-
Notifications
You must be signed in to change notification settings - Fork 68
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adds credentials and custom authentication support (#446)
Added credentials and custom authentication support
- Loading branch information
Showing
16 changed files
with
453 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
import hazelcast | ||
from hazelcast.security import BasicTokenProvider | ||
|
||
# Use the following configuration in the member-side. | ||
# | ||
# <security enabled="true"> | ||
# <client-permissions> | ||
# <map-permission name="auth-map" principal="*"> | ||
# <actions> | ||
# <action>create</action> | ||
# <action>destroy</action> | ||
# <action>put</action> | ||
# <action>read</action> | ||
# </actions> | ||
# </map-permission> | ||
# </client-permissions> | ||
# <member-authentication realm="tokenRealm"/> | ||
# <realms> | ||
# <realm name="tokenRealm"> | ||
# <identity> | ||
# <token>s3crEt</token> | ||
# </identity> | ||
# </realm> | ||
# </realms> | ||
# </security> | ||
|
||
# Start a new Hazelcast client with the given token provider. | ||
token_provider = BasicTokenProvider("s3crEt") | ||
client = hazelcast.HazelcastClient(token_provider=token_provider) | ||
|
||
hz_map = client.get_map("auth-map").blocking() | ||
hz_map.put("key", "value") | ||
|
||
print(hz_map.get("key")) | ||
|
||
client.shutdown() |
34 changes: 34 additions & 0 deletions
34
examples/security/username_password_authentication_example.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
import hazelcast | ||
|
||
# Use the following configuration in the member-side. | ||
# | ||
# <security enabled="true"> | ||
# <client-permissions> | ||
# <map-permission name="auth-map" principal="*"> | ||
# <actions> | ||
# <action>create</action> | ||
# <action>destroy</action> | ||
# <action>put</action> | ||
# <action>read</action> | ||
# </actions> | ||
# </map-permission> | ||
# </client-permissions> | ||
# <member-authentication realm="passwordRealm"/> | ||
# <realms> | ||
# <realm name="passwordRealm"> | ||
# <identity> | ||
# <username-password username="member1" password="s3crEt" /> | ||
# </identity> | ||
# </realm> | ||
# </realms> | ||
# </security> | ||
|
||
# Start a new Hazelcast client with the given credentials. | ||
client = hazelcast.HazelcastClient(creds_username="member1", creds_password="s3crEt") | ||
|
||
hz_map = client.get_map("auth-map").blocking() | ||
hz_map.put("key", "value") | ||
|
||
print(hz_map.get("key")) | ||
|
||
client.shutdown() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
50 changes: 50 additions & 0 deletions
50
hazelcast/protocol/codec/client_authentication_custom_codec.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
from hazelcast.serialization.bits import * | ||
from hazelcast.protocol.builtin import FixSizedTypesCodec | ||
from hazelcast.protocol.client_message import OutboundMessage, REQUEST_HEADER_SIZE, create_initial_buffer, RESPONSE_HEADER_SIZE | ||
from hazelcast.protocol.builtin import StringCodec | ||
from hazelcast.protocol.builtin import ByteArrayCodec | ||
from hazelcast.protocol.builtin import ListMultiFrameCodec | ||
from hazelcast.protocol.codec.custom.address_codec import AddressCodec | ||
from hazelcast.protocol.builtin import CodecUtil | ||
|
||
# hex: 0x000200 | ||
_REQUEST_MESSAGE_TYPE = 512 | ||
# hex: 0x000201 | ||
_RESPONSE_MESSAGE_TYPE = 513 | ||
|
||
_REQUEST_UUID_OFFSET = REQUEST_HEADER_SIZE | ||
_REQUEST_SERIALIZATION_VERSION_OFFSET = _REQUEST_UUID_OFFSET + UUID_SIZE_IN_BYTES | ||
_REQUEST_INITIAL_FRAME_SIZE = _REQUEST_SERIALIZATION_VERSION_OFFSET + BYTE_SIZE_IN_BYTES | ||
