async def _validate_aws_credentials(hass, credential):
"""Validate AWS credential config."""
import aiobotocore
aws_config = credential.copy()
del aws_config[CONF_NAME]
del aws_config[CONF_VALIDATE]
profile = aws_config.get(CONF_PROFILE_NAME)
if profile is not None:
session = aiobotocore.AioSession(profile=profile)
del aws_config[CONF_PROFILE_NAME]
if CONF_ACCESS_KEY_ID in aws_config:
del aws_config[CONF_ACCESS_KEY_ID]
if CONF_SECRET_ACCESS_KEY in aws_config:
del aws_config[CONF_SECRET_ACCESS_KEY]
else:
session = aiobotocore.AioSession()
if credential[CONF_VALIDATE]:
async with session.create_client("iam", **aws_config) as client:
await client.get_user()
return session
async def async_get_service(hass, config, discovery_info=None):
"""Get the AWS notification service."""
if discovery_info is None:
_LOGGER.error("Please config aws notify platform in aws component")
return None
session = None
conf = discovery_info
service = conf[CONF_SERVICE]
region_name = conf[CONF_REGION]
available_regions = await get_available_regions(hass, service)
if region_name not in available_regions:
_LOGGER.error(
"Region %s is not available for %s service, must in %s",
region_name,
service,
available_regions,
)
return None
aws_config = conf.copy()
del aws_config[CONF_SERVICE]
del aws_config[CONF_REGION]
if CONF_PLATFORM in aws_config:
del aws_config[CONF_PLATFORM]
if CONF_NAME in aws_config:
del aws_config[CONF_NAME]
if CONF_CONTEXT in aws_config:
del aws_config[CONF_CONTEXT]
if not aws_config:
# no platform config, use the first aws component credential instead
if hass.data[DATA_SESSIONS]:
session = next(iter(hass.data[DATA_SESSIONS].values()))
else:
_LOGGER.error("Missing aws credential for %s", config[CONF_NAME])
return None
if session is None:
credential_name = aws_config.get(CONF_CREDENTIAL_NAME)
if credential_name is not None:
session = hass.data[DATA_SESSIONS].get(credential_name)
if session is None:
_LOGGER.warning("No available aws session for %s",
credential_name)
del aws_config[CONF_CREDENTIAL_NAME]
if session is None:
if (profile := aws_config.get(CONF_PROFILE_NAME)) is not None:
session = aiobotocore.AioSession(profile=profile)
del aws_config[CONF_PROFILE_NAME]
else:
session = aiobotocore.AioSession()
async def run(args):
LOGGER.info('Starting')
# authenticated sessions
wb_session = aiobotocore.AioSession(profile=args.whitebox_profile)
bb_session = aiobotocore.AioSession(profile=args.blackbox_profile)
# unauthenticated session
config = AioConfig(signature_version=UNSIGNED)
session = aiobotocore.get_session()
async with session.create_client('s3',
region_name='us-east-1',
config=config) as anonymous_client:
async with wb_session.create_client(
's3', region_name='us-east-1') as wb_client:
async with bb_session.create_client(
's3', region_name='us-east-1') as bb_client:
with open(
f's3-whitebox_results_{args.whitebox_profile}_{time.strftime("%Y-%m-%d-%H%M%S")}.csv',
'a') as csv_out:
csv_writer = csv.writer(csv_out, delimiter=',')
csv_writer.writerow(
['bucket', 'object', 'content-type', 'url', 'access'])
buckets = await wb_client.list_buckets()
bucket_tasks = []
for bucket in buckets.get('Buckets'):
try:
bucket_location = await wb_client.get_bucket_location(
Bucket=bucket.get('Name'))
bucket_region = bucket_location.get(
'LocationConstraint', 'us-east-1')
if not bucket_region:
bucket_region = 'us-east-1'
except Exception as e:
bucket_region = 'us-east-1'
finally:
bucket_tasks.append(
test_bucket(bucket.get('Name'), bucket_region,
wb_client, bb_client,
anonymous_client, csv_writer))
await asyncio.gather(*bucket_tasks)
LOGGER.info('Done')
def session(self):
if self._session is None:
if self.profile:
_LOGGER.debug("Load aiobotocore session from profile %s",
self.profile)
self._session = aiobotocore.AioSession(profile=self.profile)
else:
_LOGGER.debug("Load default aiobotocore session")
self._session = aiobotocore.get_session()
return self._session
async def _validate_aws_credentials(hass, credential):
"""Validate AWS credential config."""
