Cyral
Get Started Sign In

Adding the Cyral Django wrapper to your application

The Cyral Django wrapper allows your Django applications to insert the current user's identity and group information into each database query. When the Cyral sidecar receives a database query, it uses this identity information to apply access policies and to log the user's data activities. Optionally, you can use the wrapper to supply your application's name to be recorded in query logs.

Add the Cyral wrapper to your Django application

  1. Install cyral-django-wrapper by running:

pip3 install cyral-django-wrapper


  1. In your settings.py, add cyral_django_wrapper to the list of installed apps:

my_awesome_project/settings.py


INSTALLED_APPS = (

    'django.contrib.auth',

    'django.contrib.contenttypes',

    'django.contrib.sessions',

    'django.contrib.sites',

    'django.contrib.messages',

    'django.contrib.admin',


    'cyral_django_wrapper',  # new app

)


  1. Finally, in your application call set_user_identity at an appropriate location. For example:


# somewhere in your application where you consume a user JWT


from cyral_django_wrapper import set_user_identity


def process_user_jwt(jwt_token):

    ...verify and process the JWT as usual...

    claims = jwt.decode(jwt_token)

    # add this new line to enrich database queries with user identity

    set_user_identity(claims['email'], claims['group'])



  1. (Optional.) Somewhere in your application, call cyral_django_wrapper.set_service_name to set the service name. This can be used to annotate queries and attribute them to a specific project. For example:

from cyral_django_wrapper import set_service_name


set_service_name("My Awesome Django App")


Configuration

In your settings.py, set a CYRAL_DJANGO_WRAPPER dictionary with configuration values. Available options are:

my_awesome_project/settings.py


CYRAL_DJANGO_WRAPPER = {

    # If set to True, queries will be blocked if user identity is not set

    # Defaults to False.

    "REQUIRE_IDENTITY": False

}




Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.