From dfdf81cda40e409fc4d6b604f547630f4cc00b30 Mon Sep 17 00:00:00 2001 From: Bart S Date: Mon, 12 Nov 2018 16:14:31 +0100 Subject: [PATCH 1/6] Added option to set the AWS session token to the Route53Provider --- octodns/provider/route53.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/octodns/provider/route53.py b/octodns/provider/route53.py index 50c734c..5f0f0d2 100644 --- a/octodns/provider/route53.py +++ b/octodns/provider/route53.py @@ -221,9 +221,12 @@ class Route53Provider(BaseProvider): access_key_id: # The AWS secret access key secret_access_key: + # The AWS session token + session_token: - Alternatively, you may leave out access_key_id and secret_access_key, - this will result in boto3 deciding authentication dynamically. + Alternatively, you may leave out access_key_id, secret_access_key + and session_token. + This will result in boto3 deciding authentication dynamically. In general the account used will need full permissions on Route53. ''' @@ -236,10 +239,11 @@ class Route53Provider(BaseProvider): HEALTH_CHECK_VERSION = '0001' def __init__(self, id, access_key_id=None, secret_access_key=None, - max_changes=1000, client_max_attempts=None, *args, **kwargs): + session_token=None, max_changes=1000, + client_max_attempts=None, *args, **kwargs): self.max_changes = max_changes - _msg = 'access_key_id={}, secret_access_key=***'.format(access_key_id) - if access_key_id is None and secret_access_key is None: + _msg = 'access_key_id={}, secret_access_key=***, session_token=***'.format(access_key_id) + if access_key_id is None and secret_access_key is None and session_token is None: _msg = 'auth=fallback' self.log = logging.getLogger('Route53Provider[{}]'.format(id)) self.log.debug('__init__: id=%s, %s', id, _msg) @@ -251,11 +255,12 @@ class Route53Provider(BaseProvider): client_max_attempts) config = Config(retries={'max_attempts': client_max_attempts}) - if access_key_id is None and secret_access_key is None: + if access_key_id is None and secret_access_key is None and session_token is None: self._conn = client('route53', config=config) else: self._conn = client('route53', aws_access_key_id=access_key_id, aws_secret_access_key=secret_access_key, + aws_session_token=session_token, config=config) self._r53_zones = None From c19fce46c08279c29cf5c23fba5c9e49bafc9dbc Mon Sep 17 00:00:00 2001 From: Bart S Date: Mon, 12 Nov 2018 16:28:51 +0100 Subject: [PATCH 2/6] Attempted lint fixes --- octodns/provider/route53.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/octodns/provider/route53.py b/octodns/provider/route53.py index 5f0f0d2..cfca6c0 100644 --- a/octodns/provider/route53.py +++ b/octodns/provider/route53.py @@ -225,7 +225,7 @@ class Route53Provider(BaseProvider): session_token: Alternatively, you may leave out access_key_id, secret_access_key - and session_token. + and session_token. This will result in boto3 deciding authentication dynamically. In general the account used will need full permissions on Route53. @@ -239,11 +239,15 @@ class Route53Provider(BaseProvider): HEALTH_CHECK_VERSION = '0001' def __init__(self, id, access_key_id=None, secret_access_key=None, - session_token=None, max_changes=1000, + session_token=None, max_changes=1000, client_max_attempts=None, *args, **kwargs): self.max_changes = max_changes - _msg = 'access_key_id={}, secret_access_key=***, session_token=***'.format(access_key_id) - if access_key_id is None and secret_access_key is None and session_token is None: + _msg = 'access_key_id={}, secret_access_key=***, ' \ + 'session_token=***'.format(access_key_id) + use_fallback_auth = access_key_id is None and \ + secret_access_key is None and \ + session_token is None + if use_fallback_auth: _msg = 