AuthClient¶
-
approzium.
default_auth_client
= None¶ Set this variable to an instance of
AuthClient
to set it as the default auth client to be used for connections.
-
class
approzium.
AuthClient
(server_address, disable_tls=False, tls_config=None, iam_role=None)¶ Bases:
object
This class represents a connection to an Approzium authenticator service. Instances of this class can be used as arguments to database drivers connect method to use for authentication.
Parameters: - server_address (str) – address (host:port) at which an authenticator service is listening.
- disable_tls (bool, optional) – defaults to False. When False, https is used and a client_cert and client_key proving the client’s identity must be provided. When True, http is used and no other TLS options must be set.
- tls_config (TLSConfig, optional) – the TLS config to use for encrypted communication.
- iam_role (str, optional) – if an IAM role Amazon resource number (ARN) is provided,
it will be assumed and its identity will be used for authentication.
Otherwise, the default
boto3
session will be used as the identity.
-
attribution_info
¶ Provides a dictionary containing information about the current state of the AuthClient. Useful for logging.
Return type: dict - Return Structure:
- authenticator_address (str): address of authenticator service used
- iam_arn (str): IAM Amazon resource number (ARN) used as identity
- authenticated (bool): whether the AuthClient was verified by the authenticator service.
- num_connections (int): number of connections made through this AuthClient
-
attribution_info_json
¶ Provides the same attribution info returned by
attribution_info()
as a JSON format stringReturn type: str
-
class
approzium.
TLSConfig
(trusted_certs=None, client_cert=None, client_key=None)¶ Bases:
object
This class represents the TLS config to be used while communicating with Approzium. Its fields are further described here: https://grpc.github.io/grpc/python/grpc.html#create-client-credentials
Parameters: - trusted_certs (str, optional) – the path to the root certificate(s) that must have issued the identity certificate used by Approzium’s authentication server.
- client_cert (str, optional) – this client’s certificate, used for proving its identity, and used by the caller to encrypt communication with its public key
- client_key (str, optional) – this client’s key, used for decrypting incoming communication that was encrypted by callers using the client_cert’s public key
approzium.psycopg2¶
approzium.asyncpg¶
-
approzium.asyncpg.
connect
(*args, authenticator=None, **kwargs)¶ Creates a Asyncpg connection through Approzium authentication. Takes the same arguments as
asyncpg.connect
, in addition to the authenticator argument.Parameters: authenticator (approzium.AuthClient, optional) – AuthClient instance to be used for authentication. If not provided, the default AuthClient, if set, is used. Raises: TypeError, if no AuthClient is given and no default one is set. Return type: asyncpg.Connection
Example:
>>> import approzium >>> import asyncio >>> from approzium.asyncpg import connect >>> auth = approzium.AuthClient("myauthenticator.com:6001", disable_tls=True) >>> async def run(): ... con = await connect(user='postgres', authenticator=auth) ... # use the connection just like any other Asyncpg connection ... types = await con.fetch('SELECT * FROM pg_type') ... print(types) >>> asyncio.get_event_loop().run_until_complete(run())
-
approzium.asyncpg.pool.
create_pool
(dsn=None, *, min_size=10, max_size=10, max_queries=50000, max_inactive_connection_lifetime=300.0, setup=None, init=None, loop=None, authenticator=None, **connect_kwargs)¶ Create an Asyncpg connection pool through Approzium authentication. Takes same arguments as
asyncpg.create_pool
in addition to the authenticator argumentReturns: An instance of _ApproziumPool
.Example:
>>> import approzium >>> from approzium.asyncpg import create_pool >>> auth = approzium.AuthClient("myauthenticator.com:6001", disable_tls=True) >>> pool = await create_pool(user='postgres', authenticator=auth) >>> con = await pool.acquire() >>> try: ... await con.fetch('SELECT 1') ... finally: ... await pool.release(con)
approzium.mysql.connector¶
-
approzium.mysql.connector.
connect
(*args, authenticator=None, **kwargs)¶ Creates a MySQL connector connection through Approzium authentication. Takes the same arguments as
mysql.connector.connect
, in addition to the authenticator argument.Parameters: authenticator (approzium.AuthClient, optional) – AuthClient instance to be used for authentication. If not provided, the default AuthClient, if set, is used. Raises: TypeError, if no AuthClient is given and no default one is set. Return type: mysql.connector.MySQLConnection
Example:
>>> import approzium >>> from approzium.mysql.connector import connect >>> auth = approzium.AuthClient("myauthenticator.com:6001", disable_tls=True) >>> con = connect(user="bob", host="host.com", authenticator=auth, ... use_pure=True) >>> # use the connection just like any other MySQL connector connection
Warning
Currently, only the pure Python MySQL connector implementation is supported. Therefore, you have to pass in
use_pure=True
, otherwise, an exception is raised.
-
class
approzium.mysql.connector.pooling.
MySQLConnectionPool
(pool_size=5, pool_name=None, pool_reset_session=True, **kwargs)¶ Bases:
mysql.connector.pooling.MySQLConnectionPool
-
add_connection
(cnx=None)¶ Add a connection to the pool
This method instantiates a MySQLConnection using the configuration passed when initializing the MySQLConnectionPool instance or using the set_config() method. If cnx is a MySQLConnection instance, it will be added to the queue.
Raises PoolError when no configuration is set, when no more connection can be added (maximum reached) or when the connection can not be instantiated.
-
set_config
(**kwargs)¶ Set the connection configuration for MySQLConnection instances
This method sets the configuration used for creating MySQLConnection instances. See MySQLConnection for valid connection arguments.
Raises PoolError when a connection argument is not valid, missing or not supported by MySQLConnection.
-
approzium.pymysql¶
-
approzium.pymysql.
connect
(*args, **kwargs)¶ Creates a PyMySQL connection through Approzium authentication. Takes the same arguments as
pymysql.connect
, in addition to the authenticator argument.Parameters: authenticator (approzium.AuthClient, optional) – AuthClient instance to be used for authentication. If not provided, the default AuthClient, if set, is used. Raises: TypeError, if no AuthClient is given and no default one is set. Return type: pymysql.connections.Connection
Example:
>>> import approzium >>> from approzium.pymysql import connect >>> auth = approzium.AuthClient("authenticatorhost:6001", disable_tls=True) >>> con = connect("host=DB.com dbname=mydb", authenticator=auth) >>> # use the connection just like any other PyMySQL connection
Opentelemetry Integration¶
Approzium Python SDK supports Opentelemetry integration such that all traces generated by Approzium database connections are automatically populated with attribution tags. This allows high visibility and observability across your connection.