From a585fe51bc6af3dd1ce605fe966745d65e05446a Mon Sep 17 00:00:00 2001 From: Pseudolukian Date: Thu, 28 Nov 2024 13:30:10 +0100 Subject: [PATCH 1/8] Add root_certificates option for ydb.DriverConfig --- examples/static-credentials/example.py | 48 +++++++++++++++++++++++--- 1 file changed, 44 insertions(+), 4 deletions(-) diff --git a/examples/static-credentials/example.py b/examples/static-credentials/example.py index 71409f5c..f080f4a0 100644 --- a/examples/static-credentials/example.py +++ b/examples/static-credentials/example.py @@ -1,18 +1,58 @@ import ydb +def load_ydb_ca_cert(path:str) -> str: + """Load CA certification. + + Args: + path (str): path to CA certification. + + The function load_ydb_ca_cert accepts a path to a CA certificate + and returns its content as a byte string for further passing to ydb.DriverConfig. + If the specified path is incorrect or the certificate does not exist, + it raises an exception with the message "CA not found". + + """ + if path is not None and os.path.exists(path): + with open(path, "rb") as file: + return file.read() + else: + raise FileNotFoundError("CA not found") def test_driver_works(driver: ydb.Driver): + """Tests the functionality of the YDB driver. + + Waits for the driver to become ready and executes a simple SQL query to verify that the driver works as expected. + + Args: + driver (ydb.Driver): The YDB driver instance to test. + + Raises: + AssertionError: If the SQL query does not return the expected result. + """ driver.wait(5) pool = ydb.QuerySessionPool(driver) result = pool.execute_with_retries("SELECT 1 as cnt") assert result[0].rows[0].cnt == 1 - def auth_with_static_credentials(endpoint: str, database: str, user: str, password: str): + """Authenticate using static credentials. + + Args: + endpoint (str): Accepts a string in the format `grpcs://:2136` or `grpcs://:2136`. + database (str): Accepts a string, the database name in the format `/Root/`. + user (str): Username. + password (str): User password. + + Notes: + The argument `root_certificates` of the function `ydb.DriverConfig` takes the content of the cluster's root certificate for connecting to cluster nodes via TLS. + Note that the VM from which you are connecting must be in the cluster's domain for which the CA certificate is issued. + """ + driver_config = ydb.DriverConfig( - endpoint=endpoint, - database=database, - credentials=ydb.StaticCredentials.from_user_password(user, password), + endpoint = endpoint, + database = database, + credentials = ydb.StaticCredentials.from_user_password(user, password), + root_certificates = load_ydb_ca_cert(path = ) ) with ydb.Driver(driver_config=driver_config) as driver: From 08957eb665541679a8a2af7c92438973860cb80d Mon Sep 17 00:00:00 2001 From: Pseudolukian Date: Thu, 28 Nov 2024 14:01:36 +0100 Subject: [PATCH 2/8] Fix some mistakes --- examples/static-credentials/example.py | 22 ++-------------------- ydb/auth_helpers.py | 3 +-- 2 files changed, 3 insertions(+), 22 deletions(-) diff --git a/examples/static-credentials/example.py b/examples/static-credentials/example.py index f080f4a0..d6b67313 100644 --- a/examples/static-credentials/example.py +++ b/examples/static-credentials/example.py @@ -1,23 +1,5 @@ import ydb -def load_ydb_ca_cert(path:str) -> str: - """Load CA certification. - - Args: - path (str): path to CA certification. - - The function load_ydb_ca_cert accepts a path to a CA certificate - and returns its content as a byte string for further passing to ydb.DriverConfig. - If the specified path is incorrect or the certificate does not exist, - it raises an exception with the message "CA not found". - - """ - if path is not None and os.path.exists(path): - with open(path, "rb") as file: - return file.read() - else: - raise FileNotFoundError("CA not found") - def test_driver_works(driver: ydb.Driver): """Tests the functionality of the YDB driver. @@ -34,7 +16,7 @@ def test_driver_works(driver: ydb.Driver): result = pool.execute_with_retries("SELECT 1 as cnt") assert result[0].rows[0].cnt == 1 -def auth_with_static_credentials(endpoint: str, database: str, user: str, password: str): +def auth_with_static_credentials(endpoint: str, database: str, user: str, password: str, ca_path: str): """Authenticate using static credentials. Args: @@ -52,7 +34,7 @@ def auth_with_static_credentials(endpoint: str, database: str, user: str, passwo endpoint = endpoint, database = database, credentials = ydb.StaticCredentials.from_user_password(user, password), - root_certificates = load_ydb_ca_cert(path = ) + root_certificates = ydb.auth_helpers.load_ydb_root_certificate(ca_path) ) with ydb.Driver(driver_config=driver_config) as driver: diff --git a/ydb/auth_helpers.py b/ydb/auth_helpers.py index 6399c3cf..354900fc 100644 --- a/ydb/auth_helpers.py +++ b/ydb/auth_helpers.py @@ -7,8 +7,7 @@ def read_bytes(f): return fr.read() -def load_ydb_root_certificate(): - path = os.getenv("YDB_SSL_ROOT_CERTIFICATES_FILE", None) +def load_ydb_root_certificate(path:str = None): if path is not None and os.path.exists(path): return read_bytes(path) return None From dd397ac0c81fcfa44303bf1b14931af3d6e1acd5 Mon Sep 17 00:00:00 2001 From: Pseudolukian Date: Thu, 28 Nov 2024 14:02:20 +0100 Subject: [PATCH 3/8] Fix 2 --- examples/static-credentials/example.py | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/static-credentials/example.py b/examples/static-credentials/example.py index d6b67313..8c46ebea 100644 --- a/examples/static-credentials/example.py +++ b/examples/static-credentials/example.py @@ -24,6 +24,7 @@ def auth_with_static_credentials(endpoint: str, database: str, user: str, passwo database (str): Accepts a string, the database name in the format `/Root/`. user (str): Username. password (str): User password. + ca_path (str): Path to CA cert Notes: The argument `root_certificates` of the function `ydb.DriverConfig` takes the content of the cluster's root certificate for connecting to cluster nodes via TLS. From f6a67c9e72fe4087511e8c80b815e1bc046eed35 Mon Sep 17 00:00:00 2001 From: Pseudolukian Date: Thu, 28 Nov 2024 14:12:44 +0100 Subject: [PATCH 4/8] Fix style and add Optional type --- examples/static-credentials/example.py | 10 ++++++---- ydb/auth_helpers.py | 3 ++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/examples/static-credentials/example.py b/examples/static-credentials/example.py index 8c46ebea..c21bd019 100644 --- a/examples/static-credentials/example.py +++ b/examples/static-credentials/example.py @@ -1,5 +1,6 @@ import ydb + def test_driver_works(driver: ydb.Driver): """Tests the functionality of the YDB driver. @@ -16,6 +17,7 @@ def test_driver_works(driver: ydb.Driver): result = pool.execute_with_retries("SELECT 1 as cnt") assert result[0].rows[0].cnt == 1 + def auth_with_static_credentials(endpoint: str, database: str, user: str, password: str, ca_path: str): """Authenticate using static credentials. @@ -32,10 +34,10 @@ def auth_with_static_credentials(endpoint: str, database: str, user: str, passwo """ driver_config = ydb.DriverConfig( - endpoint = endpoint, - database = database, - credentials = ydb.StaticCredentials.from_user_password(user, password), - root_certificates = ydb.auth_helpers.load_ydb_root_certificate(ca_path) + endpoint=endpoint, + database=database, + credentials=ydb.StaticCredentials.from_user_password(user, password), + root_certificates=ydb.load_ydb_root_certificate(ca_path) ) with ydb.Driver(driver_config=driver_config) as driver: diff --git a/ydb/auth_helpers.py b/ydb/auth_helpers.py index 354900fc..2705957a 100644 --- a/ydb/auth_helpers.py +++ b/ydb/auth_helpers.py @@ -1,5 +1,6 @@ # -*- coding: utf-8 -*- import os +from typing import Optional def read_bytes(f): @@ -7,7 +8,7 @@ def read_bytes(f): return fr.read() -def load_ydb_root_certificate(path:str = None): +def load_ydb_root_certificate(path: Optional[str] = None): if path is not None and os.path.exists(path): return read_bytes(path) return None From ff44083a892a8df1754d6fad6d97baddcdbda6e2 Mon Sep 17 00:00:00 2001 From: Pseudolukian Date: Thu, 28 Nov 2024 14:14:58 +0100 Subject: [PATCH 5/8] Fix style --- examples/static-credentials/example.