boto3-refresh-session 1.3.13__py3-none-any.whl → 1.3.15__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- boto3_refresh_session/__init__.py +2 -1
- boto3_refresh_session/custom.py +22 -16
- boto3_refresh_session/ecs.py +4 -4
- boto3_refresh_session/session.py +23 -13
- boto3_refresh_session/sts.py +16 -12
- {boto3_refresh_session-1.3.13.dist-info → boto3_refresh_session-1.3.15.dist-info}/METADATA +7 -2
- boto3_refresh_session-1.3.15.dist-info/RECORD +11 -0
- boto3_refresh_session-1.3.13.dist-info/RECORD +0 -11
- {boto3_refresh_session-1.3.13.dist-info → boto3_refresh_session-1.3.15.dist-info}/LICENSE +0 -0
- {boto3_refresh_session-1.3.13.dist-info → boto3_refresh_session-1.3.15.dist-info}/NOTICE +0 -0
- {boto3_refresh_session-1.3.13.dist-info → boto3_refresh_session-1.3.15.dist-info}/WHEEL +0 -0
|
@@ -4,7 +4,8 @@ from .session import RefreshableSession
|
|
|
4
4
|
from .sts import STSRefreshableSession
|
|
5
5
|
|
|
6
6
|
__all__ = ["RefreshableSession"]
|
|
7
|
-
__version__ = "1.3.
|
|
7
|
+
__version__ = "1.3.15"
|
|
8
|
+
__title__ = "boto3-refresh-session"
|
|
8
9
|
__author__ = "Mike Letts"
|
|
9
10
|
__maintainer__ = "Mike Letts"
|
|
10
11
|
__license__ = "MIT"
|
boto3_refresh_session/custom.py
CHANGED
|
@@ -9,33 +9,36 @@ from .session import BaseRefreshableSession
|
|
|
9
9
|
|
|
10
10
|
|
|
11
11
|
class CustomRefreshableSession(BaseRefreshableSession, method="custom"):
|
|
12
|
-
"""A :class:`boto3.session.Session` object that automatically refreshes
|
|
13
|
-
returned by a custom credential getter provided
|
|
14
|
-
sophisticated or idiosyncratic
|
|
12
|
+
"""A :class:`boto3.session.Session` object that automatically refreshes
|
|
13
|
+
temporary credentials returned by a custom credential getter provided
|
|
14
|
+
by the user. Useful for users with highly sophisticated or idiosyncratic
|
|
15
|
+
authentication flows.
|
|
15
16
|
|
|
16
17
|
Parameters
|
|
17
18
|
----------
|
|
18
19
|
custom_credentials_method: Callable
|
|
19
|
-
Required. Accepts a callable object that returns temporary AWS
|
|
20
|
-
object must return a dictionary containing
|
|
21
|
-
'expiry_time' when called.
|
|
20
|
+
Required. Accepts a callable object that returns temporary AWS
|
|
21
|
+
security credentials. That object must return a dictionary containing
|
|
22
|
+
'access_key', 'secret_key', 'token', and 'expiry_time' when called.
|
|
22
23
|
custom_credentials_method_args : dict[str, Any], optional
|
|
23
|
-
Optional keyword arguments for the function passed to the
|
|
24
|
-
parameter.
|
|
24
|
+
Optional keyword arguments for the function passed to the
|
|
25
|
+
``custom_credentials_method`` parameter.
|
|
25
26
|
defer_refresh : bool, optional
|
|
26
|
-
If ``True`` then temporary credentials are not automatically refreshed
|
|
27
|
-
they are explicitly needed. If ``False`` then temporary
|
|
28
|
-
immediately upon expiration. It is highly
|
|
29
|
-
Default is ``True``.
|
|
27
|
+
If ``True`` then temporary credentials are not automatically refreshed
|
|
28
|
+
until they are explicitly needed. If ``False`` then temporary
|
|
29
|
+
credentials refresh immediately upon expiration. It is highly
|
|
30
|
+
recommended that you use ``True``. Default is ``True``.
|
|
30
31
|
|
|
31
32
|
Other Parameters
|
|
32
33
|
----------------
|
|
33
34
|
kwargs : dict
|
|
34
|
-
Optional keyword arguments for the :class:`boto3.session.Session`
|
|
35
|
+
Optional keyword arguments for the :class:`boto3.session.Session`
|
|
36
|
+
object.
