diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6786da5f4..ea94c5bfd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,16 +7,14 @@ on: - 'docs' env: - BUILDER_VERSION: v0.9.62 + BUILDER_VERSION: v0.9.67 BUILDER_SOURCE: releases BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net PACKAGE_NAME: aws-crt-python LINUX_BASE_IMAGE: ubuntu-18-x64 RUN: ${{ github.run_id }}-${{ github.run_number }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - AWS_REGION: us-east-1 + CRT_CI_ROLE: ${{ secrets.CRT_CI_ROLE_ARN }} + AWS_DEFAULT_REGION: us-east-1 jobs: manylinux1: @@ -28,14 +26,20 @@ jobs: - x64 - x86 python: - - cp37-cp37m - cp38-cp38 - cp39-cp39 + permissions: + id-token: write # This is required for requesting the JWT steps: - - name: Build ${{ env.PACKAGE_NAME }} - run: | - aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh - ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-manylinux1-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} --python /opt/python/${{ matrix.python }}/bin/python + - name: configure AWS credentials (containers) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Build ${{ env.PACKAGE_NAME }} + run: | + aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh + ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-manylinux1-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} --python /opt/python/${{ matrix.python }}/bin/python manylinux2014: runs-on: ubuntu-20.04 # latest @@ -47,21 +51,28 @@ jobs: - x86 - aarch64 python: - - cp37-cp37m - cp38-cp38 - cp39-cp39 - cp310-cp310 - cp311-cp311 - cp312-cp312 + - cp313-cp313 + permissions: + id-token: write # This is required for requesting the JWT steps: - # Only aarch64 needs this, but it doesn't hurt anything - - name: Install qemu/docker - run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + - name: configure AWS credentials (containers) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + # Only aarch64 needs this, but it doesn't hurt anything + - name: Install qemu/docker + run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - - name: Build ${{ env.PACKAGE_NAME }} - run: | - aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh - ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-manylinux2014-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} --python /opt/python/${{ matrix.python }}/bin/python + - name: Build ${{ env.PACKAGE_NAME }} + run: | + aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh + ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-manylinux2014-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} --python /opt/python/${{ matrix.python }}/bin/python musllinux-1-1: runs-on: ubuntu-22.04 # latest @@ -72,21 +83,29 @@ jobs: - x64 - aarch64 python: - - cp37-cp37m - cp38-cp38 - cp39-cp39 - cp310-cp310 - cp311-cp311 - cp312-cp312 + - cp313-cp313 + permissions: + id-token: write # This is required for requesting the JWT steps: - # Only aarch64 needs this, but it doesn't hurt anything - - name: Install qemu/docker - run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + - name: configure AWS credentials (containers) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} - - name: Build ${{ env.PACKAGE_NAME }} - run: | - aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh - ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-musllinux-1-1-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} --python /opt/python/${{ matrix.python }}/bin/python + # Only aarch64 needs this, but it doesn't hurt anything + - name: Install qemu/docker + run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + + - name: Build ${{ env.PACKAGE_NAME }} + run: | + aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh + ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-musllinux-1-1-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} --python /opt/python/${{ matrix.python }}/bin/python raspberry: runs-on: ubuntu-20.04 # latest @@ -95,16 +114,23 @@ jobs: matrix: image: - raspbian-bullseye + permissions: + id-token: write # This is required for requesting the JWT steps: - # set arm arch - - name: Install qemu/docker - run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + - name: configure AWS credentials (containers) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} - - name: Build ${{ env.PACKAGE_NAME }} - run: | - aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh - ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} + # set arm arch + - name: Install qemu/docker + run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + - name: Build ${{ env.PACKAGE_NAME }} + run: | + aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh + ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} linux-compat: runs-on: ubuntu-22.04 # latest @@ -115,13 +141,18 @@ jobs: - fedora-34-x64 - opensuse-leap - rhel8-x64 + permissions: + id-token: write # This is required for requesting the JWT steps: - # We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages - - name: Build ${{ env.PACKAGE_NAME }} - run: | - aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh - ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} - + - name: configure AWS credentials (containers) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Build ${{ env.PACKAGE_NAME }} + run: | + aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh + ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} linux-compiler-compat: runs-on: ubuntu-22.04 # latest @@ -138,8 +169,17 @@ jobs: - gcc-6 - gcc-7 - gcc-8 + permissions: + id-token: write # This is required for requesting the JWT steps: - # We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages + - name: configure AWS credentials (containers) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Caller Identity + run: | + aws sts get-caller-identity - name: Build ${{ env.PACKAGE_NAME }} run: | aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh @@ -147,7 +187,14 @@ jobs: use-system-libcrypto: runs-on: ubuntu-20.04 # latest + permissions: + id-token: write # This is required for requesting the JWT steps: + - name: configure AWS credentials (containers) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Build ${{ env.PACKAGE_NAME }} env: AWS_CRT_BUILD_USE_SYSTEM_LIBCRYPTO: '1' @@ -173,30 +220,51 @@ jobs: strategy: matrix: arch: [x86, x64] + permissions: + id-token: write # This is required for requesting the JWT steps: - - name: Build ${{ env.PACKAGE_NAME }} + consumers - run: | - python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')" - python builder.pyz build -p ${{ env.PACKAGE_NAME }} --python "C:\\hostedtoolcache\\windows\\Python\\3.7.9\\${{ matrix.arch }}\\python.exe" + - name: configure AWS credentials (containers) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Build ${{ env.PACKAGE_NAME }} + consumers + run: | + python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')" + python builder.pyz build -p ${{ env.PACKAGE_NAME }} --python "C:\\hostedtoolcache\\windows\\Python\\3.8.10\\${{ matrix.arch }}\\python.exe" macos: runs-on: macos-14 # latest + permissions: + id-token: write # This is required for requesting the JWT steps: - - name: Build ${{ env.PACKAGE_NAME }} + consumers - run: | - python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" - chmod a+x builder - ./builder build -p ${{ env.PACKAGE_NAME }} + - name: configure AWS credentials (containers) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Build ${{ env.PACKAGE_NAME }} + consumers + run: | + python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" + chmod a+x builder + ./builder build -p ${{ env.PACKAGE_NAME }} macos-x64: runs-on: macos-14-large # latest + permissions: + id-token: write # This is required for requesting the JWT steps: - - name: Build ${{ env.PACKAGE_NAME }} + consumers - run: | - python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" - chmod a+x builder - ./builder build -p ${{ env.PACKAGE_NAME }} + - name: configure AWS credentials (containers) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Build ${{ env.PACKAGE_NAME }} + consumers + run: | + python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" + chmod a+x builder + ./builder build -p ${{ env.PACKAGE_NAME }} openbsd: @@ -206,7 +274,14 @@ jobs: matrix: # OpenBSD only supports the two most recent releases version: ['7.4', '7.5'] + permissions: + id-token: write # This is required for requesting the JWT steps: + - name: configure AWS credentials (containers) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} # Cannot use builder to checkout as OpenBSD doesn't ship git in the base install - uses: actions/checkout@v4 with: @@ -218,7 +293,7 @@ jobs: version: ${{ matrix.version }} cpu_count: 4 shell: bash - environment_variables: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_DEFAULT_REGION AWS_REGION + environment_variables: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_DEFAULT_REGION run: | sudo pkg_add awscli py3-pip py3-urllib3 python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz', 'builder')" @@ -227,7 +302,14 @@ jobs: freebsd: runs-on: ubuntu-22.04 # latest + permissions: + id-token: write # This is required for requesting the JWT steps: + - name: configure AWS credentials (containers) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} - uses: actions/checkout@v4 with: submodules: true @@ -239,7 +321,7 @@ jobs: version: '14.0' cpu_count: 4 shell: bash - environment_variables: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_DEFAULT_REGION AWS_REGION + environment_variables: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_DEFAULT_REGION run: | sudo pkg install -y python3 devel/py-pip net/py-urllib3 devel/py-awscli cmake python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz', 'builder')" @@ -247,18 +329,13 @@ jobs: ./builder build -p ${{ env.PACKAGE_NAME }} # check that tests requiring custom env-vars or AWS credentials are simply skipped - tests-ok-without-env-vars: + tests-ok-without-creds: runs-on: ubuntu-22.04 # latest steps: - uses: actions/checkout@v4 with: submodules: true - - name: Run tests without env-vars or AWS creds - env: - # unset env-vars that provide AWS credentials - AWS_ACCESS_KEY_ID: - AWS_SECRET_ACCESS_KEY: - AWS_DEFAULT_REGION: + - name: Run tests run: | python3 -m pip install --upgrade --requirement requirements-dev.txt python3 -m pip install . --verbose @@ -266,7 +343,14 @@ jobs: package-source: runs-on: ubuntu-22.04 # latest + permissions: + id-token: write # This is required for requesting the JWT steps: + - name: configure AWS credentials (containers) + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} - uses: actions/checkout@v4 with: submodules: true diff --git a/README.md b/README.md index 7b4e38157..53be625a1 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ This library is licensed under the Apache 2.0 License. ## Minimum Requirements: -* Python 3.7+ +* Python 3.8+ ## Installation diff --git a/codebuild/cd/manylinux-x64-build.yml b/codebuild/cd/manylinux-x64-build.yml index eefd0a9b1..a3dd03af3 100644 --- a/codebuild/cd/manylinux-x64-build.yml +++ b/codebuild/cd/manylinux-x64-build.yml @@ -8,12 +8,10 @@ phases: commands: - export CC=gcc - cd aws-crt-python - - /opt/python/cp37-cp37m/bin/python ./continuous-delivery/update-version.py + - /opt/python/cp38-cp38/bin/python ./continuous-delivery/update-version.py build: commands: - echo Build started on `date` - - /opt/python/cp37-cp37m/bin/python setup.py sdist bdist_wheel - - auditwheel repair --plat manylinux1_x86_64 dist/awscrt-*cp37-cp37m-linux_x86_64.whl - /opt/python/cp38-cp38/bin/python setup.py sdist bdist_wheel - auditwheel repair --plat manylinux1_x86_64 