ENH: AWS4Auth - add option to use boto3 for automatically retrieving credentials
snowman2 opened this issue · comments
Following what is done here:
https://github.com/DavidMuller/aws-requests-auth/blob/2e1dd0f37e3815c417c3b0630215a77aab5af617/aws_requests_auth/boto_utils.py
Any interest in using boto3 to automatically retrieve AWS credentials?
Hello @snowman2,
What would be the exhaustive list of new dependencies in such as case (excluding the one already provided by httpx) ?
Thanks again
Looks like it just needs botocore.
It could be listed as a dependency in the extras_required section as aws
.
python -m pip install httpx-auth[aws]
I wonder if we cannot provide a small sample on how to retrieve the information using botocore instead of introducing those changes in the code and adding an optional dependency.
I guess the following would work according to your sample:
from botocore.session import Session
from httpx_auth import AWS4Auth
credentials = Session().get_credentials()j.get_frozen_credentials()
aws = AWS4Auth(access_id=credentials.access_key, secret_key=credentials.secret_key, region="eu-west-1", service="s3", security_token=credentials.token)
Thank you for maintaining this library and for taking the time to consider this proposal. Your logic makes sense to me.
I am thinking that maybe a new library called aws-httpx-auth might be a good home for this if I (or someone else) ever get around to implementing it. It seems there is some demand for it (DavidMuller/aws-requests-auth#50). It could wrap this library and add the feature mentioned here.
Thanks again for considering this proposal 👍
According to what you provided, it feels like this is 1 extra line of code (if we exclude the import statement). So this is why I would feel more comfortable having it described in documentation rather than having to maintain it :)
However don't hesitate to propose changes if you have any need :)
However don't hesitate to propose changes if you have any need :)
Thanks 👍. There is a good chance I will do that.
Notes for my future self or whoever implements this while it is fresh in my mind:
Credentials are refreshed with each call on the authorization class: https://github.com/DavidMuller/aws-requests-auth/blob/2e1dd0f37e3815c417c3b0630215a77aab5af617/aws_requests_auth/boto_utils.py#L50. I believe similar behavior can be achieved by creating a class based on AWS4Auth and overwriting __init__
to automatically provide initial credentials and auth_flow
to refresh the credentials (
Line 58 in 75e0d19
Documentation now includes a sample auth class to achieve this.