|
|
35
37
|
|
|
36
38
|
Examples
|
|
37
39
|
--------
|
|
38
|
-
Write (or import) the callable object for obtaining temporary AWS security
|
|
40
|
+
Write (or import) the callable object for obtaining temporary AWS security
|
|
41
|
+
credentials.
|
|
39
42
|
|
|
40
43
|
>>> def your_custom_credential_getter(your_param, another_param):
|
|
41
44
|
>>> ...
|
|
@@ -85,19 +88,22 @@ class CustomRefreshableSession(BaseRefreshableSession, method="custom"):
|
|
|
85
88
|
|
|
86
89
|
if missing := required_keys - credentials.keys():
|
|
87
90
|
raise BRSError(
|
|
88
|
-
f"The dict returned by custom_credentials_method is missing
|
|
91
|
+
f"The dict returned by custom_credentials_method is missing "
|
|
92
|
+
"these key-value pairs: "
|
|
89
93
|
f"{', '.join(repr(param) for param in missing)}. "
|
|
90
94
|
)
|
|
91
95
|
|
|
92
96
|
return credentials
|
|
93
97
|
|
|
94
98
|
def get_identity(self) -> dict[str, str]:
|
|
95
|
-
"""
|
|
99
|
+
"""
|
|
100
|
+
Returns metadata about the custom credential getter.
|
|
96
101
|
|
|
97
102
|
Returns
|
|
98
103
|
-------
|
|
99
104
|
dict[str, str]
|
|
100
105
|
Dict containing information about the custom credential getter.
|
|
106
|
+
|
|
101
107
|
"""
|
|
102
108
|
|
|
103
109
|
source = getattr(
|
boto3_refresh_session/ecs.py
CHANGED
|
@@ -22,10 +22,10 @@ class ECSRefreshableSession(BaseRefreshableSession, method="ecs"):
|
|
|
22
22
|
Parameters
|
|
23
23
|
----------
|
|
24
24
|
defer_refresh : bool, optional
|
|
25
|
-
If ``True`` then temporary credentials are not automatically
|
|
26
|
-
they are explicitly needed. If ``False`` then
|
|
27
|
-
immediately upon expiration. It
|
|
28
|
-
Default is ``True``.
|
|
25
|
+
If ``True`` then temporary credentials are not automatically
|
|
26
|
+
refreshed until they are explicitly needed. If ``False`` then
|
|
27
|
+
temporary credentials refresh immediately upon expiration. It
|
|
28
|
+
is highly recommended that you use ``True``. Default is ``True``.
|
|
29
29
|
|
|
30
30
|
Other Parameters
|
|
31
31
|
----------------
|
boto3_refresh_session/session.py
CHANGED
|
@@ -19,7 +19,8 @@ RefreshMethod = Literal["sts-assume-role", "ecs-container-metadata", "custom"]
|
|
|
19
19
|
|
|
20
20
|
|
|
21
21
|
class BaseRefreshableSession(ABC, Session):
|
|
22
|
-
"""
|
|
22
|
+
"""
|
|
23
|
+
Abstract base class for implementing refreshable AWS sessions.
|
|
23
24
|
|
|
24
25
|
Provides a common interface and factory registration mechanism
|
|
25
26
|
for subclasses that generate temporary credentials using various
|
|
@@ -33,6 +34,7 @@ class BaseRefreshableSession(ABC, Session):
|
|
|
33
34
|
----------
|
|
34
35
|
registry : dict[str, type[BaseRefreshableSession]]
|
|
35
36
|
Class-level registry mapping method names to registered session types.
|
|
37
|
+
|
|
36
38
|
"""
|
|
37
39
|
|
|
38
40
|
# adding this and __init_subclass__ to avoid circular imports
|
|
@@ -78,7 +80,8 @@ class BaseRefreshableSession(ABC, Session):
|
|
|
78
80
|
)
|
|
79
81
|
|
|
80
82
|
def refreshable_credentials(self) -> dict[str, str]:
|
|
81
|
-
"""
|
|
83
|
+
"""
|
|
84
|
+
The current temporary AWS security credentials.
