Skip to main content

Python SDK for Immudb

Project description

immudb-py License

Build Status Coverage StatusSlack Discuss at immudb@googlegroups.com

Official immudb client for Python.

Contents

Introduction

immu-py implements a grpc immudb client. A minimalist API is exposed for applications while cryptographic verifications and state update protocol implementation are fully implemented by this client. Latest validated immudb state may be kept in the local filesystem when using default rootService, please read immudb research paper for details of how immutability is ensured by immudb.

Prerequisites

immu-py assumes there is an existing instance of the immudb server up and running. Running immudb is quite simple, please refer to the following link for downloading and running it: https://immudb.io/docs/quickstart.html

immudb-py requires python version 3.6 or greater. If you are using 3.6, you'll need dataclasses package; on 3.7+, dataclasses is part of the python distribution.

Installation

You can install latest version cloning this repository, and then use the make command to install prerequisites and the package itself:

    make init
    make install

Or, you can install latest stable version using pip:

    pip3 install immudb-py

Then, in you code, import the client library as as follows:

    from immudb import ImmudbClient

Note: immudb-py need grpcio module from google. On Alpine linux, you need these packages in order to correctly build (and install) grpcio:

  • linux-headers
  • python3-dev
  • g++

Supported Versions

immu-py supports the latest immudb release.

Quickstart

Hello Immutable World! example can be found in immudb-client-examples repo.

Step by step guide

Creating a Client

The following code snippets shows how to create a client.

Using default configuration:

    client = ImmudbClient()

Setting immudb url and port:

    client = ImmudbClient("mycustomurl:someport")
    client = ImmudbClient("10.105.20.32:8899")

User sessions

Use login and logout methods to initiate and terminate user sessions:

    client.login("usr1", "pwd1");

    // Interact with immudb using logged user

    client.logout();

Encoding

Please note that, in order to provide maximum flexibility, all functions accept byte arrays as parameters. Therefore, unicode strings must be properly encoded. It is possible to store structured objects, but they must be serialized (e.g., with pickle or json).

Creating a database

Creating a new database is quite simple:

    client.createDatabase(b"db1");

Setting the active database

Specify the active database with:

    client.useDatabase(b"db1");

If not specified, the default databased used is "defaultdb".

Traditional read and write

immudb provides read and write operations that behave as a traditional key-value store i.e. no cryptographic verification is done. This operations may be used when validations can be post-poned:

    client.set(b"k123", b"value123");
    result = client.get(b"k123");

Verified read and write

immudb provides built-in cryptographic verification for any entry. The client implements the mathematical validations while the application uses as a traditional read or write operation:

    try:
        client.verifiedSet(b"k123", b"v123");
        results = client.verifiedGet(b"k123");
    Except VerificationException as e:
        # Do something

Multi-key read and write

Transactional multi-key read and write operations are supported by immudb and immudb-py. Atomic multi-key write (all entries are persisted or none):

    normal_dictionary = {b"key1": b"value1", b"key2": b"value2"}
    client.setAll(normal_dictionary);

Atomic multi-key read (all entries are retrieved or none):

    normal_dictionary = {b"key1": b"value1", b"key2": b"value2"}
    results_dictionary = client.getAll(normal_dictionary.keys())
    # Or manually
    client.get([b"key1", b"key2"])

User management

Users can be added and granted access to databases.

Adding a user

The createUser functions create a new users and grants the specified permission to a database.

user='newuser'
password='Pw1:pasdfoiu'
permission=immudb.constants.PERMISSION_RW
database='defaultdb'

client.createUser(user, password, permission, database)

The database must exists at the time the user is created. The password must be between 8 and 32 characters in length, and must have at least one upper case letter, a symbol and a digit.

Permission are defined in immudb.constants and are:

  • PERMISSION_SYS_ADMIN
  • PERMISSION_ADMIN
  • PERMISSION_NONE
  • PERMISSION_R
  • PERMISSION_RW

Changin password

The user must must provide both old and new password:

newPassword="pW1:a0s98d7gfy"
resp=client.changePassword(user, newPassword, oldPassword)

It is applied the same password policy of user creation.