dist/awscrt-*cp38-cp38-linux_x86_64.whl - /opt/python/cp39-cp39/bin/python setup.py sdist bdist_wheel diff --git a/codebuild/cd/manylinux-x86-build.yml b/codebuild/cd/manylinux-x86-build.yml index c255c8a24..4046bce48 100644 --- a/codebuild/cd/manylinux-x86-build.yml +++ b/codebuild/cd/manylinux-x86-build.yml @@ -8,12 +8,10 @@ phases: commands: - export CC=gcc - cd aws-crt-python - - /opt/python/cp37-cp37m/bin/python ./continuous-delivery/update-version.py + - /opt/python/cp38-cp38/bin/python ./continuous-delivery/update-version.py build: commands: - echo Build started on `date` - - /opt/python/cp37-cp37m/bin/python setup.py sdist bdist_wheel - - auditwheel repair --plat manylinux1_i686 dist/awscrt-*cp37-cp37m-linux_i686.whl - /opt/python/cp38-cp38/bin/python setup.py sdist bdist_wheel - auditwheel repair --plat manylinux1_i686 dist/awscrt-*cp38-cp38-linux_i686.whl - /opt/python/cp39-cp39/bin/python setup.py sdist bdist_wheel diff --git a/continuous-delivery/build-wheels-manylinux2014-aarch64.sh b/continuous-delivery/build-wheels-manylinux2014-aarch64.sh index a140b7d67..273de1cd7 100755 --- a/continuous-delivery/build-wheels-manylinux2014-aarch64.sh +++ b/continuous-delivery/build-wheels-manylinux2014-aarch64.sh @@ -4,9 +4,6 @@ set -ex /opt/python/cp39-cp39/bin/python ./continuous-delivery/update-version.py -/opt/python/cp37-cp37m/bin/python setup.py sdist bdist_wheel -auditwheel repair --plat manylinux2014_aarch64 dist/awscrt-*cp37*.whl - /opt/python/cp38-cp38/bin/python setup.py sdist bdist_wheel auditwheel repair --plat manylinux2014_aarch64 dist/awscrt-*cp38*.whl @@ -19,9 +16,17 @@ auditwheel repair --plat manylinux2014_aarch64 dist/awscrt-*cp310*.whl /opt/python/cp311-cp311/bin/python setup.py sdist bdist_wheel auditwheel repair --plat manylinux2014_aarch64 dist/awscrt-*cp311*.whl -# Don't need to build wheels for Python 3.12 and later. +# Don't need to build wheels for Python 3.12. # The 3.11 wheel uses the stable ABI, so it works with newer versions too. +# We are using the Python 3.13 stable ABI from Python 3.13 onwards because of deprecated functions. +# Manylinux images don't contain setuptools from Python 3.13, so we need to install it. +# Install in a custom location due to access issues. +/opt/python/cp313-cp313/bin/python -m pip install --target ./local -r requirements-dev.txt +export PYTHONPATH=./local:$PYTHONPATH +/opt/python/cp313-cp313/bin/python setup.py sdist bdist_wheel +auditwheel repair --plat manylinux2014_aarch64 dist/awscrt-*cp313*.whl + rm dist/*.whl cp -rv wheelhouse/* dist/ diff --git a/continuous-delivery/build-wheels-manylinux2014-x86_64.sh b/continuous-delivery/build-wheels-manylinux2014-x86_64.sh index 41ce9fdef..cf8d31d61 100755 --- a/continuous-delivery/build-wheels-manylinux2014-x86_64.sh +++ b/continuous-delivery/build-wheels-manylinux2014-x86_64.sh @@ -4,9 +4,6 @@ set -ex /opt/python/cp39-cp39/bin/python ./continuous-delivery/update-version.py -/opt/python/cp37-cp37m/bin/python setup.py sdist bdist_wheel -auditwheel repair --plat manylinux2014_x86_64 dist/awscrt-*cp37*.whl - /opt/python/cp38-cp38/bin/python setup.py sdist bdist_wheel auditwheel repair --plat manylinux2014_x86_64 dist/awscrt-*cp38*.whl @@ -19,9 +16,17 @@ auditwheel repair --plat manylinux2014_x86_64 dist/awscrt-*cp310*.whl /opt/python/cp311-cp311/bin/python setup.py sdist bdist_wheel auditwheel repair --plat manylinux2014_x86_64 dist/awscrt-*cp311*.whl -# Don't need to build wheels for Python 3.12 and later. +# Don't need to build wheels for Python 3.12. # The 3.11 wheel uses the stable ABI, so it works with newer versions too. +# We are using the Python 3.13 stable ABI from Python 3.13 onwards because of deprecated functions. +# Manylinux images don't contain setuptools from Python 3.13, so we need to install it. +# Install in a custom location due to access issues. +/opt/python/cp313-cp313/bin/python -m pip install --target ./local -r requirements-dev.txt +export PYTHONPATH=./local:$PYTHONPATH +/opt/python/cp313-cp313/bin/python setup.py sdist bdist_wheel +auditwheel repair --plat manylinux2014_x86_64 dist/awscrt-*cp313*.whl + rm dist/*.whl cp -rv wheelhouse/* dist/ diff --git a/continuous-delivery/build-wheels-musllinux-1-1-aarch64.sh b/continuous-delivery/build-wheels-musllinux-1-1-aarch64.sh index 0cbc1a196..d34d54563 100755 --- a/continuous-delivery/build-wheels-musllinux-1-1-aarch64.sh +++ b/continuous-delivery/build-wheels-musllinux-1-1-aarch64.sh @@ -4,9 +4,6 @@ set -ex /opt/python/cp39-cp39/bin/python ./continuous-delivery/update-version.py -/opt/python/cp37-cp37m/bin/python setup.py sdist bdist_wheel -auditwheel repair --plat musllinux_1_1_aarch64 dist/awscrt-*cp37*.whl - /opt/python/cp38-cp38/bin/python setup.py sdist bdist_wheel auditwheel repair --plat musllinux_1_1_aarch64 dist/awscrt-*cp38*.whl @@ -19,9 +16,17 @@ auditwheel repair --plat musllinux_1_1_aarch64 dist/awscrt-*cp310*.whl /opt/python/cp311-cp311/bin/python setup.py sdist bdist_wheel auditwheel repair --plat musllinux_1_1_aarch64 dist/awscrt-*cp311*.whl -# Don't need to build wheels for Python 3.12 and later. +# Don't need to build wheels for Python 3.12. # The 3.11 wheel uses the stable ABI, so it works with newer versions too. +# We are using the Python 3.13 stable ABI from Python 3.13 onwards because of deprecated functions. +# Manylinux images don't contain setuptools from Python 3.13, so we need to install it. +# Install in a custom location due to access issues. +/opt/python/cp313-cp313/bin/python -m pip install --target ./local -r requirements-dev.txt +export PYTHONPATH=./local:$PYTHONPATH +/opt/python/cp313-cp313/bin/python setup.py sdist bdist_wheel +auditwheel repair --plat musllinux_1_1_aarch64 dist/awscrt-*cp313*.whl + rm dist/*.whl cp -rv wheelhouse/* dist/ diff --git a/continuous-delivery/build-wheels-musllinux-1-1-x86_64.sh