|
|
82
85
|
|
|
83
86
|
Returns
|
|
84
87
|
-------
|
|
@@ -90,6 +93,7 @@ class BaseRefreshableSession(ABC, Session):
|
|
|
90
93
|
AWS secret access key.
|
|
91
94
|
AWS_SESSION_TOKEN : str
|
|
92
95
|
AWS session token.
|
|
96
|
+
|
|
93
97
|
"""
|
|
94
98
|
|
|
95
99
|
creds = self.get_credentials().get_frozen_credentials()
|
|
@@ -107,32 +111,36 @@ class BaseRefreshableSession(ABC, Session):
|
|
|
107
111
|
|
|
108
112
|
|
|
109
113
|
class RefreshableSession:
|
|
110
|
-
"""Factory class for constructing refreshable boto3 sessions using various
|
|
111
|
-
methods, e.g. STS.
|
|
114
|
+
"""Factory class for constructing refreshable boto3 sessions using various
|
|
115
|
+
authentication methods, e.g. STS.
|
|
112
116
|
|
|
113
|
-
This class provides a unified interface for creating boto3 sessions whose
|
|
114
|
-
automatically refreshed in the background.
|
|
117
|
+
This class provides a unified interface for creating boto3 sessions whose
|
|
118
|
+
credentials are automatically refreshed in the background.
|
|
115
119
|
|
|
116
|
-
Use ``RefreshableSession(method="...")`` to construct an instance using
|
|
120
|
+
Use ``RefreshableSession(method="...")`` to construct an instance using
|
|
121
|
+
the desired method.
|
|
117
122
|
|
|
118
|
-
For additional information on required parameters, refer to the See Also
|
|
123
|
+
For additional information on required parameters, refer to the See Also
|
|
124
|
+
section below.
|
|
119
125
|
|
|
120
126
|
Parameters
|
|
121
127
|
----------
|
|
122
128
|
method : Method
|
|
123
|
-
The authentication and refresh method to use for the session. Must
|
|
124
|
-
Default is "sts".
|
|
129
|
+
The authentication and refresh method to use for the session. Must
|
|
130
|
+
match a registered method name. Default is "sts".
|
|
125
131
|
|
|
126
132
|
Other Parameters
|
|
127
133
|
----------------
|
|
128
134
|
**kwargs : dict
|
|
129
|
-
Additional keyword arguments forwarded to the constructor of the
|
|
135
|
+
Additional keyword arguments forwarded to the constructor of the
|
|
136
|
+
selected session class.
|
|
130
137
|
|
|
131
138
|
See Also
|
|
132
139
|
--------
|
|
133
140
|
boto3_refresh_session.custom.CustomRefreshableSession
|
|
134
141
|
boto3_refresh_session.sts.STSRefreshableSession
|
|
135
142
|
boto3_refresh_session.ecs.ECSRefreshableSession
|
|
143
|
+
|
|
136
144
|
"""
|
|
137
145
|
|
|
138
146
|
def __new__(
|
|
@@ -140,7 +148,8 @@ class RefreshableSession:
|
|
|
140
148
|
) -> BaseRefreshableSession:
|
|
141
149
|
if method not in (methods := cls.get_available_methods()):
|
|
142
150
|
raise BRSError(
|
|
143
|
-
f"{repr(method)} is an invalid method parameter.
|
|
151
|
+
f"{repr(method)} is an invalid method parameter. "
|
|
152
|
+
"Available methods are "
|
|
144
153
|
f"{', '.join(repr(meth) for meth in methods)}."
|
|
145
154
|
)
|
|
146
155
|
|
|
@@ -154,7 +163,8 @@ class RefreshableSession:
|
|
|
154
163
|
Returns
|
|
155
164
|
-------
|
|
156
165
|
list[str]
|
|
157
|
-
A list of all currently available credential refresh methods,
|
|
166
|
+
A list of all currently available credential refresh methods,
|
|
167
|
+
e.g. 'sts'.
|
|
158
168
|
"""
|
|
159
169
|
|
|
160
170
|
return list(get_args(Method))
|
boto3_refresh_session/sts.py
CHANGED
|
@@ -9,26 +9,29 @@ from .session import BaseRefreshableSession
|
|
|
9
9
|
|
|
10
10
|
|
|
11
11
|
class STSRefreshableSession(BaseRefreshableSession, method="sts"):
|
|
12
|
-
"""A :class:`boto3.session.Session` object that automatically refreshes
|
|
13
|
-
credentials using an IAM role that is assumed via STS.
|
|
12
|
+
"""A :class:`boto3.session.Session` object that automatically refreshes
|
|
13
|
+
temporary AWS credentials using an IAM role that is assumed via STS.
|
|
14
14
|
|
|
15
15
|
Parameters
|
|
16
16
|
----------
|
|
17
17
|
assume_role_kwargs : dict
|
|
18
|
-
Required keyword arguments for :meth:`STS.Client.assume_role` (i.e.
|
|
18
|
+
Required keyword arguments for :meth:`STS.Client.assume_role` (i.e.
|
|
19
|
+
boto3 STS client).
|
|
19
20
|
defer_refresh : bool, optional
|
|
20
|
-
If ``True`` then temporary credentials are not automatically refreshed
|
|
21
|
-
they are explicitly needed. If ``False`` then temporary
|
|
22
|
-
immediately upon expiration. It is highly
|
|
23
|
-
Default is ``True``.
|
|
21
|
+
If ``True`` then temporary credentials are not automatically refreshed
|
|
22
|
+
until they are explicitly needed. If ``False`` then temporary
|
|
23
|
+
credentials refresh immediately upon expiration. It is highly
|
|
24
|
+
recommended that you use ``True``. Default is ``True``.
|
|
24
25
|
sts_client_kwargs : dict, optional
|
|
25
|
-
Optional keyword arguments for the :class:`STS.Client` object. Do not
|
|
26
|
-
values for ``service_name`` as they are unnecessary. Default
|
|
26
|
+
Optional keyword arguments for the :class:`STS.Client` object. Do not
|
|
27
|
+
provide values for ``service_name`` as they are unnecessary. Default
|
|
28
|
+
is None.
|
|
27
29
|
|
|
28
30
|
Other Parameters
|
|
29
31
|
----------------
|
|
30
32
|
kwargs : dict
|
|
31
|
-
Optional keyword arguments for the :class:`boto3.session.Session`
|
|
33
|
+
Optional keyword arguments for the :class:`boto3.session.Session`
|
|
34
|
+
object.
|
|
32
35
|
"""
|
|
33
36
|
|
|
34
37
|
def __init__(
|
|
@@ -43,10 +46,11 @@ class STSRefreshableSession(BaseRefreshableSession, method="sts"):
|
|
|
43
46
|
self.assume_role_kwargs = assume_role_kwargs
|
|
44
47
|
|
|
45
48
|
if sts_client_kwargs is not None:
|
|
46
|
-
# overwriting 'service_name'
|
|
49
|
+
# overwriting 'service_name' if if appears in sts_client_kwargs
|
|
47
50
|
if "service_name" in sts_client_kwargs:
|
|
48
51
|
BRSWarning(
|
|
49
|
-
"'sts_client_kwargs' cannot contain values for
|
|
52
|
+
"'sts_client_kwargs' cannot contain values for "
|
|
53
|
+
"'service_name'. Reverting to service_name = 'sts'."
|
|
50
54
|
)
|
|
51
55
|
del sts_client_kwargs["service_name"]
|
|
52
56
|
self._sts_client = self.client(
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.3
|
|
2
2
|
Name: boto3-refresh-session
|
|
3
|
-
Version: 1.3.
|
|
3
|
+
Version: 1.3.15
|
|
4
4
|
Summary: A simple Python package for refreshing the temporary security credentials in a boto3.session.Session object automatically.
