Skip to content

v4.1.0 #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

v4.1.0 #65

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
703a950
enable authentication via client id and client secret, refractor reau…
MBueschelberger Sep 22, 2025
b5e0e8e
add logging message and change field order in dsms config
MBueschelberger Sep 22, 2025
89ea13a
update documentation
MBueschelberger Sep 22, 2025
6faf280
support reverse attribute in relation mapping (#66)
Kirankumaraswamy Oct 8, 2025
495f18d
set upper range for pydantic version
MBueschelberger Oct 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Dockerfile.docs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM python:3.10-buster
FROM python:3.10-slim-bullseye

RUN apt-get update && apt-get install -y \
pandoc default-jre graphviz \
Expand Down
19 changes: 17 additions & 2 deletions docs/dsms_sdk/dsms_config_schema.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,15 @@ This section describes the configuration properties for the DSMS Python SDK.
| Field Name | Description | Type | Default | Property Namespace | Required/Optional | Environment Variable |
|-----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------|------------------------------|-------------------------|-------------------|-------------------------------|
| Host URL | URL of the DSMS instance to connect. | `AnyUrl` | Not Applicable | `host_url` | Required | `DSMS_HOST_URL` |
| Request timeout | Timeout in seconds until the request to the DSMS is timed out. | `int` | `120` | `request_timeout` | Optional | `DSMS_REQUEST_TIMEOUT` |
| SSL verify | Whether the SSL of the DSMS shall be verified during connection. | `bool` | `True` | `ssl_verify` | Optional | `DSMS_SSL_VERIFY` |
| Username | User name for connecting to the DSMS instance | `Optional[SecretStr]`| `None` | `username` | Optional | `DSMS_USERNAME` |
| Client ID | If a service account is used to authenticate, this will proviode the Client ID in Keycloak | `Optional[SecretStr]`| `None` | `client_id` | Optional | `DSMS_CLIENT_ID`, `KEYCLOAK_DSMS_CLIENT_ID` or `KEYCLOAK_CLIENT_ID` |
| Client Secret | If a service account is used to authenticate, this will proviode the Client Secret in Keycloak | `Optional[SecretStr]`| `None` | `client_secret` | Optional | `DSMS_CLIENT_SECRET`, `KEYCLOAK_DSMS_CLIENT_SECRET` or `KEYCLOAK_CLIENT_SECRET` |
Comment on lines +13 to +14
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you explain why did you add these variables? To avoid using the DSMS admin user? Does it mean we need to share this client secret to all users?

Copy link
Member Author

@MBueschelberger MBueschelberger Oct 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The DSMS Admin user is a hack which we identified to remove. It can also cause problems with the 2FA during internal processes in the backend. One instead can simply authenticate through the client secret with the serivce account, which is automatically enabled in Keycloak for each client.

I do not understand where you got the impression from that we are sharing the client secret with all users. The user has the ability to authenticate with ONE of the following options:

  • username/password
  • JWT
  • client id/client secret

The latter one does not get exposed when using the first two one. The only place where we are using the third option is in the backend, where the client secret should also stay and not be exposed from.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand:

  • Where in the code we replaced the admin user with the confidential client
  • Why do we need to add a new authentication method with client id/client secret

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We agreed on this three weeks ago!

See your message

Copy link
Member Author

@MBueschelberger MBueschelberger Oct 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We did not replace anything in the backend, one authenticates with Keycloak directly.