b/continuous-delivery/build-wheels-musllinux-1-1-x86_64.sh index 6637d95ac..503af47b3 100755 --- a/continuous-delivery/build-wheels-musllinux-1-1-x86_64.sh +++ b/continuous-delivery/build-wheels-musllinux-1-1-x86_64.sh @@ -4,9 +4,6 @@ set -ex /opt/python/cp39-cp39/bin/python ./continuous-delivery/update-version.py -/opt/python/cp37-cp37m/bin/python setup.py sdist bdist_wheel -auditwheel repair --plat musllinux_1_1_x86_64 dist/awscrt-*cp37*.whl - /opt/python/cp38-cp38/bin/python setup.py sdist bdist_wheel auditwheel repair --plat musllinux_1_1_x86_64 dist/awscrt-*cp38*.whl @@ -19,9 +16,17 @@ auditwheel repair --plat musllinux_1_1_x86_64 dist/awscrt-*cp310*.whl /opt/python/cp311-cp311/bin/python setup.py sdist bdist_wheel auditwheel repair --plat musllinux_1_1_x86_64 dist/awscrt-*cp311*.whl -# Don't need to build wheels for Python 3.12 and later. +# Don't need to build wheels for Python 3.12. # The 3.11 wheel uses the stable ABI, so it works with newer versions too. +# We are using the Python 3.13 stable ABI from Python 3.13 onwards because of deprecated functions. +# Manylinux images don't contain setuptools from Python 3.13, so we need to install it. +# Install in a custom location due to access issues. +/opt/python/cp313-cp313/bin/python -m pip install --target ./local -r requirements-dev.txt +export PYTHONPATH=./local:$PYTHONPATH +/opt/python/cp313-cp313/bin/python setup.py sdist bdist_wheel +auditwheel repair --plat musllinux_1_1_x86_64 dist/awscrt-*cp313*.whl + rm dist/*.whl cp -rv wheelhouse/* dist/ diff --git a/continuous-delivery/build-wheels-osx.sh b/continuous-delivery/build-wheels-osx.sh index a3a92bc63..6804018a6 100755 --- a/continuous-delivery/build-wheels-osx.sh +++ b/continuous-delivery/build-wheels-osx.sh @@ -5,13 +5,15 @@ set -ex /Library/Frameworks/Python.framework/Versions/3.9/bin/python3 ./continuous-delivery/update-version.py -/Library/Frameworks/Python.framework/Versions/3.7/bin/python3 setup.py sdist bdist_wheel /Library/Frameworks/Python.framework/Versions/3.8/bin/python3 setup.py sdist bdist_wheel /Library/Frameworks/Python.framework/Versions/3.9/bin/python3 setup.py sdist bdist_wheel /Library/Frameworks/Python.framework/Versions/3.10/bin/python3 setup.py sdist bdist_wheel /Library/Frameworks/Python.framework/Versions/3.11/bin/python3 setup.py sdist bdist_wheel -# Don't need to build wheels for Python 3.12 and later. +# Don't need to build wheels for Python 3.12. # The 3.11 wheel uses the stable ABI, so it works with newer versions too. +# We are using the Python 3.13 stable ABI from Python 3.13 onwards because of deprecated functions. +/Library/Frameworks/Python.framework/Versions/3.13/bin/python3 setup.py sdist bdist_wheel + #now you just need to run twine (that's in a different script) diff --git a/continuous-delivery/build-wheels-win32.bat b/continuous-delivery/build-wheels-win32.bat index 6a3e53977..16df4c870 100644 --- a/continuous-delivery/build-wheels-win32.bat +++ b/continuous-delivery/build-wheels-win32.bat @@ -1,12 +1,17 @@ "C:\Program Files (x86)\Python39-32\python.exe" .\continuous-delivery\update-version.py || goto error -"C:\Program Files (x86)\Python37-32\python.exe" setup.py sdist bdist_wheel || goto error "C:\Program Files (x86)\Python38-32\python.exe" setup.py sdist bdist_wheel || goto error "C:\Program Files (x86)\Python39-32\python.exe" setup.py sdist bdist_wheel || goto error "C:\Program Files (x86)\Python310-32\python.exe" setup.py sdist bdist_wheel || goto error "C:\Program Files (x86)\Python311-32\python.exe" setup.py sdist bdist_wheel || goto error +:: Don't need to build wheels for Python 3.12. +:: The 3.11 wheel uses the stable ABI, so it works with newer versions too. + +:: We are using the 3.13 stable ABI from 3.13 onwards because of deprecated functions. +"C:\Program Files (x86)\Python313-32\python.exe" setup.py sdist bdist_wheel || goto error + goto :EOF :error diff --git a/continuous-delivery/build-wheels-win64.bat b/continuous-delivery/build-wheels-win64.bat index 5a862e6e1..9b4971a2f 100644 --- a/continuous-delivery/build-wheels-win64.bat +++ b/continuous-delivery/build-wheels-win64.bat @@ -1,11 +1,16 @@ "C:\Program Files\Python39\python.exe" continuous-delivery\update-version.py || goto error -"C:\Program Files\Python37\python.exe" setup.py sdist bdist_wheel || goto error "C:\Program Files\Python38\python.exe" setup.py sdist bdist_wheel || goto error "C:\Program Files\Python39\python.exe" setup.py sdist bdist_wheel || goto error "C:\Program Files\Python310\python.exe" setup.py sdist bdist_wheel || goto error "C:\Program Files\Python311\python.exe" setup.py sdist bdist_wheel || goto error +:: Don't need to build wheels for Python 3.12. +:: The 3.11 wheel uses the stable ABI, so it works with newer versions too. + +:: We are using the 3.13 stable ABI from 3.13 onwards because of deprecated functions. +"C:\Program Files\Python313\python.exe" setup.py sdist bdist_wheel || goto error + goto :EOF :error diff --git a/continuous-delivery/sanity-check-test-pypi.bat b/continuous-delivery/sanity-check-test-pypi.bat index 949911612..8cc2d0166 100644 --- a/continuous-delivery/sanity-check-test-pypi.bat +++ b/continuous-delivery/sanity-check-test-pypi.bat @@ -1,8 +1,8 @@ FOR /F "delims=" %%A in ('git describe --tags') do ( set TAG_VERSION=%%A ) set CURRENT_VERSION=%TAG_VERSION:v=% -"C:\Program Files\Python37\python.exe" continuous-delivery\pip-install-with-retry.py --no-cache-dir -i https://testpypi.python.org/simple --user awscrt==%CURRENT_VERSION% || goto error -"C:\Program Files\Python37\python.exe" continuous-delivery\test-pip-install.py || goto error +"C:\Program Files\Python38\python.exe" continuous-delivery\pip-install-with-retry.py --no-cache-dir -i https://testpypi.python.org/simple --user awscrt==%CURRENT_VERSION% || goto error +"C:\Program