Python botocore.exceptions.PartialCredentialsError() Examples
The following are 29
code examples of botocore.exceptions.PartialCredentialsError().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
botocore.exceptions
, or try the search function
.
.
Example #1
| Source File: credentials.py From faces with GNU General Public License v2.0 | 5 votes |
|
def _get_role_config_values(self):
# This returns the role related configuration.
profiles = self._loaded_config.get('profiles', {})
try:
source_profile = profiles[self._profile_name]['source_profile']
role_arn = profiles[self._profile_name]['role_arn']
mfa_serial = profiles[self._profile_name].get('mfa_serial')
except KeyError as e:
raise PartialCredentialsError(provider=self.METHOD,
cred_var=str(e))
external_id = profiles[self._profile_name].get('external_id')
role_session_name = \
profiles[self._profile_name].get('role_session_name')
if source_profile not in profiles:
raise InvalidConfigError(
error_msg=(
'The source_profile "%s" referenced in '
'the profile "%s" does not exist.' % (
source_profile, self._profile_name)))
source_cred_values = profiles[source_profile]
return {
'role_arn': role_arn,
'external_id': external_id,
'source_profile': source_profile,
'mfa_serial': mfa_serial,
'source_cred_values': source_cred_values,
'role_session_name': role_session_name
}
Example #2
| Source File: credentials.py From aws-builders-fair-projects with Apache License 2.0 | 5 votes |
|
def _resolve_static_credentials_from_profile(self, profile):
try:
return Credentials(
access_key=profile['aws_access_key_id'],
secret_key=profile['aws_secret_access_key'],
token=profile.get('aws_session_token')
)
except KeyError as e:
raise PartialCredentialsError(
provider=self.METHOD, cred_var=str(e))
Example #3
| Source File: credentials.py From aws-builders-fair-projects with Apache License 2.0 | 5 votes |
|
def _create_credentials_fetcher(self):
mapping = self._mapping
method = self.METHOD
environ = self.environ
def fetch_credentials(require_expiry=True):
credentials = {}
access_key = environ.get(mapping['access_key'], '')
if not access_key:
raise PartialCredentialsError(
provider=method, cred_var=mapping['access_key'])
credentials['access_key'] = access_key
secret_key = environ.get(mapping['secret_key'], '')
if not secret_key:
raise PartialCredentialsError(
provider=method, cred_var=mapping['secret_key'])
credentials['secret_key'] = secret_key
credentials['token'] = None
for token_env_var in mapping['token']:
token = environ.get(token_env_var, '')
if token:
credentials['token'] = token
break
credentials['expiry_time'] = None
expiry_time = environ.get(mapping['expiry_time'], '')
if expiry_time:
credentials['expiry_time'] = expiry_time
if require_expiry and not expiry_time:
raise PartialCredentialsError(
provider=method, cred_var=mapping['expiry_time'])
return credentials
return fetch_credentials
Example #4
| Source File: credentials.py From aws-builders-fair-projects with Apache License 2.0 | 5 votes |
|
def _extract_creds_from_mapping(self, mapping, *key_names):
found = []
for key_name in key_names:
try:
found.append(mapping[key_name])
except KeyError:
raise PartialCredentialsError(provider=self.METHOD,
cred_var=key_name)
return found
Example #5
| Source File: s3.py From cli with MIT License | 5 votes |
|
def split_url(url: urllib.parse.ParseResult) -> Tuple[S3Bucket, str]:
"""
Splits the given s3:// *url* into a Bucket object and normalized path
with some sanity checking.
"""
# Require a bucket name
if not url.netloc:
raise UserError("No bucket name specified in url (%s)" % url.geturl())
# Remove leading slashes from any destination path in order to use it as a
# prefix for uploaded files. Internal and trailing slashes are untouched.
prefix = url.path.lstrip("/")
try:
bucket = boto3.resource("s3").Bucket(url.netloc)
except (NoCredentialsError, PartialCredentialsError) as error:
raise UserError("Unable to authenticate with S3: %s" % error) from error
# Find the bucket and ensure we have access and that it already exists so
# we don't automagically create new buckets.
try:
boto3.client("s3").head_bucket(Bucket = bucket.name)
except ClientError as error:
raise UserError(dedent('''\
No bucket exists with the name "%s".
Buckets are not automatically created for safety reasons.