aws_config = credential.copy()
del aws_config[CONF_NAME]
del aws_config[CONF_VALIDATE]
if (profile := aws_config.get(CONF_PROFILE_NAME)) is not None:
session = aiobotocore.AioSession(profile=profile)
del aws_config[CONF_PROFILE_NAME]
if CONF_ACCESS_KEY_ID in aws_config:
del aws_config[CONF_ACCESS_KEY_ID]
if CONF_SECRET_ACCESS_KEY in aws_config:
del aws_config[CONF_SECRET_ACCESS_KEY]
def session(self):
if self._session is None:
if self.profile:
_LOGGER.debug("Load aiobotocore session from profile %s", self.profile)
self._session = aiobotocore.AioSession(profile=self.profile)
elif os.environ.get("AWS_ACCESS_KEY_ID") and os.environ.get(
"AWS_SECRET_ACCESS_KEY"
):
_LOGGER.debug("Load aiobotocore session from environment")
kwargs = {
"aws_access_key_id": os.environ.get("AWS_ACCESS_KEY_ID"),
"aws_secret_access_key": os.environ.get("AWS_SECRET_ACCESS_KEY"),
"region_name": os.getenv("AWS_DEFAULT_REGION", self.region),
}
if os.environ.get("AWS_SESSION_TOKEN"):
kwargs["aws_session_token"] = os.environ.get("AWS_SESSION_TOKEN")
self._session = aiobotocore.get_session(**kwargs)
else:
_LOGGER.debug("Load default aiobotocore session")
self._session = aiobotocore.get_session()
return self._session
async def async_get_service(opp, config, discovery_info=None):
"""Get the AWS notification service."""
if discovery_info is None:
_LOGGER.error("Please config aws notify platform in aws component")
return None
session = None
conf = discovery_info
service = conf[CONF_SERVICE]
region_name = conf[CONF_REGION]
available_regions = await get_available_regions(opp, service)
if region_name not in available_regions:
_LOGGER.error(
"Region %s is not available for %s service, must in %s",
region_name,
service,
available_regions,
)
return None
aws_config = conf.copy()
del aws_config[CONF_SERVICE]
del aws_config[CONF_REGION]
if CONF_PLATFORM in aws_config:
del aws_config[CONF_PLATFORM]
if CONF_NAME in aws_config:
del aws_config[CONF_NAME]
if CONF_CONTEXT in aws_config:
del aws_config[CONF_CONTEXT]
if not aws_config:
# no platform config, use the first aws component credential instead
if opp.data[DATA_SESSIONS]:
session = next(iter(opp.data[DATA_SESSIONS].values()))
else:
_LOGGER.error("Missing aws credential for %s", config[CONF_NAME])
return None
if session is None:
credential_name = aws_config.get(CONF_CREDENTIAL_NAME)
if credential_name is not None:
session = opp.data[DATA_SESSIONS].get(credential_name)
if session is None:
_LOGGER.warning("No available aws session for %s",
credential_name)
del aws_config[CONF_CREDENTIAL_NAME]
if session is None:
profile = aws_config.get(CONF_PROFILE_NAME)
if profile is not None:
session = aiobotocore.AioSession(profile=profile)
del aws_config[CONF_PROFILE_NAME]
else:
session = aiobotocore.AioSession()
aws_config[CONF_REGION] = region_name
if service == "lambda":
context_str = json.dumps({"custom": conf.get(CONF_CONTEXT, {})},
cls=JSONEncoder)
context_b64 = base64.b64encode(context_str.encode("utf-8"))
context = context_b64.decode("utf-8")
return AWSLambda(session, aws_config, context)
if service == "sns":
return AWSSNS(session, aws_config)
if service == "sqs":
return AWSSQS(session, aws_config)
# should not reach here since service was checked in schema
return None
# have to use discovery to load platform.
for notify_config in conf[CONF_NOTIFY]:
hass.async_create_task(
discovery.async_load_platform(hass, "notify", DOMAIN,
notify_config, config))
return validation
async def _validate_aws_credentials(hass, credential):
"""Validate AWS credential config."""
aws_config = credential.copy()
del aws_config[CONF_NAME]
del aws_config[CONF_VALIDATE]
if (profile := aws_config.get(CONF_PROFILE_NAME)) is not None:
session = aiobotocore.AioSession(profile=profile)
del aws_config[CONF_PROFILE_NAME]
if CONF_ACCESS_KEY_ID in aws_config:
del aws_config[CONF_ACCESS_KEY_ID]
if CONF_SECRET_ACCESS_KEY in aws_config:
del aws_config[CONF_SECRET_ACCESS_KEY]
else:
session = aiobotocore.AioSession()
if credential[CONF_VALIDATE]:
async with session.create_client("iam", **aws_config) as client:
await client.get_user()
return session
