Authentication¶
Configuration¶
Since connections to the Hopskotch server require authentication, there
are several utilities exposed to generate and provide credentials for
both the CLI and python API. hop auth
provides command line
options to generate a configuration file with proper credentials needed
to authenticate.
In order to generate a configuration file, one can run hop auth add
,
which prompts for a username and password to connect to Hopskotch
to publish or subscribe to messages. If you have the credentials csv file, you can
use it directly with hop auth add <CREDENTIALS_FILE>
.
The default location for the authentication data file can be found with hop auth locate
,
which points by default to ${XDG_CONFIG_HOME}/hop/auth.toml
or
${HOME}/.config/hop/auth.toml
if the XDG_CONFIG_HOME
variable is not set.
Using Credentials¶
Authentication is enabled by default and will read credentials from the
path resolved by hop auth locate
.
Multiple credentials may be stored together using this mechanism.
Additional credentials may be added using hop auth add
, while the currently available
credentials may be displayed with hop auth list
and unwanted credentials can be removed
with hop auth remove
. Credentials can be added either interactively or from CSV files.
For removal, credentials are specified by username, or <username>@<hostname>
in case of ambiguity.
When using the hop CLI to connect to connect to a kafka server, a credential will be selected according to the following rules:
A credential with a matching hostname will be selected, unless no stored credential has a matching hostname, in which case a credential with no specific hostname can be selected.
If a username is specified as part of the authority component of the URL (e.g.
kafka://username@example.com/topic
) only credentials with that username will be considered.If no username is specified and there is only one credential, which is not specifically associated with any hostname, it will be used for all hosts.
For the python API, one can modify various authentication options by passing
in an Auth
instance with credentials to a Stream
instance.
This provides a similar interface to authenticating as with the requests library.
from hop import Stream
from hop.auth import Auth
auth = Auth("my-username", "my-password")
stream = Stream(auth=auth)
with stream.open("kafka://hostname:port/topic", "w") as s:
s.write({"my": "message"})
A list of multiple Auth
instance may also be passed, in which case the best match for the
connection being opened will be selected as described above.
In order to disable authentication in the command line interface, you can
pass --no-auth
for various CLI commands. For the python API, you
can set auth
to False
.