Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add root_certificates option for ydb.DriverConfig #525

Merged
merged 8 commits into from
Nov 29, 2024
Merged

Add root_certificates option for ydb.DriverConfig #525

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
a585fe5
Add root_certificates option for ydb.DriverConfig
Pseudolukian Nov 28, 2024
08957eb
Fix some mistakes
Pseudolukian Nov 28, 2024
dd397ac
Fix 2
Pseudolukian Nov 28, 2024
f6a67c9
Fix style and add Optional type
Pseudolukian Nov 28, 2024
ff44083
Fix style
Pseudolukian Nov 28, 2024
dc978e5
Update example.py
vgvoleg Nov 28, 2024
d8d3119
Update auth_helpers.py
vgvoleg Nov 28, 2024
bd32b9f
Update example.py
vgvoleg Nov 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 26 additions & 1 deletion examples/static-credentials/example.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,42 @@


def test_driver_works(driver: ydb.Driver):
"""Tests the functionality of the YDB driver.

Waits for the driver to become ready and executes a simple SQL query to verify that the driver works as expected.

Args:
driver (ydb.Driver): The YDB driver instance to test.

Raises:
AssertionError: If the SQL query does not return the expected result.
"""
driver.wait(5)
pool = ydb.QuerySessionPool(driver)
result = pool.execute_with_retries("SELECT 1 as cnt")
assert result[0].rows[0].cnt == 1


def auth_with_static_credentials(endpoint: str, database: str, user: str, password: str):
def auth_with_static_credentials(endpoint: str, database: str, user: str, password: str, ca_path: str):
"""Authenticate using static credentials.

Args:
endpoint (str): Accepts a string in the format `grpcs://<node-fqdn>:2136` or `grpcs://<node-ip>:2136`.
database (str): Accepts a string, the database name in the format `/Root/<database-name>`.
user (str): Username.
password (str): User password.
ca_path (str): Path to CA cert

Notes:
The argument `root_certificates` of the function `ydb.DriverConfig` takes the content of the cluster's root certificate
for connecting to cluster nodes via TLS.
Note that the VM from which you are connecting must be in the cluster's domain for which the CA certificate is issued.
"""
driver_config = ydb.DriverConfig(
endpoint=endpoint,
database=database,
credentials=ydb.StaticCredentials.from_user_password(user, password),
root_certificates=ydb.load_ydb_root_certificate(ca_path),
)

with ydb.Driver(driver_config=driver_config) as driver:
Expand Down
5 changes: 3 additions & 2 deletions ydb/auth_helpers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
# -*- coding: utf-8 -*-
import os
from typing import Optional


def read_bytes(f):
with open(f, "rb") as fr:
return fr.read()


def load_ydb_root_certificate():
path = os.getenv("YDB_SSL_ROOT_CERTIFICATES_FILE", None)
def load_ydb_root_certificate(path: Optional[str] = None):
path = path if path is not None else os.getenv("YDB_SSL_ROOT_CERTIFICATES_FILE", None)
if path is not None and os.path.exists(path):
return read_bytes(path)
return None
Loading