- class hop.auth.Auth(user, password, host='', ssl=True, method=None, token_endpoint=None, **kwargs)[source]¶
Attach SASL-based authentication to a client.
Returns client-based auth options when called.
user (str) – Username to authenticate with.
password (str) – Password to authenticate with.
host (str, optional) – The name of the host for which this authentication is valid.
ssl (bool, optional) – Whether to enable SSL (enabled by default).
method (SASLMethod, optional) – The SASL method to authenticate. The default is SASLMethod.OAUTHBEARER if token_endpoint is provided, or SASLMethod.SCRAM_SHA_512 otherwise. See valid SASL methods in SASLMethod.
ssl_ca_location (str, optional) – If using SSL via a self-signed cert, a path/location to the certificate.
token_endpoint (str, optional) – The OpenID Connect token endpoint URL. Required for OAUTHBEARER / OpenID Connect, otherwise ignored.
- property hostname¶
The hostname with which this creential is associated, or the empty string if the credential did not contain this information
- property mechanism¶
The authentication mechanism to use
- property password¶
The password for this credential
- property protocol¶
The communication protocol to use
- property ssl¶
Whether communication should be secured with SSL
- property ssl_ca_location¶
The location of the Certfificate Authority data used for SSL, or None if SSL is not enabled
- property token_endpoint¶
The OpenID Connect token endpoint, or None if OpenID Connect is not enabled
- property username¶
The username for this credential
Load a new credential and store it to the persistent configuration.
args – Command line options/arguments object. args.cred_file is taken as the path to a CSV file to import, or if None the user is prompted to enter a credential directly. args.force controls whether an existing credential with an identical name will be overwritten.
- hop.auth.delete_credential(name: str)[source]¶
Delete a credential from the persistent configuration.
name – The username, or username and hostname separated by an ‘@’ character of the credential
delete. (to) –
RuntimeError – If no credentials or more than one credential matches the specified name, making the operation impossible or ambiguous.
Configures Auth instances from a configuration file.
config_file – Path to a configuration file, loading from the default location if not given.
A list of configured Auth instances.
RuntimeError – The config file exists, but has unsafe permissions and will not be read until they are corrected.
KeyError – An error occurred parsing the configuration file.
FileNotFoundError – The configuration file, either as specified explicitly or found automatically, does not exist
Remove auth data from a general configuration file.
This can be needed when updating auth data which was read from the general config for backwards compatibility, but is then written out to the correct new location in a separate auth config, as is now proper. With no further action, this would leave a vestigial copy from before the update in the general config file, which would not be rewritten, so this function exists to perform the necessary rewrite.
config_file – Path to a configuration file, rewriting the default location if not given.
RuntimeError – The config file is malformed.
Import a credential from a CSV file or obtain it interactively from the user.
csv_file – Path to a file from which to read credential data in CSV format. If unspecified, the user will be prompted to enter data instead.
A configured Auth object containing the new credential.
FileNotFoundError – If csv_file is not None and refers to a nonexistent path.
KeyError – If csv_file is not None and the specified file does not contain either a username or password field.
RuntimeError – If csv_file is None and the interactively entered username or passwod is empty.
- hop.auth.select_matching_auth(creds, hostname, username=None)[source]¶
Selects the most appropriate credential to use when attempting to contact the given host.
creds – A list of configured Auth objects. These can be obtained from
hostname – The name of the host for which to select suitable credentials.
username – str, optional The name of the credential to use.
A single Auth object which should be used to authenticate.
RuntimeError – Too many or too few credentials matched.