Skip to content

Instantly share code, notes, and snippets.

@danielgtaylor
Created March 10, 2015 22:05
Show Gist options
  • Save danielgtaylor/075fcd07b381f1b73e78 to your computer and use it in GitHub Desktop.
Save danielgtaylor/075fcd07b381f1b73e78 to your computer and use it in GitHub Desktop.
Credential Resolver Proposal
def create_credential_resolver(session):
"""Create a default credential resolver.
This creates a pre-configured credential resolver
that includes the default lookup chain for
credentials.
"""
profile_name = session.get_config_variable('profile') or 'default'
credential_file = session.get_config_variable('credentials_file')
config_file = session.get_config_variable('config_file')
metadata_timeout = session.get_config_variable('metadata_service_timeout')
num_attempts = session.get_config_variable('metadata_service_num_attempts')
providers = [
SharedCredentialProvider(
creds_filename=credential_file,
profile_name=profile_name
),
# The new config file has precedence over the legacy
# config file.
ConfigProvider(config_filename=config_file, profile_name=profile_name),
OriginalEC2Provider(),
BotoProvider(),
InstanceMetadataProvider(
iam_role_fetcher=InstanceMetadataFetcher(
timeout=metadata_timeout,
num_attempts=num_attempts)
)
]
# We use ``session.profile`` for EnvProvider rather than
# ``profile_name`` so that it can be ``None`` when unset.
if session.profile is None:
# No profile has been explicitly set, so we prepend the environment
# variable provider.
providers.insert(0, EnvProvider())
else:
logger.info('Skipping environment variable credential check'
' because profile name was explicitly set.')
resolver = CredentialResolver(providers=providers)
return resolver
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment