Disable SigV4 signing of non-IAM AWS requests (#179)

* Disable SigV4 signing of non-IAM AWS requests * update changelog Co-authored-by: Michael Chin <[email protected]>
aws · Aug 16, 2021 · 9b943a4 · 9b943a4
1 parent 1ad3af1
commit 9b943a4
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 7 deletions.
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -4,6 +4,8 @@ Starting with v1.31.6, this file will contain a record of major features and upd
 
 ## Upcoming
 
+- Disabled SigV4 signing for non-IAM AWS requests ([Link to PR](https://github.com/aws/graph-notebook/pull/179))
+
 ## Release 3.0.3 (August 11, 2021)
 
 - Gremlin visualization bugfixes ([PR #1](https://github.com/aws/graph-notebook/pull/166)) ([PR #2](https://github.com/aws/graph-notebook/pull/174)) ([PR #3](https://github.com/aws/graph-notebook/pull/175))

diff --git a/src/graph_notebook/neptune/client.py b/src/graph_notebook/neptune/client.py
@@ -9,6 +9,7 @@
 import requests
 from SPARQLWrapper import SPARQLWrapper
 from boto3 import Session
+from botocore.session import Session as botocoreSession
 from botocore.auth import SigV4Auth
 from botocore.awsrequest import AWSRequest
 from gremlin_python.driver import client
@@ -569,13 +570,15 @@ def _prepare_request(self, method, url, *, data=None, params=None, headers=None,
         return request.prepare()
 
     def _get_aws_request(self, method, url, *, data=None, params=None, headers=None, service=NEPTUNE_SERVICE_NAME):
-        credentials = self._session.get_credentials()
-        frozen_creds = credentials.get_frozen_credentials()
-
         req = AWSRequest(method=method, url=url, data=data, params=params, headers=headers)
-        SigV4Auth(frozen_creds, service, self.region).add_auth(req)
-        prepared_iam_req = req.prepare()
-        return prepared_iam_req
+        if self.iam_enabled and self._auth is not None:
+            credentials = self._session.get_credentials()
+            frozen_creds = credentials.get_frozen_credentials()
+            SigV4Auth(frozen_creds, service, self.region).add_auth(req)
+            prepared_iam_req = req.prepare()
+            return prepared_iam_req
+        else:
+            return req
 
     def _ensure_http_session(self):
         if not self._http_session:
@@ -591,7 +594,7 @@ def close(self):
 
     @property
     def iam_enabled(self):
-        return type(self._session) is Session
+        return type(self._session) in [Session, botocoreSession]
 
 
 class ClientBuilder(object):