Problem
We do not have any tokens ready, how can we authenticate with LDAP instead to use the Okera API? Our developers use pyOkera and need to find an alternative to pre-created tokens that could expire and need renewal.
Solution
The following is an example script to show how this can be done in Python. It uses the fact that enable_token_auth accepts a function that can go and acquire the token.
The script needs to be adopted to your environment for acquiring the username and password that is used to authenticate against the LDAP server. In this example it is using environment variables, named OKERA_USERNAME and OKERA_PASSWORD, but they could be retrieved from other places as well (for example, a Secrets service, as offered by cloud vendors).
The same applies to the OKERA_HOST, OKERA_REST_PORT, and OKERA_PLANNER_PORT, which are hardcoded (or use a placeholder). These variable could also be sourced from other places.
import jsonimport os
import requests
from okera import context
OKERA_HOST = "<your_odas_cluster_dns_or_ip_address>"
OKERA_REST_PORT = 8083
OKERA_PLANNER_PORT = 12050
def login_with_ldap():
username = os.environ['OKERA_USERNAME']
password = os.environ['OKERA_PASSWORD']
auth = requests.auth.HTTPBasicAuth(username, password)
res = requests.post(
'https://%s:%s/api/next/get-token' % (OKERA_HOST, OKERA_REST_PORT),
auth=auth)
if res.status_code != 200:
raise Exception("Failed to authenticate with LDAP")
token_data = res.json()
if 'data' not in token_data \
or 'token' not in token_data['data'] \
or not token_data['data']['token']:
raise Exception("Malformed token response")
return token_data['data']['token']
ctx = context()
ctx.enable_token_auth(token_func=login_with_ldap)
with ctx.connect(host=OKERA_HOST, port=OKERA_PLANNER_PORT) as conn:
print(conn.scan_as_json('select * from okera_sample.whoami'))
Comments
0 comments
Please sign in to leave a comment.