AuthClient

approzium.default_auth_client = None

Set this variable to an instance of AuthClient to set it as the default auth client to be used for connections.

class approzium.AuthClient(server_address, disable_tls=False, tls_config=None, iam_role=None)

Bases: object

This class represents a connection to an Approzium authenticator service. Instances of this class can be used as arguments to database drivers connect method to use for authentication.

Parameters:
  • server_address (str) – address (host:port) at which an authenticator service is listening.
  • disable_tls (bool, optional) – defaults to False. When False, https is used and a client_cert and client_key proving the client’s identity must be provided. When True, http is used and no other TLS options must be set.
  • tls_config (TLSConfig, optional) – the TLS config to use for encrypted communication.
  • iam_role (str, optional) – if an IAM role Amazon resource number (ARN) is provided, it will be assumed and its identity will be used for authentication. Otherwise, the default boto3 session will be used as the identity.
attribution_info

Provides a dictionary containing information about the current state of the AuthClient. Useful for logging.

Return type:dict
Return Structure:
  • authenticator_address (str): address of authenticator service used
  • iam_arn (str): IAM Amazon resource number (ARN) used as identity
  • authenticated (bool): whether the AuthClient was verified by the authenticator service.
  • num_connections (int): number of connections made through this AuthClient
attribution_info_json

Provides the same attribution info returned by attribution_info() as a JSON format string

Return type:str
class approzium.TLSConfig(trusted_certs=None, client_cert=None, client_key=None)

Bases: object

This class represents the TLS config to be used while communicating with Approzium. Its fields are further described here: https://grpc.github.io/grpc/python/grpc.html#create-client-credentials

Parameters:
  • trusted_certs (str, optional) – the path to the root certificate(s) that must have issued the identity certificate used by Approzium’s authentication server.
  • client_cert (str, optional) – this client’s certificate, used for proving its identity, and used by the caller to encrypt communication with its public key
  • client_key (str, optional) – this client’s key, used for decrypting incoming communication that was encrypted by callers using the client_cert’s public key

approzium.psycopg2

approzium.psycopg2.connect(dsn=None, cursor_factory=None, authenticator=None, **kwargs)

Creates a Psycopg2 connection through Approzium authentication. Takes the same arguments as psycopg2.connect, in addition to the authenticator argument.

Parameters:authenticator (approzium.AuthClient, optional) – AuthClient instance to be used for authentication. If not provided, the default AuthClient, if set, is used.
Raises:TypeError, if no AuthClient is given and no default one is set.
Return type:psycopg2.Connection

Example:

>>> import approzium
>>> from approzium.psycopg2 import connect
>>> auth = approzium.AuthClient("myauthenticator.com:6001", disable_tls=True)
>>> con = connect("host=DB.com dbname=mydb", authenticator=auth)  # no password!
>>> # use the connection just like any other Psycopg2 connection

Warning

Currently, only psycopg2 with dynamically linked libpq is supported. Thus, psycopg2-binary is not supported.

class approzium.psycopg2.pool.SimpleConnectionPool(minconn, maxconn, *args, **kwargs)

Bases: approzium.psycopg2.pool._AbstractConnectionPool, psycopg2.pool.SimpleConnectionPool

A Psycopg2 pool that can’t be shared across different threads.

Example:

>>> import approzium
>>> from approzium.psycopg2.pool import SimpleConnectionPool
>>> auth = approzium.AuthClient("myauthenticator.com:6001", disable_tls=True)
>>> pool = SimpleConnectionPool("host=DB.com dbname=mydb", authenticator=auth)
>>> conn = poll.getconn()
class approzium.psycopg2.pool.ThreadedConnectionPool(minconn, maxconn, *args, **kwargs)

Bases: approzium.psycopg2.pool._AbstractConnectionPool, psycopg2.pool.ThreadedConnectionPool

A Psycopg2 pool that works with the threading module

approzium.asyncpg

approzium.asyncpg.connect(*args, authenticator=None, **kwargs)

Creates a Asyncpg connection through Approzium authentication. Takes the same arguments as asyncpg.connect, in addition to the authenticator argument.

Parameters:authenticator (approzium.AuthClient, optional) – AuthClient instance to be used for authentication. If not provided, the default AuthClient, if set, is used.
Raises:TypeError, if no AuthClient is given and no default one is set.
Return type:asyncpg.Connection

Example:

>>> import approzium
>>> import asyncio
>>> from approzium.asyncpg import connect
>>> auth = approzium.AuthClient("myauthenticator.com:6001", disable_tls=True)
>>> async def run():
...     con = await connect(user='postgres', authenticator=auth)
...     # use the connection just like any other Asyncpg connection
...     types = await con.fetch('SELECT * FROM pg_type')
...     print(types)
>>> asyncio.get_event_loop().run_until_complete(run())
approzium.asyncpg.pool.create_pool(dsn=None, *, min_size=10, max_size=10, max_queries=50000, max_inactive_connection_lifetime=300.0, setup=None, init=None, loop=None, authenticator=None, **connect_kwargs)

Create an Asyncpg connection pool through Approzium authentication. Takes same arguments as asyncpg.create_pool in addition to the authenticator argument

Returns:An instance of _ApproziumPool.

Example:

>>> import approzium
>>> from approzium.asyncpg import create_pool
>>> auth = approzium.AuthClient("myauthenticator.com:6001", disable_tls=True)
>>> pool = await create_pool(user='postgres', authenticator=auth)
>>> con = await pool.acquire()
>>> try:
...     await con.fetch('SELECT 1')
... finally:
...     await pool.release(con)

approzium.mysql.connector

approzium.mysql.connector.connect(*args, authenticator=None, **kwargs)

Creates a MySQL connector connection through Approzium authentication. Takes the same arguments as mysql.connector.connect, in addition to the authenticator argument.

Parameters:authenticator (approzium.AuthClient, optional) – AuthClient instance to be used for authentication. If not provided, the default AuthClient, if set, is used.
Raises:TypeError, if no AuthClient is given and no default one is set.
Return type:mysql.connector.MySQLConnection

Example:

>>> import approzium
>>> from approzium.mysql.connector import connect
>>> auth = approzium.AuthClient("myauthenticator.com:6001", disable_tls=True)
>>> con = connect(user="bob", host="host.com", authenticator=auth,         ...     use_pure=True)
>>> # use the connection just like any other MySQL connector connection

Warning

Currently, only the pure Python MySQL connector implementation is supported. Therefore, you have to pass in use_pure=True, otherwise, an exception is raised.

class approzium.mysql.connector.pooling.MySQLConnectionPool(pool_size=5, pool_name=None, pool_reset_session=True, **kwargs)

Bases: mysql.connector.pooling.MySQLConnectionPool

add_connection(cnx=None)

Add a connection to the pool

This method instantiates a MySQLConnection using the configuration passed when initializing the MySQLConnectionPool instance or using the set_config() method. If cnx is a MySQLConnection instance, it will be added to the queue.

Raises PoolError when no configuration is set, when no more connection can be added (maximum reached) or when the connection can not be instantiated.

set_config(**kwargs)

Set the connection configuration for MySQLConnection instances

This method sets the configuration used for creating MySQLConnection instances. See MySQLConnection for valid connection arguments.

Raises PoolError when a connection argument is not valid, missing or not supported by MySQLConnection.

approzium.pymysql

approzium.pymysql.connect(*args, **kwargs)

Creates a PyMySQL connection through Approzium authentication. Takes the same arguments as pymysql.connect, in addition to the authenticator argument.

Parameters:authenticator (approzium.AuthClient, optional) – AuthClient instance to be used for authentication. If not provided, the default AuthClient, if set, is used.
Raises:TypeError, if no AuthClient is given and no default one is set.
Return type:pymysql.connections.Connection

Example:

>>> import approzium
>>> from approzium.pymysql import connect
>>> auth = approzium.AuthClient("authenticatorhost:6001", disable_tls=True)
>>> con = connect("host=DB.com dbname=mydb", authenticator=auth)
>>> # use the connection just like any other PyMySQL connection

Opentelemetry Integration

Approzium Python SDK supports Opentelemetry integration such that all traces generated by Approzium database connections are automatically populated with attribution tags. This allows high visibility and observability across your connection.