@@ -255,10 +255,16 @@ def __init__(self, *args, **kwargs):
255255 If refreshable_credentials is set, the following arguments
256256 are ignored: access_id, secret_key, signing_key,
257257 session_token.
258+ refresh_credentials_when_needed
259+ -- Must be supplied as keyword argument. If refreshable_credentials
260+ is provided and refresh_credentials_when_needed is set to True,
261+ then credentials will only be refreshed if needed instead of
262+ on each request. Defaults to False.
258263
259264 """
260265 self .signing_key = None
261266 self .refreshable_credentials = kwargs .get ('refreshable_credentials' , None )
267+ self .refresh_credentials_when_needed = kwargs .get ('refresh_credentials_when_needed' , False )
262268 if self .refreshable_credentials :
263269 # instantiate from refreshable_credentials
264270 self .service = kwargs .get ('service' , None )
@@ -269,6 +275,8 @@ def __init__(self, *args, **kwargs):
269275 raise TypeError ('region must be provided as keyword argument when using refreshable_credentials' )
270276 self .date = kwargs .get ('date' , None )
271277 self .default_include_headers .add ('x-amz-security-token' )
278+ if self .refresh_credentials_when_needed and not callable (getattr (self .refreshable_credentials , 'refresh_needed' , None )):
279+ raise TypeError (f'credentials acquired via { self .refreshable_credentials .method } )
272280 else :
273281 l = len (args )
274282 if l not in 2 , 4 , 5 ]:
@@ -372,8 +380,10 @@ def __call__(self, req):
372380
373381 """
374382 if self .refreshable_credentials :
383+ if not self .refresh_credentials_when_needed or self .refresh_credentials .refresh_needed ():
375384 # generate per-request static credentials
376- self .refresh_credentials ()
385+ # alternatively generate only when needed if self.refresh_credentials_when_needed is True
386+ self .refresh_credentials ()
377387 # check request date matches scope date
378388 req_date = self .get_request_date (req )
379389 if req_date is None :
0 commit comments