Implements a sigv4 authentication plugin for the open-source Datastax Python Driver for Apache Cassandra
Project description
IMPORTANT: Latest Version
The current version is 4.0.0. Please see the changelog for details on version history.
What
This package implements an authentication plugin for the open-source Datastax Python Driver for Apache Cassandra. The driver enables you to add authentication information to your API requests using the AWS Signature Version 4 Process (SigV4). Using the plugin, you can provide users and applications short-term credentials to access Amazon Keyspaces (for Apache Cassandra) using AWS Identity and Access Management (IAM) users and roles.
The plugin depends on the AWS SDK for Python (Boto3). It uses boto3.Session to obtain credentials.
Example Usage
ssl_context = SSLContext(PROTOCOL_TLSv1_2)
ssl_context.load_verify_locations('./AmazonRootCA1.pem')
ssl_context.verify_mode = CERT_REQUIRED
boto_session = boto3.Session(aws_access_key_id="AKIAIOSFODNN7EXAMPLE",
aws_secret_access_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
aws_session_token="AQoDYXdzEJr...<remainder of token>",
region_name="us-east-2")
auth_provider = SigV4AuthProvider(boto_session)
cluster = Cluster(['cassandra.us-east-2.amazonaws.com'], ssl_context=ssl_context, auth_provider=auth_provider,
port=9142)
session = cluster.connect()
r = session.execute('select * from system_schema.keyspaces')
print(r.current_rows)
Using the Plugin
The following sections describe how to use the authentication plugin for the open-source DataStax Python Driver for Cassandra to access Amazon Keyspaces.
SSL Configuration
The first step is to get an Amazon digital certificate to encrypt your connections using Transport Layer Security (TLS). The DataStax Python driver must use an SSL CA certificate so that the client SSL engine can validate the Amazon Keyspaces certificate on connection.
ssl_context = SSLContext(PROTOCOL_TLSv1_2)
ssl_context.load_verify_locations('./AmazonRootCA1.pem')
ssl_context.verify_mode = CERT_REQUIRED
Region Configuration
Before you can start using the plugin, you must configure the AWS Region that the plugin will use when authenticating.
This is required because SigV4 signatures are Region-specific. For example, if you are connecting to the cassandra.us-east-2.amazonaws.com endpoint,
the Region must be us-east-2. For a list of available AWS Regions and endpoints, see Service Endpoints for Amazon Keyspaces.
You can specify the Region using one of the following four methods:
- Environment Variable
- Constructor
- Boto3 Session Configuration
Environment Variable
You can use the AWS_REGION environment variable to match the endpoint that you are
communicating with by setting it as part of your application start-up, as follows.
$ export AWS_REGION=us-east-1
Constructor
You can either provide the constructor for SigV4AuthProvider with a boto3 session, aws credentials and a region,
or a parameterless constructor to follow the default boto3 credential discovery path.
Install the plugin in your environment
pip install cassandra-sigv4
Programmatically Configure the Driver With a boto3 session
Note that if a session is provided, all other arguments for the constructor are ignored.
boto_session = boto3.Session(aws_access_key_id="AKIAIOSFODNN7EXAMPLE",
aws_secret_access_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
aws_session_token="AQoDYXdzEJr...<remainder of token>",
region_name="us-east-2")
auth_provider = SigV4AuthProvider(boto_session)
cluster = Cluster(['cassandra.us-east-2.amazonaws.com'], ssl_context=ssl_context, auth_provider=auth_provider,
port=9142)
Programmatically Configure the Drive with raw AWS Credentials
auth_provider = SigV4AuthProvider(aws_access_key_id="AKIAIOSFODNN7EXAMPLE",
aws_secret_access_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
aws_session_token="AQoDYXdzEJr...<remainder of token>",
region_name="us-east-2")
cluster = Cluster(['cassandra.us-east-2.amazonaws.com'], ssl_context=ssl_context, auth_provider=auth_provider,
port=9142)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cassandra-sigv4-4.0.0.tar.gz.
File metadata
- Download URL: cassandra-sigv4-4.0.0.tar.gz
- Upload date:
- Size: 5.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.2.0 requests-toolbelt/0.9.1 tqdm/4.50.2 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4c73ad272351911e41498593ac0e27fe3eec5b3060093df006626879b9e87113
|
|
| MD5 |
4edc3dc693dfb99fb1e203a0c710d8b5
|
|
| BLAKE2b-256 |
5caecae1966105e6d69e4a9ec448bcfaad9a2d63b4f7f9dd1a4f1eaa0b269f1d
|
File details
Details for the file cassandra_sigv4-4.0.0-py2.py3-none-any.whl.
File metadata
- Download URL: cassandra_sigv4-4.0.0-py2.py3-none-any.whl
- Upload date:
- Size: 9.8 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.2.0 requests-toolbelt/0.9.1 tqdm/4.50.2 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
27c174903ecabd27a0177f3e4512fb8c547f74c28e2bfe320a9ad3c252297ed6
|
|
| MD5 |
88faf1f0aba957948db82736437491fc
|
|
| BLAKE2b-256 |
8f03b3d69d8ef709cd2f507169f9abb2cac6ad4617123a6ccb837da19374c984
|
