From 84f82e76a2ccc325cdbb69f3b4db872de326ba49 Mon Sep 17 00:00:00 2001
From: Bastian <bretagne.bastian@gmail.com>
Date: Sat, 17 Apr 2021 01:50:57 +0200
Subject: [PATCH 1/3] Fixes issue #148 by adding python3 support to
 sign_request.py

---
 .../vault-consul-ami/auth/sign-request.py     | 34 ++++++++++++++-----
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/examples/vault-consul-ami/auth/sign-request.py b/examples/vault-consul-ami/auth/sign-request.py
index cba97708..b57d4a1a 100644
--- a/examples/vault-consul-ami/auth/sign-request.py
+++ b/examples/vault-consul-ami/auth/sign-request.py
@@ -15,18 +15,24 @@
 # the response from GetCallerIdentity, which tells who is trying to authenticate
 # ------------------------------------------------------------------------------
 
-import botocore.session
-from botocore.awsrequest import create_request_object
-import json
 import base64
+import json
 import sys
 
+import botocore.session
+from botocore.awsrequest import create_request_object
+
+
 def headers_to_go_style(headers):
     retval = {}
-    for k, v in headers.iteritems():
-        retval[k] = [v]
+    for k, v in headers.items():
+        try:
+            retval[k] = [v.decode()]
+        except AttributeError:
+            retval[k] = [v]
     return retval
 
+
 def generate_vault_request(awsIamServerId):
     session = botocore.session.get_session()
     client = session.create_client('sts')
@@ -40,12 +46,22 @@ def generate_vault_request(awsIamServerId):
 
     return {
         'iam_http_request_method': request.method,
-        'iam_request_url':         base64.b64encode(request.url),
-        'iam_request_body':        base64.b64encode(request.body),
-        'iam_request_headers':     base64.b64encode(json.dumps(headers_to_go_style(dict(request.headers)))), # It's a CaseInsensitiveDict, which is not JSON-serializable
+        'iam_request_url':         base64.b64encode(request.url.encode()),
+        'iam_request_body':        base64.b64encode(request.body.encode()),
+        'iam_request_headers':     base64.b64encode(json.dumps(headers_to_go_style(dict(request.headers))).encode()),  # It's a CaseInsensitiveDict, which is not JSON-serializable
     }
 
 
+def decode_byte_values_from_dict(_dict):
+    for k, v in _dict.items():
+        try:
+            _dict[k] = v.decode()
+        except AttributeError:
+            _dict[k] = v
+    return _dict
+
+
 if __name__ == "__main__":
     awsIamServerId = sys.argv[1]
-    print json.dumps(generate_vault_request(awsIamServerId))
+    vault_request = generate_vault_request(awsIamServerId)
+    print(json.dumps(decode_byte_values_from_dict(vault_request)))

From d41b17b315dcf4328ecfbd39aaf4390979ba3c3f Mon Sep 17 00:00:00 2001
From: Bastian <bretagne.bastian@gmail.com>
Date: Sat, 17 Apr 2021 02:00:45 +0200
Subject: [PATCH 2/3] Remove unused import

---
 examples/vault-consul-ami/auth/sign-request.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/examples/vault-consul-ami/auth/sign-request.py b/examples/vault-consul-ami/auth/sign-request.py
index b57d4a1a..193ff03b 100644
--- a/examples/vault-consul-ami/auth/sign-request.py
+++ b/examples/vault-consul-ami/auth/sign-request.py
@@ -20,7 +20,6 @@
 import sys
 
 import botocore.session
-from botocore.awsrequest import create_request_object
 
 
 def headers_to_go_style(headers):

From c8e97e99b18ef4a405c560109058cceec2c7b70d Mon Sep 17 00:00:00 2001
From: Bastian <bretagne.bastian@gmail.com>
Date: Sat, 17 Apr 2021 02:05:19 +0200
Subject: [PATCH 3/3] Generic dict to go style/decode function

---
 .../vault-consul-ami/auth/sign-request.py     | 26 ++++++++-----------
 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/examples/vault-consul-ami/auth/sign-request.py b/examples/vault-consul-ami/auth/sign-request.py
index 193ff03b..f047c636 100644
--- a/examples/vault-consul-ami/auth/sign-request.py
+++ b/examples/vault-consul-ami/auth/sign-request.py
@@ -22,13 +22,18 @@
 import botocore.session
 
 
-def headers_to_go_style(headers):
+def decode_bytes_from_dict_values(dict_, to_go_style=False):
     retval = {}
-    for k, v in headers.items():
+    for k, v in dict_.items():
         try:
-            retval[k] = [v.decode()]
+            value = v.decode()
         except AttributeError:
-            retval[k] = [v]
+            value = v
+
+        if to_go_style:
+            value = [value]
+
+        retval[k] = value
     return retval
 
 
@@ -47,20 +52,11 @@ def generate_vault_request(awsIamServerId):
         'iam_http_request_method': request.method,
         'iam_request_url':         base64.b64encode(request.url.encode()),
         'iam_request_body':        base64.b64encode(request.body.encode()),
-        'iam_request_headers':     base64.b64encode(json.dumps(headers_to_go_style(dict(request.headers))).encode()),  # It's a CaseInsensitiveDict, which is not JSON-serializable
+        'iam_request_headers':     base64.b64encode(json.dumps(decode_bytes_from_dict_values(dict(request.headers), to_go_style=True)).encode()),  # It's a CaseInsensitiveDict, which is not JSON-serializable
     }
 
 
-def decode_byte_values_from_dict(_dict):
-    for k, v in _dict.items():
-        try:
-            _dict[k] = v.decode()
-        except AttributeError:
-            _dict[k] = v
-    return _dict
-
-
 if __name__ == "__main__":
     awsIamServerId = sys.argv[1]
     vault_request = generate_vault_request(awsIamServerId)
-    print(json.dumps(decode_byte_values_from_dict(vault_request)))
+    print(json.dumps(decode_bytes_from_dict_values(vault_request)))