Python client.assume_role_with_saml Beispiele

Programmiersprache: Python

Namespace / Paketname: boto3

Klasse / Typ: client

Methode / Funktion: assume_role_with_saml

Beispiele auf hotexamples.com: 4

Python client.assume_role_with_saml - 4 Beispiele gefunden. Dies sind die am besten bewerteten Python Beispiele für die boto3.client.assume_role_with_saml, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Häufig verwendete Methoden

Anzeigen Verbergen

describe_instances(13)

describe_auto_scaling_groups(6)

assume_role(5)

assume_role_with_saml(4)

cancel_spot_instance_requests(3)

describe_services(3)

describe_target_groups(2)

describe_load_balancers(2)

delete_objects(2)

describe_security_groups(2)

create_tags(2)

describe_subnets(2)

describe_volumes(2)

detach_volume(2)

download_file(2)

client(2)

attach_volume(2)

describe_db_clusters(2)

describe_target_health(1)

describe_stacks(1)

generate_presigned_url(1)

describe_replication_groups(1)

describe_record(1)

describe_product(1)

get_bucket_versioning(1)

describe_organizational_unit(1)

get_function_configuration(1)

describe_cluster(1)

describe_instance_attribute(1)

create_repository(1)

attach_user_policy(1)

batch_write_item(1)

create_access_key(1)

create_alias(1)

create_bucket(1)

create_export_task(1)

create_policy(1)

create_stack(1)

describe_export_tasks(1)

create_table(1)

create_user(1)

decrypt(1)

delete_endpoint(1)

delete_endpoint_config(1)

delete_model(1)

describe_cache_clusters(1)

describe_clusters(1)

get_hosted_zone(1)

Beispiel #1

Datei anzeigen

def save_sts_token(session: Session, client: boto3.client, saml: str,
                   role: Role, duration: int = 0) -> datetime:
    params = dict(
        RoleArn=role[1],
        PrincipalArn=role[0],
        SAMLAssertion=saml,
    )
    if duration:
        # Mypy reports that DurationSeconds should be a string but
        # botocore dies unless it is an int so ignore mypy.
        params['DurationSeconds'] = duration  # type: ignore[assignment]
        # duration is optional and can be set by the role;
        # avoid passing if not set.

    token = client.assume_role_with_saml(**params)
    logger.info("Retrieved temporary Amazon credentials for role: " + role[1])

    return save_credentials(session, token)

Beispiel #2

Datei anzeigen

Datei: base_aws.py Projekt: tpanthera/airflow

    def _assume_role_with_saml(
        self, sts_client: boto3.client, role_arn: str, assume_role_kwargs: Dict[str, Any]
    ) -> Dict[str, Any]:
        saml_config = self.extra_config['assume_role_with_saml']
        principal_arn = saml_config['principal_arn']

        idp_auth_method = saml_config['idp_auth_method']
        if idp_auth_method == 'http_spegno_auth':
            saml_assertion = self._fetch_saml_assertion_using_http_spegno_auth(saml_config)
        else:
            raise NotImplementedError(
                f'idp_auth_method={idp_auth_method} in Connection {self.conn.conn_id} Extra.'
                'Currently only "http_spegno_auth" is supported, and must be specified.'
            )

        self.log.info("Doing sts_client.assume_role_with_saml to role_arn=%s", role_arn)
        return sts_client.assume_role_with_saml(
            RoleArn=role_arn, PrincipalArn=principal_arn, SAMLAssertion=saml_assertion, **assume_role_kwargs
        )

Beispiel #3

Datei anzeigen

Datei: __main__.py Projekt: umich-iam/awscli-login

def save_sts_token(session: Session,
                   client: boto3.client,
                   saml: str,
                   role: Role,
                   duration: int = 0) -> datetime:
    params = dict(
        RoleArn=role[1],
        PrincipalArn=role[0],
        SAMLAssertion=saml,
    )
    if duration:
        params['DurationSeconds'] = str(duration)
        # duration is optional and can be set by the role;
        # avoid passing if not set.

    token = client.assume_role_with_saml(**params)
    logger.info("Retrieved temporary Amazon credentials for role: " + role[1])

    return save_credentials(session, token)

Beispiel #4

Datei anzeigen

    def _assume_role_with_saml(self, sts_client: boto3.client,
                               extra_config: dict, role_arn: str,
                               assume_role_kwargs: dict):

        saml_config = extra_config['assume_role_with_saml']
        principal_arn = saml_config['principal_arn']

        idp_url = saml_config["idp_url"]
        self.log.info("idp_url= %s", idp_url)

        idp_request_kwargs = saml_config["idp_request_kwargs"]

        idp_auth_method = saml_config['idp_auth_method']
        if idp_auth_method == 'http_spegno_auth':
            # requests_gssapi will need paramiko > 2.6 since you'll need
            # 'gssapi' not 'python-gssapi' from PyPi.
            # https://github.com/paramiko/paramiko/pull/1311
            import requests_gssapi
            auth = requests_gssapi.HTTPSPNEGOAuth()
            if 'mutual_authentication' in saml_config:
                mutual_auth = saml_config['mutual_authentication']
                if mutual_auth == 'REQUIRED':
                    auth = requests_gssapi.HTTPSPNEGOAuth(
                        requests_gssapi.REQUIRED)
                elif mutual_auth == 'OPTIONAL':
                    auth = requests_gssapi.HTTPSPNEGOAuth(
                        requests_gssapi.OPTIONAL)
                elif mutual_auth == 'DISABLED':
                    auth = requests_gssapi.HTTPSPNEGOAuth(
                        requests_gssapi.DISABLED)
                else:
                    raise NotImplementedError(
                        f'mutual_authentication={mutual_auth} in Connection {self.aws_conn_id} Extra.'
                        'Currently "REQUIRED", "OPTIONAL" and "DISABLED" are supported.'
                        '(Exclude this setting will default to HTTPSPNEGOAuth() ).'
                    )

            # Query the IDP
            import requests
            idp_reponse = requests.get(idp_url,
                                       auth=auth,
                                       **idp_request_kwargs)
            idp_reponse.raise_for_status()

            # Assist with debugging. Note: contains sensitive info!
            xpath = saml_config['saml_response_xpath']
            log_idp_response = 'log_idp_response' in saml_config and saml_config[
                'log_idp_response']
            if log_idp_response:
                self.log.warning(
                    'The IDP response contains sensitive information,'
                    ' but log_idp_response is ON (%s).', log_idp_response)
                self.log.info('idp_reponse.content= %s', idp_reponse.content)
                self.log.info('xpath= %s', xpath)

            # Extract SAML Assertion from the returned HTML / XML
            from lxml import etree
            xml = etree.fromstring(idp_reponse.content)
            saml_assertion = xml.xpath(xpath)
            if isinstance(saml_assertion, list):
                if len(saml_assertion) == 1:
                    saml_assertion = saml_assertion[0]
            if not saml_assertion:
                raise ValueError('Invalid SAML Assertion')
        else:
            raise NotImplementedError(
                f'idp_auth_method={idp_auth_method} in Connection {self.aws_conn_id} Extra.'
                'Currently only "http_spegno_auth" is supported, and must be specified.'
            )

        self.log.info("Doing sts_client.assume_role_with_saml to role_arn=%s",
                      role_arn)
        return sts_client.assume_role_with_saml(RoleArn=role_arn,
                                                PrincipalArn=principal_arn,
                                                SAMLAssertion=saml_assertion,
                                                **assume_role_kwargs)