| Password | Password for connecting to the DSMS instance | `Optional[SecretStr]`| `None` | `password` | Optional | `DSMS_PASSWORD` |
| Token | JWT bearer token for connecting to the DSMS instance | `Optional[SecretStr]`| `None` | `token` | Optional | `DSMS_TOKEN` |
| Ping Backend | Check whether the host is a DSMS instance or not. | `bool` | `True` | `ping_backend` | Optional | `DSMS_PING_BACKEND` |
| Auto fetch KTypes | Whether the KTypes of the DSMS should be fetched automatically when the session is started. They will be fetched if requested and cached in memory. | `bool` | `True` | `auto_fetch_ktypes` | Optional | `DSMS_AUTO_FETCH_KTYPES` |
| Request timeout | Timeout in seconds until the request to the DSMS is timed out. | `int` | `120` | `request_timeout` | Optional | `DSMS_REQUEST_TIMEOUT` |
| SSL verify | Whether the SSL of the DSMS shall be verified during connection. | `bool` | `True` | `ssl_verify` | Optional | `DSMS_SSL_VERIFY` |
| Auto refresh | Determines whether local objects like KItem, KType, and AppConfig should automatically update with the latest backend data after a successful commit. | `bool` | `True` | `auto_refresh` | Optional | `DSMS_AUTO_REFRESH` |
| Always refetch KTypes | Whether the KTypes of the DSMS should be refetched every time used in the SDK. This can be helpful if the SDK is integrated in a service and the KTypes are updated.<br><br>**WARNING**: This might lead to performance issues. | `bool` | `False` | `always_refetch_ktypes` | Optional | `DSMS_ALWAYS_REFETCH_KTYPES` |
| Strict validation | Whether the validation of custom properties shall be strict. Disabling this might be helpful when, for example, the schema of a KType has been changed and the custom properties are not compatible anymore and should be updated accordingly. | `bool` | `True` | `strict_validation` | Optional | `DSMS_STRICT_VALIDATION` |
Expand All @@ -32,6 +34,19 @@ This section describes the configuration properties for the DSMS Python SDK.
| Hide properties | Properties to hide while printing, e.g `{'external_links'}` | `Set[str]` | `{}` | `hide_properties` | Optional | `DSMS_HIDE_PROPERTIES` |
| Log level | Logging level | `str` | `None` | `log_level` | Optional | `DSMS_LOG_LEVEL` |

## Authentication Priority Rules

```{important}

When multiple authentication methods are provided:

* Service account credentials (`client_id` + `client_secret`) always take precedence over user credentials (`username` + `password`)
* If any authentication credentials are provided alongside a token, the original `token` value will be overwritten with a new token obtained during the authentication process

Summary: Service account → User credentials → Direct token (in order of priority)

```

## Example Usage
```python
from dsms import DSMS
Expand Down
2 changes: 1 addition & 1 deletion docs/dsms_sdk/dsms_kitem_schema.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ The schema contains complex types and references, indicating an advanced usage s
| Updated At | Timestamp of when the KItem was updated. | Union[string, datetime] | `None` | `updated_at` | Automatically generated |
| Avatar | The avatar of the KItem. | Union[[Avatar](#avatar-fields), Dict[str, Any]] | `None` | `avatar` | Optional |
| Avatar Exists | Whether the KItem holds an avatar or not. | boolean | `False` | `avatar_exists` | Automatically generated |
| KItemCustomPropertiesModel(#kitemcustompropertiesmodel) | A set of custom properties related to the KItem. | Any | `None` | `custom_properties`| Optional |
| [KItemCustomPropertiesModel](#kitemcustompropertiesmodel) | A set of custom properties related to the KItem. | Any | `None` | `custom_properties`| Optional |
| Summary | A brief human-readable summary of the KItem | string | `None` | `summary` | Optional |
| Apps | A list of applications associated with the KItem | List[[App](#app-fields)] | `[ ]` | `apps` | Optional |
| Annotations | A list of annotations related to the KItem | List[[Annotation](#annotation-fields)] | `[ ]` | `annotations` | Optional |
Expand Down
11 changes: 8 additions & 3 deletions docs/dsms_sdk/dsms_sdk.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,9 +89,10 @@ You need to authenticate yourself to connect with dsms using the `dsms-sdk` Pyth

The following are the instances of the DSMS you could choose from:

- [StahlDigital](https://lnkd.in/gfwe9a36)
- [KupferDigital](https://lnkd.in/g8mvnM3K)
- [DiMAT](https://lnkd.in/g46baB6J)
- [StahlDigital](https://stahldigital.materials-data.space)
- [KupferDigital](https://kupferdigital.materials-data.space)
- [DiMAT](https://cmdb.materials-data.space)
- [ORCHESTER](https://cmdb.materials-data.space)

2. **Authentication Options**

Expand Down Expand Up @@ -160,6 +161,10 @@ You need to authenticate yourself to connect with dsms using the `dsms-sdk` Pyth
DSMS_TOKEN = {YOUR_COPIED_TOKEN}
```

```{important}
Please also note the [priority rules for authentication](dsms_config_schema.md#authentication-priority-rules).
```

Now you are ready to use dsms-sdk. Do check out the tutorials section to try out some basic examples on how to use dsms-sdk.

The next sections covers about the schema of fundamental classes crucial for users to know about DSMS when using the platform. Below given explains about the Schema of `KItem` and its associated properties in DSMS.
Expand Down
Loading