def test_get_secret_binary():
boto3.session.Session().client('secretsmanager',
region_name='us-west-2').create_secret(
Name=SECRET_NAME,
SecretBinary=SECRET_BINARY)
secret = secrets.get_secret(SECRET_NAME)
assert (secret == SECRET)
def get_s3_session(bucket: str=None, s3url: str=None, **kwargs) -> s3:
"""Get boto3-utils s3 class for interacting with an s3 bucket. A secret will be looked for with the name
`cirrus-creds-<bucket-name>`. If no secret is found the default session will be used
Args:
bucket (str, optional): Bucket name to access. Defaults to None.
url (str, optional): The s3 URL to access. Defaults to None.
Returns:
s3: A boto3-utils s3 class
"""
if s3url:
parts = s3.urlparse(s3url)
bucket = parts['bucket']
if bucket and bucket in s3_sessions:
return s3_sessions[bucket]
# otherwise, create new session for this bucket
creds = deepcopy(kwargs)
try:
# get credentials from AWS secret
secret_name = f"cirrus-creds-{bucket}"
_creds = secrets.get_secret(secret_name)
creds.update(_creds)
logger.debug(f"Using credentials for bucket {bucket}: {json.dumps(creds)}")
except ClientError:
logger.debug(f"Using default credentials for bucket {bucket}")
requester_pays = creds.pop('requester_pays', False)
session = boto3.Session(**creds)
s3_sessions[bucket] = s3(session, requester_pays=requester_pays)
return s3_sessions[bucket]
def test_get_secret_string():
boto3.session.Session().client('secretsmanager',
region_name='us-west-2').create_secret(
Name=SECRET_NAME,
SecretString=SECRET_STRING)
secret = secrets.get_secret(SECRET_NAME)
assert (secret == SECRET)
def get_s3_session(bucket: str=None, s3url: str=None, **kwargs) -> s3:
"""Get boto3-utils s3 class for interacting with an s3 bucket. A secret will be looked for with the name
`cirrus-creds-<bucket-name>`. If no secret is found the default session will be used
Args:
bucket (str, optional): Bucket name to access. Defaults to None.
url (str, optional): The s3 URL to access. Defaults to None.
Returns:
s3: A boto3-utils s3 class
"""
if s3url:
parts = s3.urlparse(s3url)
bucket = parts['bucket']
if bucket and bucket in s3_sessions:
return s3_sessions[bucket]
# otherwise, create new session for this bucket
creds = deepcopy(kwargs)
try:
# get credentials from AWS secret
secret_name = f"cirrus-creds-{bucket}"
_creds = secrets.get_secret(secret_name)
creds.update(_creds)
except ClientError as e:
if e.response["Error"]["Code"] != "ResourceNotFoundException":
# some other client error we cannot handle
raise e
logger.info(f"Secret not found, using default credentials: '{secret_name}'")
requester_pays = creds.pop('requester_pays', False)
session = boto3.Session(**creds)
s3_sessions[bucket] = s3(session, requester_pays=requester_pays)
return s3_sessions[bucket]
def test_get_secret_undef():
with pytest.raises(ClientError):
secrets.get_secret(SECRET_NAME)