CDAP Authentication Client for Python
The Authentication Client Python API can be used for fetching the access token from the CDAP authentication server to interact with a secure CDAP cluster.
Supported Actions
Check that authentication is enabled in the CDAP cluster.
Fetch an access token from the authentication server with credentials supported by the active authentication mechanism.
The default implementation of the authentication client—BasicAuthenticationClient
—supports the default authentication mechanisms supported by CDAP:
Basic Authentication
LDAP
JASPI
Custom Authentication Mechanism
If CDAP is configured to use a custom authentication mechanism, a custom authentication client is needed to fetch the access token. Custom authentication clients must implement the AuthenticationClient
interface. The AbstractAuthenticationClient
class contains common functionality required by authentication clients, and can be extended by the custom authentication client.
Installation
To install the latest release version of CDAP Authentication Client, run:
$ pip install cdap-auth-client
To install the development version, clone the repository:
$ git clone https://github.com/caskdata/cdap-clients.git
$ cd cdap-clients/cdap-authentication-clients/python/
$ python setup.py install
Supported Python versions: 2.6 and 2.7
Usage
To use the Authentication Client Python API, include this import in your Python script:
from cdap_auth_client import BasicAuthenticationClient
Examples
Create a BasicAuthenticationClient instance
Set the CDAP Connection Information
hostname
port
boolean flag,
True
if SSL is enabled
Example:
This method should be called only once for each AuthenticationClient
object.
Check if Authentication is Enabled in the CDAP Cluster
Configure Authentication Client
Set the required fields in a dictionary:
If authentication is enabled, configure the Authentication Client with user credentials and other properties (this method should be called only once for every AuthenticationClient
object):
Notes:
The
BasicAuthenticationClient
requires these user credentials:security_auth_client_username=username
security_auth_client_password=password
When SSL is enabled, to suspend certificate checks and allow self-signed certificates, set
security.security_ssl_cert_check=false
.For non-interactive applications, user credentials will come from a configuration file.
For interactive applications, see the section “Interactive Applications” below on retrieving and using user credentials.
Retrieve and Use the Access Token
Retrieve and use the access token for the user from the authentication server:
If there is an error while fetching the access token, an IOError
will be raised.
Interactive Applications
This example illustrates obtaining user credentials in an interactive application, and then configuring the Authentication Client with the retrieved credentials:
Tests
To run tests from a command line:
Created in 2020 by Google Inc.