Set RoleSessionName from SourceIdentity if it's provided

Question

Set RoleSessionName from SourceIdentity if it's provided

benkehoe opened this issue 3 years ago · 2 comments

If RoleSessionName is not provided, botocore will set it by default to a string that contains a timestamp but no other useful info. If SourceIdentity is being set, and RoleSessionName is not provided, it probably makes sense to set RoleSessionName from this value.

However, there should be a way to continue the existing behavior, which is to use the botocore-generated session name when RoleSessionName is not provided even if SourceIdentity is. But I'm not sure what that API should look like. I can think of three options:

Special value False:

assume_role(session, role_arn, SourceIdentity="foo", RoleSessionName=False)

Special value True:

assume_role(session, role_arn, SourceIdentity="foo", RoleSessionName=True)

Special value in the module (probably using characters invalid for role session names):

assume_role(session, role_arn, SourceIdentity="foo", RoleSessionName=aws_assume_role_lib.DEFAULT_ROLE_SESSION_NAME)

Feedback welcome!

Answer 1 · 2021-09-22T01:53:40.000Z

Looking at it, the last one is pretty obviously the right choice.

Answer 2 · 2021-09-28T23:48:44.000Z

Implemented in #5, released in v2.9.