Added support for selecting an AWS profile in AwsOsduClient (#22)

* Added support for selecting an AWS profile in AwsOsduClient * Some updates to aws client with profile argument. * Updated unit test * Update README and release notes * Revert back to conditional aws session if profile is explicitly provided. * Incremented version Co-authored-by: Mike Duffy <[email protected]>
pariveda · Oct 21, 2020 · 4291e8b · 4291e8b
1 parent 9fa148e
commit 4291e8b
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -91,6 +91,7 @@ Environment variables:
 1. `OSDU_CLIENT_ID`
 1. `OSDU_USER`
 1. `OSDU_PASSWORD`
+1. `AWS_PROFILE`
 
 ```python
 from osdu.client.aws import AwsOsduClient
@@ -111,12 +112,14 @@ client_id = 'YOURCLIENTID'
 user = '[email protected]'
 password = getpass()
 data_partition = 'yourpartition'
+profile = 'osdu-dev'
 
 osdu = AwsOsduClient(data_partition,  
     api_url=api_url,  
     client_id=client_id,  
     user=user,  
-    password=password)
+    password=password,
+    profile=profile)
 ```
 
 ### Using the client

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.1.0
+0.1.1
diff --git a/osdu/client/aws.py b/osdu/client/aws.py
@@ -2,6 +2,7 @@
 import boto3
 
 from .base import BaseOsduClient
+import boto3.session
 
 
 class AwsOsduClient(BaseOsduClient):
@@ -11,11 +12,36 @@ class AwsOsduClient(BaseOsduClient):
     Requires: `boto3`
     """
 
-    def __init__(self, data_partition_id, api_url:str=None, client_id:str=None, user:str=None, password:str=None) -> None:
+    @property
+    def profile(self):
+        return self._profile
+
+    @profile.setter
+    def profile(self, val):
+        self._profile = val
+
+
+    def __init__(self, data_partition_id, api_url:str=None, client_id:str=None, user:str=None, password:str=None, profile:str=None) -> None:
+        """Authenticate and instantiate a new AWS OSDU client. Uses Cognito directly to obtain an access token.
+        
+        :param data_partition_id:   [Required] OSDU data partition ID, e.g. 'opendes'
+        :param api_url:     Must be only the base URL, e.g. 'https://myapi.myregion.mydomain.com'
+                            If not provided as arg, client will attempt to load value from 
+                            environment variable: OSDU_API_URL.
+        :param client_id:   OSDU client ID. Must be a Cognito App Client with no client secret.
+        :param user:        OSDU username. If not provided as arg, client will attempt to load value from
+                            environment variable: OSDU_USER.
+        :param password:    OSDU password. If not provided as arg, client will attempt to load value from
+                            environment variable: OSDU_PASSWORD.
+        :param profile:     Name of AWS profile to use for AWS session to retrieve tokens form Cognito. 
+                            If not provided as arg, client will attempt to load value from 
+                            environment variable: AWS_PROFILE.
+        """
         super().__init__(data_partition_id, api_url)
 
         self._client_id = client_id or os.environ.get('OSDU_CLIENT_ID')
         self._user = user or os.environ.get('OSDU_USER')
+        self._profile = profile or os.environ.get('AWS_PROFILE')
         if password:
             self.get_tokens(password)
             password = None # Don't leave password lying around.
@@ -24,8 +50,13 @@ def __init__(self, data_partition_id, api_url:str=None, client_id:str=None, user
 
 
     def get_tokens(self, password) -> None:
-        client = boto3.client('cognito-idp')
-        response = client.initiate_auth(
+        if self._profile:
+            session = boto3.Session(profile_name=self._profile)
+            cognito = session.client('cognito-idp')
+        else:
+            cognito = boto3.client('cognito-idp')
+
+        response = cognito.initiate_auth(
             AuthFlow='USER_PASSWORD_AUTH',
             ClientId=self._client_id,
             AuthParameters={ 'USERNAME': self._user, 'PASSWORD': password }

diff --git a/release-notes.md b/release-notes.md
@@ -24,3 +24,9 @@ from osdu.client import SimpleOsduClient
 from osdu.client.aws import AwsOsduClient
 from osdu.client.simple import SimpleOsduClient
 ```
+
+### `0.1.1`
+
+**Release Date**: 2020.10.19
+
+Added `profile` constructor arg and class property for AwsOsduClient to specify the AWS profile to be used when connecting to Cognito to obtain access token.
diff --git a/tests/tests_unit.py b/tests/tests_unit.py
@@ -7,19 +7,21 @@
 
 class TestAwsOsduClient(TestCase):
 
-    @mock.patch('boto3.client')
-    def test_initialize_aws_client_with_args(self, mock_client):
+    @mock.patch('boto3.Session')
+    def test_initialize_aws_client_with_args(self, mock_session):
         partition = 'opendes'
         api_url = 'https://your.api.url.com'
         client_id = 'YOURCLIENTID'
         user = '[email protected]'
         password = 'p@ssw0rd'
+        profile = 'osdu-dev'
 
         client = AwsOsduClient(partition,
             api_url=api_url,  
             client_id=client_id,  
             user=user,  
-            password=password)
+            password=password,
+            profile=profile)
 
         self.assertIsNotNone(client)
         self.assertEqual(partition, client.data_partition_id)