Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to pass parameters to the botocore session. #52

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add ability to pass parameters to the botocore session. #52

wants to merge 2 commits into from

Conversation

dashstander
Copy link

@dashstander dashstander commented Jan 3, 2020
edited
Loading

Adds session_params parameter to BotoAwsRequestsAuth that gets unpacked into the botocore session object. This allows things like passing in regions, profiles, etc... that are outside the default way botocore picks credentials. Solves #51

DavidMuller
DavidMuller reviewed Jan 12, 2020
View reviewed changes
aws_requests_auth/boto_utils.py Outdated
@@ -31,7 +31,7 @@ def get_credentials(credentials_obj=None):

class BotoAWSRequestsAuth(AWSRequestsAuth):

def __init__(self, aws_host, aws_region, aws_service):
def __init__(self, aws_host, aws_region, aws_service, session_params={}):
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the pull request @dashstander . Mutable default kwargs are a bit of a Python gotcha e.g.

In [1]: def f(l=[]): 
   ...:     l.append(1) 
   ...:     print(l) 
   ...:                                                                                                                               

In [2]: f()                                                                                                                           
[1]

In [3]: f()                                                                                                                           
[1, 1]

In [4]: f()                                                                                                                           
[1, 1, 1]

In [5]: f()                                                                                                                           
[1, 1, 1, 1]

In [6]: f()                                                                                                                           
[1, 1, 1, 1, 1]

The preferred pattern (as described by core dev Raymond Hettinger) looks something like...

def f(l=None):
    if l is None:
        l = []

allows things like passing in regions, profiles, etc.

Since aws_region is "hardcoded" in BotoAwsRequestsAuth and AWSRequestsAuth, I do not think aws_region will be an appropriate target for us to dynamically override.

I'm not sure if this is true, but does the boto3 profile_name kwarg (e.g. boto3.session.Session(profile_name="my-profile")) restrict itself to only affectingaws_access_key_id, aws_secret_access_key, aws_session_token?

If profile_name indeed only can possibly affect auth, then we might consider allowing profile_name (and only profile_name) to be optionally provided instead.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I appreciate the response @DavidMuller , this is the first time I've made a PR against a public repo.

Having the default be mutable was definitely an oversight on my part and I can change the PR.

According to the docs I'm looking at, there are other parameters (including aws_region) that can have defaults configured by different profiles. But I don't think that that would interfere with having it aws_region hardcoded. The Session().get_credentials() call won't ever pull anything except the aws_access_key_id, aws_secret_access_key, aws_session_token, so there's no danger of the aws_region getting overridden or anything like that.

Which is all another way of saying that adding an optional profile_name parameter works for me as well.

@hekaldama
Copy link

Would benefit from this getting merged and released at some point. What is left? I think I like using kwarg aws_profile instead of just profile to follow pattern already there (and AWS ENV var nomenclature).

@DavidMuller
Copy link
Owner

I do not have plans for a new release soon - my company has stopped using this package. In the meantime, a workaround is to use the get_aws_request_headers_handler hook exposed by AWSRequestsAuth to execute arbitrary code for credential fetching. (Indeed, this is what BotoAWSRequestsAuth does internally.)

class MyAuth(AWSRequestsAuth):

    def get_aws_request_headers_handler(self, r):
        return self.get_aws_request_headers(
            r=r,
            aws_access_key=# any code you like,
            aws_secret_access_key=# any code you like,
            aws_token=# any code you like,
         )

@hekaldama
Copy link

Sounds good and thanks @DavidMuller. If anyone else is looking into this I also did AWS_REGION on the env to get this to work.

@clayrosenthal
Copy link

@ethan-deng Will this be merged if you've approved it? seems like a helpful addition

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DavidMuller DavidMuller DavidMuller left review comments

@ethan-deng ethan-deng ethan-deng approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dashstander @hekaldama @DavidMuller @clayrosenthal @ethan-deng