def __init__(self, credential, region_name):
"""
Setup an AWS client
:param credential: The credential used to authenticate to AWS
:type credential: Credential
:param region_name: Region in which client will operate
:type region_name: str
"""
if self.__client_identifier__ is None:
raise Exception(
'Attempting to retrieve client but no identifier has been set')
# If no credential is supplied- use default system permission
if credential is None:
Log.trace('Using default system credentials')
credential = Credential()
self.__credential__ = credential
self.__session__ = credential.get_boto3_session(region_name)
self.__client__ = self.__session__.client(self.__client_identifier__)
self.__sts_client__ = self.__session__.client("sts")
self.__caller_identity__ = self.__sts_client__.get_caller_identity()
def get_credential_for_iam_role(role_arn) -> Credential:
"""
Assume an IAM role and return credential object
:param role_arn: The IAM role to impersonate
:type role_arn: str
:return: AWS credentials object
:raise Exception: on failure to assume role
"""
session_name = hashlib.md5(role_arn.encode())
session_name = str(session_name.hexdigest())
sts_client = boto3.client('sts')
assume_role_response = sts_client.assume_role(
RoleArn=role_arn, RoleSessionName=session_name)
if 'Credentials' in assume_role_response:
return Credential(
aws_access_key_id=assume_role_response['Credentials']
['AccessKeyId'],
aws_secret_access_key=assume_role_response['Credentials']
['SecretAccessKey'],
aws_session_token=assume_role_response['Credentials']
['SessionToken'])
raise Exception(
'Failed to assume IAM role ({role_arn})'.format(role_arn=role_arn))
def setUp(self) -> None:
"""
Setup for unit tests
"""
# Store timestamp for use in identifying resources created by tests
self.timestamp = int(time())
# Boto3 leaves a socket connection unclosed, this disables the following warning that is received during unit tests
# ResourceWarning: unclosed <ssl.SSLSocket fd=3, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('192.168.1.84', 41910), raddr=('52.46.134.192', 443)>
print('Disabling unclosed socket warning')
warnings.filterwarnings("ignore",
category=ResourceWarning,
message="unclosed.*<ssl.SSLSocket.*>")
# Retrieve AWS credentials from CLI
print('Retrieving AWS credentials')
aws_access_key_id = os.environ.get('AWS_ACCESS_KEY_ID')
aws_secret_access_key = os.environ.get('AWS_SECRET_ACCESS_KEY')
# If either variable is not set the tests cannot proceed
if aws_access_key_id is None or aws_secret_access_key is None:
raise Exception(
"AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY credentials must be set in environment variables prior to running unit tests"
)
# Setup QLDB client
print('Creating QLDB client')
credential = Credential(aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key)
self.client = Client(credential=credential,
region_name='ap-southeast-2')
def get_credential_for_profile_name(profile_name) -> Credential:
"""
Use AWS profile name to get credential object
:param profile_name: AWS profile name
:type profile_name: str
:return: AWS credentials object
"""
return Credential(profile_name=profile_name)
def get_credential_for_key_secret(aws_access_key_id,
aws_secret_access_key,
aws_session_token=None) -> Credential:
"""
Use AWS key/secret to get credential object
:param aws_access_key_id: The AWS access key ID
:type aws_access_key_id: str
:param aws_secret_access_key: The AWS access key secret
:type aws_secret_access_key: str
:param aws_session_token: Optional AWS session token
:type aws_session_token: Optional[str]
:return: AWS credentials object
"""
return Credential(aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key,
aws_session_token=aws_session_token)
def get_credential_default() -> Credential:
return Credential()