def getEnvironment(self, profile=None): """Return environment variables that should be set for the profile.""" eventHooks = HierarchicalEmitter() session = Session(event_hooks=eventHooks) if profile: session.set_config_variable('profile', profile) awscli_initialize(eventHooks) session.emit('session-initialized', session=session) creds = session.get_credentials() env = {} def set(key, value): if value: env[key] = value set('AWS_ACCESS_KEY_ID', creds.access_key) set('AWS_SECRET_ACCESS_KEY', creds.secret_key) # AWS_SESSION_TOKEN is the ostensibly the standard: # http://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs # http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-environment set('AWS_SESSION_TOKEN', creds.token) # ...but boto expects AWS_SECURITY_TOKEN. Set both for compatibility. # https://github.com/boto/boto/blob/b016c07d834df5bce75141c4b9d2f3d30352e1b8/boto/connection.py#L438 set('AWS_SECURITY_TOKEN', creds.token) set('AWS_DEFAULT_REGION', session.get_config_variable('region')) return env
class Context(object): def __init__(self, profile=''): self.session = Session() self.session.profile = profile def getS3Connection(self): return S3Connection(self.session.get_config_variable('access_key'), self.session.get_config_variable('secret_key'))
def __init__(self) -> None: current_session = Session() region = current_session.get_config_variable('region') creds = current_session.get_credentials() self.signer = SigV4Auth(creds, 'execute-api', region) analysis_api_fqdn = os.environ.get('ANALYSIS_API_FQDN') analysis_api_path = os.environ.get('ANALYSIS_API_PATH') self.url = 'https://' + analysis_api_fqdn + '/' + analysis_api_path
def run(): "Entry proint" obj = BotocoreClientHandler(service='ecr') parser = obj._parse_args() print(parser.profile) session = Session(profile=parser.profile) print(dir(session)) print(session.get_config_variable('region')) print(session.get_credentials(), session.profile)
def __init__( self, *, max_concurrent_requests: int = _DEFAULT_MAX_CONCURRENT_REQUESTS, max_attempts: int = _DEFAULT_MAX_ATTEMPTS, timeout: aiohttp.ClientTimeout = _DEFAULT_TIMEOUT, session: aiohttp.ClientSession = None, ): self._max_concurrent_requests = max_concurrent_requests self._max_attempts = max_attempts # Fetch the credentials and default region from botocore's session. # This will automatically find configuration in the user's .aws folder, # or in instance metadata. boto_session = Session() self._credentials = boto_session.get_credentials() self._region = boto_session.get_config_variable("region") if session is None: self._session = aiohttp.ClientSession(raise_for_status=True, timeout=timeout) else: self._session = session
def getEnvironment(self, profile=None): """Return environment variables that should be set for the profile.""" eventHooks = HierarchicalEmitter() session = Session(event_hooks=eventHooks) if profile: session.set_config_variable('profile', profile) eventHooks.register('session-initialized', inject_assume_role_provider_cache, unique_id='inject_assume_role_cred_provider_cache') session.emit('session-initialized', session=session) creds = session.get_credentials() env = {} def set(key, value): if value: env[key] = value set('AWS_ACCESS_KEY_ID', creds.access_key) set('AWS_SECRET_ACCESS_KEY', creds.secret_key) # AWS_SESSION_TOKEN is the ostensibly the standard: # http://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs # http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-environment set('AWS_SESSION_TOKEN', creds.token) # ...but boto expects AWS_SECURITY_TOKEN. Set both for compatibility. # https://github.com/boto/boto/blob/b016c07d834df5bce75141c4b9d2f3d30352e1b8/boto/connection.py#L438 set('AWS_SECURITY_TOKEN', creds.token) set('AWS_DEFAULT_REGION', session.get_config_variable('region')) return env
def main(): parser = argparse.ArgumentParser(description=DESCRIPTION) parser.add_argument('--profile', help='The AWS config profile to use') group = parser.add_mutually_exclusive_group() group.add_argument('--json', action='store_const', const='json', dest='format', help="Print credential_process-compatible JSON to stdout (default)") group.add_argument('--env', action='store_const', const='env', dest='format', help="Print as env vars") group.add_argument('--env-export', action='store_const', const='env-export', dest='format', help="Print as env vars prefixed by 'export ' for shell sourcing") group.add_argument('--exec', nargs=argparse.REMAINDER, help="Exec remaining input w/ creds injected as env vars") group.add_argument('--credentials-file-profile', '-c', metavar='PROFILE_NAME', help="Write to a profile in AWS credentials file") group.add_argument('--container', nargs=2, metavar=('HOST_PORT', 