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/static-credentials/example.py b/examples/static-credentials/example.py index c21bd019..a1c61096 100644 --- a/examples/static-credentials/example.py +++ b/examples/static-credentials/example.py @@ -37,7 +37,7 @@ def auth_with_static_credentials(endpoint: str, database: str, user: str, passwo endpoint=endpoint, database=database, credentials=ydb.StaticCredentials.from_user_password(user, password), - root_certificates=ydb.load_ydb_root_certificate(ca_path) + root_certificates=ydb.load_ydb_root_certificate(ca_path), ) with ydb.Driver(driver_config=driver_config) as driver: From dc978e52a4b5c2a849e1648583d0dc1d13c00547 Mon Sep 17 00:00:00 2001 From: Oleg Ovcharuk Date: Thu, 28 Nov 2024 18:06:52 +0300 Subject: [PATCH 6/8] Update example.py --- examples/static-credentials/example.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/static-credentials/example.py b/examples/static-credentials/example.py index a1c61096..bc131566 100644 --- a/examples/static-credentials/example.py +++ b/examples/static-credentials/example.py @@ -29,10 +29,10 @@ def auth_with_static_credentials(endpoint: str, database: str, user: str, passwo ca_path (str): Path to CA cert Notes: - The argument `root_certificates` of the function `ydb.DriverConfig` takes the content of the cluster's root certificate for connecting to cluster nodes via TLS. + The argument `root_certificates` of the function `ydb.DriverConfig` takes the content of the cluster's root certificate + for connecting to cluster nodes via TLS. Note that the VM from which you are connecting must be in the cluster's domain for which the CA certificate is issued. """ - driver_config = ydb.DriverConfig( endpoint=endpoint, database=database, From d8d3119de070c80f0858fcc2be4ca8b1b948716e Mon Sep 17 00:00:00 2001 From: Oleg Ovcharuk Date: Thu, 28 Nov 2024 18:09:11 +0300 Subject: [PATCH 7/8] Update auth_helpers.py --- ydb/auth_helpers.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ydb/auth_helpers.py b/ydb/auth_helpers.py index 2705957a..abf7331a 100644 --- a/ydb/auth_helpers.py +++ b/ydb/auth_helpers.py @@ -9,6 +9,7 @@ def read_bytes(f): def load_ydb_root_certificate(path: Optional[str] = None): + path = path if path is not None else os.getenv("YDB_SSL_ROOT_CERTIFICATES_FILE", None) if path is not None and os.path.exists(path): return read_bytes(path) return None From bd32b9f741fe0228a372ce242eaf9400f99993bd Mon Sep 17 00:00:00 2001 From: Oleg Ovcharuk Date: Thu, 28 Nov 2024 18:39:31 +0300 Subject: [PATCH 8/8] Update example.py --- examples/static-credentials/example.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/static-credentials/example.py b/examples/static-credentials/example.py index bc131566..7a31e07f 100644 --- a/examples/static-credentials/example.py +++ b/examples/static-credentials/example.py @@ -29,7 +29,7 @@ def auth_with_static_credentials(endpoint: str, database: str, user: str, passwo ca_path (str): Path to CA cert Notes: - The argument `root_certificates` of the function `ydb.DriverConfig` takes the content of the cluster's root certificate + The argument `root_certificates` of the function `ydb.DriverConfig` takes the content of the cluster's root certificate for connecting to cluster nodes via TLS. Note that the VM from which you are connecting must be in the cluster's domain for which the CA certificate is issued. """