#2096 Added ProgrammaticAssumeRoleProvider and Session.assume_role() for #761

Open benkehoe
Showing 2 of 3 files from the diff.

@@ -906,6 +906,32 @@
Loading
906 906
            pass
907 907
        return results
908 908
909 +
    def assume_role(self, role_arn, extra_args=None):
910 +
        """
911 +
        :type role_arn: str
912 +
        :param role_arn: The ARN of the role to be assumed.
913 +
914 +
        :type extra_args: dict
915 +
        :param extra_args: Any additional arguments to add to the assume
916 +
            role request using the format of the botocore operation.
917 +
            Possible keys include, but may not be limited to,
918 +
            DurationSeconds, Policy, and RoleSessionName.
919 +
        """
920 +
        assume_role_provider = botocore.credentials.ProgrammaticAssumeRoleProvider(
921 +
            self.client_creator,
922 +
            self.get_credentials(),
923 +
            role_arn,
924 +
            extra_args=extra_args,
925 +
        )
926 +
927 +
        assumed_role_session = Session()
928 +
        assumed_role_session.register_component(
929 +
            'credential_provider',
930 +
            botocore.credentials.CredentialResolver([assume_role_provider])
931 +
        )
932 +
933 +
        return assumed_role_session
934 +
909 935
910 936
class ComponentLocator(object):
911 937
    """Service locator for session components."""

@@ -1625,6 +1625,78 @@
Loading
1625 1625
            )
1626 1626
        return credentials
1627 1627
1628 +
class ProgrammaticAssumeRoleProvider(CredentialProvider):
1629 +
    METHOD = 'programmatic-assume-role'
1630 +
1631 +
    def __init__(self, client_creator, source_credentials, role_arn,
1632 +
            extra_args=None, prompter=getpass.getpass, cache=None, expiry_window_seconds=None):
1633 +
        """
1634 +
        :type client_creator: callable
1635 +
        :param client_creator: A factory function that will create
1636 +
            a client when called.  Has the same interface as
1637 +
            ``botocore.session.Session.create_client``.
1638 +
1639 +
        :type source_credentials: Credentials
1640 +
        :param source_credentials: The credentials to use to create the
1641 +
            client for the call to AssumeRole.
1642 +
1643 +
        :type role_arn: str
1644 +
        :param role_arn: The ARN of the role to be assumed.
1645 +
1646 +
        :type extra_args: dict
1647 +
        :param extra_args: Any additional arguments to add to the assume
1648 +
            role request using the format of the botocore operation.
1649 +
            Possible keys include, but may not be limited to,
1650 +
            DurationSeconds, Policy, and RoleSessionName.
1651 +
1652 +
        :type prompter: callable
1653 +
        :param prompter: A callable that returns input provided
1654 +
            by the user (i.e raw_input, getpass.getpass, etc.).
1655 +
1656 +
        :type cache: dict
1657 +
        :param cache: An object that supports ``__getitem__``,
1658 +
            ``__setitem__``, and ``__contains__``.  An example of this is
1659 +
            the ``JSONFileCache`` class in aws-cli.
1660 +
1661 +
        :type expiry_window_seconds: int
1662 +
        :param expiry_window_seconds: The amount of time, in seconds,
1663 +
        """
1664 +
1665 +
        self._client_creator = client_creator
1666 +
        self._source_credentials = source_credentials
1667 +
        self._role_arn = role_arn
1668 +
        self._extra_args = extra_args
1669 +
        self._prompter = prompter
1670 +
        if cache is None:
1671 +
            cache = {}
1672 +
        self._cache = cache
1673 +
        self._expiry_window_seconds = expiry_window_seconds
1674 +
1675 +
        self._fetcher = None
1676 +
1677 +
1678 +
    def _get_fetcher(self):
1679 +
        if not self._fetcher:
1680 +
            self._fetcher = AssumeRoleCredentialFetcher(
1681 +
                self._client_creator,
1682 +
                self._source_credentials,
1683 +
                self._role_arn,
1684 +
                extra_args=self._extra_args,
1685 +
                mfa_prompter=self._prompter,
1686 +
                cache=self._cache,
1687 +
                expiry_window_seconds=self._expiry_window_seconds
1688 +
            )
1689 +
        return self._fetcher
1690 +
1691 +
    def load(self):
1692 +
        refresher = self._get_fetcher().fetch_credentials
1693 +
        if self._extra_args and 'SerialNumber' in self._extra_args:
1694 +
            refresher = create_mfa_serial_refresher(refresher)
1695 +
        return DeferredRefreshableCredentials(
1696 +
            method=self.METHOD,
1697 +
            refresh_using=refresher,
1698 +
            time_fetcher=_local_now
1699 +
        )
1628 1700
1629 1701
class AssumeRoleWithWebIdentityProvider(CredentialProvider):
1630 1702
    METHOD = 'assume-role-with-web-identity'

Learn more Showing 1 files with coverage changes found.

Changes in botocore/credentials.py
-1
+1
Loading file...
Files Coverage
botocore -0.01% 93.10%
Project Totals (60 files) 93.10%
Loading