Configuration Module

credproxy.config.keyisset(key: str, data: dict) → Any

Check if key exists in dict and return value, raise if missing.

credproxy.config.set_else_none(key: str, data: dict, default: Any) → Any

Get value from dict or return default if not present.

class credproxy.config.IAMProfileAuthConfig(profile_name: str, config_file: str | None = None)

Bases: object

IAM profile authentication configuration.

profile_name: str

config_file: str | None = None

__init__(profile_name: str, config_file: str | None = None) → None

class credproxy.config.IAMKeysAuthConfig(aws_access_key_id: str, aws_secret_access_key: str, session_token: str | None = None)

Bases: object

IAM access keys authentication configuration.

aws_access_key_id: str

aws_secret_access_key: str

session_token: str | None = None

__init__(aws_access_key_id: str, aws_secret_access_key: str, session_token: str | None = None) → None

class credproxy.config.SourceCredentialsConfig(region: str | None = None, iam_profile: IAMProfileAuthConfig | None = None, iam_keys: IAMKeysAuthConfig | None = None)

Bases: object

Source AWS credentials configuration.

region: str | None = None

iam_profile: IAMProfileAuthConfig | None = None

iam_keys: IAMKeysAuthConfig | None = None

__init__(region: str | None = None, iam_profile: IAMProfileAuthConfig | None = None, iam_keys: IAMKeysAuthConfig | None = None) → None

class credproxy.config.AssumedRoleConfig(RoleArn: str, RoleSessionName: str = 'credproxy', DurationSeconds: int = 900, ExternalId: str | None = None, PolicyArns: list[dict] | None = None, Policy: str | None = None, Tags: list[dict] | None = None, TransitiveTagKeys: list[str] | None = None, SerialNumber: str | None = None, TokenCode: str | None = None, SourceIdentity: str | None = None)

Bases: object

AWS role assumption configuration.

RoleArn: str

RoleSessionName: str = 'credproxy'

DurationSeconds: int = 900

ExternalId: str | None = None

PolicyArns: list[dict] | None = None

Policy: str | None = None

Tags: list[dict] | None = None

TransitiveTagKeys: list[str] | None = None

SerialNumber: str | None = None

TokenCode: str | None = None

SourceIdentity: str | None = None

__init__(RoleArn: str, RoleSessionName: str = 'credproxy', DurationSeconds: int = 900, ExternalId: str | None = None, PolicyArns: list[dict] | None = None, Policy: str | None = None, Tags: list[dict] | None = None, TransitiveTagKeys: list[str] | None = None, SerialNumber: str | None = None, TokenCode: str | None = None, SourceIdentity: str | None = None) → None

class credproxy.config.ServerConfig(host: str = '0.0.0.0', port: int = 1338, debug: bool = False, log_health_checks: bool = False)

Bases: object

Server configuration settings.

host: str = '0.0.0.0'

port: int = 1338

debug: bool = False

log_health_checks: bool = False

__init__(host: str = '0.0.0.0', port: int = 1338, debug: bool = False, log_health_checks: bool = False) → None

class credproxy.config.CredentialsConfig(refresh_buffer_seconds: int = 300, retry_delay: int = 60, request_timeout: int = 30)

Bases: object

Credential management settings.

refresh_buffer_seconds: int = 300

retry_delay: int = 60

request_timeout: int = 30

__init__(refresh_buffer_seconds: int = 300, retry_delay: int = 60, request_timeout: int = 30) → None

class credproxy.config.DirectoryConfig(path: str, include_patterns: list[str] = <factory>, exclude_patterns: list[str] = <factory>)

Bases: object

Configuration for a single monitored directory.

path: str

include_patterns: list[str]

exclude_patterns: list[str]

__init__(path: str, include_patterns: list[str] = <factory>, exclude_patterns: list[str] = <factory>) → None

class credproxy.config.DynamicServicesConfig(enabled: bool = False, directories: list[~credproxy.config.DirectoryConfig] = <factory>, reload_interval: int = 5, watcher_stop_timeout: int = 5)

