Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for custom auth providers #34

Open
downsider opened this issue Jul 7, 2022 · 3 comments
Open

Support for custom auth providers #34

downsider opened this issue Jul 7, 2022 · 3 comments
Assignees
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed question Further information is requested
Milestone

Comments

@downsider
Copy link

My company are investigating a migration from our self hosted Cassandra instances to AWS Keyspaces, which is touted as a drop in replacement for Cassandra

We have hit a problem with authentication, whereby either we have to use credentials for a "service account" IAM user (which our InfoSec team highly frown upon, for reasons) or use temporary token passwords (similar to access tokens used in OAuth) generated via Sigv4. The process for using Sigv4 requires us to inject a custom header containing the signed token into the request, so that AWS can validate the request is genuine

Would it be possible to add support for custom auth providers into the driver please, so we can implement and use the more secure auth Sigv4 authentication method?

The python implementation of this can be found here: https://github.com/aws/aws-sigv4-auth-cassandra-python-driver-plugin and the API it uses: https://docs.datastax.com/en/developer/python-driver/3.24/api/cassandra/auth/#cassandra.auth.AuthProvider.

We would be looking for a similar API, so this could also potentially be used with SASL or any other compatible authentication mechanism

@CodeLieutenant
Copy link
Member

Seems ti be possible to add, but requires quite a bit of work. Since I am the only maintainer and not working full time on driver maintainence, this will be quite low on the priority list.

We are using self hosted ScyllaDB in production and basic auth is fine, if your company need other forms of authentication, you can submit pull request.

@CodeLieutenant CodeLieutenant added help wanted Extra attention is needed question Further information is requested good first issue Good for newcomers enhancement New feature or request labels Jul 7, 2022
@CodeLieutenant CodeLieutenant self-assigned this Jul 7, 2022
@downsider
Copy link
Author

Thanks for your reply

Yeah, I thought that might be the case; figured it was worth asking anyway.

Unfortunately, my company has little experience writing C, even less writing PHP extensions, so we probably wouldn't be much help. I think the best we can do here is mark it as a feature request and you get around to it when you have time

Thanks for looking anyway

@CodeLieutenant
Copy link
Member

CodeLieutenant commented Jul 7, 2022

I will try my best to deliver this feature, but no promises, if it lands it will be in 2.x version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed question Further information is requested
Projects
Status: To do
Development

No branches or pull requests

2 participants