swxsoc_reach.net.auth#

UDL authentication helpers.

Resolves the UDL HTTP Basic auth credential used by swxsoc_reach.net.udl.download_UDL_reach_window() (and the legacy relative-time wrapper). Two sources are supported, in priority order:

  1. The BASICAUTH environment variable (local-dev fallback / what an operator pre-exports).

  2. AWS Secrets Manager via SECRET_ARN_UDL — the secret’s SecretString is parsed as JSON and the basicauth field is used. This matches the existing scheduled-Lambda pattern.

boto3 is imported lazily inside resolve_udl_auth() so this module remains importable on environments where boto3 is not installed (e.g. running the package without the net extra and relying on a pre-set BASICAUTH).

Functions

resolve_udl_auth([region_name])

Resolve the UDL HTTP Basic auth credential.
swxsoc_reach.net.auth.resolve_udl_auth(region_name: str | None = None) str[source]#

Resolve the UDL HTTP Basic auth credential.

Resolution order:

  1. If BASICAUTH is set in the environment, return it directly and do not touch AWS.

  2. Else if SECRET_ARN_UDL is set, fetch the secret from AWS Secrets Manager, parse its SecretString as JSON, extract the basicauth field, write it back to os.environ['BASICAUTH'] (so downstream code that reads the env var continues to work unchanged), and return it.

  3. Else raise RuntimeError.

Parameters:

region_name (str or None, optional) – Optional AWS region passed to boto3.session.Session. When None, boto3’s standard region resolution chain is used (AWS_REGION / AWS_DEFAULT_REGION / config file).

Returns:

str – The UDL HTTP Basic auth credential value.

Raises:

RuntimeError – If neither BASICAUTH nor SECRET_ARN_UDL is set, if the boto3 package is not installed when Secrets Manager resolution is attempted, or if the secret payload does not contain a basicauth key.