Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a followup on boto/botocore#2096. That was an overcomplicated implementation that used a custom
CredentialProvider
and credential chain, whenbotocore.Session
already has a mechanism for overriding the credential chain with aCredentials
object.Issue boto/botocore#761 asks for first-class support for sts:AssumeRole, where there is a
Session.assume_role()
method that produces another session. This implements it by using the existingAssumeRoleCredentialFetcher
andDeferredRefreshableCredentials
classes, the latter of which is set as the_credentials
field of the new botocore Session (like happens when you provide explicit credentials when setting up a session by callingset_credentials()
on the botocore session; that method doesn't take aCredentials
object, so this changes the field directly, but that could be fixed by a small change tobotocore.Session
). It sets the region of the assumed role session to the current value returned bySession.region_name
.I'm opening this PR for discussion as to whether it might be accepted, given that it's a substantially smaller change than proposed in the previous PR. As such, I have not yet implemented tests, nor given the method signature any thought (compare with the comprehensive interface provided by aws-assume-role-lib).