We do not have any tokens ready, how can we authenticate with LDAP instead to use the Okera API? Our developers use PyOkera and need to find an alternative to precreated tokens that could expire and need renewal.
The following is an example script to show how this can be done in Python. It uses the fact that
enable_token_auth accepts a function that can go and acquire the token.
The script needs to be adopted to your environment for acquiring the username and password that is used to authenticate against the LDAP server. In this example it is using environment variables, named
OKERA_PASSWORD, but they could be retrieved from other places as well (for example, a Secrets service, as offered by cloud vendors).
The same applies to the
OKERA_PLANNER_PORT, which are hardcoded (or use a placeholder). These variable could also be sourced from other places.
import jsonimport os
from okera import context
OKERA_HOST = "<your_odas_cluster_dns_or_ip_address>"
OKERA_REST_PORT = 8083
OKERA_PLANNER_PORT = 12050
username = os.environ['OKERA_USERNAME']
password = os.environ['OKERA_PASSWORD']
auth = requests.auth.HTTPBasicAuth(username, password)
res = requests.post(
'https://%s:%s/api/next/get-token' % (OKERA_HOST, OKERA_REST_PORT),
if res.status_code != 200:
raise Exception("Failed to authenticate with LDAP")
token_data = res.json()
if 'data' not in token_data \
or 'token' not in token_data['data'] \
or not token_data['data']['token']:
raise Exception("Malformed token response")
ctx = context()
with ctx.connect(host=OKERA_HOST, port=OKERA_PLANNER_PORT) as conn:
print(conn.scan_as_json('select * from okera_sample.whoami'))