A package which generates a GizmoSQL token (JWT) for auth testing

Navigation

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License
  • Author: Philip Moore
  • Tags gizmosql , auth , token , bearer , jwt
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

Generate GizmoSQL (JWT) Token - by GizmoData

generate-gizmosql-token-ci Supported Python Versions PyPI version PyPI Downloads

A utility for generating Bearer Authentication Tokens (Javascript Web Tokens - JWTs) for testing GizmoSQL (JWT) token authentication.

Setup (to run locally)

Install Python package

from PyPi

# Create the virtual environment
python3 -m venv .venv

# Activate the virtual environment
. .venv/bin/activate

# Upgrade pip
pip install --upgrade pip

# Install the package
pip install generate-gizmosql-token

from source - for development

git clone https://github.com/gizmodata/generate-gizmosql-token

cd generate-gizmosql-token

# Create the virtual environment
python3 -m venv .venv

# Activate the virtual environment
. .venv/bin/activate

# Upgrade pip, setuptools, and wheel
pip install --upgrade pip setuptools wheel

# Install the package (in editable mode)
pip install --editable .[dev]

Note

For the following commands - if you are running from source and using --editable mode (for development purposes) - you will need to set the PYTHONPATH environment variable as follows:

export PYTHONPATH=$(pwd)/src

Usage Example

generate-gizmosql-token \
  --issuer "GizmoData LLC" \
  --audience "GizmoSQL Server" \
  --subject "philip@gizmodata.com" \
  --role "admin" \
  --token-lifetime-seconds 86400 \
  --output-file-format "output/gizmosql_token_{issuer}_{audience}_{subject}_{role}.jwt" \
  --private-key-file keys/private_key.pem

[!TIP] If you use: --role "readonly" - you can generate a token that has read-only privileges in GizmoSQL (for the DuckDB backend only)

Using the generated token with GizmoSQL

Server setup

In order to use the JWT generated by this package, you must start the GizmoSQL server using the public certificate associated with the private key you signed the JWT with using this utility.

Below is an example of starting the GizmoSQL server with TLS and JWT authentication enabled.

Please note - you MUST use the issuer, audience, and the public certificate that matches the private key you used to sign the JWT using this utility in order for the token to be accepted by the server.

gizmosql_server                                         \
   --database-filename data/tpch.db                     \
   --username gizmosql_user                             \
   --print-queries                                      \
   --tls tls/cert0.pem tls/cert0.key                    \
   --token-allowed-issuer "GizmoData LLC"               \
   --token-allowed-audience "GizmoSQL Server"           \
   --token-signature-verify-cert-path tls/jwt.pem       \
   --log-format json                                    \
   --access-log off
   --log-level info

JDBC

You can use the generated token with GizmoSQL via JDBC by using "token" as the username, and putting the JWT in the password value:

jdbc:arrow-flight-sql://hostname:port?useEncryption=true&user=token&password=JWT_TOKEN_HERE&disableCertificateVerification=true

ADBC

You can use the generated token with GizmoSQL via ADBC using the adbc_driver_flightsql package as follows - if you have set the environment variable GIZMOSQL_TOKEN to the generated token:

import os

from adbc_driver_flightsql import dbapi as gizmosql, DatabaseOptions

with gizmosql.connect(uri="grpc+tls://localhost:31337",
                      db_kwargs={"username": "token",
                                 "password": os.getenv("GIZMOSQL_TOKEN", "BAD TOKEN!"),
                                 DatabaseOptions.TLS_SKIP_VERIFY.value: "true",
                                 },
                      autocommit=True
                      ) as conn:
    with conn.cursor() as cur:
        print(f"Catalog: {conn.adbc_current_catalog}")
        print(f"Schema: {conn.adbc_current_db_schema}")

        cur.execute("SELECT * FROM region")
        x = cur.fetch_arrow_table()
        print(x)

Handy development commands

Generate self-signed certificate and private key for testing purposes

There is a handy shell script (if you clone the repo) in scripts/gen-certs.sh that you can use to generate a self-signed certificate and private key for testing purposes.

scripts/gen-certs.sh

Version management

Bump the version of the application - (you must have installed from source with the [dev] extras)
bumpver update --patch

Project details

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License
  • Author: Philip Moore
  • Tags gizmosql , auth , token , bearer , jwt
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.0.14

0.0.12

This version

0.0.8

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

generate_gizmosql_token-0.0.8.tar.gz (5.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

generate_gizmosql_token-0.0.8-py3-none-any.whl (5.1 kB view details)

Uploaded Python 3

File details

Details for the file generate_gizmosql_token-0.0.8.tar.gz.

File metadata

  • Download URL: generate_gizmosql_token-0.0.8.tar.gz
  • Upload date:
  • Size: 5.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for generate_gizmosql_token-0.0.8.tar.gz
Algorithm Hash digest
SHA256 d5369f59266af73019e749fae7199f3abe67ab9ce016a9835e636f57b62d6e75
MD5 5a2ecc1ba466164baf4a0f44cf710c88
BLAKE2b-256 4578237d2e681de378178c8413fe868375c3612434a774a229d75d2031db271d

See more details on using hashes here.

Provenance

The following attestation bundles were made for generate_gizmosql_token-0.0.8.tar.gz:

Publisher: ci.yml on gizmodata/generate-gizmosql-token

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file generate_gizmosql_token-0.0.8-py3-none-any.whl.

File metadata

File hashes

Hashes for generate_gizmosql_token-0.0.8-py3-none-any.whl
Algorithm Hash digest
SHA256 d601383857327462a87362bd3e36076e5366f4790eb4a8c68c2c5f3475c67ee4
MD5 a1fb38f0750fe1b69738c90cf252402d
BLAKE2b-256 53433bdc8666ee94b094a7bce7de2e260e71d27569feaef41162b782c0066e20

See more details on using hashes here.

Provenance

The following attestation bundles were made for generate_gizmosql_token-0.0.8-py3-none-any.whl:

Publisher: ci.yml on gizmodata/generate-gizmosql-token

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page