User list

To get the list of user created on immudb, simply call listUsers:

resp=client.listUsers()
print(users.userlist.users)

Closing the client

To programatically close the connection with immudb server use the shutdown operation:

    client.shutdown();

Note: after shutdown, a new client needs to be created to establish a new connection.

State persistance

An important immudb feature is the ability for a client to check every transaction for tampering. In order to be able to do that, it is necessary to persist client state (i.e., save it to disk) so that if some tampering on the server happens between two runs, it is immediatly detected.

A RootService implements just that: it stores immudb client after every transaction, in order to be able to use it afterward to check the server correctness.

Using the Persistent Root Service

The default RootService, for simplicity, commits the state to RAM, and so it is unsuitable for real time safe application. To have persistance, the application must instantiate a PersistentRootService object, which stores its state to disk.

Let's see a simple example that uses state persistance:

from immudb.client import ImmudbClient, PersistentRootService
client=ImmudbClient(rs=PersistentRootService())
client.login(username="immudb", password="immudb")
client.verifiedTxById(42)
client.verifiedGet(b"example")

In this example, the Root Service is saved to the disk after every verified transaction. As you can see, it is very easy to use. Just create and use the PersistentRootService object in the client initialization.

Process and threads

Please keep in mind that the implementation is not thread/process safe. If you are using a multi-process application, it is advisable to use a different state file for every instance: just pass the filename as argument to the PersistentRootService constructor:

client = ImmudbClient(rs=PersistentRootService("rootfilename"))

Default rootfile is "~/.immudbRoot"

If needed/wanted, it is also easy to extend the default implementation adding synchronization primitives to the get/set methods. In this way, more than one immudb client can share the same PersistentRootService instance without interering each other.

Cryptographic state signing

To increase safety, it is possible to generate a private key and use it to sign every verification response. Clients can then use the corresponding public key to check for response correctness.

Key generation

You can use openssl to create a private key, and then extract the public key:

openssl ecparam -name prime256v1 -genkey -noout -out private_signing_key.pem
openssl ec -in private_signing_key.pem -pubout -out public_signing_key.pem

Key usage (server side)

On immudb server, use --signingKey private_signing_key.pem to activate cryptographic signature.

Key usage (client/SDK side)

On immudb python SDK, just pass the public key filename to the ImmudbClient constructor:

client=ImmudbClient(publicKeyFile="/certs/public_signing_key.pem")

Every transaction will be then automatically checked. An exception is thrown if the cryptographic check fails.

Contributing

We welcome contributions. Feel free to join the team!

To report bugs or get help, use GitHub's issues.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

immudb-py-0.9.1rc1.tar.gz (39.3 kB view details)

Uploaded Source

Built Distribution

immudb_py-0.9.1rc1-py3-none-any.whl (73.5 kB view details)

Uploaded Python 3

File details

Details for the file immudb-py-0.9.1rc1.tar.gz.

File metadata

  • Download URL: immudb-py-0.9.1rc1.tar.gz
  • Upload date:
  • Size: 39.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/51.0.0 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.9.2

File hashes

Hashes for immudb-py-0.9.1rc1.tar.gz
Algorithm Hash digest
SHA256 8549f4da4ec1da1adfadeb7f46ab928f6ec2d15934337cb76a29d78806187e36
MD5 85f5d6dc648923637924e0ebc846a117
BLAKE2b-256 477d8f47439876539c7cb60e96494919aa1b8eadb0561f335e703d8f094d49ab

See more details on using hashes here.

File details

Details for the file immudb_py-0.9.1rc1-py3-none-any.whl.

File metadata

  • Download URL: immudb_py-0.9.1rc1-py3-none-any.whl
  • Upload date:
  • Size: 73.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/51.0.0 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.9.2

File hashes

Hashes for immudb_py-0.9.1rc1-py3-none-any.whl
Algorithm Hash digest
SHA256 a4d29186f44ca57b14408e6fdaeb9f6735aa4f67b97d8549c39c6c083e8edcaf
MD5 8211e994f7ea42b43d6ffa4f7b605e7f
BLAKE2b-256 138e92e5a40c6b56193aff81fe68e221da7c1305e2084c40ebbc5c11401eaeeb

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page