Align with upstream (#1308)

Author: jakob-keller

CHANGES.rst

@@ -1,5 +1,11 @@
 Changes
 -------
+
+2.21.0 (2025-02-27)
+^^^^^^^^^^^^^^^^^^^
+* make `AioDeferredRefreshableCredentials` subclass of `DeferredRefreshableCredentials`
+* make `AioSSOCredentialFetcher` subclass of `SSOCredentialFetcher`
+
 2.20.1.dev0 (2025-02-24)
 ^^^^^^^^^^^^^^^^^^^^^^^^
 * upstream http response header fixes to be more in-line with botocore

aiobotocore/__init__.py

@@ -1 +1 @@
-__version__ = '2.20.1.dev0'
+__version__ = '2.21.0'

aiobotocore/args.py

@@ -47,7 +47,6 @@ def get_client_args(
         partition = endpoint_config['metadata'].get('partition', None)
         socket_options = final_args['socket_options']
         configured_endpoint_url = final_args['configured_endpoint_url']
-
         signing_region = endpoint_config['signing_region']
         endpoint_region_name = endpoint_config['region_name']
 

aiobotocore/credentials.py

@@ -1,11 +1,8 @@
 import asyncio
-import datetime
-import json
 import logging
 import os
 import subprocess
 from copy import deepcopy
-from hashlib import sha1
 
 import botocore.compat
 from botocore import UNSIGNED
@@ -27,6 +24,7 @@
     CredentialResolver,
     CredentialRetrievalError,
     Credentials,
+    DeferredRefreshableCredentials,
     EnvProvider,
     InstanceMetadataProvider,
     InvalidConfigError,
@@ -39,6 +37,7 @@
     RefreshableCredentials,
     RefreshWithMFAUnsupportedError,
     SharedCredentialProvider,
+    SSOCredentialFetcher,
     SSOProvider,
     SSOTokenLoader,
     UnauthorizedSSOTokenError,
@@ -50,7 +49,6 @@
     parse,
     resolve_imds_endpoint_mode,
 )
-from dateutil.tz import tzutc
 
 from aiobotocore._helpers import resolve_awaitable
 from aiobotocore.config import AioConfig
@@ -364,7 +362,9 @@ async def get_frozen_credentials(self):
         return self._frozen_credentials
 
 
-class AioDeferredRefreshableCredentials(AioRefreshableCredentials):
+class AioDeferredRefreshableCredentials(
+    DeferredRefreshableCredentials, AioRefreshableCredentials
+):
     def __init__(self, refresh_using, method, time_fetcher=_local_now):
         self._refresh_using = refresh_using
         self._access_key = None
@@ -376,11 +376,6 @@ def __init__(self, refresh_using, method, time_fetcher=_local_now):
         self.method = method
         self._frozen_credentials = None
 
-    def refresh_needed(self, refresh_in=None):
-        if self._frozen_credentials is None:
-            return True
-        return super().refresh_needed(refresh_in)
-
 
 class AioCachedCredentialFetcher(CachedCredentialFetcher):
     async def _get_credentials(self):
@@ -747,11 +742,14 @@ async def _resolve_source_credentials(self, role_config, profile_name):
     async def _resolve_credentials_from_profile(self, profile_name):
         profiles = self._loaded_config.get('profiles', {})
         profile = profiles[profile_name]
-
         if (
             self._has_static_credentials(profile)
             and not self._profile_provider_builder
         ):
+            # This is only here for backwards compatibility. If this provider
+            # isn't given a profile provider builder we still want to be able
+            # handle the basic static credential case as we would before the
+            # provile provider builder parameter was added.
             return self._resolve_static_credentials_from_profile(profile)
         elif self._has_static_credentials(
             profile
@@ -770,7 +768,6 @@ async def _resolve_credentials_from_profile(self, profile_name):
                     error_msg=error_message % profile_name,
                 )
             return credentials
-
         return await self._load_creds_via_assume_role(profile_name)
 
     def _resolve_static_credentials_from_profile(self, profile):
@@ -971,52 +968,9 @@ async def load_credentials(self):
         return None
 
 
-class AioSSOCredentialFetcher(AioCachedCredentialFetcher):
-    _UTC_DATE_FORMAT = '%Y-%m-%dT%H:%M:%SZ'
-
-    def __init__(
-        self,
-        start_url,
-        sso_region,
-        role_name,
-        account_id,
-        client_creator,
-        token_loader=None,
-        cache=None,
-        expiry_window_seconds=None,
-        token_provider=None,
-        sso_session_name=None,
-    ):
-        self._client_creator = client_creator
-        self._sso_region = sso_region
-        self._role_name = role_name
-        self._account_id = account_id
-        self._start_url = start_url
-        self._token_loader = token_loader
-        self._token_provider = token_provider
-        self._sso_session_name = sso_session_name
-        super().__init__(cache, expiry_window_seconds)
-
-    def _create_cache_key(self):
-        args = {
-            'roleName': self._role_name,
-            'accountId': self._account_id,
-        }
-        if self._sso_session_name:
-            args['sessionName'] = self._sso_session_name
-        else:
-            args['startUrl'] = self._start_url
-
-        args = json.dumps(args, sort_keys=True, separators=(',', ':'))
-        argument_hash = sha1(args.encode('utf-8')).hexdigest()
-        return self._make_file_safe(argument_hash)
-
-    def _parse_timestamp(self, timestamp_ms):
-        # fromtimestamp expects seconds so: milliseconds / 1000 = seconds
-        timestamp_seconds = timestamp_ms / 1000.0
-        timestamp = datetime.datetime.fromtimestamp(timestamp_seconds, tzutc())
-        return timestamp.strftime(self._UTC_DATE_FORMAT)
-
+class AioSSOCredentialFetcher(
+    SSOCredentialFetcher, AioCachedCredentialFetcher
+):
     async def _get_credentials(self):
         """Get credentials by calling SSO get role credentials."""
         config = Config(

tests/test_patches.py

@@ -18,6 +18,7 @@
     ContainerProvider,
     CredentialResolver,
     Credentials,
+    DeferredRefreshableCredentials,
     EnvProvider,
     InstanceMetadataProvider,
     OriginalEC2Provider,
@@ -242,7 +243,12 @@
     RefreshableCredentials.get_frozen_credentials: {
         'f661c84a8b759786e011f0b1e8a468a0c6294e36'
     },
-    SSOCredentialFetcher: {'fa2a1dd73e0ec37e250c97f55a7b2c341a7f836a'},
+    DeferredRefreshableCredentials.__init__: {
+        'd18601140386cfaa6718d0e0d38a0816cd151d35',
+    },
+    SSOCredentialFetcher._get_credentials: {
+        '8b330f4b299aece9232577f066060e28d369f3e9',
+    },
     SSOProvider.load: {'67aba81dd1def437f2035f5e20b0720b328d970a'},
     CachedCredentialFetcher._get_credentials: {
         '02a7d13599d972e3f258d2b53f87eeda4cc3e3a4'
@@ -455,6 +461,9 @@
     Session._create_credential_resolver: {
         '87e98d201c72d06f7fbdb4ebee2dce1c09de0fb2'
     },
+    Session.set_credentials: {
+        '63a10f97f417d3df8aae8a5444db4c8a6ebe06ad',
+    },
     Session.get_credentials: {'718da08b630569e631f93aedd65f1d9215bfc30b'},
     get_session: {'c47d588f5da9b8bde81ccc26eaef3aee19ddd901'},
     Session.get_service_data: {