E.g. for MySQL? Using SQLAlchemy in a web app that will eventually run in K8s. Users would connect with their kerberos and service-specific ticket that I'd like SQLAlchemy to forward when establishing DB connection. Is it supported?
--SQLAlchemy -The Python SQL Toolkit and Object Relational MapperTo post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description.---You received this message because you are subscribed to the Google Groups "sqlalchemy" group.To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+...@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/sqlalchemy/459d9590-a23b-4d41-b000-ffc3d23ad1a8n%40googlegroups.com.
Mike, thanks for quick reply! "Mysql/connector python" - it is "mysql+mysqldb://..." connectors, right? Will look into driver details
Several other points:- I don't see why create_engine() would have to be called on every request: connection pool of 1 connection maintained per user session, anything wrong with that? Would SQLAlchemy support that?
- You are right, having single connection pool per data source shared between all webapp users is more efficient- It would better be kerberos username + keytab - really dislike clear-text passwords in config files (not a matter of dislike, actually - corporate policy)
On Saturday, February 27, 2021 at 6:48:18 PM UTC-5 Mike Bayer wrote:It's not really a normal pattern in a web application that database connections are user-specific. This is usually too inefficient as it means you're connecting and disconnecting for every click. Typically a web application uses a single password for the whole database, and then any kind of user-level security is done at a row level based on auth-related columns in the tables.Otherwise, to connect to the database with kerberos you would have to resolve this with the database driver in question first. From the SQLAlchemy side this just has to do with what parameters you pass to create_engine() that get sent through to the driver. mysql/connector python, while the driver I prefer the least, might be the only one that supports kerberos auth. But as for how to integrate this in a web application it would be a little bit awkard since you'd have to create_engine() for every web click and it will not be very efficient.On Sat, Feb 27, 2021, at 3:22 PM, Dmitri Etkine wrote:E.g. for MySQL? Using SQLAlchemy in a web app that will eventually run in K8s. Users would connect with their kerberos and service-specific ticket that I'd like SQLAlchemy to forward when establishing DB connection. Is it supported?
--SQLAlchemy -The Python SQL Toolkit and Object Relational MapperTo post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description.---You received this message because you are subscribed to the Google Groups "sqlalchemy" group.To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+...@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/sqlalchemy/459d9590-a23b-4d41-b000-ffc3d23ad1a8n%40googlegroups.com.
--SQLAlchemy -The Python SQL Toolkit and Object Relational MapperTo post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description.---You received this message because you are subscribed to the Google Groups "sqlalchemy" group.To unsubscribe from this group and stop receiving emails from it, send an email to sqlalchemy+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sqlalchemy/764fd50a-b440-4b87-a774-497303de8ec9n%40googlegroups.com.