Developing New Credential Providers¶
The credentials management framework for the CBC SDK is designed to allow different handlers to be implemented, which
may supply credentials to the
CBCloudAPI in ways not implemented by existing credential handlers.
Writing the Credential Provider¶
Find all classes required to implement a new credential provider in the
cbc_sdk.credentials package. See below for
descriptions of the classes. It is recommended, but not required, that your new credential provider inherit from the
CredentialProvider abstract class, and that you implement the methods from that abstract class as detailed.
The arguments to the standard
__init__() method are not defined by the interface specification; those may be used
to initialize your credential provider in any desired fashion.
Using the Credential Provider¶
Create an instance of your credential provider object and pass it as the keyword parameter
credential_provider when creating your
CBCloudAPI object. Example:
>>> provider = MyCredentialProvider() >>> cbc_api = CBCloudAPI(credential_provider=provider, profile='default')
Your credential provider’s
get_credentials() method will be called, passing in any profile specified in the
profile keyword parameter used when creating
Credential Provider Reference¶
These are the classes from the
cbc_sdk.credentials package that are used in making a credential provider.
This class is of an enumerated type, and represents the various credential items loaded by the credential provider and fed to the rest of the SDK code. The possible values are:
URL- The URL used to access the Carbon Black Cloud. This value must be specified.
TOKEN- The access token to be used to authenticate to the server. It is the same structure as the
X-Auth-Token:defined for direct API access in the developer documentation. This value must be specified.
ORG_KEY- The organization key specifying which organization to work with. This value must be specified.
SSL_VERIFY- A Boolean value indicating whether or not to validate the SSL connection. The default is
SSL_VERIFY_HOSTNAME- A Boolean value indicating whether or not to verify the host name of the server being connected to. The default is
SSL_CERT_FILE- The name of an optional certificate file used to validate the certificates of the SSL connection. If not specified, the standard system certificate verification will be used.
SSL_FORCE_TLS_1_2- A Boolean value. If this is
True, the connection will be forced to use TLS 1.2 rather than any later version. The default is
PROXY- If specified, this is the name of a proxy host to be used in making the connection.
IGNORE_SYSTEM_PROXY- A Boolean value. If this is
True, any system proxy settings will be ignored in making the connection to the server. The default is
INTEGRATION- The name of the integration to use these credentials. The string may optionally end with a slash character, followed by the integration’s version number. Passed as part of the
User-Agent:HTTP header on all requests made by the SDK.
Values of this type have one method:
Returns whether or not this particular credential item takes a Boolean value.
True if the credential item takes a Boolean value,
False if the credential item takes a
The class that holds credentials retrieved from the credential provider, and is used by the rest of the SDK. It is effectively immutable after creation.
def __init__(self, values=None):
Initializes a new
dict): A dictionary containing the values to initialize the
Credentialsobject with. The keys of this dictionary may be either
CredentialValueobjects or their lowercase string equivalents, e.g.
"url". The values in the dict are strings for those credential items with string values. For credential items with Boolean values, the values may be either
boolvalues, numeric values (with 0 being treated as
Falseand non-zero values treated as
True), or string values. In the case of string values, the value must be “0”, “false”, “off”, or “no” to be treated as a
Falsefalue, or “1”, “true”, “on”, or “yes” to be treated as a
Truevalue (all values case-insensitive). If an unrecognized string is used for a Boolean value,
CredentialErrorwill be raised. Unrecognized keys in the dict are ignored. Any missing items will be replaced by the default for that item.
CredentialError- If there is an error parsing a Boolean value string.
def get_value(self, key):
Retrieves a specific credential value from this object.
CredentialValue): Indicates which item to retrieve.
Returns: The value of that credential item (
def __getattr__(self, name):
Retrieves a specific credential value from this object. This is a bit of “syntactic sugar” allowing other code to
access credential values, for instance, as
cred_object.url instead of
str): Indicates which item to retrieve.
Returns: The value of that credential item (
AttributeError- If the credential item
All credential providers should extend this abstract class, but, in any event, must implement the protocol it defines.
def get_credentials(self, section=None):
Return a Credentials object containing the configured credentials.
str): Indicates the credential section to retrieve. May be interpreted by the credential provider in amy manner it likes; may also be ignored.
Credentials object containing the retrieved credentials.
CredentialError- If there is an error retrieving the credentials.