''' % bucket.name))
return bucket, prefix
Example #6
| Source File: credentials.py From aws-extender with MIT License | 5 votes |
|
def _get_role_config_values(self):
# This returns the role related configuration.
profiles = self._loaded_config.get('profiles', {})
try:
source_profile = profiles[self._profile_name]['source_profile']
role_arn = profiles[self._profile_name]['role_arn']
mfa_serial = profiles[self._profile_name].get('mfa_serial')
except KeyError as e:
raise PartialCredentialsError(provider=self.METHOD,
cred_var=str(e))
external_id = profiles[self._profile_name].get('external_id')
role_session_name = \
profiles[self._profile_name].get('role_session_name')
if source_profile not in profiles:
raise InvalidConfigError(
error_msg=(
'The source_profile "%s" referenced in '
'the profile "%s" does not exist.' % (
source_profile, self._profile_name)))
source_cred_values = profiles[source_profile]
return {
'role_arn': role_arn,
'external_id': external_id,
'source_profile': source_profile,
'mfa_serial': mfa_serial,
'source_cred_values': source_cred_values,
'role_session_name': role_session_name
}
Example #7
| Source File: credentials.py From aws-extender with MIT License | 5 votes |
|
def _create_credentials_fetcher(self):
mapping = self._mapping
method = self.METHOD
environ = self.environ
def fetch_credentials(require_expiry=True):
credentials = {}
access_key = environ.get(mapping['access_key'])
if access_key is None:
raise PartialCredentialsError(
provider=method, cred_var=mapping['access_key'])
credentials['access_key'] = access_key
secret_key = environ.get(mapping['secret_key'])
if secret_key is None:
raise PartialCredentialsError(
provider=method, cred_var=mapping['secret_key'])
credentials['secret_key'] = secret_key
token = None
for token_env_var in mapping['token']:
if token_env_var in environ:
token = environ[token_env_var]
break
credentials['token'] = token
expiry_time = environ.get(mapping['expiry_time'])
if require_expiry and expiry_time is None:
raise PartialCredentialsError(
provider=method, cred_var=mapping['expiry_time'])
credentials['expiry_time'] = expiry_time
return credentials
return fetch_credentials
Example #8
| Source File: credentials.py From aws-extender with MIT License | 5 votes |
|
def _extract_creds_from_mapping(self, mapping, *key_names):
found = []
for key_name in key_names:
try:
found.append(mapping[key_name])
except KeyError:
raise PartialCredentialsError(provider=self.METHOD,
cred_var=key_name)
return found
Example #9
| Source File: credentials.py From AWS-Transit-Gateway-Demo-MultiAccount with MIT License | 5 votes |
|
def _resolve_static_credentials_from_profile(self, profile):
try:
return Credentials(
access_key=profile['aws_access_key_id'],
secret_key=profile['aws_secret_access_key'],
token=profile.get('aws_session_token')
)
except KeyError as e:
raise PartialCredentialsError(
provider=self.METHOD, cred_var=str(e))
Example #10
| Source File: credentials.py From AWS-Transit-Gateway-Demo-MultiAccount with MIT License | 5 votes |
|
def _extract_creds_from_mapping(self, mapping, *key_names):
found = []
for key_name in key_names:
try:
found.append(mapping[key_name])
except KeyError:
raise PartialCredentialsError(provider=self.METHOD,
cred_var=key_name)
return found
Example #11
| Source File: credentials.py From AWS-Transit-Gateway-Demo-MultiAccount with MIT License | 5 votes |
|
def _resolve_static_credentials_from_profile(self, profile):
try:
return Credentials(
access_key=profile['aws_access_key_id'],
secret_key=profile['aws_secret_access_key'],
token=profile.get('aws_session_token')
)
except KeyError as e:
raise PartialCredentialsError(
provider=self.METHOD, cred_var=str(e))
Example #12
| Source File: credentials.py From AWS-Transit-Gateway-Demo-MultiAccount with MIT License | 5 votes |
|
def _create_credentials_fetcher(self):
mapping = self._mapping
method = self.METHOD
environ = self.environ
def fetch_credentials(require_expiry=True):
credentials = {}
access_key = environ.get(mapping['access_key'])
if access_key is None:
raise PartialCredentialsError(
provider=method, cred_var=mapping['access_key'])
credentials['access_key'] = access_key
secret_key = environ.get(mapping['secret_key'])
if secret_key is None:
raise PartialCredentialsError(
provider=method, cred_var=mapping['secret_key'])
credentials['secret_key'] = secret_key
