-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path_common.py
104 lines (75 loc) · 2.77 KB
/
_common.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
import functools
import typing
import boto3
import hyperlink
from botocore import UNSIGNED
from botocore.config import Config
from botocore.handlers import disable_signing
ACCOUNT_NAMES = {
"760097843905": "platform",
"299497370133": "workflow",
"975596993436": "storage",
}
@functools.cache
def get_aws_session(*, role_arn):
# sts_client = boto3.client("s3", config=Config(signature_version=UNSIGNED))
sts_client = boto3.client("sts")
assumed_role_object = sts_client.assume_role(
RoleArn=role_arn, RoleSessionName="AssumeRoleSession1"
)
credentials = assumed_role_object["Credentials"]
return boto3.Session(
aws_access_key_id=credentials["AccessKeyId"],
aws_secret_access_key=credentials["SecretAccessKey"],
aws_session_token=credentials["SessionToken"],
)
def guess_account(s3_identifier, role_name):
resource = boto3.resource("s3")
resource.meta.client.meta.events.register("choose-signer.s3.*", disable_signing)
"""
Given the name of an S3 bucket, guess the account it belongs to.
You can pass the name of the bucket, or the S3 URI.
Examples:
> guess_account('s3://example-bucket/cat.jpg')
{'account_id': '1234567890', 'name': 'example'}
> guess_account('example-bucket')
{'account_id': '1234567890', 'name': 'example'}
"""
if "wellcomedigitalworkflow" in s3_identifier:
account_id = "299497370133"
elif "wellcomecollection-storage" in s3_identifier:
account_id = "975596993436"
elif (
"wellcomecollection-assets-workingstorage" in s3_identifier
or "wellcomecollection-platform" in s3_identifier
or "wellcomecollection-editorial-photography" in s3_identifier
):
account_id = "760097843905"
else:
return None
account_name = ACCOUNT_NAMES[account_id]
return {
"account_id": account_id,
"name": account_name,
"role_arn": f"arn:aws:iam::{account_id}:role/{account_name}-{role_name}",
}
def create_s3_session(s3_identifier, *, role_name="read_only"):
account = guess_account(s3_identifier, role_name)
if account:
return get_aws_session(role_arn=account["role_arn"])
else:
return boto3.Session()
class S3Uri(typing.TypedDict):
Bucket: str
Path: str
def parse_s3_uri(s3_uri: str) -> S3Uri:
uri = hyperlink.parse(s3_uri)
if uri.scheme != "s3":
raise ValueError(f"Unrecognised scheme in {s3_uri!r}, expected s3://")
bucket = uri.host
path = "/".join(uri.path)
return {"Bucket": bucket, "Path": path}
def create_link_text(*, url, label):
# Based on https://stackoverflow.com/a/71309268/1558022
# OSC 8 ; params ; URI ST <name> OSC 8 ;; ST
return f"\033]8;;{url}\033\\{label}\033]8;;\033\\"