def _resolve_credentials(self, access_key, secret_key):
"""Try and load the credentials file from disk checking first to see
if a path is specified in the ``AWS_SHARED_CREDENTIALS_FILE``
environment variable and if not, falling back to ``~/.aws/credentials``
:return: access_key, secret_key
:rtype: str, str
:raises: ConfigNotFound
:raises: ConfigParserError
"""
access_key = os.getenv('AWS_ACCESS_KEY_ID', access_key)
secret_key = os.getenv('AWS_SECRET_ACCESS_KEY', secret_key)
if access_key and secret_key:
return access_key, secret_key
file_path = os.getenv('AWS_SHARED_CREDENTIALS_FILE',
DEFAULT_CREDENTIALS_PATH)
try:
config = _parse_file(file_path)
except exceptions.ConfigNotFound:
return None, None
if self._profile not in config:
raise exceptions.NoProfileError(path=file_path,
profile=self._profile)
values = []
for key in ['aws_access_key_id', 'aws_secret_access_key']:
values.append(config[self._profile].get(key)
or config.get('default', {}).get(key))
if not all(values):
return None, None
return values[0], values[1]
def get_region(profile):
"""Return the credentials from the configured ~/.aws/credentials file
following a similar behavior implemented by awscli and botocore.
:param str profile: Use the optional profile for getting settings
:return: region
:rtype: str
:raises: exceptions.ConfigNotFound
"""
region = os.getenv('AWS_DEFAULT_REGION', None)
if region:
return region
file_path = os.getenv('AWS_CONFIG_FILE', '~/.aws/config')
try:
config = _parse_file(file_path)
except exceptions.ConfigNotFound:
try:
return _request_region_from_instance()
except (httpclient.HTTPError, OSError) as error:
LOGGER.error('Error fetching from EC2 Instance Metadata (%s)',
error)
raise exceptions.ConfigNotFound(path=file_path)
if profile not in config and 'default' not in config:
raise exceptions.NoProfileError(path=file_path, profile=profile)
return (config.get(profile, {}).get('region')
or config.get('default', {}).get('region') or DEFAULT_REGION)
def _resolve_config_file_credentials(self):
"""Attempt to load credentials via configuration file, looking to
the AWS_SHARED_CREDENTIALS_FILE environment variable for the path
or defaulting to `'~/.aws/credentials`. This allows for instances
where the credentials file is mounted or managed by an external
system and can change while the application is running.
:raises: ConfigNotFound
:raises: ConfigParserError
:return: access_key, secret_key, security_token
:rtype: str, str, str
"""
file_path = os.getenv('AWS_SHARED_CREDENTIALS_FILE',
DEFAULT_CREDENTIALS_PATH)
try:
config = _parse_file(file_path)
except exceptions.ConfigNotFound:
return False
if self._profile not in config:
raise exceptions.NoProfileError(path=file_path,
profile=self._profile)
self._access_key = self._get_config_value(config, 'aws_access_key_id')
self._secret_key = self._get_config_value(config,
'aws_secret_access_key')
self._security_token = self._get_config_value(
config, 'aws_security_token') or self._get_config_value(
config, 'aws_session_token')
self._expiration = self._get_config_value(config, 'aws_access_key_id')
self._local_credentials = \
self._access_key is not None and self._secret_key is not None
return self._local_credentials
def test_raises_no_profile_error(self):
with mock.patch('tornado_aws.client.AsyncAWSClient.fetch') as fetch:
fetch.side_effect = aws_exceptions.NoProfileError(profile='test-1',
path='/test')
with self.assertRaises(exceptions.NoProfileError):
yield self.client.create_table(self.generic_table_definition())
def test_raises_no_profile_error(self):
self.create_table_expecting_raise(
dynamodb.NoProfileError,
aws_exceptions.NoProfileError(profile='test-1', path='/test'))