Skip to content

Commit 1d98cfe

Browse files
jihyungSongjihyungSong
committed
feat: add external_id for assume role
1 parent 9ff7bf5 commit 1d98cfe

1 file changed

Lines changed: 16 additions & 5 deletions

File tree

  • src/spaceone/monitoring/connector/aws_boto_connector

src/spaceone/monitoring/connector/aws_boto_connector/__init__.py

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,9 +23,11 @@ def create_session(self, schema, options: dict, secret_data: dict):
2323
aws_secret_access_key = secret_data['aws_secret_access_key']
2424
region_name = secret_data.get('region_name')
2525
role_arn = secret_data.get('role_arn')
26+
external_id = secret_data.get('external_id')
2627

2728
if schema:
28-
getattr(self, f'_create_session_{schema}')(aws_access_key_id, aws_secret_access_key, region_name, role_arn)
29+
getattr(self, f'_create_session_{schema}')\
30+
(aws_access_key_id, aws_secret_access_key, region_name, role_arn, external_id)
2931

3032
@staticmethod
3133
def _check_secret_data(secret_data):
@@ -35,19 +37,28 @@ def _check_secret_data(secret_data):
3537
if 'aws_secret_access_key' not in secret_data:
3638
raise ERROR_REQUIRED_PARAMETER(key='secret.aws_secret_access_key')
3739

38-
def _create_session_aws_access_key(self, aws_access_key_id, aws_secret_access_key, region_name, role_arn):
40+
def _create_session_aws_access_key(self, aws_access_key_id, aws_secret_access_key, region_name, role_arn, external_id):
3941
self.session = boto3.Session(aws_access_key_id=aws_access_key_id,
4042
aws_secret_access_key=aws_secret_access_key,
4143
region_name=region_name)
4244

4345
sts = self.session.client('sts')
4446
sts.get_caller_identity()
4547

46-
def _create_session_aws_assume_role(self, aws_access_key_id, aws_secret_access_key, region_name, role_arn):
47-
self._create_session_aws_access_key(aws_access_key_id, aws_secret_access_key, region_name, role_arn)
48+
def _create_session_aws_assume_role(self, aws_access_key_id, aws_secret_access_key, region_name, role_arn, external_id):
49+
self._create_session_aws_access_key(aws_access_key_id, aws_secret_access_key, region_name, role_arn, external_id)
4850

4951
sts = self.session.client('sts')
50-
assume_role_object = sts.assume_role(RoleArn=role_arn, RoleSessionName=utils.generate_id('AssumeRoleSession'))
52+
53+
_assume_role_request = {
54+
'RoleArn': role_arn,
55+
'RoleSessionName': utils.generate_id('AssumeRoleSession'),
56+
}
57+
58+
if external_id:
59+
_assume_role_request.update({'ExternalId': external_id})
60+
61+
assume_role_object = sts.assume_role(**_assume_role_request)
5162
credentials = assume_role_object['Credentials']
5263

5364
self.session = boto3.Session(aws_access_key_id=credentials['AccessKeyId'],

0 commit comments

Comments
 (0)