boto3-refresh-session 2.0.5__py3-none-any.whl → 7.0.1__py3-none-any.whl

boto3_refresh_session/methods/ecs.py

@@ -1,109 +0,0 @@
-from __future__ import annotations
-
-__all__ = ["ECSRefreshableSession"]
-
-import os
-
-import requests
-
-from ..exceptions import BRSError
-from ..session import BaseRefreshableSession
-from ..utils import TemporaryCredentials
-
-_ECS_CREDENTIALS_RELATIVE_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
-_ECS_CREDENTIALS_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"
-_ECS_AUTHORIZATION_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"
-_DEFAULT_ENDPOINT_BASE = "http://169.254.170.2"
-
-
-class ECSRefreshableSession(BaseRefreshableSession, registry_key="ecs"):
-    """A boto3 session that automatically refreshes temporary AWS credentials
-    from the ECS container credentials metadata endpoint.
-
-    Parameters
-    ----------
-    defer_refresh : bool, optional
-        If ``True`` then temporary credentials are not automatically
-        refreshed until they are explicitly needed. If ``False`` then
-        temporary credentials refresh immediately upon expiration. It
-        is highly recommended that you use ``True``. Default is ``True``.
-
-    Other Parameters
-    ----------------
-    kwargs : dict
-        Optional keyword arguments passed to :class:`boto3.session.Session`.
-    """
-
-    def __init__(self, defer_refresh: bool | None = None, **kwargs):
-        super().__init__(**kwargs)
-
-        self._endpoint = self._resolve_endpoint()
-        self._headers = self._build_headers()
-        self._http = self._init_http_session()
-
-        self.initialize(
-            credentials_method=self._get_credentials,
-            defer_refresh=defer_refresh is not False,
-            refresh_method="ecs-container-metadata",
-        )
-
-    def _resolve_endpoint(self) -> str:
-        uri = os.environ.get(_ECS_CREDENTIALS_FULL_URI) or os.environ.get(
-            _ECS_CREDENTIALS_RELATIVE_URI
-        )
-        if not uri:
-            raise BRSError(
-                "Neither AWS_CONTAINER_CREDENTIALS_FULL_URI nor "
-                "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set. "
-                "Are you running inside an ECS container?"
-            )
-        if uri.startswith("http://") or uri.startswith("https://"):
-            return uri
-        return f"{_DEFAULT_ENDPOINT_BASE}{uri}"
-
-    def _build_headers(self) -> dict[str, str]:
-        token = os.environ.get(_ECS_AUTHORIZATION_TOKEN)
-        if token:
-            return {"Authorization": f"Bearer {token}"}
-        return {}
-
-    def _init_http_session(self) -> requests.Session:
-        session = requests.Session()
-        session.headers.update(self._headers)
-        return session
-
-    def _get_credentials(self) -> TemporaryCredentials:
-        try:
-            response = self._http.get(self._endpoint, timeout=3)
-            response.raise_for_status()
-        except requests.RequestException as exc:
-            raise BRSError(
-                f"Failed to retrieve ECS credentials from {self._endpoint}"
-            ) from exc
-
-        credentials = response.json()
-        required = {
-            "AccessKeyId",
-            "SecretAccessKey",
-            "SessionToken",
-            "Expiration",
-        }
-        if not required.issubset(credentials):
-            raise BRSError(f"Incomplete credentials received: {credentials}")
-        return {
-            "access_key": credentials.get("AccessKeyId"),
-            "secret_key": credentials.get("SecretAccessKey"),
-            "token": credentials.get("SessionToken"),
-            "expiry_time": credentials.get("Expiration"),  # already ISO8601
-        }
-
-    def get_identity(self) -> dict[str, str]:
-        """Returns metadata about ECS.
-
-        Returns
-        -------
-        dict[str, str]
-            Dict containing metadata about ECS.
-        """
-
-        return {"method": "ecs", "source": "ecs-container-metadata"}

boto3_refresh_session/methods/iot/__init__.typed

@@ -1,4 +0,0 @@
-from .certificate import IoTCertificateRefreshableSession
-from .core import IoTRefreshableSession
-
-__all__ = ["IoTRefreshableSession"]