token = None
for token_env_var in mapping['token']:
if token_env_var in environ:
token = environ[token_env_var]
break
credentials['token'] = token
expiry_time = environ.get(mapping['expiry_time'])
if require_expiry and expiry_time is None:
raise PartialCredentialsError(
provider=method, cred_var=mapping['expiry_time'])
credentials['expiry_time'] = expiry_time
return credentials
return fetch_credentials
Example #13
| Source File: credentials.py From bash-lambda-layer with MIT License | 5 votes |
|
def _resolve_static_credentials_from_profile(self, profile):
try:
return Credentials(
access_key=profile['aws_access_key_id'],
secret_key=profile['aws_secret_access_key'],
token=profile.get('aws_session_token')
)
except KeyError as e:
raise PartialCredentialsError(
provider=self.METHOD, cred_var=str(e))
Example #14
| Source File: credentials.py From faces with GNU General Public License v2.0 | 5 votes |
|
def _extract_creds_from_mapping(self, mapping, *key_names):
found = []
for key_name in key_names:
try:
found.append(mapping[key_name])
except KeyError:
raise PartialCredentialsError(provider=self.METHOD,
cred_var=key_name)
return found
Example #15
| Source File: credentials.py From faces with GNU General Public License v2.0 | 5 votes |
|
def _extract_creds_from_mapping(self, mapping, *key_names):
found = []
for key_name in key_names:
try:
found.append(mapping[key_name])
except KeyError:
raise PartialCredentialsError(provider=self.METHOD,
cred_var=key_name)
return found
Example #16
| Source File: credentials.py From faces with GNU General Public License v2.0 | 5 votes |
|
def _get_role_config_values(self):
# This returns the role related configuration.
profiles = self._loaded_config.get('profiles', {})
try:
source_profile = profiles[self._profile_name]['source_profile']
role_arn = profiles[self._profile_name]['role_arn']
mfa_serial = profiles[self._profile_name].get('mfa_serial')
except KeyError as e:
raise PartialCredentialsError(provider=self.METHOD,
cred_var=str(e))
external_id = profiles[self._profile_name].get('external_id')
role_session_name = \
profiles[self._profile_name].get('role_session_name')
if source_profile not in profiles:
raise InvalidConfigError(
error_msg=(
'The source_profile "%s" referenced in '
'the profile "%s" does not exist.' % (
source_profile, self._profile_name)))
source_cred_values = profiles[source_profile]
return {
'role_arn': role_arn,
'external_id': external_id,
'source_profile': source_profile,
'mfa_serial': mfa_serial,
'source_cred_values': source_cred_values,
'role_session_name': role_session_name
}
Example #17
| Source File: credentials.py From deepWordBug with Apache License 2.0 | 5 votes |
|
def _extract_creds_from_mapping(self, mapping, *key_names):
found = []
for key_name in key_names:
try:
found.append(mapping[key_name])
except KeyError:
raise PartialCredentialsError(provider=self.METHOD,
cred_var=key_name)
return found
Example #18
| Source File: credentials.py From deepWordBug with Apache License 2.0 | 5 votes |
|
def _create_credentials_fetcher(self):
mapping = self._mapping
method = self.METHOD
environ = self.environ
def fetch_credentials(require_expiry=True):
credentials = {}
access_key = environ.get(mapping['access_key'])
if access_key is None:
raise PartialCredentialsError(
provider=method, cred_var=mapping['access_key'])
credentials['access_key'] = access_key
secret_key = environ.get(mapping['secret_key'])
if secret_key is None:
raise PartialCredentialsError(
provider=method, cred_var=mapping['secret_key'])
credentials['secret_key'] = secret_key
token = None
for token_env_var in mapping['token']:
if token_env_var in environ:
token = environ[token_env_var]
break
credentials['token'] = token
expiry_time = environ.get(mapping['expiry_time'])
if require_expiry and expiry_time is None:
raise PartialCredentialsError(
provider=method, cred_var=mapping['expiry_time'])
credentials['expiry_time'] = expiry_time
return credentials
return fetch_credentials
Example #19
| Source File: credentials.py From deepWordBug with Apache License 2.0 | 5 votes |
|
def _resolve_static_credentials_from_profile(self, profile):
try:
return Credentials(
access_key=profile['aws_access_key_id'],
secret_key=profile['aws_secret_access_key'],
token=profile.get('aws_session_token')
)
except KeyError as e:
raise PartialCredentialsError(
provider=self.METHOD, cred_var=str(e))
Example #20
| Source File: credentials.py From bash-lambda-layer with MIT License | 5 votes |
|
def _extract_creds_from_mapping(self, mapping, *key_names):
found = []
for key_name in key_names:
try:
found.append(mapping[key_name])
except KeyError:
raise PartialCredentialsError(provider=self.METHOD,
cred_var=key_name)
return found
Example #21
| Source File: credentials.py From bash-lambda-layer with MIT License | 5 votes |
|
def _create_credentials_fetcher(self):
mapping = self._mapping
method = self.METHOD
environ = self.environ
def fetch_credentials(require_expiry=True):
credentials = {}
access_key = environ.get(mapping['access_key'], '')
if not access_key:
raise PartialCredentialsError(
provider=method, cred_var=mapping['access_key'])
credentials['access_key'] = access_key
secret_key = environ.get(mapping['secret_key'], '')
if not secret_key:
raise PartialCredentialsError(
provider=method, cred_var=mapping['secret_key'])
credentials['secret_key'] = secret_key
credentials['token'] = None
for token_env_var in mapping['token']:
token = environ.get(token_env_var, '')
if token:
credentials['token'] = token
break
credentials['expiry_time'] = None
expiry_time = environ.get(mapping['expiry_time'], '')
if expiry_time:
credentials['expiry_time'] = expiry_time
if require_expiry and not expiry_time:
raise PartialCredentialsError(
provider=method, cred_var=mapping['expiry_time'])
return credentials
return fetch_credentials
Example #22
| Source File: credentials.py From AWS-Transit-Gateway-Demo-MultiAccount with MIT License | 5 votes |
|
def _extract_creds_from_mapping(self, mapping, *key_names):
found = []
for key_name in key_names:
try:
found.append(mapping[key_name])
except KeyError:
raise PartialCredentialsError(provider=self.METHOD,
cred_var=key_name)
return found
Example #23
| Source File: credentials.py From deepWordBug with Apache License 2.0 | 4 votes |
|
def _get_role_config(self, profile_name):
"""Retrieves and validates the role configuration for the profile."""
profiles = self._loaded_config.get('profiles', {})
profile = profiles[profile_name]
source_profile = profile.get('source_profile')
role_arn = profile['role_arn']
credential_source = profile.get('credential_source')
mfa_serial = profile.get('mfa_serial')
external_id = profile.get('external_id')
role_session_name = profile.get('role_session_name')
duration_seconds = profile.get('duration_seconds')
role_config = {
'role_arn': role_arn,
'external_id': external_id,
'mfa_serial': mfa_serial,
'role_session_name': role_session_name,
'source_profile': source_profile,
'credential_source': credential_source
}
if duration_seconds is not None:
try:
role_config['duration_seconds'] = int(duration_seconds)
except ValueError:
pass
# Either the credential source or the source profile must be
# specified, but not both.
if credential_source is not None and source_profile is not None:
raise InvalidConfigError(
error_msg=(
'The profile "%s" contains both source_profile and '
'credential_source.' % profile_name
)
)
elif credential_source is None and source_profile is None:
raise PartialCredentialsError(
provider=self.METHOD,
cred_var='source_profile or credential_source'
)
elif credential_source is not None:
self._validate_credential_source(
profile_name, credential_source)
else:
self._validate_source_profile(profile_name, source_profile)
return role_config
Example #24
| Source File: credentials.py From AWS-Transit-Gateway-Demo-MultiAccount with MIT License | 4 votes |
|
def _get_role_config(self, profile_name):
"""Retrieves and validates the role configuration for the profile."""
profiles = self._loaded_config.get('profiles', {})
profile = profiles[profile_name]
source_profile = profile.get('source_profile')
role_arn = profile['role_arn']
credential_source = profile.get('credential_source')
mfa_serial = profile.get('mfa_serial')
external_id = profile.get('external_id')
role_session_name = profile.get('role_session_name')
duration_seconds = profile.get('duration_seconds')
role_config = {
'role_arn': role_arn,
'external_id': external_id,
'mfa_serial': mfa_serial,
'role_session_name': role_session_name,
'source_profile': source_profile,
'credential_source': credential_source
}
if duration_seconds is not None:
try:
role_config['duration_seconds'] = int(duration_seconds)
except ValueError:
