A wrapper library for candid-based temporal authentication
Project description
temporal-lib-py
This library provides a partial wrapper for the Client.connect method from temporalio/sdk-python by adding candid-based authentication, Google IAM-based authentication and encryption.
Building
This library uses poetry for packaging and managing dependencies. To build the wheel file simply run:
poetry build -f wheel
Usage
The following code shows how a client connection is created using by using the original (vanilla) temporalio sdk:
from temporalio.client import Client
async def main():
client = await Client.connect("localhost:7233")
...
In order to add authorization and encryption capabilities to this client we replace the connect call as follows:
Candid-based authorization
from temporallib.client import Client, Options
from temporallib.auth import AuthOptions, MacaroonAuthOptions, KeyPair
from temporallib.encryption import EncryptionOptions
async def main():
# alternatively options could be loaded from a yaml file as the one showed below
cfg = Options(
host="localhost:7233",
auth=AuthOptions(provider="candid", config=MacaroonAuthOptions(keys=KeyPair(...))),
encryption=EncryptionOptions(key="key")
...
)
client = await Client.connect(cfg)
...
The structure of the YAML file which can be used to construct the Options is as follows:
host: "localhost:7233"
queue: "test-queue"
namespace: "test"
encryption:
key: "HLCeMJLLiyLrUOukdThNgRfyraIXZk918rtp5VX/uwI="
auth:
provider: "candid"
config:
macaroon_url: "http://localhost:7888/macaroon"
username: "test"
keys:
private: "MTIzNDU2NzgxMjM0NTY3ODEyMzQ1Njc4MTIzNDU2Nzg="
public: "ODc2NTQzMjE4NzY1NDMyMTg3NjU0MzIxODc2NTQzMjE="
tls_root_cas: |
'base64 certificate'
Google IAM-based authorization
from temporallib.client import Client, Options
from temporallib.auth import AuthOptions, GoogleAuthOptions
from temporallib.encryption import EncryptionOptions
async def main():
# alternatively options could be loaded from a yaml file as the one showed below
cfg = Options(
host="localhost:7233",
auth=AuthOptions(provider="google", config=GoogleAuthOptions(private_key=...)),
encryption=EncryptionOptions(key="key")
...
)
client = await Client.connect(cfg)
...
The structure of the YAML file which can be used to construct the Options is as follows:
host: "localhost:7233"
queue: "test-queue"
namespace: "test"
encryption:
key: "HLCeMJLLiyLrUOukdThNgRfyraIXZk918rtp5VX/uwI="
auth:
provider: "google"
config:
type: "service_account"
project_id: "REPLACE_WITH_PROJECT_ID"
private_key_id: "REPLACE_WITH_PRIVATE_KEY_ID"
private_key: "REPLACE_WITH_PRIVATE_KEY"
client_email: "REPLACE_WITH_CLIENT_EMAIL"
client_id: "REPLACE_WITH_CLIENT_ID"
auth_uri: "https://accounts.google.com/o/oauth2/auth"
token_uri: "https://oauth2.googleapis.com/token"
auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs"
client_x509_cert_url: "REPLACE_WITH_CLIENT_CERT_URL"
tls_root_cas: |
'base64 certificate'
Samples
More examples of workflows using this library can be found here:
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for temporal_lib_py-1.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 354532c8b6c788621d629c1b55caa313581070f87bd7180457d26e30f5d04e31 |
|
MD5 | 79b1b19ba0cc543f8d39b20f3300ea83 |
|
BLAKE2b-256 | b1ab7fa3433ed0e62cbc46bd3c2486c2cd4db86187f651ddf77d8a36ab9d7c6d |