boto3_refresh_session/methods/iot/certificate.typed

@@ -1,54 +0,0 @@
-__all__ = ["IoTCertificateRefreshableSession"]
-
-from pathlib import Path
-from typing import Any
-
-from ...exceptions import BRSError
-from ...utils import PKCS11, TemporaryCredentials
-from .core import BaseIoTRefreshableSession
-
-
-class IoTCertificateRefreshableSession(
-    BaseIoTRefreshableSession, registry_key="certificate"
-):
-    def __init__(
-        self,
-        endpoint: str,
-        role_alias: str,
-        thing_name: str,
-        certificate: str | bytes,
-        private_key: str | bytes | None = None,
-        pkcs11: PKCS11 | None = None,
-        ca: bytes | None = None,
-        verify_peer: bool = True,
-    ):
-        self.endpoint = endpoint
-        self.role_alias = role_alias
-        self.thing_name = thing_name
-        self.certificate = certificate
-        self.private_key = private_key
-        self.pkcs11 = pkcs11
-        self.ca = ca
-        self.verify_peer = verify_peer
-
-        if self.certificate and isinstance(self.certificate, str):
-            with open(Path(self.certificate), "rb") as cert_pem_file:
-                self.certificate = cert_pem_file.read()
-
-        if self.private_key is None and self.pkcs11 is None:
-            raise BRSError(
-                "Either 'private_key' or 'pkcs11' must be provided."
-            )
-
-        if self.private_key is not None and self.pkcs11 is not None:
-            raise BRSError(
-                "Only one of 'private_key' or 'pkcs11' can be provided."
-            )
-
-        if self.private_key and isinstance(self.private_key, str):
-            with open(Path(self.private_key), "rb") as private_key_pem_file:
-                self.private_key = private_key_pem_file.read()
-
-    def _get_credentials(self) -> TemporaryCredentials: ...
-
-    def get_identity(self) -> dict[str, Any]: ...

boto3_refresh_session/methods/iot/cognito.typed

@@ -1,16 +0,0 @@
-__all__ = ["IoTCognitoRefreshableSession"]
-
-from typing import Any
-
-from ...utils import TemporaryCredentials
-from .core import BaseIoTRefreshableSession
-
-
-class IoTCognitoRefreshableSession(
-    BaseIoTRefreshableSession, registry_key="cognito"
-):
-    def __init__(self): ...
-
-    def _get_credentials(self) -> TemporaryCredentials: ...
-
-    def get_identity(self) -> dict[str, Any]: ...

