Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Session.assume_role method #3253

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

benkehoe
Copy link

@benkehoe benkehoe commented May 3, 2022

This is a followup on boto/botocore#2096. That was an overcomplicated implementation that used a custom CredentialProvider and credential chain, when botocore.Session already has a mechanism for overriding the credential chain with a Credentials object.

Issue boto/botocore#761 asks for first-class support for sts:AssumeRole, where there is a Session.assume_role() method that produces another session. This implements it by using the existing AssumeRoleCredentialFetcher and DeferredRefreshableCredentials classes, the latter of which is set as the _credentials field of the new botocore Session (like happens when you provide explicit credentials when setting up a session by calling set_credentials() on the botocore session; that method doesn't take a Credentials object, so this changes the field directly, but that could be fixed by a small change to botocore.Session). It sets the region of the assumed role session to the current value returned by Session.region_name.

I'm opening this PR for discussion as to whether it might be accepted, given that it's a substantially smaller change than proposed in the previous PR. As such, I have not yet implemented tests, nor given the method signature any thought (compare with the comprehensive interface provided by aws-assume-role-lib).

region_name=region_name,
)

# provice traceability
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo

@nabebaye
Copy link

Bumping for visibility

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants