Skip to content

Token providers can use the member address for token creation #455

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
yuce merged 3 commits into from
Aug 22, 2021
Merged

Token providers can use the member address for token creation #455

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
494ca06
Token providers can use the member address for token creation
yuce Aug 20, 2021
57f3d48
member address is optional for the token method
yuce Aug 20, 2021
d9ee08a
updates
yuce Aug 20, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 1 addition & 23 deletions docs/securing_client_connection.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -330,28 +330,6 @@ The package provides the necessary token provider that handles the
authentication against the KDC (key distribution center) with the given
credentials, receives and caches the ticket, and finally retrieves the token.

You can install the package from PyPI.

.. code:: bash

pip install hazelcast-kerberos

A sample code that makes use of the package is below.

.. code:: python

import hazelcast
import hzkerberos

token_provider = hzkerberos.TokenProvider(
principal="hz/172.17.0.2@EXAMPLE.COM",
keytab="/etc/krb5.keytab",
)

client = hazelcast.HazelcastClient(
token_provider=token_provider
)

For more information and possible client and server configurations, refer to
the `documentation <https://pypi.org/project/hazelcast-kerberos/>`__ of the
the `documentation <https://github.com/hazelcast/hazelcast-python-client-kerberos>`__ of the
``hazelcast-kerberos`` package.
3 changes: 2 additions & 1 deletion hazelcast/connection.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -491,9 +491,10 @@ def _authenticate(self, connection):
cluster_name = self._config.cluster_name
client_name = client.name
if self._config.token_provider:
token = self._config.token_provider.token(connection.connected_address)
request = client_authentication_custom_codec.encode_request(
cluster_name,
self._config.token_provider.token(),
token,
self.client_uuid,
CLIENT_TYPE,
SERIALIZATION_VERSION,
Expand Down
16 changes: 7 additions & 9 deletions hazelcast/security.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,17 @@
from hazelcast.six import string_types
from hazelcast.core import Address


class TokenProvider(object):
"""TokenProvider is a base class for token providers."""

def token(self):
# type: (TokenProvider) -> bytes
def token(self, address=None):
# type: (TokenProvider, Address) -> bytes
"""Returns a token to be used for token-based authentication.

Args:
address (hazelcast.core.Address): Connected address for the member.

Returns:
bytes: token as a bytes object.
"""
Expand All @@ -25,11 +29,5 @@ def __init__(self, token=""):
else:
raise TypeError("token must be either a str or bytes object")

def token(self):
# type: (BasicTokenProvider) -> bytes
"""Returns a token to be used for token-based authentication.

Returns:
bytes: token as a bytes object.
"""
def token(self, address=None):
return self._token