Skip to content

✨ Add better credentials support to new BucketFs API  #75

Open
Open
✨ Add better credentials support to new BucketFs API #75
Labels
featureProduct feature
@Nicoretti

Description

@Nicoretti
Nicoretti
opened on Sep 29, 2023

Summary

Be more explicit and secure on how credentials are used within the bucketfs api.

Replace the default dict in dict credentials mapping passed to the service with a more sophisticated credentials provider,
which e.g. does not accidentally leak authentication information when printing it. Additionally provide more context
that credentials are mapped to specific buckets.

Details

  • Add Credential classes/objects
  • Credential classes/objects should not leak information when printed
  • Credential classes/objects Support explicit request for unsecure output
  • Add a more explicit data structure / class for the global credentials mapping/store

Examples / Ideas

Secure & Unsecure Output

credentials = Credentials(username='foo', password='bar')


>>> print(credentials)
Credentials(username: ****, password: ****)

>>> print(f'{credentails:unsecure}')
Credentials(username: foo, password: bar)

Global Credentails Store

store = CredentailStore(
      [
          BucketCredentails(bucket='default', username='user', password='pw'),
          BucketCredentails(bucket='myudfs', username='u', password='secret'),
          ...
     ]
)

store = CredentailStore(
      [
          { 'bucket': 'default', 'username': 'user', 'password': 'pw' },
          { 'bucket': 'myudfs', 'username': 'u', 'password': 'secret' },
          ...
     ]
)

store = credentails.Store(
      [
          credentials.Bucket(name='default', username='user', password='pw'),
          credentails.Bucket(name='myudfs', username='u', password='secret'),
          ...
     ]
)

New Usage

from exasol.bucketfs import Service
from exasol.bucketfs import credentails 

URL = "http://127.0.0.1:1234/"
STORE = credentails.Store(
    credentials.Bucket('default', username='w', password='w')
)
bucketfs = Service(URL, STORE)

Notes

  • Printing can/should be implemented by implementing __str__, __format__ and __repr__
  • Consider creating a sub module for the credentials code
  • Keep support for old credential usage but discourage it
  • The Store constructor should support a set of Credentials or just a single one (for simple use cases)
  • Think about for which parameters keyword argument passing should be enforced (e.g. username, password?)

Tasks

  • Add support for improved credentials
  • Add unit and integration tests for this feature(s)
  • Update the documentation to use new (more obvious) API for passing the credentials

Metadata

Metadata

Assignees

No one assigned

    Labels

    featureProduct feature

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions