[s3] Pull AWS_SESSION_TOKEN from the environment

jschneier · May 9, 2024 · 9fca46c · 9fca46c
1 parent d84ad92
commit 9fca46c
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 1 deletion.
diff --git a/docs/backends/amazon-S3.rst b/docs/backends/amazon-S3.rst
@@ -50,8 +50,10 @@ searches for them:
 #. ``session_profile`` or ``AWS_S3_SESSION_PROFILE``
 #. ``access_key`` or ``AWS_S3_ACCESS_KEY_ID`` or ``AWS_S3_SECRET_ACCESS_KEY``
 #. ``secret_key`` or ``AWS_ACCESS_KEY_ID`` or ``AWS_SECRET_ACCESS_KEY``
+#. ``security_token`` or ``AWS_SESSION_TOKEN`` or ``AWS_SECURITY_TOKEN``
 #. The environment variables AWS_S3_ACCESS_KEY_ID and AWS_S3_SECRET_ACCESS_KEY
 #. The environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
+#. The environment variables AWS_SESSION_TOKEN and AWS_SECURITY_TOKEN
 #. Use Boto3's default session
 
 Settings

diff --git a/storages/backends/s3.py b/storages/backends/s3.py
@@ -378,7 +378,11 @@ def get_default_settings(self):
                 ),
             ),
             "security_token": setting(
-                "AWS_SESSION_TOKEN", setting("AWS_SECURITY_TOKEN")
+                "AWS_SESSION_TOKEN",
+                setting(
+                    "AWS_SECURITY_TOKEN",
+                    lookup_env(["AWS_SESSION_TOKEN", "AWS_SECURITY_TOKEN"]),
+                ),
             ),
             "session_profile": setting(
                 "AWS_S3_SESSION_PROFILE", lookup_env(["AWS_S3_SESSION_PROFILE"])

diff --git a/tests/test_s3.py b/tests/test_s3.py
@@ -982,6 +982,29 @@ def test_auth_config(self):
                 access_key="foo", secret_key="boo", session_profile="moo"
             )
 
+    def test_security_token(self):
+        with override_settings(AWS_SESSION_TOKEN="baz"):
+            storage = s3.S3Storage()
+            self.assertEqual(storage.security_token, "baz")
+
+        with override_settings(AWS_SECURITY_TOKEN="baz"):
+            storage = s3.S3Storage()
+            self.assertEqual(storage.security_token, "baz")
+
+        with mock.patch.dict(
+            os.environ,
+            {"AWS_SESSION_TOKEN": "baz"},
+        ):
+            storage = s3.S3Storage()
+            self.assertEqual(storage.security_token, "baz")
+
+        with mock.patch.dict(
+            os.environ,
+            {"AWS_SECURITY_TOKEN": "baz"},
+        ):
+            storage = s3.S3Storage()
+            self.assertEqual(storage.security_token, "baz")
+
 
 class S3StaticStorageTests(TestCase):
     def setUp(self):