Centrica Chaim AWS Accounts - Python Module
This module gives chaim functionality to your python scripts.
Chaim acts as a context manager for python scripts. It obtains temporary credentials for an AWS account under the alias 'tempname'. These credentials are removed when the context goes out of scope.
from chaim.chaimmodule import Chaim with Chaim("sredev", "mpu", 1) as success: # if success is True we successfully obtained credentials if success: # we are 'in context' so the credentials are valid ses = boto3.session.Session(profile_name="tempname") client = ses.client("s3") buckets = client.list_buckets() # script continues but we are now 'out of context' so the credentials are no longer # valid and have been deleted. print("all done")
Chaim can also act as an ordinary python class facilitating access to chaim accounts. Each object
only works with one AWS account. You should set the
tempname class constructor variable to a
unique value if you use more than one instance at once.
You will need to call
Chaim.requestKeys() to actually get keys for the account.
It should be thread safe as there is thread locking code in the ini file write routine.
from chaim.chaimmodule import Chaim ch = Chaim("sredev", "rro", 1, tempname="uniquename12") success = ch.requestKeys() ... # when program ends or object is destroyed Chaim.deleteAccount() is automatically called # which will delete the account information from the ini file del(ch)
Chaim can be quite 'chatty' and defaults to logging output to stderr. There are 3 levels of verboseness:
0: only show errors
1: show progress
>1: debug messages
verbose defaults to
Parameters to set up the Chaim Object
account - the full account name to obtain credentials for.
role - the chaim role to access the account as.
duration - integer between 1 and 12 for number of hours to hold the credentials for.
defaults to 1 hour.
region - defaults to 'eu-west-1'.
tempname - the alias for the account - defaults to 'tempname'.
terrible - set to True for Ansible/Terraform support - defaults to False.
verbose - set loglevel, defaults to WARN, 1 = INFO, >1 = DEBUG
logfile - log output to a seperate file, defaults to NONE.
Chaim has 2 unique exceptions
Neither of these should be thrown when using as a context manager.
None of these are intended for basic, context manager, usage, this list is provided for completeness. To use these the Chaim object must be setup first.
These Functions have been written to ease future expansion of this module.
returns the default section from the credentials file
returns the default account name as set in the credentials file
returns the url to access the chaim api gateway
requests updated credentails for the account named in
Obtains credentials from chaim. Takes no parameters
Stores the keys contained in
text into the credential file format.
text should be the returned text from a requests object. It should be convertable
into json and then into a python dictionary.
Returns a list of tuples describing your current chaim accounts
[(account, expire timestamp, expire string, default account),(...)]
Logs the current chaim credentials you hold, along with their expiration times.
Returns a list of tuples of all account ids and account names that chaim knows about
[(account number, account name),(...)]
Deletes the account credentials
account from the credentials file
account definition from the credentials file and stores it for later use
in the chaim-parked accounts file
account definition from the chaim-parked accounts file, adds it to the
credentials file and renews the credentials for it.
Returns a list of parked account aliases.
Release history Release notifications | RSS feed
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.