boto3_refresh_session/utils.py

@@ -1,212 +0,0 @@
-from abc import ABC, abstractmethod
-from datetime import datetime
-from typing import (
-    Any,
-    Callable,
-    ClassVar,
-    Generic,
-    List,
-    Literal,
-    TypedDict,
-    TypeVar,
-)
-
-from boto3.session import Session
-from botocore.credentials import (
-    DeferredRefreshableCredentials,
-    RefreshableCredentials,
-)
-
-from .exceptions import BRSWarning
-
-try:
-    from typing import NotRequired  # type: ignore[import]
-except ImportError:
-    from typing_extensions import NotRequired
-
-#: Type alias for all currently available IoT authentication methods.
-IoTAuthenticationMethod = Literal["certificate", "cognito", "__iot_sentinel__"]
-
-#: Type alias for all currently available credential refresh methods.
-Method = Literal[
-    "sts",
-    "ecs",
-    "custom",
-    "__sentinel__",
-]  # TODO: Add iot when implemented
-
-#: Type alias for all refresh method names.
-RefreshMethod = Literal[
-    "sts-assume-role",
-    "ecs-container-metadata",
-    "custom",
-]  # Add iot-certificate and iot-cognito when iot implemented
-
-#: Type alias for all currently registered credential refresh methods.
-RegistryKey = TypeVar("RegistryKey", bound=str)
-
-
-class Registry(Generic[RegistryKey]):
-    """Gives any hierarchy a class-level registry."""
-
-    registry: ClassVar[dict[str, type]] = {}
-
-    def __init_subclass__(cls, *, registry_key: RegistryKey, **kwargs: Any):
-        super().__init_subclass__(**kwargs)
-
-        if registry_key in cls.registry:
-            BRSWarning(f"{registry_key!r} already registered. Overwriting.")
-
-        if "sentinel" not in registry_key:
-            cls.registry[registry_key] = cls
-
-    @classmethod
-    def items(cls) -> dict[str, type]:
-        """Typed accessor for introspection / debugging."""
-
-        return dict(cls.registry)
-
-
-class TemporaryCredentials(TypedDict):
-    """Temporary IAM credentials."""
-
-    access_key: str
-    secret_key: str
-    token: str
-    expiry_time: datetime | str
-
-
-class RefreshableTemporaryCredentials(TypedDict):
-    """Refreshable IAM credentials.
-
-    Parameters
-    ----------
-    AWS_ACCESS_KEY_ID : str
-        AWS access key identifier.
-    AWS_SECRET_ACCESS_KEY : str
-        AWS secret access key.
-    AWS_SESSION_TOKEN : str
-        AWS session token.
-    """
-
-    AWS_ACCESS_KEY_ID: str
-    AWS_SECRET_ACCESS_KEY: str
-    AWS_SESSION_TOKEN: str
-
-
-class CredentialProvider(ABC):
-    """Defines the abstract surface every refreshable session must expose."""
-
-    @abstractmethod
-    def _get_credentials(self) -> TemporaryCredentials: ...
-
-    @abstractmethod
-    def get_identity(self) -> dict[str, Any]: ...
-
-
-class BRSSession(Session):
-    """Wrapper for boto3.session.Session.
-
-    Other Parameters
-    ----------------
-    kwargs : Any
-        Optional keyword arguments for initializing boto3.session.Session."""
-
-    def __init__(self, **kwargs):
-        super().__init__(**kwargs)
-
-    def initialize(
-        self,
-        credentials_method: Callable,
-        defer_refresh: bool,
-        refresh_method: RefreshMethod,
-    ):
-        # determining how exactly to refresh expired temporary credentials
-        if not defer_refresh:
-            self._credentials = RefreshableCredentials.create_from_metadata(
-                metadata=credentials_method(),
-                refresh_using=credentials_method,
-                method=refresh_method,
-            )
-        else:
-            self._credentials = DeferredRefreshableCredentials(
-                refresh_using=credentials_method, method=refresh_method
-            )
-
-    def refreshable_credentials(self) -> RefreshableTemporaryCredentials:
-        """The current temporary AWS security credentials.
-
-        Returns
-        -------
-        RefreshableTemporaryCredentials
-            Temporary AWS security credentials containing:
-                AWS_ACCESS_KEY_ID : str
-                    AWS access key identifier.
-                AWS_SECRET_ACCESS_KEY : str
-                    AWS secret access key.
-                AWS_SESSION_TOKEN : str
-                    AWS session token.
-        """
-
-        creds = self.get_credentials().get_frozen_credentials()
-        return {
-            "AWS_ACCESS_KEY_ID": creds.access_key,
-            "AWS_SECRET_ACCESS_KEY": creds.secret_key,
-            "AWS_SESSION_TOKEN": creds.token,
-        }
-
-    @property
-    def credentials(self) -> RefreshableTemporaryCredentials:
-        """The current temporary AWS security credentials."""
-
-        return self.refreshable_credentials()
-
-
-class Tag(TypedDict):
-    Key: str
-    Value: str
-
-
-class PolicyDescriptorType(TypedDict):
-    arn: str
-
-
-class ProvidedContext(TypedDict):
-    ProviderArn: str
-    ContextAssertion: str
-
-
-class AssumeRoleParams(TypedDict):
-    RoleArn: str
-    RoleSessionName: str
-    PolicyArns: NotRequired[List[PolicyDescriptorType]]
-    Policy: NotRequired[str]
-    DurationSeconds: NotRequired[int]
-    ExternalId: NotRequired[str]
-    SerialNumber: NotRequired[str]
-    TokenCode: NotRequired[str]
-    Tags: NotRequired[List[Tag]]
-    TransitiveTagKeys: NotRequired[List[str]]
-    SourceIdentity: NotRequired[str]
-    ProvidedContexts: NotRequired[List[ProvidedContext]]
-
-
-class STSClientParams(TypedDict):
-    region_name: NotRequired[str]
-    api_version: NotRequired[str]
-    use_ssl: NotRequired[bool]
-    verify: NotRequired[bool | str]
-    endpoint_url: NotRequired[str]
-    aws_access_key_id: NotRequired[str]
-    aws_secret_access_key: NotRequired[str]
-    aws_session_token: NotRequired[str]
-    config: NotRequired[Any]
-    aws_account_id: NotRequired[str]
-
-
-class PKCS11(TypedDict):
-    pkcs11_loc: str
-    user_pin: NotRequired[str]
-    slot_id: NotRequired[int]
-    token_label: NotRequired[str | None]
-    private_key_label: NotRequired[str | None]

