PyPI - appmesh - Versions diffs - 1.4.6__py3-none-any.whl → 1.4.7__py3-none-any.whl - Mend

appmesh 1.4.6py3-none-any.whl → 1.4.7py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

appmesh/http_client.py CHANGED Viewed

@@ -8,12 +8,13 @@ from datetime import datetime
 from enum import Enum, unique
 from http import HTTPStatus
 from typing import Optional, Tuple, Union
+from urllib import parse
 import aniso8601
 import requests
-import urllib
 from .app import App
 from .app_run import AppRun
 from .app_output import AppOutput
+from .keycloak import KeycloakClient
 class AppMeshClient(metaclass=abc.ABCMeta):
@@ -131,6 +132,7 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         rest_ssl_client_cert=(DEFAULT_SSL_CLIENT_CERT_PATH, DEFAULT_SSL_CLIENT_KEY_PATH) if os.path.exists(DEFAULT_SSL_CLIENT_CERT_PATH) else None,
         rest_timeout=(60, 300),
         jwt_token=None,
+        oauth2_config=None,
     ):
         """Initialize an App Mesh HTTP client for interacting with the App Mesh server via secure HTTPS.
@@ -152,8 +154,14 @@ class AppMeshClient(metaclass=abc.ABCMeta):
             jwt_token (str, optional): JWT token for API authentication, used in headers to authorize requests where required.
+            oauth2 (Dict[str, Any], optional): Keycloak configuration for oauth2 authentication:
+                - server_url: Keycloak server URL (e.g. "https://keycloak.example.com")
+                - realm: Keycloak realm
+                - client_id: Keycloak client ID
+                - client_secret: Keycloak client secret (optional)
         """
+        self.session = requests.Session()
         self.server_url = rest_url
         self._jwt_token = jwt_token
         self.ssl_verify = rest_ssl_verify
@@ -161,6 +169,33 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         self.rest_timeout = rest_timeout
         self._forward_to = None
+        # Keycloak integration
+        self._keycloak_client = None
+        if oauth2_config:
+            self._keycloak_client = KeycloakClient(
+                server_url=oauth2_config.get("server_url"),
+                realm=oauth2_config.get("realm"),
+                client_id=oauth2_config.get("client_id"),
+                client_secret=oauth2_config.get("client_secret"),
+                ssl_verify=oauth2_config.get("ssl_verify", self.ssl_verify),
+                timeout=oauth2_config.get("timeout", (30, 60)),
+            )
+    def close(self):
+        """Close the session and release resources."""
+        if hasattr(self, 'session'):
+            self.session.close()
+        if self._keycloak_client and hasattr(self._keycloak_client, 'close'):
+            self._keycloak_client.close()
+    def __enter__(self):
+        """Support for context manager protocol."""
+        return self
+    def __exit__(self, exc_type, exc_val, exc_tb):
+        """Support for context manager protocol, ensuring resources are released."""
+        self.close()
     @property
     def jwt_token(self) -> str:
         """Get the current JWT (JSON Web Token) used for authentication.
@@ -266,6 +301,12 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         Returns:
             str: JWT token.
         """
+        # Keycloak authentication if configured
+        if self._keycloak_client:
+            self.jwt_token = self._keycloak_client.authenticate(user_name, user_pwd)
+            return self.jwt_token
+        # Standard App Mesh authentication
         self.jwt_token = None
         resp = self._request_http(
             AppMeshClient.Method.POST,
@@ -293,7 +334,7 @@ class AppMeshClient(metaclass=abc.ABCMeta):
             username (str): Username to validate
             challenge (str): Challenge string from server
             code (str): TOTP code to validate
-            timeout (Union[int, str], optional): Token expiry timeout.
+            timeout (Union[int, str], optional): Token expiry timeout.
                 Accepts ISO 8601 duration format (e.g., 'P1Y2M3DT4H5M6S', 'P1W') or seconds.
                 Defaults to DURATION_ONE_WEEK_ISO.
@@ -325,11 +366,11 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         Returns:
             bool: logoff success or failure.
         """
-        resp = self._request_http(AppMeshClient.Method.POST, path="/appmesh/self/logoff")
-        if resp.status_code != HTTPStatus.OK:
-            raise Exception(resp.text)
-        self.jwt_token = None
-        return resp.status_code == HTTPStatus.OK
+        if self.jwt_token:
+            resp = self._request_http(AppMeshClient.Method.POST, path="/appmesh/self/logoff")
+            self.jwt_token = None
+            return resp.status_code == HTTPStatus.OK
+        return True
     def authentication(self, token: str, permission: Optional[str] = None, audience: Optional[str] = None) -> bool:
         """Deprecated: Use authenticate() instead."""
@@ -370,6 +411,12 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         Returns:
             str: The new JWT token if renew success, the old token will be blocked.
         """
+        # Refresh the Keycloak token
+        if self._keycloak_client:
+            self.jwt_token = self._keycloak_client.refresh_tokens()
+            return self.jwt_token
+        # Refresh the App Mesh token
         assert self.jwt_token
         resp = self._request_http(
             AppMeshClient.Method.POST,
@@ -445,13 +492,13 @@ class AppMeshClient(metaclass=abc.ABCMeta):
             dict: eextract parameters
         """
         parsed_info = {}
-        parsed_uri = urllib.parse.urlparse(totp_uri)
+        parsed_uri = parse.urlparse(totp_uri)
         # Extract label from the path
         parsed_info["label"] = parsed_uri.path[1:]  # Remove the leading slash
         # Extract parameters from the query string
-        query_params = urllib.parse.parse_qs(parsed_uri.query)
+        query_params = parse.parse_qs(parsed_uri.query)
         for key, value in query_params.items():
             parsed_info[key] = value[0]
         return parsed_info
@@ -953,7 +1000,7 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         with open(file=local_file, mode="rb") as fp:
             encoder = MultipartEncoder(fields={"filename": os.path.basename(remote_file), "file": ("filename", fp, "application/octet-stream")})
-            header = {"File-Path": urllib.parse.quote(remote_file), "Content-Type": encoder.content_type}
+            header = {"File-Path": parse.quote(remote_file), "Content-Type": encoder.content_type}
             # Include file attributes (permissions, owner, group) if requested
             if apply_file_attributes:
@@ -1120,7 +1167,11 @@ class AppMeshClient(metaclass=abc.ABCMeta):
         Returns:
             requests.Response: HTTP response
         """
-        rest_url = urllib.parse.urljoin(self.server_url, path)
+        # Try to refresh token via Keycloak if using Keycloak and token needs refreshing
+        if self._keycloak_client and self.jwt_token and not self._keycloak_client.validate_token():
+            self.jwt_token = self._keycloak_client.get_active_token()
+        rest_url = parse.urljoin(self.server_url, path)
         header = {} if header is None else header
         if self.jwt_token:
@@ -1129,20 +1180,20 @@ class AppMeshClient(metaclass=abc.ABCMeta):
             if ":" in self.forward_to:
                 header[self.HTTP_HEADER_KEY_X_TARGET_HOST] = self.forward_to
             else:
-                header[self.HTTP_HEADER_KEY_X_TARGET_HOST] = self.forward_to + ":" + str(urllib.parse.urlsplit(self.server_url).port)
+                header[self.HTTP_HEADER_KEY_X_TARGET_HOST] = self.forward_to + ":" + str(parse.urlsplit(self.server_url).port)
         header[self.HTTP_HEADER_KEY_USER_AGENT] = self.HTTP_USER_AGENT
         if method is AppMeshClient.Method.GET:
-            return requests.get(url=rest_url, params=query, headers=header, cert=self.ssl_client_cert, verify=self.ssl_verify, timeout=self.rest_timeout)
+            return self.session.get(url=rest_url, params=query, headers=header, cert=self.ssl_client_cert, verify=self.ssl_verify, timeout=self.rest_timeout)
         elif method is AppMeshClient.Method.POST:
-            return requests.post(
+            return self.session.post(
                 url=rest_url, params=query, headers=header, data=json.dumps(body) if type(body) in (dict, list) else body, cert=self.ssl_client_cert, verify=self.ssl_verify, timeout=self.rest_timeout
             )
         elif method is AppMeshClient.Method.POST_STREAM:
-            return requests.post(url=rest_url, params=query, headers=header, data=body, cert=self.ssl_client_cert, verify=self.ssl_verify, stream=True, timeout=self.rest_timeout)
+            return self.session.post(url=rest_url, params=query, headers=header, data=body, cert=self.ssl_client_cert, verify=self.ssl_verify, stream=True, timeout=self.rest_timeout)
         elif method is AppMeshClient.Method.DELETE:
-            return requests.delete(url=rest_url, headers=header, cert=self.ssl_client_cert, verify=self.ssl_verify, timeout=self.rest_timeout)
+            return self.session.delete(url=rest_url, headers=header, cert=self.ssl_client_cert, verify=self.ssl_verify, timeout=self.rest_timeout)
         elif method is AppMeshClient.Method.PUT:
-            return requests.put(url=rest_url, params=query, headers=header, json=body, cert=self.ssl_client_cert, verify=self.ssl_verify, timeout=self.rest_timeout)
+            return self.session.put(url=rest_url, params=query, headers=header, json=body, cert=self.ssl_client_cert, verify=self.ssl_verify, timeout=self.rest_timeout)
         else:
             raise Exception("Invalid http method", method)

