Token providers can use the member address for token creation (#455)

yuce · web-flow · commit fe64fe198807 · 2021-08-22T13:16:28.000+03:00
Token providers can use the member address for token creation
diff --git a/docs/securing_client_connection.rst b/docs/securing_client_connection.rst
@@ -330,28 +330,6 @@ The package provides the necessary token provider that handles the
 authentication against the KDC (key distribution center) with the given
 credentials, receives and caches the ticket, and finally retrieves the token.
 
-You can install the package from PyPI.
-
-.. code:: bash
-
-    pip install hazelcast-kerberos
-
-A sample code that makes use of the package is below.
-
-.. code:: python
-
-    import hazelcast
-    import hzkerberos
-
-    token_provider = hzkerberos.TokenProvider(
-        principal="hz/172.17.0.2@EXAMPLE.COM",
-        keytab="/etc/krb5.keytab",
-    )
-
-    client = hazelcast.HazelcastClient(
-        token_provider=token_provider
-    )
-
 For more information and possible client and server configurations, refer to
-the `documentation <https://pypi.org/project/hazelcast-kerberos/>`__ of the
+the `documentation <https://github.com/hazelcast/hazelcast-python-client-kerberos>`__ of the
 ``hazelcast-kerberos`` package.
diff --git a/hazelcast/connection.py b/hazelcast/connection.py
@@ -491,9 +491,10 @@ def _authenticate(self, connection):
         cluster_name = self._config.cluster_name
         client_name = client.name
         if self._config.token_provider:
+            token = self._config.token_provider.token(connection.connected_address)
             request = client_authentication_custom_codec.encode_request(
                 cluster_name,
-                self._config.token_provider.token(),
+                token,
                 self.client_uuid,
                 CLIENT_TYPE,
                 SERIALIZATION_VERSION,
diff --git a/hazelcast/security.py b/hazelcast/security.py
@@ -1,13 +1,17 @@
 from hazelcast.six import string_types
+from hazelcast.core import Address
 
 
 class TokenProvider(object):
     """TokenProvider is a base class for token providers."""
 
-    def token(self):
-        # type: (TokenProvider) -> bytes
+    def token(self, address=None):
+        # type: (TokenProvider, Address) -> bytes
         """Returns a token to be used for token-based authentication.
 
+        Args:
+            address (hazelcast.core.Address): Connected address for the member.
+
         Returns:
             bytes: token as a bytes object.
         """
@@ -25,11 +29,5 @@ def __init__(self, token=""):
         else:
             raise TypeError("token must be either a str or bytes object")
 
-    def token(self):
-        # type: (BasicTokenProvider) -> bytes
-        """Returns a token to be used for token-based authentication.
-
-        Returns:
-            bytes: token as a bytes object.
-        """
+    def token(self, address=None):
         return self._token
