immudb-py
immudb client for Python.
OfficialTry it on the immudb Playground!
Contents
- Introduction
- Prerequisites
- Installation
- Supported Versions
- Quickstart
- Step by step guide
- Creating a Client
Introduction
immu-py implements a grpc immudb client. A minimalist API is exposed for applications while cryptographic
verifications and state update protocol implementation are fully implemented by this client.
Latest validated immudb state may be kept in the local filesystem when using default rootService
,
please read immudb research paper for details of how immutability is ensured by immudb.
Prerequisites
immu-py assumes there is an existing instance of the immudb server up and running.
Running immudb
is quite simple, please refer to the
following link for downloading and running it: https://immudb.io/docs/quickstart.html
immudb-py requires python version 3.6 or greater. If you are using 3.6, you'll need dataclasses package; on 3.7+, dataclasses is part of the python distribution.
Installation
You can install latest version cloning this repository, and then use the make command to install prerequisites and the package itself:
make init
make install
Or, you can install latest stable version using pip:
pip3 install immudb-py
Then, in you code, import the client library as as follows:
from immudb import ImmudbClient
Note: immudb-py need grpcio
module from google. On Alpine linux, you need
these packages in order to correctly build (and install) grpcio:
linux-headers
python3-dev
g++
Supported Versions
immu-py supports the latest immudb release.
Quickstart
Hello Immutable World! example can be found in immudb-client-examples
repo.
Step by step guide
Creating a Client
The following code snippets shows how to create a client.
Using default configuration:
client = ImmudbClient()
Setting immudb
url and port:
client = ImmudbClient("mycustomurl:someport")
client = ImmudbClient("10.105.20.32:8899")
User sessions
Use login
and logout
methods to initiate and terminate user sessions:
client.login("usr1", "pwd1");
// Interact with immudb using logged user
client.logout();
Encoding
Please note that, in order to provide maximum flexibility, all functions accept byte arrays as parameters. Therefore, unicode strings must be properly encoded. It is possible to store structured objects, but they must be serialized (e.g., with pickle or json).
Creating a database
Creating a new database is quite simple:
client.createDatabase(b"db1");
Setting the active database
Specify the active database with:
client.useDatabase(b"db1");
If not specified, the default databased used is "defaultdb".
Traditional read and write
immudb provides read and write operations that behave as a traditional key-value store i.e. no cryptographic verification is done. This operations may be used when validations can be post-poned:
client.set(b"k123", b"value123");
result = client.get(b"k123");
Verified read and write
immudb provides built-in cryptographic verification for any entry. The client implements the mathematical validations while the application uses as a traditional read or write operation:
try:
client.verifiedSet(b"k123", b"v123");
results = client.verifiedGet(b"k123");
Except VerificationException as e:
# Do something
Multi-key read and write
Transactional multi-key read and write operations are supported by immudb and immudb-py. Atomic multi-key write (all entries are persisted or none):
normal_dictionary = {b"key1": b"value1", b"key2": b"value2"}
client.setAll(normal_dictionary);
Atomic multi-key read (all entries are retrieved or none):
normal_dictionary = {b"key1": b"value1", b"key2": b"value2"}
results_dictionary = client.getAll(normal_dictionary.keys())
# Or manually
client.get([b"key1", b"key2"])
User management
Users can be added and granted access to databases.
Adding a user
The createUser
functions create a new users and grants the specified permission to a database.
user='newuser'
password='Pw1:pasdfoiu'
permission=immudb.constants.PERMISSION_RW
database='defaultdb'
client.createUser(user, password, permission, database)
The database must exists at the time the user is created. The password must be between 8 and 32 characters in length, and must have at least one upper case letter, a symbol and a digit.
Permission are defined in immudb.constants and are:
PERMISSION_SYS_ADMIN
PERMISSION_ADMIN
PERMISSION_NONE
PERMISSION_R
PERMISSION_RW
Changin password
The user must must provide both old and new password:
newPassword="pW1:a0s98d7gfy"
resp=client.changePassword(user, newPassword, oldPassword)
It is applied the same password policy of user creation.
User list
To get the list of user created on immudb, simply call listUsers
:
resp=client.listUsers()
print(users.userlist.users)
Closing the client
To programatically close the connection with immudb server use the shutdown
operation:
client.shutdown();
Note: after shutdown, a new client needs to be created to establish a new connection.
State persistance
An important immudb feature is the ability for a client to check every transaction for tampering. In order to be able to do that, it is necessary to persist client state (i.e., save it to disk) so that if some tampering on the server happens between two runs, it is immediatly detected.
A RootService
implements just that: it stores immudb client after every transaction, in order to be able to
use it afterward to check the server correctness.
Using the Persistent Root Service
The default RootService, for simplicity, commits the state to RAM, and so it is unsuitable for real time safe
application. To have persistance, the application must instantiate a PersistentRootService
object, which stores
its state to disk.
Let's see a simple example that uses state persistance:
from immudb.client import ImmudbClient, PersistentRootService
client=ImmudbClient(rs=PersistentRootService())
client.login(username="immudb", password="immudb")
client.verifiedTxById(42)
client.verifiedGet(b"example")
In this example, the Root Service is saved to the disk after every verified transaction. As you can see, it is very easy to use. Just create and use the PersistentRootService object in the client initialization.
Process and threads
Please keep in mind that the implementation is not thread/process safe. If you are using a multi-process application, it is advisable to use a different state file for every instance: just pass the filename as argument to the PersistentRootService constructor:
client = ImmudbClient(rs=PersistentRootService("rootfilename"))
Default rootfile is "~/.immudbRoot"
If needed/wanted, it is also easy to extend the default implementation adding synchronization primitives to the get/set methods. In this way, more than one immudb client can share the same PersistentRootService instance without interering each other.
Cryptographic state signing
To increase safety, it is possible to generate a private key and use it to sign every verification response. Clients can then use the corresponding public key to check for response correctness.
Key generation
You can use openssl
to create a private key, and then extract the public key:
openssl ecparam -name prime256v1 -genkey -noout -out private_signing_key.pem
openssl ec -in private_signing_key.pem -pubout -out public_signing_key.pem
Key usage (server side)
On immudb server, use --signingKey private_signing_key.pem
to activate cryptographic signature.
Key usage (client/SDK side)
On immudb python SDK, just pass the public key filename to the ImmudbClient constructor:
client=ImmudbClient(publicKeyFile="/certs/public_signing_key.pem")
Every transaction will be then automatically checked. An exception is thrown if the cryptographic check fails.
Contributing
We welcome contributions. Feel free to join the team!
To report bugs or get help, use GitHub's issues.