Skip to main content

SDK for Agave

Project description

https://badge.fury.io/py/agavepy.svg https://travis-ci.org/TACC/agavepy.svg?branch=develop https://readthedocs.org/projects/agavepy/badge/?version=latest https://img.shields.io/pypi/l/Django.svg

Python2/3 binding for TACC.Cloud Agave and Abaco APIs

Installation

Install from PyPI:

pip install agavepy

Install from GitHub checkout:

cd agavepy
python setup.py install
# or #
make install

Quickstart

If you already have an active installation of the TACC Cloud CLI, AgavePy will pick up on your existing credential cache, stored in $HOME/.agave/current. We illustrate this usage pattern first, as it’s really straightforward.

TACC Cloud CLI

>>> from agavepy.agave import Agave
>>> ag = Agave.restore()

Voila! You have an active, authenticated API client. AgavePy will use a cached refresh token to keep this session active as long as the code is running.

Pure Python

Authentication and authorization to the TACC Cloud APIs uses OAuth2, a widely-adopted web standard. Our implementation of Oauth2 is designed to give you the flexibility you need to script and automate use of TACC Cloud while keeping your access credentials and digital assets secure.

This is covered in great detail in our Developer Documentation but some key concepts will be highlighted here, interleaved with Python code.

The first step is to create a Python object ag pointing to an API server. Your project likely has its own API server, which are discoverable using the tenants-list --rich command in the TACC Cloud CLI. For now, we can assume api.tacc.cloud (the default value) will work for you.

>>> from agavepy.agave import Agave
>>> ag = Agave(api_server='https://api.tacc.cloud')

Once the object is instantiated, interact with it according to the API documentation and your specific usage needs.

Create a new Oauth client

>>> ag = Agave(api_server='https://api.tacc.cloud',
...            username='mwvaughn',
...            password='PaZ$w0r6!')
>>> ag.clients.create(body={'clientName': 'my_client'})
{u'consumerKey': u'kV4XLPhVBAv9RTf7a2QyBHhQAXca', u'_links': {u'subscriber':
{u'href': u'https://api.tacc.cloud/profiles/v2/mwvaughn'}, u'self': {u'href':
 u'https://api.tacc.cloud/clients/v2/my_client'}, u'subscriptions': {u'href':
 u'https://api.tacc.cloud/clients/v2/my_client/subscriptions/'}},
 u'description': u'', u'tier': u'Unlimited', u'callbackUrl': u'',
 u'consumerSecret': u'5EbjEOcyzzIsAAE3vBS7nspVqHQa', u'name': u'my_client'}

You use the consumerKey and consumerSecret to generate Oauth tokens, which are temporary credentials that you can use in place of putting your real credentials into code that is scripting against the TACC APIs.

Reuse an existing Oauth client

Once you generate a client, you can re-use its key and secret. Clients can be created using the Python-based approach illustrated above, via the TACC Cloud CLI clients-create command, or by a direct, correctly-structured POST to the clients web service. No matter how you’ve created a client, setting AgavePy up to use it works the same way:

>>> from agavepy.agave import Agave
>>> ag = Agave(api_server='https://api.tacc.cloud',
...            username='mwvaughn', password='PaZ$w0r6!',
...            client_name='my_client',
...            api_key='kV4XLPhVBAv9RTf7a2QyBHhQAXca',
...            api_secret='5EbjEOcyzzIsAAE3vBS7nspVqHQa')

The Agave object ag is now configured to talk to all TACC Cloud services. Here’s an example: Let’s retrieve a the curent user’s profile.

>>> ag.profiles.get()
{u'status': u'', u'username': u'mwvaughn', u'first_name': u'Matthew',
 u'last_name': u'Vaughn', u'phone': u'867-5309', u'mobile_phone': u'',
 u'create_time': u'20140515180317Z', u'full_name': u'vaughn',
 u'email': u'mwvaughn@devnull.com'}

The refresh token

Nobody likes to change their password, but they have to if it leaks out into the wild. A tragically easy way for that to happen is in committed code or a Docker container where it’s been hard-coded. To get around this, AgavePy works with the TACC authentication APIs to support using a refresh token. Basically, as long as you have the apikey, apisecret, and the last refresh token for an authenticated session, you can renew the session without sending a password. Neat, right? Let’s build on the ag object from above to learn about this.

Let’s start by inspecting its token property, which will also demonstrate how you can access token data programmatically for your own purposes.

>>> ag.token.token_info
{u'access_token': u'14f0bbd0b334e594e676661bf9ccc136', 'created_at':
 1518136421, u'expires_in': 13283, 'expires_at': 'Thu Feb  8 22:15:04',
 u'token_type': u'bearer', 'expiration': 1518149704, u'scope': u'default',
 u'refresh_token': u'b138c49040a6f67f80d49a1c112e44b'}
>>> ag.token.token_info['refresh_token']
u'b138c49046f67f80d49a1c10a12e44b'

To be continued

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
agavepy-0.7.3.tar.gz (97.9 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page