search

cloudant / python-cloudant

A Python library for Cloudant and CouchDB
Apache License 2.0
163 stars 55 forks source link

Allow IAM token URL to be passed as an argument to Cloudant.iam #484

Closed ashishth09 closed 3 years ago

ashishth09 commented 3 years ago

Hello,

Today token url is fixed as 'https://iam.cloud.ibm.com/identity/token' or reads from an environment variable IAM_TOKEN_URL We use IAM for more than just connecting to Cloudant and have run into an issue where for cloudant we need to be the default but for other services we need a test url.

I feel the library shouldn't make a decision of hard coding the environment variable deep inside, rather let user pass arguments which can be exposed via environment variables of their choice.

emlaver commented 3 years ago

Hi @ashishth09, so I understand correctly, other service SDKs use the IAM_TOKEN_URL env variable and that interferes when trying to run python-cloudant using the default IAM token URL? If so, one option would be to unset the env varible programmatically (e.g. del os.environ['IAM_TOKEN_URL']) before running python-cloudant.

We also have a new openAPI generated library that will replace this Python SDK: https://github.com/IBM/cloudant-python-sdk I'd recommend migrating over to this given that our new library allows for passing the IAM token URL as an argument: https://cloud.ibm.com/apidocs/cloudant?code=python#programmatic-authentication

Example with new library using custom IAM token URL and printing response of all databases:

from ibmcloudant.cloudant_v1 import CloudantV1
from ibm_cloud_sdk_core.authenticators import IAMAuthenticator

authenticator = IAMAuthenticator(apikey='{apikey}', url='https://custom.url')
service = CloudantV1(authenticator=authenticator)
# URL of Cloudant instance
service.set_service_url('{url}')

response = service.get_all_dbs().get_result()
print(response)
ashishth09 commented 3 years ago

Hello @emlaver. Thanks, can we start using that SDK in production?. I see some disclaimers on that repo.

vmatyus commented 3 years ago

As the new cloudant-python-sdk is still beta, deployment in production is at your own risk. You are welcome to test the library and see if it meets your requirements for a production deployment, however there could be breaking changes introduced in the near future - currently I cannot tell how many - because based on the comments and issues that reported, its capabilities still extending. It could be also, that you will face some issues during the migration and our development team would really appreciate your concerns regarding the usage of this new SDK.

ricellis commented 3 years ago

We won't be changing this here. As discussed our new cloudant-python-sdk(beta) already has more options for setting IAM URLs.