boto3_refresh_session-2.0.5.dist-info/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2025 Mike Letts
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

boto3_refresh_session-2.0.5.dist-info/NOTICE

@@ -1,12 +0,0 @@
-boto3-refresh-session  
-Copyright 2024 Michael Letts
-
-boto3-refresh-session (BRS) includes software designed and developed by Michael Letts (the author).
-
-Although the author was formerly employed by Amazon, this project was conceived, designed, developed, and released independently after that period of employment. It is not affiliated with or endorsed by Amazon Web Services (AWS), Amazon, or any contributors to boto3 or botocore, regardless of their employment status.
-
-Developers are welcome and encouraged to modify and adapt this software to suit their needs — this is in fact already common practice among some of the largest users of BRS.
-
-If you find boto3-refresh-session (BRS) helpful in your work, a note of thanks or a mention in your project’s documentation or acknowledgments is appreciated — though not required under the terms of the MIT License.
-
-Licensed under the MIT License. See the LICENSE file for details.

boto3_refresh_session-2.0.5.dist-info/RECORD

@@ -1,17 +0,0 @@
-boto3_refresh_session/__init__.py,sha256=fhmdy2XmLwM_V__V5qcwByBOFLouPZv6hQIDW17Mfq8,240
-boto3_refresh_session/exceptions.py,sha256=cP5d9S8QnUEwXIU3pzMGr6jMOz447kddNJ_UIRERMrk,964
-boto3_refresh_session/methods/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-boto3_refresh_session/methods/custom.py,sha256=ZJAHgAajz9w6lohDeN-NWrxmZ2LaDxLfGWT2jmoTilQ,3868
-boto3_refresh_session/methods/ecs.py,sha256=yAfQbFXMB_RDk-uX_zVVgOt2Lc-1SVx4PJmFyLuDbms,3750
-boto3_refresh_session/methods/iot/__init__.typed,sha256=Z33nIB6oCsz9TZwikHfNHgY1SKxkSCdB5rwdPSUl3C4,135
-boto3_refresh_session/methods/iot/certificate.typed,sha256=yvKptwH-GagBREI_1AXs_mCaU6vL3AcUDQ58vn7V8QM,1774
-boto3_refresh_session/methods/iot/cognito.typed,sha256=0VorzOXHpsVemiGWZzHE9fuX-MZcpqzWQ4nK3gNDUMg,389
-boto3_refresh_session/methods/iot/core.typed,sha256=tL-ngB2XYq0XtxhS9mbggCJYdX3eEE0u1Gvcq8sEYGE,1422
-boto3_refresh_session/methods/sts.py,sha256=uWvT-ybRVZBusr4jNHyfHOB_AKhs6t0dN_fNI-gkUKM,3268
-boto3_refresh_session/session.py,sha256=_Z3uB5Xq3S-dFqOFmWhMQbcd__NPGThjULLPStHI6E4,2914
-boto3_refresh_session/utils.py,sha256=ME3sNWZc6oTNUdoRmiNOVmLLp9iSqJe-yfudRV0A46U,5729
-boto3_refresh_session-2.0.5.dist-info/LICENSE,sha256=I3ZYTXAjbIly6bm6J-TvFTuuHwTKws4h89QaY5c5HiY,1067
-boto3_refresh_session-2.0.5.dist-info/METADATA,sha256=0ZunWqKEinPt-DQD5YZfORW7vXYXqU04mXB7LHpNQDE,8795
-boto3_refresh_session-2.0.5.dist-info/NOTICE,sha256=1s8r33qbl1z0YvPB942iWgvbkP94P_e8AnROr1qXXuw,939
-boto3_refresh_session-2.0.5.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
-boto3_refresh_session-2.0.5.dist-info/RECORD,,