_RESPONSE_STATUS_OFFSET = RESPONSE_HEADER_SIZE | ||
_RESPONSE_MEMBER_UUID_OFFSET = _RESPONSE_STATUS_OFFSET + BYTE_SIZE_IN_BYTES | ||
_RESPONSE_SERIALIZATION_VERSION_OFFSET = _RESPONSE_MEMBER_UUID_OFFSET + UUID_SIZE_IN_BYTES | ||
_RESPONSE_PARTITION_COUNT_OFFSET = _RESPONSE_SERIALIZATION_VERSION_OFFSET + BYTE_SIZE_IN_BYTES | ||
_RESPONSE_CLUSTER_ID_OFFSET = _RESPONSE_PARTITION_COUNT_OFFSET + INT_SIZE_IN_BYTES | ||
_RESPONSE_FAILOVER_SUPPORTED_OFFSET = _RESPONSE_CLUSTER_ID_OFFSET + UUID_SIZE_IN_BYTES | ||
|
||
|
||
def encode_request(cluster_name, credentials, uuid, client_type, serialization_version, client_hazelcast_version, client_name, labels): | ||
buf = create_initial_buffer(_REQUEST_INITIAL_FRAME_SIZE, _REQUEST_MESSAGE_TYPE) | ||
FixSizedTypesCodec.encode_uuid(buf, _REQUEST_UUID_OFFSET, uuid) | ||
FixSizedTypesCodec.encode_byte(buf, _REQUEST_SERIALIZATION_VERSION_OFFSET, serialization_version) | ||
StringCodec.encode(buf, cluster_name) | ||
ByteArrayCodec.encode(buf, credentials) | ||
StringCodec.encode(buf, client_type) | ||
StringCodec.encode(buf, client_hazelcast_version) | ||
StringCodec.encode(buf, client_name) | ||
ListMultiFrameCodec.encode(buf, labels, StringCodec.encode, True) | ||
return OutboundMessage(buf, True) | ||
|
||
|
||
def decode_response(msg): | ||
initial_frame = msg.next_frame() | ||
response = dict() | ||
response["status"] = FixSizedTypesCodec.decode_byte(initial_frame.buf, _RESPONSE_STATUS_OFFSET) | ||
response["member_uuid"] = FixSizedTypesCodec.decode_uuid(initial_frame.buf, _RESPONSE_MEMBER_UUID_OFFSET) | ||
response["serialization_version"] = FixSizedTypesCodec.decode_byte(initial_frame.buf, _RESPONSE_SERIALIZATION_VERSION_OFFSET) | ||
response["partition_count"] = FixSizedTypesCodec.decode_int(initial_frame.buf, _RESPONSE_PARTITION_COUNT_OFFSET) | ||
response["cluster_id"] = FixSizedTypesCodec.decode_uuid(initial_frame.buf, _RESPONSE_CLUSTER_ID_OFFSET) | ||
response["failover_supported"] = FixSizedTypesCodec.decode_boolean(initial_frame.buf, _RESPONSE_FAILOVER_SUPPORTED_OFFSET) | ||
response["address"] = CodecUtil.decode_nullable(msg, AddressCodec.decode) | ||
response["server_hazelcast_version"] = StringCodec.decode(msg) | ||
return response |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
from .token_provider import BasicTokenProvider, TokenProvider |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
from hazelcast.six import string_types | ||
|
||
|
||
class TokenProvider(object): | ||
"""TokenProvider is a base class for token providers.""" | ||
|
||
def token(self): | ||
# type: (TokenProvider) -> bytes | ||
"""Returns a token to be used for token-based authentication. | ||
Returns: | ||
bytes: token as a bytes object. | ||
""" | ||
pass | ||
|
||
|
||
class BasicTokenProvider(TokenProvider): | ||
"""BasicTokenProvider sends the given token to the authentication endpoint.""" | ||
|
||
def __init__(self, token=""): | ||
if isinstance(token, string_types): | ||
self._token = token.encode("utf-8") | ||
elif isinstance(token, bytes): | ||
self._token = token | ||
else: | ||
raise TypeError("token must be either a str or bytes object") | ||
|
||
def token(self): | ||
# type: (BasicTokenProvider) -> bytes | ||
"""Returns a token to be used for token-based authentication. | ||
Returns: | ||
bytes: token as a bytes object. | ||
""" | ||
return self._token |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
thrift==0.13.0 | ||
nose==1.3.7 | ||
coverage==4.5.1 | ||
coverage==4.5.4 | ||
psutil>=5.8.0 | ||
mock==3.0.5 | ||
parameterized==0.7.4 |
Empty file.
Oops, something went wrong.