Skip to content

Add support for password functions (useful for RDS IAM auth)#554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
HLFrye wants to merge 4 commits into from
Closed

Add support for password functions (useful for RDS IAM auth) #554

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0153f11
Add support for password functions (useful for RDS IAM auth)
Apr 7, 2020
d28e36c
Added support for async password callbacks
Apr 7, 2020
7a92ded
Cleaned up extra blank lines in test_connect.py
Apr 8, 2020
0e40859
Updated docstring for connect()
Apr 8, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion asyncpg/__init__.py
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -31,4 +31,4 @@
# snapshots will automatically include the git revision
# in __version__, for example: '0.16.0.dev0+ge06ad03'

__version__ = '0.20.1'
__version__ = '0.21.0.dev0'
13 changes: 12 additions & 1 deletion asyncpg/connect_utils.py
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -21,6 +21,7 @@
import typing
import urllib.parse
import warnings
import inspect

from . import compat
from . import exceptions
Expand DownExpand Up@@ -601,6 +602,16 @@ async def _connect_addr(*, addr, loop, timeout, params, config,
raise asyncio.TimeoutError

connected = _create_future(loop)

params_input = params
if callable(params.password):
Copy link
Member

@elpranselpransApr 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also add support for coroutines (via inspect.iscoroutinefunction()) to support async callbacks.

Copy link
Author

@HLFryeHLFryeApr 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, updated the branch with support for async password callbacks and an additional test for that case as well.

if inspect.iscoroutinefunction(params.password):
password = await params.password()
else:
password = params.password()

params = params._replace(password=password)

proto_factory = lambda: protocol.Protocol(
addr, connected, params, loop)

Expand DownExpand Up@@ -633,7 +644,7 @@ async def _connect_addr(*, addr, loop, timeout, params, config,
tr.close()
raise

con = connection_class(pr, tr, loop, addr, config, params)
con = connection_class(pr, tr, loop, addr, config, params_input)
pr.set_connection(con)
return con

Expand Down
4 changes: 4 additions & 0 deletions asyncpg/connection.py
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -1566,6 +1566,10 @@ async def connect(dsn=None, *,
other users and applications may be able to read it without needing
specific privileges. It is recommended to use *passfile* instead.

Password may be either a string, or a callable that returns a string.
If a callable is provided, it will be called each time a new connection
is established.

:param passfile:
The name of the file used to store passwords
(defaults to ``~/.pgpass``, or ``%APPDATA%\postgresql\pgpass.conf``
Expand Down
38 changes: 38 additions & 0 deletions tests/test_connect.py
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -204,6 +204,44 @@ async def test_auth_password_cleartext(self):
user='password_user',
password='wrongpassword')

async def test_auth_password_cleartext_callable(self):
def get_correctpassword():
return 'correctpassword'

def get_wrongpassword():
return 'wrongpassword'

conn = await self.connect(
user='password_user',
password=get_correctpassword)
await conn.close()

with self.assertRaisesRegex(
asyncpg.InvalidPasswordError,
'password authentication failed for user "password_user"'):
await self._try_connect(
user='password_user',
password=get_wrongpassword)

Copy link
Member

@elpranselpransApr 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like flake8 is unhappy about the extra newline here

async def test_auth_password_cleartext_callable_coroutine(self):
async def get_correctpassword():
return 'correctpassword'

async def get_wrongpassword():
return 'wrongpassword'

conn = await self.connect(
user='password_user',
password=get_correctpassword)
await conn.close()

with self.assertRaisesRegex(
asyncpg.InvalidPasswordError,
'password authentication failed for user "password_user"'):
await self._try_connect(
user='password_user',
password=get_wrongpassword)

Copy link
Member

@elpranselpransApr 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... and here

async def test_auth_password_md5(self):
conn = await self.connect(
user='md5_user', password='correctpassword')
Expand Down