Files\Python38\python.exe" continuous-delivery\test-pip-install.py || goto error goto :EOF diff --git a/crt/CMakeLists.txt b/crt/CMakeLists.txt index 99296e6e7..afda9e150 100644 --- a/crt/CMakeLists.txt +++ b/crt/CMakeLists.txt @@ -1,6 +1,6 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0. -cmake_minimum_required(VERSION 3.1) +cmake_minimum_required(VERSION 3.9) # This CMakeLists.txt exists so we can build all the C libraries we depend on # simultaneously. This is much faster than building dependencies one at a time. @@ -30,21 +30,38 @@ include(CTest) # (On Windows and Apple we use the default OS libraries) if(UNIX AND NOT APPLE) option(USE_OPENSSL "Set this if you want to use your system's OpenSSL compatible libcrypto" OFF) + include(AwsPrebuildDependency) if(NOT USE_OPENSSL) - set(DISABLE_GO ON CACHE BOOL "Build without using Go, we don't want the extra dependency") - set(BUILD_LIBSSL OFF CACHE BOOL "Don't need libssl, only need libcrypto") - set(DISABLE_PERL ON CACHE BOOL "Build without using Perl, we don't want the extra dependency") + set(AWSLC_CMAKE_ARGUMENTS + -DDISABLE_GO=ON # Build without using Go, we don't want the extra dependency + -DDISABLE_PERL=ON # Build without using Perl, we don't want the extra dependency + -DBUILD_LIBSSL=OFF # Don't need libssl, only need libcrypto + -DBUILD_TESTING=OFF + ) + if(CMAKE_C_COMPILER_ID MATCHES "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS "5.0") - set(MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX ON CACHE BOOL "Disable AVX512 on old GCC that not supports it") + # Disable AVX512 on old GCC that not supports it. + list(APPEND AWSLC_CMAKE_ARGUMENTS -DMY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX=ON) endif() - add_subdirectory(aws-lc) + # s2n-tls uses libcrypto during its configuration, so we need to prebuild aws-lc. + aws_prebuild_dependency( + DEPENDENCY_NAME AWSLC + SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/aws-lc + CMAKE_ARGUMENTS ${AWSLC_CMAKE_ARGUMENTS} + ) endif() - set(UNSAFE_TREAT_WARNINGS_AS_ERRORS OFF CACHE BOOL "") - add_subdirectory(s2n) + # prebuild s2n-tls. + aws_prebuild_dependency( + DEPENDENCY_NAME S2N + SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/s2n + CMAKE_ARGUMENTS + -DUNSAFE_TREAT_WARNINGS_AS_ERRORS=OFF + -DBUILD_TESTING=OFF + ) endif() add_subdirectory(aws-c-common) diff --git a/crt/aws-c-auth b/crt/aws-c-auth index 3281f8692..3982bd75f 160000 --- a/crt/aws-c-auth +++ b/crt/aws-c-auth @@ -1 +1 @@ -Subproject commit 3281f8692e6fd10562c4585a4dded5c16b322698 +Subproject commit 3982bd75fea74efd8f9b462b27fedd4599db4f53 diff --git a/crt/aws-c-cal b/crt/aws-c-cal index 2cb1d2eac..656762aef 160000 --- a/crt/aws-c-cal +++ b/crt/aws-c-cal @@ -1 +1 @@ -Subproject commit 2cb1d2eac925e2dbc45025eb89af82bd790c23a0 +Subproject commit 656762aefbee2bc8f509cb23cd107abff20a72bb diff --git a/crt/aws-c-common b/crt/aws-c-common index b9959f592..f41b772f0 160000 --- a/crt/aws-c-common +++ b/crt/aws-c-common @@ -1 +1 @@ -Subproject commit b9959f5922a4b969beab8f0b99aa0b34bc9ee55c +Subproject commit f41b772f0de9454a4e7a65750b58c2379533bbf1 diff --git a/crt/aws-c-compression b/crt/aws-c-compression index f36d01672..c6c1191e5 160000 --- a/crt/aws-c-compression +++ b/crt/aws-c-compression @@ -1 +1 @@ -Subproject commit f36d01672d61e49d96a777870d456f66fa391cd4 +Subproject commit c6c1191e525e5aa6ead9e1afc392e35d3b50331e diff --git a/crt/aws-c-event-stream b/crt/aws-c-event-stream index 1b3825fc9..d2dcc9344 160000 --- a/crt/aws-c-event-stream +++ b/crt/aws-c-event-stream @@ -1 +1 @@ -Subproject commit 1b3825fc9cae2e9c7ed7479ee5d354d52ebdf7a0 +Subproject commit d2dcc9344dae24de320866045d85166d8a91a0d1 diff --git a/crt/aws-c-http b/crt/aws-c-http index 4e74ab1e3..74b3a0dd1 160000 --- a/crt/aws-c-http +++ b/crt/aws-c-http @@ -1 +1 @@ -Subproject commit 4e74ab1e3702763e0b87bd1752f5a37c2f0400ac +Subproject commit 74b3a0dd1396b72f701c8bdf24e5c6f41e52cf87 diff --git a/crt/aws-c-io b/crt/aws-c-io index c345d7727..fe93d0afc 160000 --- a/crt/aws-c-io +++ b/crt/aws-c-io @@ -1 +1 @@ -Subproject commit c345d77274db83c0c2e30331814093e7c84c45e2 +Subproject commit fe93d0afcc1cede32ac9569abd8669ed011b1b8c diff --git a/crt/aws-c-mqtt b/crt/aws-c-mqtt index ed7bbd68c..627c3334e 160000 --- a/crt/aws-c-mqtt +++ b/crt/aws-c-mqtt @@ -1 +1 @@ -Subproject commit ed7bbd68c03d7022c915a2924740ab7992ad2311 +Subproject commit 627c3334e52021aa8d5772b6ca076884610f3219 diff --git a/crt/aws-c-s3 b/crt/aws-c-s3 index 502cd6249..8c1969bce 160000 --- a/crt/aws-c-s3 +++ b/crt/aws-c-s3 @@ -1 +1 @@ -Subproject commit 502cd6249c6523583c19b122c65e02cf74301b3e +Subproject commit 8c1969bce5bfe0e063cbc719182dbe344342b880 diff --git a/crt/aws-c-sdkutils b/crt/aws-c-sdkutils index 4658412a6..0818f28ee 160000 --- a/crt/aws-c-sdkutils +++ b/crt/aws-c-sdkutils @@ -1 +1 @@ -Subproject commit 4658412a61ad5749db92a8d1e0717cb5e76ada1c +Subproject commit 0818f28ee436b892f09fbe8e3a6ae37ff40e9436 diff --git a/crt/aws-checksums b/crt/aws-checksums index ce04ab00b..0d2f5521f 160000 --- a/crt/aws-checksums +++ b/crt/aws-checksums @@ -1 +1 @@ -Subproject commit ce04ab00b3ecc41912f478bfedca39f8e1919d6b +Subproject commit 0d2f5521f61215f38f791d106ae304402208112d diff --git a/crt/aws-lc b/crt/aws-lc index 2f1879759..8ffe277c2 160000 --- a/crt/aws-lc +++ b/crt/aws-lc @@ -1 +1 @@ -Subproject commit 2f1879759b2e0fc70592665bdf10087b64f44b7d +Subproject commit 8ffe277c21915ca82dc78a3bdc6a92e10c284b92 diff --git a/crt/s2n b/crt/s2n index 87f4a0585..ffe0bf42d 160000 --- a/crt/s2n +++ b/crt/s2n @@ -1 +1 @@ -Subproject commit 87f4a0585dc3056433f193b9305f587cff239be3 +Subproject commit ffe0bf42da8f139eff8fd2237f47fbde40b478fb diff --git a/docsrc/source/api/checksums.rst b/docsrc/source/api/checksums.rst new file mode 100644 index 000000000..17b6fd75a --- /dev/null +++ b/docsrc/source/api/checksums.rst @@ -0,0 +1,5 @@ +awscrt.checksums +================ + +.. automodule:: awscrt.checksums + :members: diff --git a/docsrc/source/index.rst b/docsrc/source/index.rst index 0558f3f54..c2b65240a 100644 --- a/docsrc/source/index.rst +++ b/docsrc/source/index.rst @@ -12,6 +12,7 @@ API Reference :maxdepth: 2 api/auth + api/checksums api/common api/crypto api/exceptions diff --git a/setup.py b/setup.py index 13dd63103..1a874eadb 100644 --- a/setup.py +++ b/setup.py @@ -1,8 +1,6 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0. - import codecs -import distutils.ccompiler import glob import os import os.path @@ -15,6 +13,12 @@ import sys import sysconfig from wheel.bdist_wheel import bdist_wheel +if sys.platform == 'win32': + # distutils is deprecated in Python 3.10 and removed in 3.12. However, it still works because Python defines a compatibility interface as long as setuptools is installed. + # We don't have an official alternative for distutils.ccompiler as of September 2024. See: https://github.com/pypa/setuptools/issues/2806 + # Once that issue is resolved, we can migrate to the official solution. + # For now, restrict distutils to Windows only, where it's needed. + import distutils.ccompiler def is_64bit(): @@ -305,8 +309,12 @@ def run(self): class bdist_wheel_abi3(bdist_wheel): def get_tag(self): python, abi, plat = super().get_tag() - if python.startswith("cp") and sys.version_info >= (3, 11): - # on CPython, our wheels are abi3 and compatible back to 3.11 + # on CPython, our wheels are abi3 and compatible back to 3.11 + if python.startswith("cp") and sys.version_info >= (3, 13): + # 3.13 deprecates PyWeakref_GetObject(), adds alternative + return "cp313", "abi3", plat + elif python.startswith("cp") and sys.version_info >= (3, 11): + # 3.11 is the first stable ABI that has everything we need return "cp311", "abi3", plat return python, abi, plat @@ -374,7 +382,7 @@ def awscrt_ext(): # rare cases where that didn't happen, so let's be explicit. extra_link_args += ['-pthread'] - if distutils.ccompiler.get_default_compiler() != 'msvc': + if sys.platform != 'win32' or distutils.ccompiler.get_default_compiler() != 'msvc': extra_compile_args += ['-Wno-strict-aliasing', '-std=gnu99'] # treat warnings as errors in development mode @@ -403,7 +411,13 @@ def awscrt_ext(): else: extra_link_args += ['-Wl,--fatal-warnings'] - if sys.version_info >= (3, 11): + # prefer building with stable ABI, so a wheel can work with multiple major versions + if sys.version_info >= (3, 13): + # 3.13 deprecates PyWeakref_GetObject(), adds alternative + define_macros.append(('Py_LIMITED_API', '0x030D0000')) + py_limited_api = True + elif sys.version_info >= (3, 11): + # 3.11 is the first stable ABI that has everything we need define_macros.append(('Py_LIMITED_API', '0x030B0000')) py_limited_api = True @@ -452,7 +466,7 @@ def _load_version(): "Operating System :: Unix", "Operating System :: MacOS", ], - python_requires='>=3.7', + python_requires='>=3.8', ext_modules=[awscrt_ext()], cmdclass={'build_ext': awscrt_build_ext, "bdist_wheel": bdist_wheel_abi3}, test_suite='test', diff --git a/source/http_stream.c b/source/http_stream.c index bf7021862..6843e0ea8 100644 --- a/source/http_stream.c +++ b/source/http_stream.c @@ -203,7 +203,10 @@ static void s_on_stream_complete(struct aws_http_stream *native_stream, int erro } /* DECREF python self, we don't need to force it to stay alive any longer. */ - Py_DECREF(PyWeakref_GetObject(stream->self_proxy)); + PyObject *self = aws_py_weakref_get_ref(stream->self_proxy); + /* DECREF twice because `aws_py_weakref_get_ref` returns a strong reference */ + Py_XDECREF(self); + Py_XDECREF(self); PyGILState_Release(state); /*************** GIL RELEASE ***************/ diff --git a/source/module.c b/source/module.c index 4230ab6bf..197ce20f1 100644 --- a/source/module.c +++ b/source/module.c @@ -516,6 +516,39 @@ PyObject *aws_py_memory_view_from_byte_buffer(struct aws_byte_buf *buf) { return PyMemoryView_FromMemory(mem_start, mem_size, PyBUF_WRITE); } +PyObject *aws_py_weakref_get_ref(PyObject *ref) { + /* If Python >= 3.13 */ +#if PY_VERSION_HEX >= 0x030D0000 + /* Use PyWeakref_GetRef() (new in Python 3.13), which gets you: + * a new strong reference, + * or NULL because ref is dead, + * or -1 because you called it wrong */ + PyObject *obj = NULL; + if (PyWeakref_GetRef(ref, &obj) == -1) { + PyErr_WriteUnraisable(PyErr_Occurred()); + AWS_ASSERT(0 && "expected a weakref"); + } + return obj; + +#else + /* Use PyWeakref_GetObject() (deprecated as of Python 3.13), which gets you: + * a borrowed reference, + * or Py_None because ref is dead, + * or NULL because you called it wrong */ + PyObject *obj = PyWeakref_GetObject(ref); /* borrowed reference */ + if (obj == NULL) { + PyErr_WriteUnraisable(PyErr_Occurred()); + AWS_ASSERT(0 && "expected a weakref"); + } else if (obj == Py_None) { + obj = NULL; + } else { + /* Be like PyWeakref_GetRef() and make it new strong reference */ + Py_INCREF(obj); + } + return obj; +#endif +} + int aws_py_gilstate_ensure(PyGILState_STATE *out_state) { if (AWS_LIKELY(Py_IsInitialized())) { *out_state = PyGILState_Ensure(); diff --git a/source/module.h b/source/module.h index d7254d8c4..f626cb1e5 100644 --- a/source/module.h +++ b/source/module.h @@ -106,6 +106,27 @@ PyObject *aws_py_get_error_message(PyObject *self, PyObject *args); /* Create a write-only memoryview from the remaining free space in an aws_byte_buf */ PyObject *aws_py_memory_view_from_byte_buffer(struct aws_byte_buf *buf); +/* Python 3.13+ changed the function to get a reference from WeakRef. This function is an abstraction over two different + * APIs since we support Python versions before 3.13. Returns a strong reference if non-null, which you must release. */ + +/** + * Given a weak reference, returns