|
|
5
5
|
License: MIT
|
|
6
6
|
Keywords: boto3,botocore,aws,sts,ecs,credentials,token,refresh
|
|
@@ -78,7 +78,12 @@ Description-Content-Type: text/markdown
|
|
|
78
78
|
|
|
79
79
|
<a href="https://medium.com/@lettsmt/you-shouldnt-have-to-think-about-refreshing-aws-credentials-214f7cbbd83b">
|
|
80
80
|
<img src="https://img.shields.io/badge/Medium%20Article-📘-FF0000?style=flat&labelColor=555&logo=readthedocs" alt="Medium Article"/>
|
|
81
|
-
</a>
|
|
81
|
+
</a>
|
|
82
|
+
|
|
83
|
+
<a href="https://github.com/sponsors/michaelthomasletts">
|
|
84
|
+
<img src="https://img.shields.io/badge/Sponsor%20this%20Project-💙-FF0000?style=flat&labelColor=555&logo=githubsponsors" alt="Sponsorship"/>
|
|
85
|
+
</a>
|
|
86
|
+
|
|
82
87
|
|
|
83
88
|
</div>
|
|
84
89
|
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
boto3_refresh_session/__init__.py,sha256=_4VLYpIvCjuw0X_PUpBwM5vDKWGPpsouzlNkzm0wJKE,364
|
|
2
|
+
boto3_refresh_session/custom.py,sha256=YuorVYEzoYxLkzuoMwSqqAmN0n7ZsXKkS2Q8soAyGkc,3805
|
|
3
|
+
boto3_refresh_session/ecs.py,sha256=2lLMDWEE_JArBf0sRtcFmrzxiIpo_S6dauHS-TDUn4U,3713
|
|
4
|
+
boto3_refresh_session/exceptions.py,sha256=qcFzdIuK5PZirs77H_Kb64S9QFb6cn2OJtirjvaRLiY,972
|
|
5
|
+
boto3_refresh_session/session.py,sha256=mxATkH7rDTCiPtEbqxIkhnl_i7xwHJ0wzTH8Zv-xaL8,5368
|
|
6
|
+
boto3_refresh_session/sts.py,sha256=gJKbslmNl8kR8oAeZfOGmrHtgUUxMm7e9hPgZO678FE,3174
|
|
7
|
+
boto3_refresh_session-1.3.15.dist-info/LICENSE,sha256=I3ZYTXAjbIly6bm6J-TvFTuuHwTKws4h89QaY5c5HiY,1067
|
|
8
|
+
boto3_refresh_session-1.3.15.dist-info/METADATA,sha256=s6KkLftJRR6xtmntJt8M2Y_QFVZWOdKdrT3BN9BBHhg,7804
|
|
9
|
+
boto3_refresh_session-1.3.15.dist-info/NOTICE,sha256=1s8r33qbl1z0YvPB942iWgvbkP94P_e8AnROr1qXXuw,939
|
|
10
|
+
boto3_refresh_session-1.3.15.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
|
|
11
|
+
boto3_refresh_session-1.3.15.dist-info/RECORD,,
|
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
boto3_refresh_session/__init__.py,sha256=staPg54Ubnm3-Ipi71E4AJQlhf5jRTQlq-BsbVMABRA,328
|
|
2
|
-
boto3_refresh_session/custom.py,sha256=L3kQ_6e-lmIGgm1GHLngOqJOzeS-oDFoVCPTkva0-PA,3760
|
|
3
|
-
boto3_refresh_session/ecs.py,sha256=WIC5mlbcEnM1oo-QXmmtiw2mjFDn01hBfcFh67ku42A,3713
|
|
4
|
-
boto3_refresh_session/exceptions.py,sha256=qcFzdIuK5PZirs77H_Kb64S9QFb6cn2OJtirjvaRLiY,972
|
|
5
|
-
boto3_refresh_session/session.py,sha256=u1gSsYH3OpcbIurMS2nstPbQtOO-S9GZsuk_yhjEqAI,5304
|
|
6
|
-
boto3_refresh_session/sts.py,sha256=paIgbmn9a3cATNX-6AEGxnSGNZnX1pj4rRQmh8gQSKs,3132
|
|
7
|
-
boto3_refresh_session-1.3.13.dist-info/LICENSE,sha256=I3ZYTXAjbIly6bm6J-TvFTuuHwTKws4h89QaY5c5HiY,1067
|
|
8
|
-
boto3_refresh_session-1.3.13.dist-info/METADATA,sha256=qP4kzML9CQCS-gSpXlhXwoKh--AffznQorn0ZjfPhvU,7598
|
|
9
|
-
boto3_refresh_session-1.3.13.dist-info/NOTICE,sha256=1s8r33qbl1z0YvPB942iWgvbkP94P_e8AnROr1qXXuw,939
|
|
10
|
-
boto3_refresh_session-1.3.13.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
|
|
11
|
-
boto3_refresh_session-1.3.13.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|