Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Allow programatic control of credential discovery #1981

Open
mwhooker opened this Issue Jan 10, 2014 · 3 comments

Comments

Projects
None yet
3 participants

Right now boto encapsulates the credential discovery logic in boto/provider:Provider.get_credentials.

The problem is that relying on this logic in any application exposes implementation details that we'd rather hide.

It would be ideal if we could, say, pass a list of credentials providers into Provider or AWSAuthConnection. I think the way the ruby aws-sdk library works reflects the extensibility that we're looking for.

Owner

danielgtaylor commented Jan 24, 2014

I'd be open to a change which implements something similar to the Ruby SDK. In the meantime it should be fairly simple to roll your own credential discovery mechanism and pass the credentials into any new connection object you create. Is there some reason you cannot do that?

I've been able to work around it by doing something like this

https://github.com/wal-e/wal-e/blob/master/wal_e/blobstore/s3/s3_credentials.py

but this is far from clean

prufrax commented Jun 10, 2014

I've been doing something similar - creating my own Provider-derived class with modified credential discovery and/or renewal mechanism and passing it in to new connection objects - but not all connection objects currently pass on a provider parameter to the base AWSAuthConnection class. The fixes to allow passing in a Provider object are pretty trivial: see #2320

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment