From c7cd02a2afb92b8e75f3d613bfc3dfd82123bfce Mon Sep 17 00:00:00 2001 From: guyhardonag Date: Tue, 2 Apr 2024 12:24:21 +0300 Subject: [PATCH 1/4] Python wrapper - add STS login --- clients/python-wrapper/lakefs/client.py | 13 ++++++++++++- clients/python-wrapper/requirements.txt | 2 +- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/clients/python-wrapper/lakefs/client.py b/clients/python-wrapper/lakefs/client.py index e3e00b7401e..5baa7da05bb 100644 --- a/clients/python-wrapper/lakefs/client.py +++ b/clients/python-wrapper/lakefs/client.py @@ -13,7 +13,7 @@ from lakefs_sdk.client import LakeFSClient from lakefs.config import ClientConfig -from lakefs.exceptions import NotAuthorizedException, ServerException +from lakefs.exceptions import NotAuthorizedException, ServerException, api_exception_handler from lakefs.models import ServerStorageConfiguration @@ -106,6 +106,17 @@ def version(self) -> str: return self._server_conf.version +def from_web_identity(code: str, state: str, redirect_uri: str, ttl_seconds: int = 3600, **kwargs) -> Client: + """ + Authenticate against lakeFS using a web identity token + """ + client = Client(**kwargs) + sts_requests = lakefs_sdk.StsAuthRequest(code=code, state=state, redirect_uri=redirect_uri, ttl_seconds=ttl_seconds) + with api_exception_handler(): + auth_token = client.sdk_client.experimental_api.sts_login(sts_requests) + client.config.access_token = auth_token.token + return client + class _BaseLakeFSObject: """ Base class for all lakeFS SDK objects, holds the client object and handles errors where no authentication method diff --git a/clients/python-wrapper/requirements.txt b/clients/python-wrapper/requirements.txt index 0f2e8730027..dc9e2657387 100644 --- a/clients/python-wrapper/requirements.txt +++ b/clients/python-wrapper/requirements.txt @@ -1,5 +1,5 @@ aenum~=3.1.15 -lakefs-sdk==1.10.0 +lakefs-sdk>=1.15.0 pydantic >= 1.10.5, < 2 python-dateutil~=2.8.2 PyYAML~=6.0.1 From 762e6d4ef9e3bfa7ad437468f8eea0801e6279d4 Mon Sep 17 00:00:00 2001 From: guyhardonag Date: Wed, 3 Apr 2024 14:10:07 +0300 Subject: [PATCH 2/4] Change minor lakefs-sdk version --- clients/python-wrapper/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/python-wrapper/requirements.txt b/clients/python-wrapper/requirements.txt index dc9e2657387..0df424a0e2f 100644 --- a/clients/python-wrapper/requirements.txt +++ b/clients/python-wrapper/requirements.txt @@ -1,5 +1,5 @@ aenum~=3.1.15 -lakefs-sdk>=1.15.0 +lakefs-sdk>=1.16.0 pydantic >= 1.10.5, < 2 python-dateutil~=2.8.2 PyYAML~=6.0.1 From 1d8f1f72dbc2b8206312c5578db33854e0090fbb Mon Sep 17 00:00:00 2001 From: guyhardonag Date: Wed, 3 Apr 2024 16:28:44 +0300 Subject: [PATCH 3/4] Code review changes --- clients/python-wrapper/lakefs/client.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/clients/python-wrapper/lakefs/client.py b/clients/python-wrapper/lakefs/client.py index 5baa7da05bb..2ea59d654eb 100644 --- a/clients/python-wrapper/lakefs/client.py +++ b/clients/python-wrapper/lakefs/client.py @@ -108,14 +108,22 @@ def version(self) -> str: def from_web_identity(code: str, state: str, redirect_uri: str, ttl_seconds: int = 3600, **kwargs) -> Client: """ - Authenticate against lakeFS using a web identity token + Authenticate against lakeFS using a code received from an identity provider + + :param code: The code received from the identity provider + :param state: The state received from the identity provider + :param redirect_uri: The redirect URI used in the authentication process + :param ttl_seconds: The token's time-to-live in seconds + :param kwargs: Remaining arguments for the Client object + :return: The authenticated Client object """ client = Client(**kwargs) sts_requests = lakefs_sdk.StsAuthRequest(code=code, state=state, redirect_uri=redirect_uri, ttl_seconds=ttl_seconds) with api_exception_handler(): auth_token = client.sdk_client.experimental_api.sts_login(sts_requests) - client.config.access_token = auth_token.token - return client + client.config.access_token = auth_token.token + return client + class _BaseLakeFSObject: """ From ac6c90c318f8cd2717b97eb47fb2f72ff8ef76ea Mon Sep 17 00:00:00 2001 From: guyhardonag Date: Wed, 3 Apr 2024 17:09:50 +0300 Subject: [PATCH 4/4] Add raises to documentation --- clients/python-wrapper/lakefs/client.py | 1 + 1 file changed, 1 insertion(+) diff --git a/clients/python-wrapper/lakefs/client.py b/clients/python-wrapper/lakefs/client.py index 2ea59d654eb..2665d19aca7 100644 --- a/clients/python-wrapper/lakefs/client.py +++ b/clients/python-wrapper/lakefs/client.py @@ -116,6 +116,7 @@ def from_web_identity(code: str, state: str, redirect_uri: str, ttl_seconds: int :param ttl_seconds: The token's time-to-live in seconds :param kwargs: Remaining arguments for the Client object :return: The authenticated Client object + :raise NotAuthorizedException: if user is not authorized to perform this operation """ client = Client(**kwargs) sts_requests = lakefs_sdk.StsAuthRequest(code=code, state=state, redirect_uri=redirect_uri, ttl_seconds=ttl_seconds)