-
Notifications
You must be signed in to change notification settings - Fork 23.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add boto3 session cache #24582
Add boto3 session cache #24582
Conversation
The test
|
Any update on this feature? |
I am interested in this also, any updates? |
boto3 now includes native support for the session cache, would make sense to leverage that |
Any updates yet? We'd like ansible to make boto use the awscli credential cache so we're not asked to provide mfa tokens repeatedly. The solution is already present here! Needs review and merging! |
os.makedirs(self._working_dir) | ||
with os.fdopen(os.open(full_key, | ||
os.O_WRONLY | os.O_CREAT, 0o600), 'w') as f: | ||
f.truncate() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
f is already at 0, the truncate()
is uselesss.
@@ -58,6 +60,48 @@ class AnsibleAWSError(Exception): | |||
pass | |||
|
|||
|
|||
class JSONFileCache(object): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you instead reuse the version from botocore?: https://github.com/boto/botocore/blob/develop/botocore/credentials.py#L182-L224
@@ -58,6 +60,48 @@ class AnsibleAWSError(Exception): | |||
pass | |||
|
|||
|
|||
class JSONFileCache(object): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a code snippet from mixja in boto/botocore#1157 (comment) that looks like a good way to go about this. Ideally this would be enabled for boto3 via config (here are a couple issues tracking that boto/boto3#1179, boto/botocore#1148) and require minimal if any code changes to Ansible. It appears other SDKs keeping parity may be part of the hold-up for that though.
What's the status of this PR? It's really annoying having to type the token each time I run a script. |
@jankeesvanandel the status is that the feedback hasn't been addressed and it needs rebasing to avoid merge conflicts. If you're happy with the code you can just use the file in your own environment: http://willthames.github.io/2017/12/12/using-updated-modules-with-stable-ansible.html |
This PR has needed a rebase since October 2017. @jankeesvanandel Would you be interested in creating a fresh PR for this? |
SUMMARY
This PR provides a session cache for boto3 assume role provider.
This is useful if you use AWS CLI profiles locally and use MFA when running Ansible locally, and don't want to have to input your MFA token each time you run your playbook.
Note that this cache is only invoked if boto3 invokes the assume-role provider, hence it does not affect operation if you have configured AWS credentials that don't require role assumption.
ISSUE TYPE
COMPONENT NAME
ec2 utils
ANSIBLE VERSION
ADDITIONAL INFORMATION
Before this PR:
After this PR: