I am trying to configure an engine in sqlalchemy to connect with temporary credentials from an AWS IAM role using get_cluster_credentials api.
When I do so this is the user I get 'IAM:user_rw'. Problem comes when I configure the engine string as
engine_string = "postgresql+pygresql://{user}:{password}#{endpoint}:{port}/{dbname}".format(
user=cluster_creds['DbUser'],
password=cluster_creds['DbPassword'],
endpoint='big endpointstring',
port=8192,
dbname='small dbname')
I create the engine without errors but when running any query I get: FATAL: password authentication failed for user "IAM"
Tested the user and pass in DataGrip it works so it seems evident sqlalchemy is getting the user just as "IAM" instead of 'IAM:user_rw'.
Do you know how can I force sqlalchemy to get the correct user?
I managed to solve the issue using urllib parse_quote in a similar fashion to what Gord is pointing. Final code
from urllib.parse import quote_plus
engine_string = "postgresql+pygresql://%s:%s#%s:%d/%s" % (
quote_plus(user),
quote_plus(passw),
endpoint,
port,
dbname,
)
Related
Currently I am using (of course with more elaborate variables):
conn = openstack.connect(
load_yaml_config=False,
load_envvars=False,
auth_url=AL,
project_name=PN,
username=UN,
password=PW,
region_name=RN,
user_domain_name=UDN,
project_domain_name=PDN,
app_name=42,
app_version=42
)
to connect to projects. But in the future I would like to offer using application credentials, too. While there is plenty of documentation on how to authenticate with said credentials, I can't find anything about authenticating a connection with it. How is it done?
So what I am looking for is a way to create a connection without username and password, but credentials instead.
On connection: https://docs.openstack.org/openstacksdk/latest/user/connection.html
On application credentials: https://docs.openstack.org/keystone/queens/user/application_credentials.html
On rest-api calls https://docs.openstack.org/api-ref/identity/v3/index.html#application-credentials
Existing authenticated session
This might be an option:
From existing authenticated Session
-----------------------------------
For applications that already have an authenticated Session, simply passing
it to the :class:`~openstack.connection.Connection` constructor is all that
is needed:
.. code-block:: python
from openstack import connection
conn = connection.Connection(
session=session,
region_name='example-region',
compute_api_version='2',
identity_interface='internal')
but I have to investigate further.
I couldn't find any documentation, but apparently it is possible to create a connection like this:
openstack.connect(
load_yaml_config=False,
load_envvars=False,
auth_url=AU,
region_name=RN,
application_credential_id=ACI,
application_credential_secret=ACS,
auth_type=AT
)
and that will return a connection object just like before. auth_type has to be "v3applicationcredential" when using application credentials.
I have deployed this Python app on Heroku and i want it to connect to a MongoDB Atlas cluster. I used my string to connect to the cluster, but for some reason i keep getting raise OperationFailure(msg % errmsg, code, response)
pymongo.errors.OperationFailure: bad auth Authentication failed. I checked twice and both the user and the password are correct. Any idea on why this is happening?
from pymongo import MongoClient
import time
import random
import time
import datetime
client = MongoClient('mongodb+srv://USER:<MYPASSWORD>#test-2liju.mongodb.net/test?retryWrites=true')
db = client.one
mycol = client["tst"]
while True:
test = int(random.randrange(-99999990,90000000,1))
dic = {"num": test}
result = db.tst.insert_one(dic)
print(test)
time.sleep(5)
Stupid error, i had to type MYPASSWORD instead of <MYPASSWORD>, without the <>
Don't use any special char in password, like '+' or '='.
I use OpenSSL to generate a password like u4wY9AOwnOLMY+h9EQ==. Came across bad auth Authentication failed.
After using MongoDB Compass it told me don't use special char, so I remove those and use like 'u4wY9AOwnOLMYh9EQ'.
Then it works.
check the compatibility of the version of the Python driver you choose from the Mongodb Atlas Connections. versions above 3.4 are not supported by mongoengine flask
I am using the MongoDB on my app and when I try to access the database directly using the service connector, I am able to connect but then I am getting :
Error: error: {
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { *any command*}",
"code" : 13
}
and this on any query or command.
Is there a way to change authorization or accessing the data of my MongoDB
P.S: My MongoDB was bind as in the tutorial: https://docs.developer.swisscom.com/tutorial-python/bind-service.html
It looks like you're trying to execute commands on the admin database on which your user is not authorized. You can find the correct database which your user is authorized on in the credentials (key mongodb.credentials.database) but ideally you connect using the provided URI (mongodb.credentials.uri) which will connect you to the correct database automatically.
You can have a look at the Python example in the tutorial you linked to find out how to access and use those credentials correctly.
The answer from Sandro Mathys is correct and helpful, I wish to clarify/simplyfy a little bit.
The service broker grants you the Role dbOwner and creates a database with random name for you. This is done during cf create-service process.
The database owner can perform any administrative action on the
database. This role combines the privileges granted by the readWrite,
dbAdmin and userAdmin roles.
You have no privileges on admin database. The admin database is only for Swisscom operators. Please use for login with mongo shell the parameter --authenticationDatabase with the random database name from cf env.
Specifies the database in which the user is created. See Authentication Database.
If you do not specify a value for --authenticationDatabase, mongo uses the database specified in the connection string.
I designed a simple website using Flask and my goal was to deploy it on Google App engine. I started working on it locally and used google cloud sql for the database. I used google_cloud_proxy to open the port 3306 to interact with my GC SQL instance and it works fine locally... this is the way I'm connecting my application to GC SQL:
I have a app.yaml file which I've defined my Global Variables in it:
env_variables:
CLOUDSQL_SERVER = '127.0.0.1'
CLOUDSQL_CONNECTION_NAME = "myProjectName:us-central1:project"`
CLOUDSQL_USER = "user"
CLOUDSQL_PASSWORD = "myPassword"
CLOUDSQL_PORT = 3306
CLOUDSQL_DATABASE = "database"
and from my local machine I do:
db = MySQLdb.connect(CLOUDSQL_SERVER,CLOUDSQL_USER,CLOUDSQL_PASSWORD,CLOUDSQL_DATABASE,CLOUDSQL_PORT)
and if I want to get connected on App Engine, I do:
cloudsql_unix_socket = os.path.join('/cloudsql', CLOUDSQL_CONNECTION_NAME)
db = MySQLdb.connect(unix_socket=cloudsql_unix_socket,user=CLOUDSQL_USER,passwd=CLOUDSQL_PASSWORD,db=CLOUDSQL_DATABASE)
the static part of the website is running but for example, when I want to login with a username and password which is stored in GC SQL, I receive an internal error.
I tried another way... I started a compute engine, defined my global variables in config.py, installed flask, mysqldb and everything needed to start my application. I also used cloud_sql_proxy on that compute engine and I tried this syntax to connect to GC SQL instance:
db = MySQLdb.connect(CLOUDSQL_SERVER,CLOUDSQL_USER,CLOUDSQL_PASSWORD,CLOUDSQL_DATABASE,CLOUDSQL_PORT)
but it had the same problem. I don't think that it's the permission issue as I defined my compute engine's ip address in the authorized network part of GC SQL and in I AM & ADMIN part, the myprojectname#appspot.gserviceaccount.com has the Editor role!
can anyone help me out where the problem is?
ALright! I solved the problem. I followed the Google cloud's documentation but I had problems.I added a simple '/' in:
cloudsql_unix_socket = os.path.join('/cloudsql', CLOUDSQL_CONNECTION_NAME)
instead of '/cloudsql' it should be '/cloudsql/'
I know it's weird because os.path.join must add '/' to the path but for strange reasons which I don't know, it wasn't doing so.
I am new to mongodb and I am trying to connect it remotely (from my local system to live db) and it is connected successfully. I have admin users in admin table and want that without authentication no one can access my database. But when I try to connect Mongodb remotely via the below mention code , even without authentication i can access any db :
from pymongo import MongoClient, Connection
c = MongoClient('myip',27017)
a = c.mydb.testData.find()
In my config file , the parameter auth is set to True , auth = True . But still no authentication is needed to access my db . Please can anyone let me know what I am missing here.
Based on your description I would guess you haven't actually enabled authentication. In order to enable authentication you must start the Mongo server with certain settings. You can find more information below:
http://docs.mongodb.org/manual/tutorial/enable-authentication/
Basically you need to run with --auth in order to enable authentication.