Skip to main content

SDK for Agave

Project description

https://badge.fury.io/py/agavepy.svg https://travis-ci.org/TACC/agavepy.svg?branch=develop https://readthedocs.org/projects/agavepy/badge/?version=latest https://img.shields.io/pypi/l/Django.svg

Python2/3 binding for TACC.Cloud Agave and Abaco APIs

Installation

Install from PyPI:

pip install agavepy

Install from GitHub checkout:

cd agavepy
python setup.py install
# or #
make install

Quickstart

If you already have an active installation of the TACC Cloud CLI, AgavePy will pick up on your existing credential cache, stored in $HOME/.agave/current. We illustrate this usage pattern first, as it’s really straightforward.

TACC Cloud CLI

>>> from agavepy.agave import Agave
>>> ag = Agave.restore()

Voila! You have an active, authenticated API client. AgavePy will use a cached refresh token to keep this session active as long as the code is running.

Pure Python

Authentication and authorization to the TACC Cloud APIs uses OAuth2, a widely-adopted web standard. Our implementation of Oauth2 is designed to give you the flexibility you need to script and automate use of TACC Cloud while keeping your access credentials and digital assets secure.

This is covered in great detail in our Developer Documentation but some key concepts will be highlighted here, interleaved with Python code.

The first step is to create a Python object ag pointing to an API server. Your project likely has its own API server, which are discoverable using the tenants-list --rich command in the TACC Cloud CLI. For now, we can assume api.tacc.cloud (the default value) will work for you.

>>> from agavepy.agave import Agave
>>> ag = Agave(api_server='https://api.tacc.cloud')

Once the object is instantiated, interact with it according to the API documentation and your specific usage needs.

Create a new Oauth client

>>> ag = Agave(api_server='https://api.tacc.cloud',
...            username='mwvaughn',
...            password='PaZ$w0r6!')
>>> ag.clients.create(body={'clientName': 'my_client'})
{u'consumerKey': u'kV4XLPhVBAv9RTf7a2QyBHhQAXca', u'_links': {u'subscriber':
{u'href': u'https://api.tacc.cloud/profiles/v2/mwvaughn'}, u'self': {u'href':
 u'https://api.tacc.cloud/clients/v2/my_client'}, u'subscriptions': {u'href':
 u'https://api.tacc.cloud/clients/v2/my_client/subscriptions/'}},
 u'description': u'', u'tier': u'Unlimited', u'callbackUrl': u'',
 u'consumerSecret': u'5EbjEOcyzzIsAAE3vBS7nspVqHQa', u'name': u'my_client'}

You use the consumerKey and consumerSecret to generate Oauth tokens, which are temporary credentials that you can use in place of putting your real credentials into code that is scripting against the TACC APIs.

Reuse an existing Oauth client

Once you generate a client, you can re-use its key and secret. Clients can be created using the Python-based approach illustrated above, via the TACC Cloud CLI clients-create command, or by a direct, correctly-structured POST to the clients web service. No matter how you’ve created a client, setting AgavePy up to use it works the same way:

>>> from agavepy.agave import Agave
>>> ag = Agave(api_server='https://api.tacc.cloud',
...            username='mwvaughn', password='PaZ$w0r6!',
...            client_name='my_client',
...            api_key='kV4XLPhVBAv9RTf7a2QyBHhQAXca',
...            api_secret='5EbjEOcyzzIsAAE3vBS7nspVqHQa')

The Agave object ag is now configured to talk to all TACC Cloud services. Here’s an example: Let’s retrieve a the curent user’s profile.

>>> ag.profiles.get()
{u'status': u'', u'username': u'mwvaughn', u'first_name': u'Matthew',
 u'last_name': u'Vaughn', u'phone': u'867-5309', u'mobile_phone': u'',
 u'create_time': u'20140515180317Z', u'full_name': u'vaughn',
 u'email': u'mwvaughn@devnull.com'}

The refresh token

Nobody likes to change their password, but they have to if it leaks out into the wild. A tragically easy way for that to happen is in committed code or a Docker container where it’s been hard-coded. To get around this, AgavePy works with the TACC authentication APIs to support using a refresh token. Basically, as long as you have the apikey, apisecret, and the last refresh token for an authenticated session, you can renew the session without sending a password. Neat, right? Let’s build on the ag object from above to learn about this.

Let’s start by inspecting its token property, which will also demonstrate how you can access token data programmatically for your own purposes.

>>> ag.token.token_info
{u'access_token': u'14f0bbd0b334e594e676661bf9ccc136', 'created_at':
 1518136421, u'expires_in': 13283, 'expires_at': 'Thu Feb  8 22:15:04',
 u'token_type': u'bearer', 'expiration': 1518149704, u'scope': u'default',
 u'refresh_token': u'b138c49040a6f67f80d49a1c112e44b'}
>>> ag.token.token_info['refresh_token']
u'b138c49046f67f80d49a1c10a12e44b'

To be continued

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agavepy-0.7.3.tar.gz (97.9 kB view details)

Uploaded Source

File details

Details for the file agavepy-0.7.3.tar.gz.

File metadata

  • Download URL: agavepy-0.7.3.tar.gz
  • Upload date:
  • Size: 97.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: Python-urllib/2.7

File hashes

Hashes for agavepy-0.7.3.tar.gz
Algorithm Hash digest
SHA256 1a6f9b29ccd00389e638838a29ebd9efc6decf76d4fdc2b56d5b5a4637af1c53
MD5 5bbdc0bc9630f32af0d97f7ce25d5713
BLAKE2b-256 80b52f40aebce50736335172e1a7f543114aa6364f1b09ba50282c3813ebd232

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page