Bases: object

Dynamic services configuration settings.

enabled: bool = False

directories: list[DirectoryConfig]

reload_interval: int = 5

watcher_stop_timeout: int = 5

__init__(enabled: bool = False, directories: list[~credproxy.config.DirectoryConfig] = <factory>, reload_interval: int = 5, watcher_stop_timeout: int = 5) → None

class credproxy.config.PrometheusConfig(enabled: bool = True, host: str = '0.0.0.0', port: int = 9090)

Bases: object

Prometheus metrics configuration.

enabled: bool = True

host: str = '0.0.0.0'

port: int = 9090

__init__(enabled: bool = True, host: str = '0.0.0.0', port: int = 9090) → None

class credproxy.config.MetricsConfig(prometheus: ~credproxy.config.PrometheusConfig = <factory>)

Bases: object

Metrics and telemetry configuration.

prometheus: PrometheusConfig

__init__(prometheus: ~credproxy.config.PrometheusConfig = <factory>) → None

class credproxy.config.ServiceConfig(auth_token: str, source_credentials: SourceCredentialsConfig, assumed_role: AssumedRoleConfig, source_file: str | None = None)

Bases: object

Configuration for a single service.

auth_token: str

source_credentials: SourceCredentialsConfig

assumed_role: AssumedRoleConfig

source_file: str | None = None

__init__(auth_token: str, source_credentials: SourceCredentialsConfig, assumed_role: AssumedRoleConfig, source_file: str | None = None) → None

credproxy.config.merge_aws_config(defaults: dict, overrides: dict) → dict

Merge AWS configuration with defaults and service-specific overrides.

class credproxy.config.Config(server: ~credproxy.config.ServerConfig = <factory>, credentials: ~credproxy.config.CredentialsConfig = <factory>, aws_defaults: ~credproxy.config.SourceCredentialsConfig | None = None, services: dict[str, ~credproxy.config.ServiceConfig] = <factory>, dynamic_services: ~credproxy.config.DynamicServicesConfig | None = None, metrics: ~credproxy.config.MetricsConfig = <factory>)

Bases: object

Main configuration class.

server: ServerConfig

credentials: CredentialsConfig

aws_defaults: SourceCredentialsConfig | None = None

services: dict[str, ServiceConfig]

dynamic_services: DynamicServicesConfig | None = None

metrics: MetricsConfig

get_service_name_by_token(token: str) → str | None

Get service name by authorization token.

add_service(service_name: str, service_config: ServiceConfig) → bool

Add a new service dynamically.

remove_service(service_name: str) → bool

Remove a service dynamically.

update_service(service_name: str, service_config: ServiceConfig) → bool

Update an existing service dynamically.

classmethod from_file(config_path: str | None = None) → Config

Load configuration from YAML or JSON file.

classmethod from_dict(config_data: dict, config_path: str | None = None) → Config

Create configuration from dictionary.

classmethod validate_schema(config_data: dict) → None

Validate configuration data against JSON schema.

__init__(server: ~credproxy.config.ServerConfig = <factory>, credentials: ~credproxy.config.CredentialsConfig = <factory>, aws_defaults: ~credproxy.config.SourceCredentialsConfig | None = None, services: dict[str, ~credproxy.config.ServiceConfig] = <factory>, dynamic_services: ~credproxy.config.DynamicServicesConfig | None = None, metrics: ~credproxy.config.MetricsConfig = <factory>) → None

The configuration module handles loading, validation, and management of CredProxy configuration from YAML files and environment variables.

Key Classes

Config

Main configuration class that loads and validates configuration from files.

IAMProfileAuthConfig

Configuration for IAM profile-based authentication.

IAMKeysAuthConfig

Configuration for IAM access key-based authentication.

SourceCredentialsConfig

Configuration for source AWS credentials.

AssumedRoleConfig

Configuration for AWS role assumption parameters.

ServiceConfig

Configuration for individual services requiring credentials.

Key Functions

keyisset(key, data)

Check if key exists in dict and return value, raise if missing.

set_else_none(key, data, default)

Get value from dict or return default if not present.