baolsen commented on a change in pull request #7619: [AIRFLOW-6975] Base
AWSHook AssumeRoleWithSAML
URL: https://github.com/apache/airflow/pull/7619#discussion_r387577246
##########
File path: airflow/providers/amazon/aws/hooks/base_aws.py
##########
@@ -156,26 +157,31 @@ def _get_credentials(self, region_name):
**session_kwargs
)
sts_client = sts_session.client("sts", config=self.config)
- # Assume role
+
assume_role_kwargs = dict()
if "assume_role_kwargs" in extra_config:
assume_role_kwargs = extra_config["assume_role_kwargs"]
- if "external_id" in extra_config: # Backwards
compatibility
- assume_role_kwargs["ExternalId"] = extra_config.get(
- "external_id"
- )
- role_session_name = "Airflow_" + self.aws_conn_id
- self.log.info(
- "Doing assume_role to role_arn=%s
role_session_name=%s",
+ assume_role_method = None
+ if "assume_role_method" in extra_config:
+ assume_role_method = extra_config['assume_role_method']
+ self.log.info("assume_role_method=%s", assume_role_method)
+ method = None
+ if not assume_role_method:
+ method = self._assume_role
+ elif assume_role_method == 'assume_role_with_saml':
+ method = self._assume_role_with_saml
+ else:
+ raise NotImplementedError(
+ 'assume_role_method=%s' % assume_role_method)
Review comment:
Great point, thanks. What makes sense to the developer might make no sense
to the user ;) I will update these cases accordingly.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
