
+    runs-on: ubuntu-latest
+    name: Test against AWS bucket
+    steps:
+      - name: Check out source repository
+        uses: actions/checkout@v3
+      - name: Download a file from S3 using httpie-hmac
+        env:
+          HTTPIE_HMAC_SECRET: '${{ secrets.AWS_S3_TEST_SECRET }}'
+          HTTPIE_HMAC_ACCESS: '${{ secrets.AWS_S3_TEST_ACCESS }}'
+        run: |
+          python3 -m venv venv
+          source venv/bin/activate
+          python3 -m pip install .
+          python3 -m httpie --check-status --auth-type=hmac --auth="format:aws4" GET https://api-testing-httpie-hmac.s3.eu-west-2.amazonaws.com/short.txt
   push:
     runs-on: ubuntu-latest
     name: Publish

diff --git a/README.md b/README.md
@@ -10,11 +10,18 @@ The httpie auth should be set to ``hmac`` and the ``--auth`` field contains key-
 * ``access`` - (Optional) String access token / id used to identify the user depending on the schema
 * ``format`` - (Optional) Sets a pre-defined format or a python file to process the headers
 
+Key-value pairs can also be set using environment variables starting with `HTTPIE_HMAC_`.
+
 For example:
 
-```
+``` bash
 http --auth-type=hmac --auth="secret:some_secret" GET http://localhost:8000
 http --auth-type=hmac --auth="secret:7Ez...wVA,access:AK...6R,format:aws4" GET https://my_bucket.s3.eu-west-2.amazonaws.com/file.txt
+
+export HTTPIE_HMAC_SECRET=7Ez...wVA
+export HTTPIE_HMAC_ACCESS=AK...6R
+export HTTPIE_HMAC_FORMAT=aws4
+httpie --auth-type=hmac --auth="" GET https://my_bucket.s3.eu-west-2.amazonaws.com/file.txt
 ```
 
 ## Supported Formats

diff --git a/httpie_hmac/httpie_hmac.py b/httpie_hmac/httpie_hmac.py
@@ -10,6 +10,7 @@
 import hashlib
 import hmac
 import importlib.machinery
+import os
 import requests
 import types
 
@@ -147,7 +148,7 @@ def __call__(self, r):
         # it ourselves and add it to the headers
         content_md5 = r.headers.get('content-md5')
         if not content_md5:
-            if content_type:
+            if content_type and r.body:
                 m = hashlib.md5()
                 m.update(r.body)
                 content_md5 = base64.b64encode(m.digest()).rstrip()
@@ -186,30 +187,36 @@ def get_auth(self, username=None, password=None):
         '''
         This method is called by the auth plugin manager, by setting auth_parse
         to False the --auth argument is not parsed and is available in raw_auth
-
-
         '''
-        split = self.raw_auth.split(",")
-
-        access = None
-        secret = None
-        format = None
 
         settings = {}
 
-        for entry in split:
-            key, value = entry.strip().split(":")
-            key = key.strip()
-            value = value.strip()
-            if key == "access":
-                access = value
-            elif key == "secret":
-                secret = value
-            elif key == "format":
-                format = value
-            settings[key] = value
-
-        if secret == '':
+        # If env settings exist set them as default, auth settings will
+        # override
+        for setting in os.environ.items():
+            if setting[0].startswith("HTTPIE_HMAC_"):
+                key = setting[0].split("HTTPIE_HMAC_")[1].lower()
+                settings[key] = setting[1]
+
+        access = settings.get("access", None)
+        secret = settings.get("secret", None)
+        format = settings.get("format", None)
+
+        if len(self.raw_auth) > 0:
+            split = self.raw_auth.split(",")
+            for entry in split:
+                key, value = entry.strip().split(":")
+                key = key.strip()
+                value = value.strip()
+                if key == "access":
+                    access = value
+                elif key == "secret":
+                    secret = value
+                elif key == "format":
+                    format = value
+                settings[key] = value
+
+        if secret is None or secret == '':
             raise ValueError('HMAC secret key cannot be empty.')
 
         return HmacAuth(access, secret, format, settings)
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,3 +1,31 @@
 [build-system]
 requires = ["setuptools"]
 build-backend = "setuptools.build_meta"
+
+[project]
+name = "httpie-hmac"
+version = "1.0.0"
+authors = [
+    {name = "Martyn Pittuck-Schols", email = "[email protected]"},
+]
+description = "HMAC Auth Plugin for Httpie"
+readme = "README.md"
+requires-python = ">=3.7"
+keywords = ["httpie", "auth", "hmac", "aws4"]
+license = {text = "MIT"}
+classifiers = [
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+]
+dependencies = [
+    "aws_requests_auth",
+    "httpie",
+    "requests",
+]
+
+[project.urls]
+homepage = "https://github.com/martynp/httpie-hmac/"
+repository = "https://github.com/martynp/httpie-hmac.git"
+
+[project.entry-points."httpie.plugins.auth.v1"]
+httpie-hmac = "httpie_hmac:HmacPlugin"
diff --git a/setup.cfg b/setup.cfg