'TOKEN'), help="Start a server on [HOST:]PORT for use with containers, requires TOKEN for auth") parser.add_argument('--pretty', action='store_true', help='For --json, pretty-print') parser.add_argument('--version', action='store_true') parser.add_argument('--debug', action='store_true') cache_group = parser.add_argument_group('Caching') cache_group.add_argument('--cache-file') buffer_type = lambda v: timedelta(minutes=int(v)) buffer_default = timedelta(minutes=10) cache_group.add_argument('--cache-expiration-buffer', type=buffer_type, default=buffer_default, metavar='MINUTES', help='Expiration buffer in minutes, defaults to 10 minutes') cache_group.add_argument('--refresh', action='store_true', help='Refresh the cache') args = parser.parse_args() if args.version: print(__version__) parser.exit() if not any([args.format, args.exec, args.credentials_file_profile, args.container]): args.format = 'json' args.pretty = True if args.debug: logging.basicConfig(level=logging.DEBUG) if args.container: try: args.container = parse_container_arg(args.container) except Exception: parser.error("invalid value for --container") if args.cache_file: parser.error("cannot use --cache-file with --container") for key in ['AWS_ACCESS_KEY_ID', 'AWS_SECRET_ACCESS_KEY', 'AWS_SESSION_TOKEN']: os.environ.pop(key, None) # if args.profile: # for key in ['AWS_PROFILE', 'AWS_DEFAULT_PROFILE']: # os.environ.pop(key, None) credentials = None if args.cache_file and not args.refresh: credentials = load_cache(args.cache_file, args.cache_expiration_buffer) if credentials and args.credentials_file_profile: session = Session(profile=args.profile) elif not credentials: try: session = Session(profile=args.profile) credentials = get_credentials(session) if not credentials: print('Unable to locate credentials.', file=sys.stderr) sys.exit(2) if args.cache_file: save_cache(args.cache_file, credentials) except Exception as e: if args.debug: traceback.print_exc() print(str(e), file=sys.stderr) sys.exit(3) if args.exec: for key in ['AWS_PROFILE', 'AWS_DEFAULT_PROFILE']: os.environ.pop(key, None) os.environ.update({ 'AWS_ACCESS_KEY_ID': credentials.AccessKeyId, 'AWS_SECRET_ACCESS_KEY': credentials.SecretAccessKey, }) if credentials.SessionToken: os.environ['AWS_SESSION_TOKEN'] = credentials.SessionToken if credentials.Expiration: os.environ['AWS_CREDENTIALS_EXPIRATION'] = credentials.Expiration.strftime(TIME_FORMAT) region_name = session.get_config_variable('region') if region_name: os.environ['AWS_DEFAULT_REGION'] = region_name command = ' '.join(shlex.quote(arg) for arg in args.exec) os.system(command) elif args.format == 'json': data = { 'Version': 1, 'AccessKeyId': credentials.AccessKeyId, 'SecretAccessKey': credentials.SecretAccessKey, } if credentials.SessionToken: data['SessionToken'] = credentials.SessionToken if credentials.Expiration: data['Expiration'] = credentials.Expiration.strftime(TIME_FORMAT) if args.pretty: json_kwargs={'indent': 2} else: json_kwargs={'separators': (',', ':')} print(json.dumps(data, **json_kwargs)) elif args.format in ['env', 'env-export']: if args.format == 'env-export': prefix = 'export ' else: prefix = '' lines = [ '{}AWS_ACCESS_KEY_ID={}'.format(prefix, credentials.AccessKeyId), '{}AWS_SECRET_ACCESS_KEY={}'.format(prefix, credentials.SecretAccessKey), ] if credentials.SessionToken: lines.append('{}AWS_SESSION_TOKEN={}'.format(prefix, credentials.SessionToken)) if credentials.Expiration: lines.append('{}AWS_CREDENTIALS_EXPIRATION={}'.format(prefix, credentials.Expiration.strftime(TIME_FORMAT))) print('\n'.join(lines)) elif args.credentials_file_profile: values = { 'aws_access_key_id': credentials.AccessKeyId, 'aws_secret_access_key': credentials.SecretAccessKey, } if credentials.SessionToken: values['aws_session_token'] = credentials.SessionToken if credentials.Expiration: values['aws_credentials_expiration'] = credentials.Expiration.strftime(TIME_FORMAT) write_values(session, args.credentials_file_profile, values) elif args.container: server_address, token = args.container handler_class = functools.partial(ContainerRequestHandler, token=token, session=session, ) server = HTTPServer(server_address, handler_class) try: server.serve_forever() except KeyboardInterrupt: pass else: print("ERROR: no option set (this should never happen)", file=sys.stderr) sys.exit(1)
def credentials_file_path(session: Session, expand_user: bool = False): cred_path = session.get_config_variable("credentials_file") return path.expanduser(cred_path) if expand_user else cred_path
def __init__(self) -> None: botocore_session = Session() self.credentials = botocore_session.get_credentials() self.region_name = botocore_session.get_config_variable('region')