a NEW strong reference to the referenced object, + * or NULL if the reference is dead (this function NEVER raises a python exception or AWS Error). + * + * You MUST NOT call this if ref came from a user, or ref is NULL. + * + * This is a simplified version of PyWeakref_GetRef() / PyWeakref_GetObject(). + * Simpler because: + * - Python 3.13 adds PyWeakref_GetRef() and deprecates PyWeakref_GetObject(). + * This function calls the appropriate one. + * + * - This functions has 2 outcomes instead of 3: + * The 3rd being a Python exception for calling it incorrectly. + * If that happens, this function calls PyErr_WriteUnraisable() to clear the exception, + * which is what you would have done anyway. + */ +PyObject *aws_py_weakref_get_ref(PyObject *ref); + /* Allocator that calls into PyObject_[Malloc|Free|Realloc] */ struct aws_allocator *aws_py_get_allocator(void); diff --git a/source/mqtt_client_connection.c b/source/mqtt_client_connection.c index 9eb73a950..78a26057e 100644 --- a/source/mqtt_client_connection.c +++ b/source/mqtt_client_connection.c @@ -140,8 +140,8 @@ static void s_on_connection_success( return; /* Python has shut down. Nothing matters anymore, but don't crash */ } - PyObject *self = PyWeakref_GetObject(py_connection->self_proxy); /* borrowed reference */ - if (self != Py_None) { + PyObject *self = aws_py_weakref_get_ref(py_connection->self_proxy); /* new reference */ + if (self != NULL) { PyObject *success_result = PyObject_CallMethod(self, "_on_connection_success", "(iN)", return_code, PyBool_FromLong(session_present)); if (success_result) { @@ -149,6 +149,7 @@ static void s_on_connection_success( } else { PyErr_WriteUnraisable(PyErr_Occurred()); } + Py_DECREF(self); } PyGILState_Release(state); @@ -167,14 +168,15 @@ static void s_on_connection_failure(struct aws_mqtt_client_connection *connectio return; /* Python has shut down. Nothing matters anymore, but don't crash */ } - PyObject *self = PyWeakref_GetObject(py_connection->self_proxy); /* borrowed reference */ - if (self != Py_None) { + PyObject *self = aws_py_weakref_get_ref(py_connection->self_proxy); /* new reference */ + if (self != NULL) { PyObject *success_result = PyObject_CallMethod(self, "_on_connection_failure", "(i)", error_code); if (success_result) { Py_DECREF(success_result); } else { PyErr_WriteUnraisable(PyErr_Occurred()); } + Py_DECREF(self); } PyGILState_Release(state); @@ -194,14 +196,15 @@ static void s_on_connection_interrupted(struct aws_mqtt_client_connection *conne } /* Ensure that python class is still alive */ - PyObject *self = PyWeakref_GetObject(py_connection->self_proxy); /* borrowed reference */ - if (self != Py_None) { + PyObject *self = aws_py_weakref_get_ref(py_connection->self_proxy); /* new reference */ + if (self != NULL) { PyObject *result = PyObject_CallMethod(self, "_on_connection_interrupted", "(i)", error_code); if (result) { Py_DECREF(result); } else { PyErr_WriteUnraisable(PyErr_Occurred()); } + Py_DECREF(self); } PyGILState_Release(state); @@ -227,8 +230,8 @@ static void s_on_connection_resumed( } /* Ensure that python class is still alive */ - PyObject *self = PyWeakref_GetObject(py_connection->self_proxy); /* borrowed reference */ - if (self != Py_None) { + PyObject *self = aws_py_weakref_get_ref(py_connection->self_proxy); /* new reference */ + if (self != NULL) { PyObject *result = PyObject_CallMethod(self, "_on_connection_resumed", "(iN)", return_code, PyBool_FromLong(session_present)); if (result) { @@ -236,6 +239,7 @@ static void s_on_connection_resumed( } else { PyErr_WriteUnraisable(PyErr_Occurred()); } + Py_DECREF(self); } PyGILState_Release(state); @@ -258,14 +262,15 @@ static void s_on_connection_closed( struct mqtt_connection_binding *py_connection = userdata; /* Ensure that python class is still alive */ - PyObject *self = PyWeakref_GetObject(py_connection->self_proxy); /* borrowed reference */ - if (self != Py_None) { + PyObject *self = aws_py_weakref_get_ref(py_connection->self_proxy); /* new reference */ + if (self != NULL) { PyObject *result = PyObject_CallMethod(self, "_on_connection_closed", "()"); if (result) { Py_DECREF(result); } else { PyErr_WriteUnraisable(PyErr_Occurred()); } + Py_DECREF(self); } PyGILState_Release(state); @@ -535,8 +540,9 @@ static void s_ws_handshake_transform( } /* Ensure python mqtt connection object is still alive */ - PyObject *connection_py = PyWeakref_GetObject(connection_binding->self_proxy); /* borrowed reference */ - if (connection_py == Py_None) { + + PyObject *connection_py = aws_py_weakref_get_ref(connection_binding->self_proxy); /* new reference */ + if (connection_py == NULL) { aws_raise_error(AWS_ERROR_INVALID_STATE); goto done; } @@ -593,6 +599,7 @@ static void s_ws_handshake_transform( done:; /* Save off error code, so it doesn't got stomped before we pass it to callback*/ int error_code = aws_last_error(); + Py_XDECREF(connection_py); if (ws_transform_capsule) { Py_DECREF(ws_transform_capsule); diff --git a/test/test_mqtt5_credentials.py b/test/test_mqtt5_credentials.py index 03e5c401e..8a5d24b09 100644 --- a/test/test_mqtt5_credentials.py +++ b/test/test_mqtt5_credentials.py @@ -197,40 +197,6 @@ def test_mqtt5_ws_cred_static(self): input_role_secret_access_key, input_role_session_token ) - credentials = auth.AwsCredentialsProvider.new_default_chain() - - def sign_function(transform_args, **kwargs): - signing_config = auth.AwsSigningConfig( - algorithm=auth.AwsSigningAlgorithm.V4, - signature_type=auth.AwsSignatureType.HTTP_REQUEST_QUERY_PARAMS, - credentials_provider=credentials, - region=input_region, - service="iotdevicegateway", - omit_session_token=True - ) - signing_future = auth.aws_sign_request( - http_request=transform_args.http_request, - signing_config=signing_config) - signing_future.add_done_callback(lambda x: transform_args.set_done(x.exception())) - client_options.websocket_handshake_transform = sign_function - client_options.tls_ctx = io.ClientTlsContext(io.TlsContextOptions()) - - callbacks = Mqtt5TestCallbacks() - client = self._create_client(client_options=client_options, callbacks=callbacks) - client.start() - callbacks.future_connection_success.result(TIMEOUT) - client.stop() - callbacks.future_stopped.result(TIMEOUT) - - def test_mqtt5_ws_cred_default(self): - input_host_name = _get_env_variable("AWS_TEST_MQTT5_IOT_CORE_HOST") - input_region = _get_env_variable("AWS_TEST_MQTT5_IOT_CORE_REGION") - - client_options = mqtt5.ClientOptions( - host_name=input_host_name, - port=443 - ) - credentials = auth.AwsCredentialsProvider.new_default_chain() def sign_function(transform_args, **kwargs): signing_config = auth.AwsSigningConfig( @@ -380,6 +346,12 @@ def sign_function(transform_args, **kwargs): callbacks.future_stopped.result(TIMEOUT) def test_mqtt5_ws_cred_environment(self): + self._test_mqtt5_ws_cred_environment(use_default_chain=False) + + def test_mqtt5_ws_cred_default_chain(self): + self._test_mqtt5_ws_cred_environment(use_default_chain=True) + + def _test_mqtt5_ws_cred_environment(self, use_default_chain): input_host_name = _get_env_variable("AWS_TEST_MQTT5_IOT_CORE_HOST") input_access_key = _get_env_variable("AWS_TEST_MQTT5_ROLE_CREDENTIAL_ACCESS_KEY") input_secret_access_key = _get_env_variable("AWS_TEST_MQTT5_ROLE_CREDENTIAL_SECRET_ACCESS_KEY") @@ -399,7 +371,10 @@ def test_mqtt5_ws_cred_environment(self): os.environ["AWS_SECRET_ACCESS_KEY"] = input_secret_access_key os.environ["AWS_SESSION_TOKEN"] = input_session_token # This should load the environment variables we just set - credentials = auth.AwsCredentialsProvider.new_environment() + if use_default_chain: + credentials = auth.AwsCredentialsProvider.new_default_chain() + else: + credentials = auth.AwsCredentialsProvider.new_environment() def sign_function(transform_args, **kwargs): signing_config = auth.AwsSigningConfig( diff --git a/test/test_mqtt_credentials.py b/test/test_mqtt_credentials.py index 15335e3e2..e1bd2c68d 100644 --- a/test/test_mqtt_credentials.py +++ b/test/test_mqtt_credentials.py @@ -136,40 +136,6 @@ def sign_function(transform_args, **kwargs): connection.connect().result(TIMEOUT) connection.disconnect().result(TIMEOUT) - def test_mqtt311_ws_cred_default(self): - input_host_name = _get_env_variable("AWS_TEST_MQTT311_IOT_CORE_HOST") - input_region = _get_env_variable("AWS_TEST_MQTT311_IOT_CORE_REGION") - - credentials = auth.AwsCredentialsProvider.new_default_chain() - - def sign_function(transform_args, **kwargs): - signing_config = auth.AwsSigningConfig( - algorithm=auth.AwsSigningAlgorithm.V4, - signature_type=auth.AwsSignatureType.HTTP_REQUEST_QUERY_PARAMS, - credentials_provider=credentials, - region=input_region, - service="iotdevicegateway", - omit_session_token=True - ) - signing_future = auth.aws_sign_request( - http_request=transform_args.http_request, - signing_config=signing_config) - signing_future.add_done_callback(lambda x: transform_args.set_done(x.exception())) - - elg = EventLoopGroup() - resolver = DefaultHostResolver(elg) - bootstrap = ClientBootstrap(elg, resolver) - client = Client(bootstrap, ClientTlsContext(TlsContextOptions())) - connection = Connection( - client=client, - client_id=create_client_id(), - host_name=input_host_name, - port=int(443), - use_websockets=True, - websocket_handshake_transform=sign_function) - connection.connect().result(TIMEOUT) - connection.disconnect().result(TIMEOUT) - def test_mqtt311_ws_cred_cognito(self): input_cognito_endpoint = _get_env_variable("AWS_TEST_MQTT311_COGNITO_ENDPOINT") input_cognito_identity = _get_env_variable("AWS_TEST_MQTT311_COGNITO_IDENTITY") @@ -300,6 +266,12 @@ def sign_function(transform_args, **kwargs): connection.disconnect().result(TIMEOUT) def test_mqtt311_ws_cred_environment(self): + self._test_mqtt311_ws_cred_environment(use_default_chain=False) + + def test_mqtt311_ws_cred_default(self): + self._test_mqtt311_ws_cred_environment(use_default_chain=True) + + def _test_mqtt311_ws_cred_environment(self, use_default_chain): input_access_key = _get_env_variable("AWS_TEST_MQTT311_ROLE_CREDENTIAL_ACCESS_KEY") input_secret_access_key = _get_env_variable("AWS_TEST_MQTT311_ROLE_CREDENTIAL_SECRET_ACCESS_KEY") input_session_token = _get_env_variable("AWS_TEST_MQTT311_ROLE_CREDENTIAL_SESSION_TOKEN") @@ -314,8 +286,11 @@ def test_mqtt311_ws_cred_environment(self): os.environ["AWS_ACCESS_KEY_ID"] = input_access_key os.environ["AWS_SECRET_ACCESS_KEY"] = input_secret_access_key os.environ["AWS_SESSION_TOKEN"] = input_session_token - # This should load the environment variables we just set - credentials = auth.AwsCredentialsProvider.new_environment() + if use_default_chain: + credentials = auth.AwsCredentialsProvider.new_default_chain() + else: + # This should load the environment variables we just set + credentials = auth.AwsCredentialsProvider.new_environment() signing_config = auth.AwsSigningConfig( algorithm=auth.AwsSigningAlgorithm.V4, signature_type=auth.AwsSignatureType.HTTP_REQUEST_QUERY_PARAMS, diff --git a/test/test_s3.py b/test/test_s3.py index ddde60aaa..2ff069208 100644 --- a/test/test_s3.py +++ b/test/test_s3.py @@ -222,8 +222,9 @@ def test_sanity_secure(self): self.assertIsNotNone(s3_client) def test_sanity_network_interface_names(self): - s3_client = s3_client_new(True, self.region, network_interface_names=("eth0", "eth1")) - self.assertIsNotNone(s3_client) + # This is just a sanity test to ensure that we are passing the parameter correctly. + with self.assertRaises(Exception): + s3_client_new(True, self.region, network_interface_names=("eth0", "invalid-network-interface")) def test_wait_shutdown(self): s3_client = s3_client_new(False, self.region)