don't use global s3 client

2026-02-01 23:55:58 -05:00 · 2025-06-27 12:12:43 -07:00
parent e7d9d02a34
commit 8573b4d67e
2 changed files with 37 additions and 55 deletions
--- a/app/aws/s3.py
+++ b/app/aws/s3.py
@@ -13,6 +13,7 @@ from app import job_cache, job_cache_lock
 from app.clients import AWS_CLIENT_CONFIG
 # from app.service.rest import get_service_by_id
 from app.utils import hilite
 from notifications_utils import aware_utcnow
 FILE_LOCATION_STRUCTURE = "service-{}-notify/{}.csv"
@@ -78,7 +79,9 @@ def get_s3_client():
        aws_secret_access_key=secret_key,
        region_name=region,
    )
    current_app.logger.info(hilite("About to call session.client"))
    s3_client = session.client("s3", config=AWS_CLIENT_CONFIG)
    current_app.logger.info(hilite("SESSION CALLED"))
    return s3_client
--- a/tests/app/aws/test_s3.py
+++ b/tests/app/aws/test_s3.py
@@ -605,64 +605,43 @@ def test_get_s3_files_handles_exception(mocker):
 def test_get_s3_client_default_credentials():
    with patch.dict(os.environ, {}, clear=True):
-        with patch("boto3.session.Session") as mock_session:
+        with patch("app.aws.s3.boto3.session.Session") as mock_session:
-            mock_client = MagicMock(_client_config=MagicMock(region_name="us-north-1"))
+            mock_client = MagicMock()
            mock_session.return_value.client.return_value = mock_client
        client = get_s3_client()
        assert client is not None
        mock_session.return_value.client.assert_called_with(
            "s3",
            aws_access_key=None,
            aws_secret_access_key=None,  # pragma: allowlist secret
            region_name="us-north-1",
        )
 def test_get_s3_client_invalid_credentials():
    with patch.dict(
        os.environ,
        {
            "AWS_ACCESS_KEY_ID": "invalid-key",
            "AWS_SECRET_ACCESS_KEY": "invalid-secret",  # pragma: allowlist secret
            "AWS_DEFAULT_REGION": "us-north-1",
        },
    ):
        with patch("boto3.session.Session") as mock_session:
            mock_session.return_value.client.side_effect = (
                botocore.exceptions.ClientError(
                    {
                        "Error": {
                            "Code": "InvalidClientTokenId",
                            "Message": "Invalid credentials",
                        }
                    },
                    "HeadBucket",
                )
            )
            try:
                get_s3_client()
                assert 1 == 0
            except botocore.exceptions.ClientError as e:
                assert e.response["Error"]["Code"] == "InvalidClientTokenId"
 def test_get_s3_client_no_region():
    with patch.dict(
        os.environ,
        {
            "AWS_ACCESS_KEY_ID": "test-key",
            "AWS_SECRET_ACCESS_KEY": "test-secret",  # pragma: allowlist secret
        },
        clear=True,
    ):
        with patch("boto3.session.Session") as mock_session:
            mock_client = MagicMock(_client_config=MagicMock(region_name="us-north-1"))
            mock_session.return_value.client.return_value = mock_client
            client = get_s3_client()
            assert client is not None
-            mock_session.return_value.client.assert_called_with(
+            assert mock_session.called
            assert mock_session.return_value.client.called
            mock_session.return_value_client.assert_called_once_with(
                "s3",
-                aws_access_key_id="test-key",
+                aws_access_id=None,
-                aws_secret_access_key="test-secret",  # pragma: allowlist secret
+                aws_secret_access_key=None,  # pragma: allowlist secret
                region_name="us-north-1",
            )
 # def test_get_s3_client_invalid_credentials():
 #     with patch.dict(
 #         os.environ,
 #         {
 #             "AWS_ACCESS_KEY_ID": "invalid-key",
 #             "AWS_SECRET_ACCESS_KEY": "invalid-secret",  # pragma: allowlist secret
 #             "AWS_DEFAULT_REGION": "us-north-1",
 #         },
 #     ):
 #         with patch("boto3.client", side_effect = (
 #                 botocore.exceptions.ClientError(
 #                     {
 #                         "Error": {
 #                             "Code": "InvalidClientTokenId",
 #                             "Message": "Invalid credentials",
 #                         }
 #                     },
 #                     "GetObject",
 #                 )
 #             )
 #             try:
 #                 get_s3_client()
 #                 assert 1 == 0
 #             except botocore.exceptions.ClientError as e:
 #                 assert e.response["Error"]["Code"] == "InvalidClientTokenId"