1
import os
2
import logging
3

4
from botocore.exceptions import ProfileNotFound
5
from botocore.credentials import JSONFileCache
6

7
LOG = logging.getLogger(__name__)
8
CACHE_DIR = os.path.expanduser(os.path.join('~', '.aws', 'cli', 'cache'))
9

10

11
def register_assume_role_provider(event_handlers):
12
    event_handlers.register('session-initialized',
13
                            inject_assume_role_provider_cache,
14
                            unique_id='inject_assume_role_cred_provider_cache')
15

16

17
def inject_assume_role_provider_cache(session, **kwargs):
18
    try:
19
        cred_chain = session.get_component('credential_provider')
20
    except ProfileNotFound:
21
        # If a user has provided a profile that does not exist,
22
        # trying to retrieve components/config on the session
23
        # will raise ProfileNotFound.  Sometimes this is invalid:
24
        #
25
        # "ec2 describe-instances --profile unknown"
26
        #
27
        # and sometimes this is perfectly valid:
28
        #
29
        # "configure set region us-west-2 --profile brand-new-profile"
30
        #
31
        # Because we can't know (and don't want to know) whether
32
        # the customer is trying to do something valid, we just
33
        # immediately return.  If it's invalid something else
34
        # up the stack will raise ProfileNotFound, otherwise
35
        # the configure (and other) commands will work as expected.
36
        LOG.debug("ProfileNotFound caught when trying to inject "
37
                  "assume-role cred provider cache.  Not configuring "
38
                  "JSONFileCache for assume-role.")
39
        return
40
    assume_role_provider = cred_chain.get_provider('assume-role')
41
    assume_role_provider.cache = JSONFileCache(CACHE_DIR)
42
    web_identity_provider = cred_chain.get_provider(
43
        'assume-role-with-web-identity'
44
    )
45
    web_identity_provider.cache = JSONFileCache(CACHE_DIR)
46

47