Add support to add a trusted CA or allow insecure connection

Add support for 'verify' to specify trusted CA or allow insecure conn… Co-authored-by: Corentin Peuvrel <[email protected]>
awslabs · Jul 1, 2024 · 6732c0a · 6732c0a
1 parent d719fe9
commit 6732c0a
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -51,6 +51,7 @@ IAMRoleAnywhereSession will take multiple arguments:
 | session_duration | The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to 3600 seconds (1 hour). | int | 3600 |
 | service_name | An identifier for the service, used to build the botosession. | string | rolesanywhere |
 | endpoint | Roles Anywhere API endpoint to use | string | '{service_name}.{region_name}.amazonaws.com' |
+| verify | Whether to validate SSL certificates, or the path to a trusted certificate authority | bool or str | None |
 | proxies | Proxy endpoint(s) for use behind private networks with a proxy. | dict | `{}` |
 | proxies_config | A dictionary of additional proxy configurations. | dict | `{}` |
 

diff --git a/docs/index.md b/docs/index.md
@@ -53,5 +53,6 @@ IAMRoleAnywhereSession will take multiple arguments:
 | session_duration | The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to 3600 seconds (1 hour). | int | 3600 |
 | service_name | An identifier for the service, used to build the botosession. | string | rolesanywhere |
 | endpoint | Roles Anywhere API endpoint to use | string | {service_name}.{region_name}.amazonaws.com' |
+| verify | Whether to validate SSL certificates, or the path to a trusted certificate authority | bool or str | None |
 | proxies | Proxy endpoint(s) for use behind private networks with a proxy. | dict | `{}` |
 | proxies_config | A dictionary of additional proxy configurations. | dict | `{}` |
diff --git a/src/iam_rolesanywhere_session/iam_rolesanywhere_session.py b/src/iam_rolesanywhere_session/iam_rolesanywhere_session.py
@@ -99,6 +99,7 @@ def __init__(
  region: Optional[str] = "us-east-1",
  service_name: Optional[str] = "rolesanywhere",
  endpoint: Optional[str] = None,
+ verify: Optional[Union[str, bool]] = None,
  proxies: Optional[ProxyConfig] = {},
  proxies_config: Optional[AdditionalProxyConfig] = {},
  ) -> None:
@@ -125,7 +126,7 @@ def __init__(
  self.proxies = proxies
  self.proxies_config = proxies_config
  self._session = URLLib3Session(
- proxies=self.proxies, proxies_config=self.proxies_config
+ proxies=self.proxies, proxies_config=self.proxies_config, verify=verify
  )
 
  self._request_signer = IAMRolesAnywhereSigner(