'auth=fallback' self.log = logging.getLogger('Route53Provider[{}]'.format(id)) self.log.debug('__init__: id=%s, %s', id, _msg) @@ -255,7 +259,7 @@ class Route53Provider(BaseProvider): client_max_attempts) config = Config(retries={'max_attempts': client_max_attempts}) - if access_key_id is None and secret_access_key is None and session_token is None: + if use_fallback_auth: self._conn = client('route53', config=config) else: self._conn = client('route53', aws_access_key_id=access_key_id, From 7628f819b83b7c1f70731f41718e411163b7be98 Mon Sep 17 00:00:00 2001 From: Bart S Date: Thu, 15 Nov 2018 11:20:42 +0100 Subject: [PATCH 3/6] Added note saying session_token is optional --- octodns/provider/route53.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/octodns/provider/route53.py b/octodns/provider/route53.py index cfca6c0..ab0edc3 100644 --- a/octodns/provider/route53.py +++ b/octodns/provider/route53.py @@ -221,7 +221,8 @@ class Route53Provider(BaseProvider): access_key_id: # The AWS secret access key secret_access_key: - # The AWS session token + # The AWS session token (optional) + # Only needed if using temporary security credentials session_token: Alternatively, you may leave out access_key_id, secret_access_key From 7d8f04a7468a254ca64d7ddf0614e448d39346b8 Mon Sep 17 00:00:00 2001 From: Ross McFarland Date: Thu, 15 Nov 2018 09:03:36 -0800 Subject: [PATCH 4/6] Linting fix --- octodns/provider/route53.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/octodns/provider/route53.py b/octodns/provider/route53.py index ab0edc3..6872608 100644 --- a/octodns/provider/route53.py +++ b/octodns/provider/route53.py @@ -246,8 +246,7 @@ class Route53Provider(BaseProvider): _msg = 'access_key_id={}, secret_access_key=***, ' \ 'session_token=***'.format(access_key_id) use_fallback_auth = access_key_id is None and \ - secret_access_key is None and \ - session_token is None + secret_access_key is None and session_token is None if use_fallback_auth: _msg = 'auth=fallback' self.log = logging.getLogger('Route53Provider[{}]'.format(id)) From 64a453632f6f12c65821a512afd062ee07e16524 Mon Sep 17 00:00:00 2001 From: Bart S Date: Wed, 21 Nov 2018 10:09:23 +0100 Subject: [PATCH 5/6] Moved session_token to the end of the argument list --- octodns/provider/route53.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/octodns/provider/route53.py b/octodns/provider/route53.py index 6872608..79bc341 100644 --- a/octodns/provider/route53.py +++ b/octodns/provider/route53.py @@ -240,8 +240,8 @@ class Route53Provider(BaseProvider): HEALTH_CHECK_VERSION = '0001' def __init__(self, id, access_key_id=None, secret_access_key=None, - session_token=None, max_changes=1000, - client_max_attempts=None, *args, **kwargs): + max_changes=1000, client_max_attempts=None, + session_token=None, *args, **kwargs): self.max_changes = max_changes _msg = 'access_key_id={}, secret_access_key=***, ' \ 'session_token=***'.format(access_key_id) From 95ae90b587ba6e3939ca80fbb7dbde7a27adf56c Mon Sep 17 00:00:00 2001 From: Bart S Date: Wed, 21 Nov 2018 10:11:45 +0100 Subject: [PATCH 6/6] Removed trailing whitespace --- octodns/provider/route53.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/octodns/provider/route53.py b/octodns/provider/route53.py index 79bc341..4b7fe66 100644 --- a/octodns/provider/route53.py +++ b/octodns/provider/route53.py @@ -240,7 +240,7 @@ class Route53Provider(BaseProvider): HEALTH_CHECK_VERSION = '0001' def __init__(self, id, access_key_id=None, secret_access_key=None, - max_changes=1000, client_max_attempts=None, + max_changes=1000, client_max_attempts=None, session_token=None, *args, **kwargs): self.max_changes = max_changes _msg = 'access_key_id={}, secret_access_key=***, ' \