pass
# Either the credential source or the source profile must be
# specified, but not both.
if credential_source is not None and source_profile is not None:
raise InvalidConfigError(
error_msg=(
'The profile "%s" contains both source_profile and '
'credential_source.' % profile_name
)
)
elif credential_source is None and source_profile is None:
raise PartialCredentialsError(
provider=self.METHOD,
cred_var='source_profile or credential_source'
)
elif credential_source is not None:
self._validate_credential_source(
profile_name, credential_source)
else:
self._validate_source_profile(profile_name, source_profile)
return role_config
Example #25
| Source File: session.py From lambda-text-extractor with Apache License 2.0 | 4 votes |
|
def create_client(self, service_name, region_name=None, api_version=None,
use_ssl=True, verify=None, endpoint_url=None,
aws_access_key_id=None, aws_secret_access_key=None,
aws_session_token=None, config=None):
default_client_config = self.get_default_client_config()
# If a config is provided and a default config is set, then
# use the config resulting from merging the two.
if config is not None and default_client_config is not None:
config = default_client_config.merge(config)
# If a config was not provided then use the default
# client config from the session
elif default_client_config is not None:
config = default_client_config
# Figure out the user-provided region based on the various
# configuration options.
if region_name is None:
if config and config.region_name is not None:
region_name = config.region_name
else:
region_name = self.get_config_variable('region')
# Figure out the verify value base on the various
# configuration options.
if verify is None:
verify = self.get_config_variable('ca_bundle')
if api_version is None:
api_version = self.get_config_variable('api_versions').get(
service_name, None)
loader = self.get_component('data_loader')
event_emitter = self.get_component('event_emitter')
response_parser_factory = self.get_component(
'response_parser_factory')
if aws_access_key_id is not None and aws_secret_access_key is not None:
credentials = botocore.credentials.Credentials(
access_key=aws_access_key_id,
secret_key=aws_secret_access_key,
token=aws_session_token)
elif self._missing_cred_vars(aws_access_key_id,
aws_secret_access_key):
raise PartialCredentialsError(
provider='explicit',
cred_var=self._missing_cred_vars(aws_access_key_id,
aws_secret_access_key))
else:
credentials = self.get_credentials()
endpoint_resolver = self.get_component('endpoint_resolver')
exceptions_factory = self.get_component('exceptions_factory')
client_creator = AioClientCreator(
loader, endpoint_resolver, self.user_agent(), event_emitter,
retryhandler, translate, response_parser_factory,
exceptions_factory, loop=self._loop)
client = client_creator.create_client(
service_name=service_name, region_name=region_name,
is_secure=use_ssl, endpoint_url=endpoint_url, verify=verify,
credentials=credentials, scoped_config=self.get_scoped_config(),
client_config=config, api_version=api_version)
return client
Example #26
| Source File: session.py From lambda-text-extractor with Apache License 2.0 | 4 votes |
|
def create_client(self, service_name, region_name=None, api_version=None,
use_ssl=True, verify=None, endpoint_url=None,
aws_access_key_id=None, aws_secret_access_key=None,
aws_session_token=None, config=None):
default_client_config = self.get_default_client_config()
# If a config is provided and a default config is set, then
# use the config resulting from merging the two.
if config is not None and default_client_config is not None:
config = default_client_config.merge(config)
# If a config was not provided then use the default
# client config from the session
elif default_client_config is not None:
config = default_client_config
# Figure out the user-provided region based on the various
# configuration options.
if region_name is None:
if config and config.region_name is not None:
region_name = config.region_name
else:
region_name = self.get_config_variable('region')
# Figure out the verify value base on the various
# configuration options.
if verify is None:
verify = self.get_config_variable('ca_bundle')
if api_version is None:
api_version = self.get_config_variable('api_versions').get(
service_name, None)
loader = self.get_component('data_loader')
event_emitter = self.get_component('event_emitter')
response_parser_factory = self.get_component(
'response_parser_factory')
if aws_access_key_id is not None and aws_secret_access_key is not None:
credentials = botocore.credentials.Credentials(
access_key=aws_access_key_id,
secret_key=aws_secret_access_key,
token=aws_session_token)
elif self._missing_cred_vars(aws_access_key_id,
aws_secret_access_key):
raise PartialCredentialsError(
provider='explicit',
cred_var=self._missing_cred_vars(aws_access_key_id,
aws_secret_access_key))
else:
credentials = self.get_credentials()
endpoint_resolver = self.get_component('endpoint_resolver')
exceptions_factory = self.get_component('exceptions_factory')
client_creator = AioClientCreator(
loader, endpoint_resolver, self.user_agent(), event_emitter,
retryhandler, translate, response_parser_factory,
exceptions_factory, loop=self._loop)
client = client_creator.create_client(
service_name=service_name, region_name=region_name,
is_secure=use_ssl, endpoint_url=endpoint_url, verify=verify,
credentials=credentials, scoped_config=self.get_scoped_config(),
client_config=config, api_version=api_version)
return client
Example #27
| Source File: credentials.py From bash-lambda-layer with MIT License | 4 votes |
|
def _get_role_config(self, profile_name):
"""Retrieves and validates the role configuration for the profile."""
