Аутентификация при помощи файла сервисного аккаунта
Ниже приведены примеры кода аутентификации при помощи файла сервисного аккаунта в разных YDB SDK.
Go
Java
JavaScript
Python
C# (.NET)
Rust
PHP
Native SDK
database/sql
package main
import (
"context"
"os"
"github.com/ydb-platform/ydb-go-sdk/v3"
yc "github.com/ydb-platform/ydb-go-yc"
)
func main() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
db, err := ydb.Open(ctx,
os.Getenv("YDB_CONNECTION_STRING"),
yc.WithServiceAccountKeyFileCredentials(
os.Getenv("YDB_SERVICE_ACCOUNT_KEY_FILE_CREDENTIALS"),
),
yc.WithInternalCA(), // append Yandex Cloud certificates
)
if err != nil {
panic(err)
}
defer db.Close(ctx)
...
}
package main
import (
"context"
"database/sql"
"os"
"github.com/ydb-platform/ydb-go-sdk/v3"
yc "github.com/ydb-platform/ydb-go-yc"
)
func main() {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
nativeDriver, err := ydb.Open(ctx,
os.Getenv("YDB_CONNECTION_STRING"),
yc.WithServiceAccountKeyFileCredentials(
os.Getenv("YDB_SERVICE_ACCOUNT_KEY_FILE_CREDENTIALS"),
),
yc.WithInternalCA(), // append Yandex Cloud certificates
)
if err != nil {
panic(err)
}
defer nativeDriver.Close(ctx)
connector, err := ydb.Connector(nativeDriver)
if err != nil {
panic(err)
}
db := sql.OpenDB(connector)
defer db.Close()
...
}
Native SDK
JDBC
public void work(String connectionString, String saKeyPath) {
AuthProvider authProvider = CloudAuthHelper.getServiceAccountFileAuthProvider(saKeyPath);
try (GrpcTransport transport = GrpcTransport.forConnectionString(connectionString)
.withAuthProvider(authProvider)
.build();
QueryClient queryClient = QueryClient.newClient(transport).build()) {
doWork(queryClient);
}
}
public void work() throws SQLException {
Properties props = new Properties();
props.setProperty("saKeyFile", "~/keys/sa_key.json");
try (Connection connection = DriverManager.getConnection("jdbc:ydb:grpc://localhost:2136/local", props)) {
doWork(connection);
}
// Опцию saKeyFile также можно указать прямо в JDBC URL
try (Connection connection = DriverManager.getConnection("jdbc:ydb:grpc://localhost:2136/local?saKeyFile=~/keys/sa_key.json")) {
doWork(connection);
}
}
В Spring Boot, ORM и прочих сторонних фреймворках вокруг JDBC укажите ту же JDBC-строку подключения и параметр saKeyFile (в URL или в свойствах DataSource), что и в примере выше.
Загрузка данных сервисного аккаунта из файла:
import { Driver } from "@ydbjs/core";
import { ServiceAccountCredentialsProvider } from "@ydbjs/auth-yandex-cloud";
const driver = new Driver("grpc://localhost:2136/local", {
credentialsProvider: ServiceAccountCredentialsProvider.fromFile("./authorized_key.json"),
});
await driver.ready();
Загрузка данных сервисного аккаунта из стороннего источника (например, из хранилища секретов):
import { Driver } from "@ydbjs/core";
import { ServiceAccountCredentialsProvider } from "@ydbjs/auth-yandex-cloud";
const driver = new Driver("grpc://localhost:2136/local", {
credentialsProvider: new ServiceAccountCredentialsProvider({
id: "serviceAccountId",
keyId: "accessKeyId",
privateKey: "-----BEGIN PRIVATE KEY-----\n...",
}),
});
await driver.ready();
Native SDK
Native SDK (Asyncio)
SQLAlchemy
import os
import ydb
import ydb.iam
with ydb.Driver(
connection_string=os.environ["YDB_CONNECTION_STRING"],
# service account key should be in the local file,
# and SA_KEY_FILE environment variable should point to it
credentials=ydb.iam.ServiceAccountCredentials.from_file(os.environ["SA_KEY_FILE"]),
) as driver:
driver.wait(timeout=5)
...
import os
import asyncio
import ydb
import ydb.iam
async def ydb_init():
async with ydb.aio.Driver(
endpoint=os.environ["YDB_ENDPOINT"],
database=os.environ["YDB_DATABASE"],
# service account key should be in the local file,
# and SA_KEY_FILE environment variable should point to it
credentials=ydb.iam.ServiceAccountCredentials.from_file(os.environ["SA_KEY_FILE"]),
) as driver:
await driver.wait()
...
asyncio.run(ydb_init())
import os
import sqlalchemy as sa
import ydb.iam
engine = sa.create_engine(
"yql+ydb://localhost:2136/local",
connect_args={
"credentials": ydb.iam.ServiceAccountCredentials.from_file(
os.environ["YDB_SERVICE_ACCOUNT_KEY_FILE_CREDENTIALS"]
)
}
)
with engine.connect() as connection:
result = connection.execute(sa.text("SELECT 1"))
using Ydb.Sdk;
using Ydb.Sdk.Yc;
const string endpoint = "grpc://localhost:2136";
const string database = "/local";
var saProvider = new ServiceAccountProvider(
saFilePath: "path/to/sa_file.json" // Path to file with service account JSON info);
);
await saProvider.Initialize();
var config = new DriverConfig(
endpoint: endpoint,
database: database,
credentials: saProvider
);
await using var driver = await Driver.CreateInitialized(config);
use ydb::{ClientBuilder, ServiceAccountCredentials, YdbResult};
let client = ClientBuilder::new_from_connection_string(std::env::var("YDB_CONNECTION_STRING")?)?
.with_credentials(ServiceAccountCredentials::from_env()?)
.client()?;
<?php
use YdbPlatform\Ydb\Ydb;
use YdbPlatform\Ydb\Auth\JwtWithJsonAuthentication;
$config = [
'database' => '/ru-central1/b1glxxxxxxxxxxxxxxxx/etn0xxxxxxxxxxxxxxxx',
'endpoint' => 'ydb.serverless.yandexcloud.net:2135',
'discovery' => false,
'iam_config' => [
'temp_dir' => './tmp', // Temp directory
// 'root_cert_file' => './CA.pem', // Root CA file (uncomment for dedicated server)ы
],
'credentials' => new JwtWithJsonAuthentication('./jwtjson.json')
];
$ydb = new Ydb($config);
или
<?php
use YdbPlatform\Ydb\Ydb;
use YdbPlatform\Ydb\Auth\JwtWithPrivateKeyAuthentication;
$config = [
'database' => '/ru-central1/b1glxxxxxxxxxxxxxxxx/etn0xxxxxxxxxxxxxxxx',
'endpoint' => 'ydb.serverless.yandexcloud.net:2135',
'discovery' => false,
'iam_config' => [
'temp_dir' => './tmp', // Temp directory
// 'root_cert_file' => './CA.pem', // Root CA file (uncomment for dedicated server)
],
'credentials' => new JwtWithPrivateKeyAuthentication(
"ajexxxxxxxxx","ajeyyyyyyyyy",'./private.key')
];
$ydb = new Ydb($config);
Была ли статья полезна?
Предыдущая
Следующая