Generate and grant credentials for MongoDB databases
Project description
Mongogrant is a utility to grant username and password credentials for read and readWrite roles on various databases on various hosts to owners of email addresses.
A server administrator has fine-grained control via allow/deny rules for granting tokens and credentials. People request an email that contains a one-time link. That link gives a user a fetch token. All tokens expire and expiration time is customizable. People then use the mongogrant client to make requests like
from mongogrant.client import Client
# config file on disk has tokens and host/db aliases
# `Client()` with no args looks to
# ~/.mongogrant.json for config
client = Client()
# pymongo.database.Database with read role
source_db = client.db("ro:dev/core")
# readWrite role. config stores "staging" host alias
# and "core" db alias
target_db = client.db("rw:staging/core")
# ...Do database stuff!
You can run a "server" on your laptop in a Jupyer notebook and manage allow/deny rules, grant / revoke grants of credentials, etc. A small Flask app (untested so far) is included as an example for deploying a server to which clients can connect to obtain tokens and credentials.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for mongogrant-0.1.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 209d14c9f6b31b1a3764f984fcd352c4f29e45d4c659e83b25997eef2e933968 |
|
| MD5 | d6cbd38eaff60bb8f2a80d0716f26a06 |
|
| BLAKE2b-256 | 3c766ba47ff38342b808c3dccff3ad848f33a6b45754d8056f096567fa9345ce |