profiles = self._loaded_config.get('profiles', {})
profile = profiles[profile_name]
source_profile = profile.get('source_profile')
role_arn = profile['role_arn']
credential_source = profile.get('credential_source')
mfa_serial = profile.get('mfa_serial')
external_id = profile.get('external_id')
role_session_name = profile.get('role_session_name')
duration_seconds = profile.get('duration_seconds')
role_config = {
'role_arn': role_arn,
'external_id': external_id,
'mfa_serial': mfa_serial,
'role_session_name': role_session_name,
'source_profile': source_profile,
'credential_source': credential_source
}
if duration_seconds is not None:
try:
role_config['duration_seconds'] = int(duration_seconds)
except ValueError:
pass
# Either the credential source or the source profile must be
# specified, but not both.
if credential_source is not None and source_profile is not None:
raise InvalidConfigError(
error_msg=(
'The profile "%s" contains both source_profile and '
'credential_source.' % profile_name
)
)
elif credential_source is None and source_profile is None:
raise PartialCredentialsError(
provider=self.METHOD,
cred_var='source_profile or credential_source'
)
elif credential_source is not None:
self._validate_credential_source(
profile_name, credential_source)
else:
self._validate_source_profile(profile_name, source_profile)
return role_config
Example #28
| Source File: credentials.py From AWS-Transit-Gateway-Demo-MultiAccount with MIT License | 4 votes |
|
def _get_role_config(self, profile_name):
"""Retrieves and validates the role configuration for the profile."""
profiles = self._loaded_config.get('profiles', {})
profile = profiles[profile_name]
source_profile = profile.get('source_profile')
role_arn = profile['role_arn']
credential_source = profile.get('credential_source')
mfa_serial = profile.get('mfa_serial')
external_id = profile.get('external_id')
role_session_name = profile.get('role_session_name')
duration_seconds = profile.get('duration_seconds')
role_config = {
'role_arn': role_arn,
'external_id': external_id,
'mfa_serial': mfa_serial,
'role_session_name': role_session_name,
'source_profile': source_profile,
'credential_source': credential_source
}
if duration_seconds is not None:
try:
role_config['duration_seconds'] = int(duration_seconds)
except ValueError:
pass
# Either the credential source or the source profile must be
# specified, but not both.
if credential_source is not None and source_profile is not None:
raise InvalidConfigError(
error_msg=(
'The profile "%s" contains both source_profile and '
'credential_source.' % profile_name
)
)
elif credential_source is None and source_profile is None:
raise PartialCredentialsError(
provider=self.METHOD,
cred_var='source_profile or credential_source'
)
elif credential_source is not None:
self._validate_credential_source(
profile_name, credential_source)
else:
self._validate_source_profile(profile_name, source_profile)
return role_config
Example #29
| Source File: credentials.py From aws-builders-fair-projects with Apache License 2.0 | 4 votes |
|
def _get_role_config(self, profile_name):
"""Retrieves and validates the role configuration for the profile."""
profiles = self._loaded_config.get('profiles', {})
profile = profiles[profile_name]
source_profile = profile.get('source_profile')
role_arn = profile['role_arn']
credential_source = profile.get('credential_source')
mfa_serial = profile.get('mfa_serial')
external_id = profile.get('external_id')
role_session_name = profile.get('role_session_name')
duration_seconds = profile.get('duration_seconds')
role_config = {
'role_arn': role_arn,
'external_id': external_id,
'mfa_serial': mfa_serial,
'role_session_name': role_session_name,
'source_profile': source_profile,
'credential_source': credential_source
}
if duration_seconds is not None:
try:
role_config['duration_seconds'] = int(duration_seconds)
except ValueError:
pass
# Either the credential source or the source profile must be
# specified, but not both.
if credential_source is not None and source_profile is not None:
raise InvalidConfigError(
error_msg=(
'The profile "%s" contains both source_profile and '
'credential_source.' % profile_name
)
)
elif credential_source is None and source_profile is None:
raise PartialCredentialsError(
provider=self.METHOD,
cred_var='source_profile or credential_source'
)
elif credential_source is not None:
self._validate_credential_source(
profile_name, credential_source)
else:
self._validate_source_profile(profile_name, source_profile)
return role_config
