Metadata-Version: 2.1
Name: poetry-aws-plugin
Version: 0.1.9
Summary: A poetry plugin to help with AWS CodeArtifact authorization automatically
Home-page: https://github.com/xiasongh/poetry-aws-plugin
License: MIT
Keywords: aws,codeartifact,poetry
Author: Song Huang
Author-email: xiasongh@gmail.com
Requires-Python: >=3.10,<4.0
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Dist: boto3 (>=1.34.71,<2.0.0)
Requires-Dist: poetry (>=1.7.0,<2.0.0)
Project-URL: Repository, https://github.com/xiasongh/poetry-aws-plugin
Description-Content-Type: text/markdown

# Poetry AWS Plugin

This is a poetry plugin to help with AWS CodeArtifact authorization by automatically getting the authorization token.

When installing or publishing packages through poetry, the plugin will check whether the command requires CodeArtifact authorization, and if so, adds it automatically.

The plugin will try two methods of authorization, in this order:

1. Use AWS credentials to run `codeartifact.GetAuthorizationToken`.
2. Use AWS credentials to run `sts.AssumeRole`, then use that role to run `codeartifact.GetAuthorizationToken`.

## Installation

To install the plugin

```
poetry self add poetry-aws-plugin
```

To uninstall the plugin

```
poetry self remove poetry-aws-plugin
```

## Usage

You must ensure that your AWS credentials are configured and discoverable by `boto3`. The [`boto3` documentation](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html#configuring-credentials) has details on how to configure your credentials and the order in which they searched.

When poetry runs a command that uses CodeArtifact, the plugin will automatically check whether the command needs authorization, and if so, requests a CodeArtifact authorization token and adds it to the command.

Your AWS credentials must be authorized to do atleast one of the following:

1. Run [`codeartifact.GetAuthorizationToken`](https://docs.aws.amazon.com/cli/latest/reference/codeartifact/get-authorization-token.html).
2. Run [`sts.AssumeRole`](https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html) to assume a role with authorization to run [`codeartifact.GetAuthorizationToken`](https://docs.aws.amazon.com/cli/latest/reference/codeartifact/get-authorization-token.html).

**To use IAM roles to authorize, set the environment variable `POETRY_AWS_PLUGIN_ROLE_ARN` to the role's ARN before running any poetry commands**.

For example:

```bash
POETRY_AWS_PLUGIN_ROLE_ARN='arn:aws:codeartifact:<region>:<account-id>:repository/<domain>/<domain-owner>/<repository>' poetry install
```

or

```bash
echo "export POETRY_AWS_PLUGIN_ROLE_ARN='arn:aws:codeartifact:<region>:<account-id>:repository/<domain>/<domain-owner>/<repository>'" >> ~/.bashrc
source ~/.bashrc
poetry install
```

You can find more details in AWS's [CodeArtifact authentication and tokens documentation](https://docs.aws.amazon.com/codeartifact/latest/ug/tokens-authentication.html) and [CodeArtifact IAM documentation](https://docs.aws.amazon.com/codeartifact/latest/ug/security_iam_service-with-iam.html).

# Misc

You can also authorize by setting the environment variable `POETRY_AWS_PLUGIN_AUTH_TOKEN` to the CodeArtifact authorization token. This may be useful in CI/CD pipelines and reducing poetry configuration.

For example:

```bash
POETRY_AWS_PLUGIN_AUTH_TOKEN='<codeartifact-authorization-token>' poetry install
```

