Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Add better credentails support to new BucketFs API #75

Open
3 tasks
Nicoretti opened this issue Sep 29, 2023 · 0 comments
Open
3 tasks

✨ Add better credentails support to new BucketFs API #75

Nicoretti opened this issue Sep 29, 2023 · 0 comments
Labels
feature Product feature

Comments

@Nicoretti
Copy link
Member

Nicoretti commented Sep 29, 2023
edited
Loading

Summary

Be more explicit and secure on how credentials are used within the bucketfs api.

Replace the default dict in dict credentials mapping passed to the service with a more sophisticated credentials provider,
which e.g. does not accidentally leak authentication information when printing it. Additionally provide more context
that credentials are mapped to specific buckets.

Details

  • Add Credential classes/objects
  • Credential classes/objects should not leak information when printed
  • Credential classes/objects Support explicit request for unsecure output
  • Add a more explicit data structure / class for the global credentials mapping/store

Examples / Ideas

Secure & Unsecure Output

credentials = Credentials(username='foo', password='bar')


>>> print(credentials)
Credentials(username: ****, password: ****)

>>> print(f'{credentails:unsecure}')
Credentials(username: foo, password: bar)

Global Credentails Store

store = CredentailStore(
      [
          BucketCredentails(bucket='default', username='user', password='pw'),
          BucketCredentails(bucket='myudfs', username='u', password='secret'),
          ...
     ]
)

store = CredentailStore(
      [
          { 'bucket': 'default', 'username': 'user', 'password': 'pw' },
          { 'bucket': 'myudfs', 'username': 'u', 'password': 'secret' },
          ...
     ]
)

store = credentails.Store(
      [
          credentials.Bucket(name='default', username='user', password='pw'),
          credentails.Bucket(name='myudfs', username='u', password='secret'),
          ...
     ]
)

New Usage

from exasol.bucketfs import Service
from exasol.bucketfs import credentails 

URL = "http://127.0.0.1:1234/"
STORE = credentails.Store(
    credentials.Bucket('default', username='w', password='w')
)
bucketfs = Service(URL, STORE)

Notes

  • Printing can/should be implemented by implementing __str__, __format__ and __repr__
  • Consider creating a sub module for the credentials code
  • Keep support for old credential usage but discourage it
  • The Store constructor should support a set of Credentials or just a single one (for simple use cases)
  • Think about for which parameters keyword argument passing should be enforced (e.g. username, password?)

Tasks

  • Add support for improved credentials
  • Add unit and integration tests for this feature(s)
  • Update the documentation to use new (more obvious) API for passing the credentials
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature Product feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Nicoretti