in modular_sdk/services/sts_service.py [0:0]
def assure_modular_credentials_valid(self) -> bool:
"""
If modular_sdk uses 'modular_assume_role_arn', it uses temp aws credentials
to be able to interact with another AWS account. The creds
expiration is kept in envs. They must be re-assumed periodically. So,
this method checks whether the creds are about to expire and if
they really are - re-assumes them.
Returns True in case the role was re-assumed. Otherwise - False
"""
roles = self._environment_service.modular_assume_role_arn()
if not roles:
return False
ex = self._environment_service.modular_aws_credentials_expiration()
in_a_while = utc_datetime() + timedelta(minutes=5)
if not ex or in_a_while > datetime.fromisoformat(ex):
_LOG.info(f'Role {roles[-1]} has not been assumed or has expired. '
f'Reassuming the chain: {roles}')
creds = self.assume_roles_chain(
list(self.assume_roles_default_payloads(roles))
)
_LOG.debug(f'Credentials received successfully. '
f'Setting them to envs')
ak, sk = creds['aws_access_key_id'], creds['aws_secret_access_key']
st = creds['aws_session_token']
self._environment_service.set(MODULAR_AWS_ACCESS_KEY_ID_ENV, ak)
self._environment_service.set(MODULAR_AWS_SECRET_ACCESS_KEY_ENV, sk)
self._environment_service.set(MODULAR_AWS_SESSION_TOKEN_ENV, st)
self._environment_service.set(MODULAR_AWS_CREDENTIALS_EXPIRATION_ENV,
creds['expiration'].isoformat())
return True
else:
return False