Skip to content

Commit

Permalink
Add option to include session token in URL
Browse files Browse the repository at this point in the history
  • Loading branch information
@ThomasMarwitzQC
ThomasMarwitzQC committed Feb 27, 2024
1 parent 789a5f8 commit 6981790
Showing 1 changed file with 51 additions and 7 deletions.
58 changes: 51 additions & 7 deletions minimalkv/net/s3fsstore.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import os
import warnings
from typing import Dict
from typing import Dict, NamedTuple, Optional

Check warning on line 3 in minimalkv/net/s3fsstore.py

View check run for this annotation

Codecov / codecov/patch

minimalkv/net/s3fsstore.py#L3 

Added line #L3 was not covered by tests

from uritools import SplitResult

Expand All @@ -22,10 +22,27 @@
)


class Credentials(NamedTuple):

Check warning on line 25 in minimalkv/net/s3fsstore.py

View check run for this annotation

Codecov / codecov/patch

minimalkv/net/s3fsstore.py#L25 

Added line #L25 was not covered by tests
"""Dataclass to hold AWS credentials."""

access_key_id: Optional[str]
secret_access_key: Optional[str]
session_token: Optional[str]

Check warning on line 30 in minimalkv/net/s3fsstore.py

View check run for this annotation

Codecov / codecov/patch

minimalkv/net/s3fsstore.py#L28-L30 

Added lines #L28 - L30 were not covered by tests

def as_boto3_params(self):

Check warning on line 32 in minimalkv/net/s3fsstore.py

View check run for this annotation

Codecov / codecov/patch

minimalkv/net/s3fsstore.py#L32 

Added line #L32 was not covered by tests
"""Return the credentials as a dictionary suitable for boto3 authentication."""
return {

Check warning on line 34 in minimalkv/net/s3fsstore.py

View check run for this annotation

Codecov / codecov/patch

minimalkv/net/s3fsstore.py#L34 

Added line #L34 was not covered by tests
"aws_access_key_id": self.access_key_id,
"aws_secret_access_key": self.secret_access_key,
"aws_session_token": self.session_token,
}


class S3FSStore(FSSpecStore, UrlMixin): # noqa D
def __init__(
self,
bucket,
credentials: Optional[Credentials] = None,
object_prefix="",
url_valid_time=0,
reduced_redundancy=False,
Expand All @@ -37,12 +54,14 @@ def __init__(
if isinstance(bucket, str):
import boto3

s3_resource = boto3.resource("s3")
boto3_params = credentials.as_boto3_params() if credentials else {}
s3_resource = boto3.resource("s3", **boto3_params)

Check warning on line 58 in minimalkv/net/s3fsstore.py

View check run for this annotation

Codecov / codecov/patch

minimalkv/net/s3fsstore.py#L57-L58 

Added lines #L57 - L58 were not covered by tests
bucket = s3_resource.Bucket(bucket)
if bucket not in s3_resource.buckets.all():
raise ValueError("invalid s3 bucket name")

self.bucket = bucket
self.credentials = credentials

Check warning on line 64 in minimalkv/net/s3fsstore.py

View check run for this annotation

Codecov / codecov/patch

minimalkv/net/s3fsstore.py#L64 

Added line #L64 was not covered by tests
self.object_prefix = object_prefix.strip().lstrip("/")
self.url_valid_time = url_valid_time
self.reduced_redundancy = reduced_redundancy
Expand Down Expand Up @@ -74,6 +93,16 @@ def _create_filesystem(self) -> "S3FileSystem":
client_kwargs["endpoint_url"] = self.endpoint_url
if self.region_name:
client_kwargs["region_name"] = self.region_name

if self.credentials:
return S3FileSystem(

Check warning on line 98 in minimalkv/net/s3fsstore.py

View check run for this annotation

Codecov / codecov/patch

minimalkv/net/s3fsstore.py#L97-L98 

Added lines #L97 - L98 were not covered by tests
key=self.credentials.access_key_id,
secret=self.credentials.secret_access_key,
token=self.credentials.session_token,
anon=False,
client_kwargs=client_kwargs,
)

return S3FileSystem(
anon=False,
client_kwargs=client_kwargs,
Expand Down Expand Up @@ -117,10 +146,19 @@ def _from_parsed_url(
``region_name`` (default: ``None``): If set the AWS region name is applied as location
constraint during bucket creation.
``session_token``(default: ``None``): If set this token will be used in conjunction
with access_key_id and secret_access_key for authentication.
**Notes**:
If the scheme is ``hs3``, an ``HS3FSStore`` is returned which allows ``/`` in key names.
If the credentials are not provided through the url, they are attempted to be
loaded from the environment variables `AWS_ACCESS_KEY_ID`,
`AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN`. If these variables are not set,
the search for credentials will be delegated to boto(core).
Parameters
----------
parsed_url: SplitResult
Expand All @@ -137,6 +175,7 @@ def _from_parsed_url(

url_access_key_id = _get_username(parsed_url)
url_secret_access_key = _get_password(parsed_url)
url_session_token = query.get("session_token", None)

Check warning on line 178 in minimalkv/net/s3fsstore.py

View check run for this annotation

Codecov / codecov/patch

minimalkv/net/s3fsstore.py#L178 

Added line #L178 was not covered by tests

if url_access_key_id is None:
url_secret_access_key = os.environ.get("AWS_ACCESS_KEY_ID")
Expand All @@ -148,10 +187,13 @@ def _from_parsed_url(
else:
os.environ["AWS_SECRET_ACCESS_KEY"] = url_secret_access_key

boto3_params = {
"aws_access_key_id": url_access_key_id,
"aws_secret_access_key": url_secret_access_key,
}
credentials = Credentials(

Check warning on line 190 in minimalkv/net/s3fsstore.py

View check run for this annotation

Codecov / codecov/patch

minimalkv/net/s3fsstore.py#L190 

Added line #L190 was not covered by tests
access_key_id=url_access_key_id,
secret_access_key=url_secret_access_key,
session_token=url_session_token,
)

boto3_params = credentials.as_boto3_params()

Check warning on line 196 in minimalkv/net/s3fsstore.py

View check run for this annotation

Codecov / codecov/patch

minimalkv/net/s3fsstore.py#L196 

Added line #L196 was not covered by tests
host = parsed_url.gethost()
port = parsed_url.getport()

Expand Down Expand Up @@ -198,4 +240,6 @@ def _from_parsed_url(

verify = query.get("verify", "true").lower() == "true"

return cls(bucket, verify=verify, region_name=region_name)
return cls(

Check warning on line 243 in minimalkv/net/s3fsstore.py

View check run for this annotation

Codecov / codecov/patch

minimalkv/net/s3fsstore.py#L243 

Added line #L243 was not covered by tests
bucket, credentials=credentials, verify=verify, region_name=region_name
)

0 comments on commit 6981790

Please sign in to comment.