From 11fa1501a2f6dfa4c83f5c96ac969f1f69aa552d Mon Sep 17 00:00:00 2001 From: edunn Date: Thu, 12 Sep 2024 16:59:26 -0700 Subject: [PATCH] update client to pull credentials from boto3 Session this should provide support for execution as Fargate ECS --- scratch/es-to-aoss-migration/dump-aoss-lidvids.py | 4 ++-- scratch/es-to-aoss-migration/upload-missing-content.py | 4 ++-- src/pds/registrysweepers/utils/db/client.py | 6 ++++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/scratch/es-to-aoss-migration/dump-aoss-lidvids.py b/scratch/es-to-aoss-migration/dump-aoss-lidvids.py index 3b9d8df..fe140a1 100644 --- a/scratch/es-to-aoss-migration/dump-aoss-lidvids.py +++ b/scratch/es-to-aoss-migration/dump-aoss-lidvids.py @@ -3,12 +3,12 @@ from opensearchpy import RequestsAWSV4SignerAuth, OpenSearch, RequestsHttpConnection from pds.registrysweepers.utils.db import query_registry_db_with_search_after -from pds.registrysweepers.utils.db.client import get_aws_credentials_from_ssm +from pds.registrysweepers.utils.db.client import get_aws_credentials_from_ec2_metadata_service iam_role_name = 'temp-mcp-ec2-opensearch-role' aoss_host = 'b3rqys09xmx9i19yn64i.us-west-2.aoss.amazonaws.com' -credentials = get_aws_credentials_from_ssm(iam_role_name) +credentials = get_aws_credentials_from_ec2_metadata_service(iam_role_name) auth = RequestsAWSV4SignerAuth(credentials, 'us-west-2', 'aoss') diff --git a/scratch/es-to-aoss-migration/upload-missing-content.py b/scratch/es-to-aoss-migration/upload-missing-content.py index 7296f84..9d09f4d 100644 --- a/scratch/es-to-aoss-migration/upload-missing-content.py +++ b/scratch/es-to-aoss-migration/upload-missing-content.py @@ -3,12 +3,12 @@ from opensearchpy import RequestsAWSV4SignerAuth, OpenSearch, RequestsHttpConnection from pds.registrysweepers.utils.db import _write_bulk_updates_chunk -from pds.registrysweepers.utils.db.client import get_aws_credentials_from_ssm +from pds.registrysweepers.utils.db.client import get_aws_credentials_from_ec2_metadata_service iam_role_name = 'temp-mcp-ec2-opensearch-role' aoss_host = 'b3rqys09xmx9i19yn64i.us-west-2.aoss.amazonaws.com' -credentials = get_aws_credentials_from_ssm(iam_role_name) +credentials = get_aws_credentials_from_ec2_metadata_service(iam_role_name) auth = RequestsAWSV4SignerAuth(credentials, 'us-west-2', 'aoss') diff --git a/src/pds/registrysweepers/utils/db/client.py b/src/pds/registrysweepers/utils/db/client.py index e2a80f7..75c4211 100644 --- a/src/pds/registrysweepers/utils/db/client.py +++ b/src/pds/registrysweepers/utils/db/client.py @@ -1,7 +1,9 @@ import json import logging import os +from typing import Union +import boto3 import requests from botocore.credentials import Credentials from opensearchpy import OpenSearch @@ -61,7 +63,7 @@ def get_userpass_opensearch_client( ) -def get_aws_credentials_from_ssm(iam_role_name: str) -> Credentials: +def get_aws_credentials_from_ec2_metadata_service(iam_role_name: str) -> Credentials: url = f"http://169.254.169.254/latest/meta-data/iam/security-credentials/{iam_role_name}" response = requests.get(url) if response.status_code != 200: @@ -78,7 +80,7 @@ def get_aws_credentials_from_ssm(iam_role_name: str) -> Credentials: def get_aws_aoss_client_from_ssm(endpoint_url: str, iam_role_name: str) -> OpenSearch: # https://opensearch.org/blog/aws-sigv4-support-for-clients/ - credentials = get_aws_credentials_from_ssm(iam_role_name) + credentials = boto3.Session().get_credentials() auth = RequestsAWSV4SignerAuth(credentials, "us-west-2", "aoss") return get_aws_opensearch_client(endpoint_url, auth)