Conn auth #243
Conn auth #243
Conversation
|
@byersiiasa if you want to get started working on AR6, you can use this branch to do so. You'll need to coordinate the naming conventions with @zikolach and @fonfon |
|
For the application names I'd prefer to fetch them from the auth-server and see how that goes. If we hard-code a lookup dict here it will become tedious (or forgotten) to keep it up to date, even if the application names do not change very often. |
|
Ok @fonfon, happy to make this more amenable to the existing REST API features. Let's discuss when we're both in the office/on slack. |
|
Here is the example how users can currently interact with the |
|
Note that this needs iiasa/auth_server#53 to continue further |
|
Hi folks, from my perspective this PR is now complete and ready for final review. @fonfon @byersiiasa and/or @danielhuppmann would you mind taking a final look? |
There was a problem hiding this comment.
One minor comment on a docstring, otherwise looks good.
But I see the risk with that approach that users will store their credentials in notebooks, maybe even committing those to GitHub by mistake. Any thoughts on that?
More generally, I think it is not ideal that the API uses database-instance-names and not "nice" names like "iamc15", @fonfon @zikolach. Maybe that was the easier implementation for a quick solution, but sub-optimal from a user-experience point-of-view.
|
@danielhuppmann @zikolach @fonfon (and @khaeru if you're interested) I have listed a set of TODOs in the PR summary. Could you please provide input/opinions on items 1 and 2? Namely, for credentials, I see a lot of potential problems here. E.g., if we want to support environment variables explicitly, once they are set, a user can no longer get explicitly to public dbs as "anonymous", because any sort of default/fall-back will always see them. Config files are less problematic, but is it our job in this library to support this? A user can always write their own file and read it in however they wish... On the naming, I have no super strong opinions and would be happy if y'all could come to a consensus that I can implement. |
|
Hi all, in bea472e I have added the ability to pass a credentials file with a warning if a non-file based option is used. I think that should cover the issues here. |
|
Ok all, to my eye this PR is now complete. Please let me know the resolution of point 1 between yourselves. |
|
Hi returns returns Thanks all! |
|
Hi @danielhuppmann @zikolach and @fonfon would be great to try to come to some resolution on the point above so this can be merged. Thanks! |
|
Hi @danielhuppmann @zikolach and @fonfon. This has been an open for ~2 weeks now. It would be great to get a response on point 1 above. If there is no resolution in a reasonable timeframe, I suggest we pull this as-is unless someone wants to object and review! |
|
@gidden fyi I have no access to mark this PR as accepted despite the fact I included in reviewers list |
|
Just added you as a collaborator! |
@gidden half way there - now I can squash and merge but not accept/reject ;) |
|
Hello,
I think someone included Github id reference @byers instead of @byersiiasa
in a pull request comment. This might explain why he's not getting
notifications of comments, etc. since I am ;-).
It looks like an interesting project, but i'm pretty busy with a startup
and other projects, so please remove me from your list (@byersiiasa instead
of @byers)
https://github.com/byersiiasa
Thanks for your time,
Byers
…On Mon, Jul 29, 2019 at 2:43 AM Nikolay Kushin ***@***.***> wrote:
***@***.**** approved this pull request.
Thanks @gidden <https://github.com/gidden>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#243?email_source=notifications&email_token=AAHSE3PHCQ7ZH5J57K3NAATQB2URPA5CNFSM4H63OPC2YY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOB7Z6IEI#pullrequestreview-267641873>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAHSE3LKDTEPCLUKMQXA5CLQB2URPANCNFSM4H63OPCQ>
.
|
Please confirm that this PR has done the following:
This PR adds the ability to connect to non-public databases by providing a username and password.
TODO:
iamc15and the "application name" isIXSE_SR15. We should decide which to go with in the end. To note, utilizing the "short name" will require an additional mapping in the python code (to the best of my knowledge), which was seen as desirable to avoid. In any case, I think we should limit the user to needing to know only one name.