Rooba
/
kombu
mirror of https://github.com/celery/kombu.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow specifying session token (#1283) 

* Allow specifying session token

* add docs

* add comment
This commit is contained in:
Philipp A 2021-01-05 17:42:13 +01:00 committed by GitHub
parent 3d41ab1389
commit 43190b293c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
kombu/transport/SQS.py
View File

@ -42,8 +42,8 @@ The default behavior of this transport is to use a single AWS credential
pair in order to manage all SQS queues (e.g. listing queues, creating pair in order to manage all SQS queues (e.g. listing queues, creating
queues, polling queues, deleting messages). queues, polling queues, deleting messages).
If it is preferable for your environment to use a single AWS credential, you If it is preferable for your environment to use multiple AWS credentials, you
can use the 'predefined_queues' setting inside the 'transport_options' map. can use the 'predefined_queues' setting inside the 'transport_options' map.
This setting allows you to specify the SQS queue URL and AWS credentials for This setting allows you to specify the SQS queue URL and AWS credentials for
each of your queues. For example, if you have two queues which both already each of your queues. For example, if you have two queues which both already
exist in AWS) you can tell this transport about them as follows: exist in AWS) you can tell this transport about them as follows:
@ -65,6 +65,14 @@ exist in AWS) you can tell this transport about them as follows:
} }
} }
If you authenticate using Okta_ (e.g. calling |gac|_), you can also specify
a 'session_token' to connect to a queue. Note that those tokens have a
limited lifetime and are therefore only suited for short-lived tests.
.. _Okta: https://www.okta.com/
.. _gac: https://github.com/Nike-Inc/gimme-aws-creds#readme
.. |gac| replace:: ``gimme-aws-creds``
Client config Client config
------------- -------------
@ -538,11 +546,12 @@ class Channel(virtual.Channel):
# if "can't set attribute" not in str(exc): # if "can't set attribute" not in str(exc):
# raise # raise
def new_sqs_client(self, region, access_key_id, secret_access_key): def new_sqs_client(self, region, access_key_id, secret_access_key, session_token=None):
session = boto3.session.Session( session = boto3.session.Session(
region_name=region, region_name=region,
aws_access_key_id=access_key_id, aws_access_key_id=access_key_id,
aws_secret_access_key=secret_access_key, aws_secret_access_key=secret_access_key,
aws_session_token=session_token,
) )
is_secure = self.is_secure if self.is_secure is not None else True is_secure = self.is_secure if self.is_secure is not None else True
client_kwargs = { client_kwargs = {
@ -568,6 +577,8 @@ class Channel(virtual.Channel):
region=q.get('region', self.region), region=q.get('region', self.region),
access_key_id=q.get('access_key_id', self.conninfo.userid), access_key_id=q.get('access_key_id', self.conninfo.userid),
secret_access_key=q.get('secret_access_key', self.conninfo.password), # noqa: E501 secret_access_key=q.get('secret_access_key', self.conninfo.password), # noqa: E501
# With session_token, this clients access will expire, but its useful for testing
session_token=q.get('session_token', None),
) )
return c return c