AuthClient¶

approzium.default_auth_client = None¶: Set this variable to an instance of AuthClient to set it as the default auth client to be used for connections.

class approzium.AuthClient(server_address, disable_tls=False, tls_config=None, iam_role=None)¶

Bases: object

This class represents a connection to an Approzium authenticator service. Instances of this class can be used as arguments to database drivers connect method to use for authentication.

Parameters:

server_address (str) – address (host:port) at which an authenticator service is listening.
disable_tls (bool, optional) – defaults to False. When False, https is used and a client_cert and client_key proving the client’s identity must be provided. When True, http is used and no other TLS options must be set.
tls_config (TLSConfig, optional) – the TLS config to use for encrypted communication.
iam_role (str, optional) – if an IAM role Amazon resource number (ARN) is provided, it will be assumed and its identity will be used for authentication. Otherwise, the default boto3 session will be used as the identity.

attribution_info¶

Provides a dictionary containing information about the current state of the AuthClient. Useful for logging.

Return type:	dict

Return Structure:

authenticator_address (str): address of authenticator service used
iam_arn (str): IAM Amazon resource number (ARN) used as identity
authenticated (bool): whether the AuthClient was verified by the authenticator service.
num_connections (int): number of connections made through this AuthClient

attribution_info_json¶

Provides the same attribution info returned by attribution_info() as a JSON format string

Return type:	str

class approzium.TLSConfig(trusted_certs=None, client_cert=None, client_key=None)¶

Bases: object

This class represents the TLS config to be used while communicating with Approzium. Its fields are further described here: https://grpc.github.io/grpc/python/grpc.html#create-client-credentials

Parameters:

trusted_certs (str, optional) – the path to the root certificate(s) that must have issued the identity certificate used by Approzium’s authentication server.
client_cert (str, optional) – this client’s certificate, used for proving its identity, and used by the caller to encrypt communication with its public key
client_key (str, optional) – this client’s key, used for decrypting incoming communication that was encrypted by callers using the client_cert’s public key

approzium.psycopg2¶

approzium.asyncpg¶

approzium.asyncpg.connect(*args, authenticator=None, **kwargs)¶

Creates a Asyncpg connection through Approzium authentication. Takes the same arguments as asyncpg.connect, in addition to the authenticator argument.

Parameters:	authenticator (approzium.AuthClient, optional) – AuthClient instance to be used for authentication. If not provided, the default AuthClient, if set, is used.
Raises:	TypeError, if no AuthClient is given and no default one is set.
Return type:	`asyncpg.Connection`

Example:

>>> import approzium
>>> import asyncio
>>> from approzium.asyncpg import connect
>>> auth = approzium.AuthClient("myauthenticator.com:6001", disable_tls=True)
>>> async def run():
...     con = await connect(user='postgres', authenticator=auth)
...     # use the connection just like any other Asyncpg connection
...     types = await con.fetch('SELECT * FROM pg_type')
...     print(types)
>>> asyncio.get_event_loop().run_until_complete(run())

approzium.asyncpg.pool.create_pool(dsn=None, *, min_size=10, max_size=10, max_queries=50000, max_inactive_connection_lifetime=300.0, setup=None, init=None, loop=None, authenticator=None, **connect_kwargs)¶

Create an Asyncpg connection pool through Approzium authentication. Takes same arguments as asyncpg.create_pool in addition to the authenticator argument

Returns:	An instance of `_ApproziumPool`.

Example:

>>> import approzium
>>> from approzium.asyncpg import create_pool
>>> auth = approzium.AuthClient("myauthenticator.com:6001", disable_tls=True)
>>> pool = await create_pool(user='postgres', authenticator=auth)
>>> con = await pool.acquire()
>>> try:
...     await con.fetch('SELECT 1')
... finally:
...     await pool.release(con)

approzium.mysql.connector¶

approzium.mysql.connector.connect(*args, authenticator=None, **kwargs)¶

Creates a MySQL connector connection through Approzium authentication. Takes the same arguments as mysql.connector.connect, in addition to the authenticator argument.

Parameters:	authenticator (approzium.AuthClient, optional) – AuthClient instance to be used for authentication. If not provided, the default AuthClient, if set, is used.
Raises:	TypeError, if no AuthClient is given and no default one is set.
Return type:	`mysql.connector.MySQLConnection`

Example:

>>> import approzium
>>> from approzium.mysql.connector import connect
>>> auth = approzium.AuthClient("myauthenticator.com:6001", disable_tls=True)
>>> con = connect(user="bob", host="host.com", authenticator=auth,         ...     use_pure=True)
>>> # use the connection just like any other MySQL connector connection

Warning

Currently, only the pure Python MySQL connector implementation is supported. Therefore, you have to pass in use_pure=True, otherwise, an exception is raised.

class approzium.mysql.connector.pooling.MySQLConnectionPool(pool_size=5, pool_name=None, pool_reset_session=True, **kwargs)¶

Bases: mysql.connector.pooling.MySQLConnectionPool

add_connection(cnx=None)¶

Add a connection to the pool

This method instantiates a MySQLConnection using the configuration passed when initializing the MySQLConnectionPool instance or using the set_config() method. If cnx is a MySQLConnection instance, it will be added to the queue.

Raises PoolError when no configuration is set, when no more connection can be added (maximum reached) or when the connection can not be instantiated.

set_config(**kwargs)¶

Set the connection configuration for MySQLConnection instances

This method sets the configuration used for creating MySQLConnection instances. See MySQLConnection for valid connection arguments.

Raises PoolError when a connection argument is not valid, missing or not supported by MySQLConnection.

approzium.pymysql¶

approzium.pymysql.connect(*args, **kwargs)¶

Creates a PyMySQL connection through Approzium authentication. Takes the same arguments as pymysql.connect, in addition to the authenticator argument.

Parameters:	authenticator (approzium.AuthClient, optional) – AuthClient instance to be used for authentication. If not provided, the default AuthClient, if set, is used.
Raises:	TypeError, if no AuthClient is given and no default one is set.
Return type:	`pymysql.connections.Connection`

Example:

>>> import approzium
>>> from approzium.pymysql import connect
>>> auth = approzium.AuthClient("authenticatorhost:6001", disable_tls=True)
>>> con = connect("host=DB.com dbname=mydb", authenticator=auth)
>>> # use the connection just like any other PyMySQL connection

Opentelemetry Integration¶

Approzium Python SDK supports Opentelemetry integration such that all traces generated by Approzium database connections are automatically populated with attribution tags. This allows high visibility and observability across your connection.