Skip to content

Commit

Permalink
switch to env-var AWS credentials
Browse files Browse the repository at this point in the history
  • Loading branch information
alexdunnjpl committed May 3, 2024
1 parent 874e9e2 commit ccc6902
Showing 1 changed file with 9 additions and 9 deletions.
18 changes: 9 additions & 9 deletions src/pds/registrysweepers/utils/db/client.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ def get_opensearch_client(
raise ValueError(f"must provide both username and password, or neither")

credentials_supplied = username is not None
auth = (username, password) if credentials_supplied else get_aws_auth()
auth = (username, password) if credentials_supplied else None

try:
scheme, host, port_str = endpoint_url.replace("://", ":", 1).split(":")
Expand All @@ -60,11 +60,7 @@ def get_opensearch_client(
access_test_failed = True

client = OpenSearch(
hosts=[{"host": host, "port": int(port)}],
http_auth=auth,
use_ssl=use_ssl,
verify_certs=verify_certs,
connection_class=RequestsHttpConnection,
hosts=[{"host": host, "port": int(port)}], http_auth=auth, use_ssl=use_ssl, verify_certs=verify_certs
)

log.info("Testing OpenSearch client with ping...")
Expand All @@ -91,7 +87,7 @@ def get_opensearch_client(
return client


def get_aws_auth() -> AWS4Auth:
def set_aws_auth():
# TODO: Implement refresh/rotation based on expiry, if not automatically handled by AWS4Auth
log.info(f"retrieving aws credentials")
credential_url_env_key = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
Expand All @@ -100,7 +96,11 @@ def get_aws_auth() -> AWS4Auth:
content = resp.json()
log.info(json.dumps(content))

region_name = os.environ.get("AWS_REGION", "us-west-2")
log.info(f"got aws credentials!")

return AWS4Auth(content["AccessKeyId"], content["SecretAccessKey"], region_name, "aoss")
os.environ["AWS_REGION"] = "us-west-2"
os.environ["AWS_ROLE_ARN"] = content["RoleArn"]
os.environ["AWS_ACCESS_KEY_ID"] = content["AccessKeyId"]
os.environ["AWS_SECRET_ACCESS_KEY"] = content["SecretAccessKey"]

log.info("wrote aws credentials to environment!")

0 comments on commit ccc6902

Please sign in to comment.