def test_get_secret_binary(): boto3.session.Session().client('secretsmanager', region_name='us-west-2').create_secret( Name=SECRET_NAME, SecretBinary=SECRET_BINARY) secret = secrets.get_secret(SECRET_NAME) assert (secret == SECRET)
def get_s3_session(bucket: str=None, s3url: str=None, **kwargs) -> s3: """Get boto3-utils s3 class for interacting with an s3 bucket. A secret will be looked for with the name `cirrus-creds-<bucket-name>`. If no secret is found the default session will be used Args: bucket (str, optional): Bucket name to access. Defaults to None. url (str, optional): The s3 URL to access. Defaults to None. Returns: s3: A boto3-utils s3 class """ if s3url: parts = s3.urlparse(s3url) bucket = parts['bucket'] if bucket and bucket in s3_sessions: return s3_sessions[bucket] # otherwise, create new session for this bucket creds = deepcopy(kwargs) try: # get credentials from AWS secret secret_name = f"cirrus-creds-{bucket}" _creds = secrets.get_secret(secret_name) creds.update(_creds) logger.debug(f"Using credentials for bucket {bucket}: {json.dumps(creds)}") except ClientError: logger.debug(f"Using default credentials for bucket {bucket}") requester_pays = creds.pop('requester_pays', False) session = boto3.Session(**creds) s3_sessions[bucket] = s3(session, requester_pays=requester_pays) return s3_sessions[bucket]
def test_get_secret_string(): boto3.session.Session().client('secretsmanager', region_name='us-west-2').create_secret( Name=SECRET_NAME, SecretString=SECRET_STRING) secret = secrets.get_secret(SECRET_NAME) assert (secret == SECRET)
def get_s3_session(bucket: str=None, s3url: str=None, **kwargs) -> s3: """Get boto3-utils s3 class for interacting with an s3 bucket. A secret will be looked for with the name `cirrus-creds-<bucket-name>`. If no secret is found the default session will be used Args: bucket (str, optional): Bucket name to access. Defaults to None. url (str, optional): The s3 URL to access. Defaults to None. Returns: s3: A boto3-utils s3 class """ if s3url: parts = s3.urlparse(s3url) bucket = parts['bucket'] if bucket and bucket in s3_sessions: return s3_sessions[bucket] # otherwise, create new session for this bucket creds = deepcopy(kwargs) try: # get credentials from AWS secret secret_name = f"cirrus-creds-{bucket}" _creds = secrets.get_secret(secret_name) creds.update(_creds) except ClientError as e: if e.response["Error"]["Code"] != "ResourceNotFoundException": # some other client error we cannot handle raise e logger.info(f"Secret not found, using default credentials: '{secret_name}'") requester_pays = creds.pop('requester_pays', False) session = boto3.Session(**creds) s3_sessions[bucket] = s3(session, requester_pays=requester_pays) return s3_sessions[bucket]
def test_get_secret_undef(): with pytest.raises(ClientError): secrets.get_secret(SECRET_NAME)