A wrapper library for candid-based temporal authentication

These details have not been verified by PyPI

Project description

temporal-lib-py

This library provides a partial wrapper for the Client.connect method from temporalio/sdk-python by adding candid-based authentication, Google IAM-based authentication and encryption. It also provides a partial wrapper for the Temporal Worker by adding a Sentry interceptor which can be enabled through config.

Building

This library uses poetry for packaging and managing dependencies. To build the wheel file simply run:

poetry build -f wheel

Usage

Client

The following code shows how a client connection is created by using the original (vanilla) temporalio sdk:

from temporalio.client import Client
async def main():
    client = await Client.connect("localhost:7233")
    ...

In order to add authorization and encryption capabilities to this client we replace the connect call as follows:

Candid-based authorization

from temporallib.client import Client, Options
from temporallib.auth import AuthOptions, MacaroonAuthOptions, KeyPair
from temporallib.encryption import EncryptionOptions
async def main():
    # alternatively options could be loaded from a yaml file as the one showed below
    cfg = Options(
        host="localhost:7233",
        auth=AuthOptions(provider="candid", config=MacaroonAuthOptions(keys=KeyPair(...))),
        encryption=EncryptionOptions(key="key")
        ...
    )
    client = await Client.connect(cfg)
	...

The structure of the YAML file which can be used to construct the Options is as follows:

host: "localhost:7233"
queue: "test-queue"
namespace: "test"
encryption:
  key: "HLCeMJLLiyLrUOukdThNgRfyraIXZk918rtp5VX/uwI="
auth:
  provider: "candid"
  config:
    macaroon_url: "http://localhost:7888/macaroon"
    username: "test"
    keys:
      private: "MTIzNDU2NzgxMjM0NTY3ODEyMzQ1Njc4MTIzNDU2Nzg="
      public: "ODc2NTQzMjE4NzY1NDMyMTg3NjU0MzIxODc2NTQzMjE="
tls_root_cas: |
  'base64 certificate'

Google IAM-based authorization

from temporallib.client import Client, Options
from temporallib.auth import AuthOptions, GoogleAuthOptions
from temporallib.encryption import EncryptionOptions
async def main():
    # alternatively options could be loaded from a yaml file as the one showed below
    cfg = Options(
        host="localhost:7233",
        auth=AuthOptions(provider="google", config=GoogleAuthOptions(private_key=...)),
        encryption=EncryptionOptions(key="key")
        ...
    )
    client = await Client.connect(cfg)
	...

The structure of the YAML file which can be used to construct the Options is as follows:

host: "localhost:7233"
queue: "test-queue"
namespace: "test"
encryption:
  key: "HLCeMJLLiyLrUOukdThNgRfyraIXZk918rtp5VX/uwI="
auth:
  provider: "google"
  config:
    type: "service_account"
    project_id: "REPLACE_WITH_PROJECT_ID"
    private_key_id: "REPLACE_WITH_PRIVATE_KEY_ID"
    private_key: "REPLACE_WITH_PRIVATE_KEY"
    client_email: "REPLACE_WITH_CLIENT_EMAIL"
    client_id: "REPLACE_WITH_CLIENT_ID"
    auth_uri: "https://accounts.google.com/o/oauth2/auth"
    token_uri: "https://oauth2.googleapis.com/token"
    auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs"
    client_x509_cert_url: "REPLACE_WITH_CLIENT_CERT_URL"
tls_root_cas: |
  'base64 certificate'

Worker

The following code shows how a Worker is created by using the original (vanilla) temporalio sdk:

from temporalio.worker import Worker
from temporalio.client import Client
async def main():
    client = await Client.connect("localhost:7233")
    worker = Worker(
        client,
        task_queue=task_queue,
        workflows=workflows,
        activities=activities,
    )
    await worker.run()
    ...

In order to add Sentry logging capabilities to this worker we replace the worker initialization as follows:

from temporallib.worker import Worker, WorkerOptions, SentryOptions
from temporallib.client import Client

client = await Client.connect(cfg)
worker = Worker(
    client,
    task_queue=task_queue,
    workflows=workflows,
    activities=activities,
    worker_opt=WorkerOptions(sentry=SentryOptions(dsn="dsn", release="release", environment="environment", redact_params=True)),
)
await worker.run()

Note that you can optionally enable parameter redaction to hide event parameters that are sent to Sentry.

Samples

More examples of workflows using this library can be found here:

temporal-lib-samples

Project details

These details have not been verified by PyPI

Release history Release notifications | RSS feed

1.8.0

Oct 25, 2024

1.4.6

Oct 17, 2024

1.4.5 yanked

Oct 17, 2024

Reason this release was yanked:

missing dependency

1.4.4

Oct 3, 2024

1.4.3

Oct 3, 2024

1.4.2

Oct 3, 2024

1.4.0 yanked

Oct 2, 2024

Reason this release was yanked:

incorrect pydantic dependency

1.3.1

Jan 23, 2024

This version

1.3.0

Jan 23, 2024

1.1.3

Sep 15, 2023

1.1.2

Aug 22, 2023

1.1.1

Aug 8, 2023

1.1.0

Jun 14, 2023

0.1.1

Oct 31, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

temporal_lib_py-1.3.0.tar.gz (12.5 kB view hashes)

Uploaded Jan 23, 2024 Source

Built Distribution

temporal_lib_py-1.3.0-py3-none-any.whl (14.1 kB view hashes)

Uploaded Jan 23, 2024 Python 3

Hashes for temporal_lib_py-1.3.0.tar.gz

Hashes for temporal_lib_py-1.3.0.tar.gz
Algorithm	Hash digest
SHA256	`e8d5e20eb2a191f9223c425e04ea1d4d4d984b273a01a305b3b9d08779625cdb`
MD5	`bae2fe5928fa02bfaf774f543b0bfe27`
BLAKE2b-256	`29e6adb354fe0f8fc4ac0457a43d4b1c8981d0cb656e2f6db5ae706d8c1c098d`

Hashes for temporal_lib_py-1.3.0-py3-none-any.whl

Hashes for temporal_lib_py-1.3.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`e34cf57c11c0cc65fa99be58e4dff2a900175f9173e014f8bdd3f4023fd389a8`
MD5	`494768eecd8f6e55ccd35428f6c4463d`
BLAKE2b-256	`cdfe415c86959282f65b7386fba43eef4c348e0d30aa0b187b50b2aaee65e53e`