Skip to content

Custom Script User Attributes

By using a custom script (or scripts), you can source user attributes from bespoke systems, such as custom REST APIs or data stores. At a basic level, the script will be invoked when user attributes are requested for a user (and are not present in the in-memory cache), with the username as an argument and the script needs to output a JSON document where the keys are the attribute names and the values are the attribute values.

Example Script

#!/usr/bin/env python3
import json
import sys

attributes = {
    "attribute1": "%s-foo" % USER,
    "attribute2": "%s-bar" % USER,

This script will return two attributes for each user, attribute1 and attribute2, with values of <username>-foo and <username>-bar respectively.


To configure a custom script (or scripts), set the following configuration property:

USER_ATTRIBUTES_SCRIPT: <path to script 1>,<path to script 2>,...


If multiple scripts are specified, all scripts will be executed and the results merged, with the last script having the highest priority.

If using okctl, <path to script> can be a local file, an S3 path or an ADLS path. okctl will properly inject the script contents into the pods as part of their configuration.

If manually configuring Okera (i.e. manually configuring the odas-config ConfigMap), then the paths need to be paths inside the pod.

By default, Okera will only run scripts that are in its allowed script directory (default of /opt/scripts), and will automatically make the scripts specified in USER_ATTRIBUTES_SCRIPT available there with the right permissions. You can change this default location by setting a different value for the OKERA_SCRIPTS_DIR configuration setting.