chore: add type verification for custom handlers

karenc-bq · karenc-bq · commit e39d2b8d3f44 · 2026-01-28T12:18:15.000-08:00
diff --git a/aws_advanced_python_wrapper/aws_credentials_manager.py b/aws_advanced_python_wrapper/aws_credentials_manager.py
@@ -18,6 +18,8 @@
 from typing import TYPE_CHECKING, Any, Callable, Optional
 
 from boto3 import Session
+
+from aws_advanced_python_wrapper.utils.messages import Messages
 from aws_advanced_python_wrapper.utils.properties import WrapperProperties
 if TYPE_CHECKING:
     from aws_advanced_python_wrapper.hostinfo import HostInfo
@@ -32,6 +34,8 @@ class AwsCredentialsManager:
 
     @staticmethod
     def set_custom_handler(custom_handler: Callable[[HostInfo, Properties], Optional[Session]]) -> None:
+        if not callable(custom_handler):
+            raise TypeError("custom_handler must be callable")
         with AwsCredentialsManager._lock:
             AwsCredentialsManager._handler = custom_handler
 
@@ -52,7 +56,10 @@ def get_session(host_info: HostInfo, props: Properties, region: str) -> Session:
 
         # Initialize session outside of lock.
         session = handler(host_info, props) if handler else None
-        
+
+        if session is not None and not isinstance(session, Session):
+            raise TypeError(Messages.get_formatted("AwsCredentialsManager.InvalidHandler", type(session).__name__))
+
         if session is None:
             profile_name = WrapperProperties.AWS_PROFILE.get(props)
             session = Session(profile_name=profile_name, region_name=region) if profile_name else Session(region_name=region)
diff --git a/aws_advanced_python_wrapper/resources/aws_advanced_python_wrapper_messages.properties b/aws_advanced_python_wrapper/resources/aws_advanced_python_wrapper_messages.properties
@@ -26,6 +26,8 @@ AdfsCredentialsProviderFactory.SignOnPagePostActionUrl=[AdfsCredentialsProviderF
 AdfsCredentialsProviderFactory.SignOnPagePostActionRequestFailed=[AdfsCredentialsProviderFactory] ADFS SignOn Page POST action failed with HTTP status '{}', reason phrase '{}', and response '{}'
 AdfsCredentialsProviderFactory.SignOnPageUrl=[AdfsCredentialsProviderFactory] ADFS SignOn URL: '{}'
 
+AwsCredentialsManager.InvalidHandler=[AwsCredentialsManager] Custom credentials provider set via AwsCredentialsManager.set_custom_handler must return a boto3.Session or None, got '{}'.
+
 AwsSdk.UnsupportedRegion=[AwsSdk] Unsupported AWS region {}. For supported regions please read https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html
 
 AwsSecretsManagerPlugin.ConnectException=[AwsSecretsManagerPlugin] Error occurred while opening a connection: {}
