Updated python examples (#1621)

Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
minio · Jun 6, 2023 · 5bff281 · 5bff281
1 parent 03c840d
commit 5bff281
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 35 deletions.
diff --git a/examples/kustomization/sts-example/sample-clients/aws-sdk/python/main.py b/examples/kustomization/sts-example/sample-clients/aws-sdk/python/main.py
@@ -15,11 +15,12 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import boto3
 import os
 import sys
 from urllib.parse import urlparse
 
+import boto3
+
 sts_endpoint = os.getenv("STS_ENDPOINT")
 tenant_endpoint = os.getenv("MINIO_ENDPOINT")
 tenant_namespace = os.getenv("TENANT_NAMESPACE")
@@ -29,7 +30,7 @@
 
 role_arn = "arn:aws:iam::111111111:dummyroot"
 role_session_name = "optional-session-name"
-os.environ.setdefault('AWS_ROLE_ARN', role_arn) #In AWS SDK RoleArn parameter is mandatory
+os.environ.setdefault('AWS_ROLE_ARN', role_arn)  # In AWS SDK RoleArn parameter is mandatory
 
 policy = None
 
@@ -40,13 +41,13 @@
 with open(token_path, "r") as f:
     sa_jwt = f.read()
 
-if sa_jwt == "" or sa_jwt == None:
+if sa_jwt == "" or sa_jwt is None:
     print("Token is empty")
     sys.exit(1)
 
-stsUrl = urlparse(f"{sts_endpoint}/{tenant_namespace}")
+sts_url = urlparse(f"{sts_endpoint}/{tenant_namespace}")
 
-sts = boto3.client('sts', endpoint_url=stsUrl.geturl(), verify=False)
+sts = boto3.client('sts', endpoint_url=sts_url.geturl(), verify=False)
 assumed_role_object = sts.assume_role_with_web_identity(
     RoleArn=role_arn,
     RoleSessionName=role_session_name,
@@ -58,12 +59,12 @@
 credentials = assumed_role_object['Credentials']
 print(credentials)
 
-tenantUrl = urlparse(tenant_endpoint)
+tenant_url = urlparse(tenant_endpoint)
 s3_client = boto3.resource('s3',
-    aws_access_key_id=credentials['AccessKeyId'],
-    aws_secret_access_key=credentials['SecretAccessKey'],
-    aws_session_token=credentials['SessionToken'],
-    endpoint_url=tenantUrl.geturl(), verify=False)
+                           aws_access_key_id=credentials['AccessKeyId'],
+                           aws_secret_access_key=credentials['SecretAccessKey'],
+                           aws_session_token=credentials['SessionToken'],
+                           endpoint_url=tenant_url.geturl(), verify=False)
 
 my_bucket = s3_client.Bucket(bucket)
 for my_bucket_object in my_bucket.objects.all():

diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/python/main.py b/examples/kustomization/sts-example/sample-clients/minio-sdk/python/main.py
@@ -14,20 +14,24 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+import os
+import ssl
+import sys
+from urllib.parse import urlparse
 
+import certifi
+import urllib3
 from minio import Minio
 from minio.credentials import IamAwsProvider
-from urllib.parse import urlparse
-import urllib3
-import os
-import sys
+
 # import logging
 
 sts_endpoint = os.getenv("STS_ENDPOINT")
 tenant_endpoint = os.getenv("MINIO_ENDPOINT")
 tenant_namespace = os.getenv("TENANT_NAMESPACE")
 token_path = os.getenv("AWS_WEB_IDENTITY_TOKEN_FILE")
-bucketName = os.getenv("BUCKET")
+tenant_region = os.getenv("MINIO_REGION")
+bucket_name = os.getenv("BUCKET")
 kubernetes_ca_file = os.getenv("KUBERNETES_CA_PATH")
 
 # logging.basicConfig(format='%(message)s', level=logging.DEBUG)
@@ -37,38 +41,46 @@
 with open(token_path, "r") as f:
     sa_jwt = f.read()
 
-if sa_jwt == "" or sa_jwt == None:
+if sa_jwt == "" or sa_jwt is None:
     print("Token is empty")
     sys.exit(1)
 
-https_transport = urllib3.PoolManager(
-    cert_reqs='REQUIRED',
-    ca_certs=kubernetes_ca_file,
-    retries=urllib3.Retry(
-                total=5,
-                backoff_factor=0.2,
-                status_forcelist=[500, 502, 503, 504],
-            )
-    )
+# Load Kubernetes custom CA
+ca_file = certifi.where()
+try:
+    with open(kubernetes_ca_file, 'rb') as infile:
+        custom_ca = infile.read()
+
+    # Append kubernetes custom CA
+    with open(ca_file, 'ab') as outfile:
+        outfile.write(custom_ca)
+except Exception as e:
+    print(e)
+
+# Create a custom SSL context
+custom_ssl_context = ssl.create_default_context(cafile=ca_file)
+
+https_transport = urllib3.PoolManager(ssl_context=custom_ssl_context)
 
-stsUrl = urlparse(f"{sts_endpoint}/{tenant_namespace}")
-provider = IamAwsProvider(stsUrl.geturl(), http_client=https_transport)
+sts_url = urlparse(f"{sts_endpoint}/{tenant_namespace}")
+provider = IamAwsProvider(sts_url.geturl(), http_client=https_transport)
 
 credentials = provider.retrieve()
 
 print(f"Access key: {credentials.access_key}")
 print(f"Secret key: {credentials.secret_key}")
 print(f"Session Token key: {credentials.session_token}")
 
-tenantUrl = urlparse(tenant_endpoint)
-isHttps = (tenantUrl.scheme == "https")
+tenant_url = urlparse(tenant_endpoint)
+is_https = (tenant_url.scheme == "https")
 
 client = Minio(
-    f"{tenantUrl.hostname}:{tenantUrl.port}/{tenantUrl.path}",
+    f"{tenant_url.hostname}:{tenant_url.port}/{tenant_url.path}",
     credentials=provider,
-    secure=isHttps,
-    http_client=https_transport
-    )
+    secure=is_https,
+    http_client=https_transport,
+    region=tenant_region
+)
 
 # list buckets
 print("Listing Buckets:")
@@ -77,7 +89,7 @@
     print(bucket.name, bucket.creation_date)
 
 # list objects in a bucket
-print(f"Listing Objects in bucket {bucketName}:")
-objects = client.list_objects(bucketName, recursive=True)
+print(f"Listing Objects in bucket {bucket_name}:")
+objects = client.list_objects(bucket_name, recursive=True)
 for obj in objects:
     print(obj)
diff --git a/examples/kustomization/sts-example/sample-clients/minio-sdk/python/requirements.txt b/examples/kustomization/sts-example/sample-clients/minio-sdk/python/requirements.txt
@@ -1 +1,2 @@
+certifi==2023.5.7
 minio>=7.1.13