appmesh/keycloak.py ADDED Viewed

@@ -0,0 +1,232 @@
+# Keycloak authentication client for App Mesh Python SDK
+import base64
+import json
+import time
+from typing import Dict, Optional, Tuple, Any
+import requests
+class KeycloakClient:
+    """
+    Client for authenticating with Keycloak and obtaining tokens for App Mesh.
+    This class handles the OAuth2/OIDC workflow with Keycloak, including:
+    - Direct authentication with username/password
+    - Token refresh
+    - Token validation
+    """
+    def __init__(
+        self,
+        server_url: str,
+        realm: str,
+        client_id: str,
+        client_secret: Optional[str] = None,
+        ssl_verify: bool = True,
+        timeout: Tuple[int, int] = (10, 60),
+        token_refresh_threshold: int = 30,
+    ):
+        """Initialize Keycloak client.
+        Args:
+            server_url (str): Keycloak server URL (e.g. https://keycloak.example.com/auth)
+            realm (str): Keycloak realm name
+            client_id (str): Client ID registered in Keycloak
+            client_secret (Optional[str], optional): Client secret if using confidential client. Defaults to None.
+            ssl_verify (bool, optional): Verify SSL certificates. Defaults to True.
+            timeout (Tuple[int, int], optional): Connection and read timeouts. Defaults to (10, 60).
+            token_refresh_threshold (int, optional): Seconds before token expiry to trigger refresh. Defaults to 30.
+        """
+        self.server_url = server_url.rstrip("/")
+        self.realm = realm
+        self.client_id = client_id
+        self.client_secret = client_secret
+        self.ssl_verify = ssl_verify
+        self.timeout = timeout
+        self.token_refresh_threshold = token_refresh_threshold
+        # Token storage
+        self.access_token = None
+        self.refresh_token = None
+        self.token_expires_at = 0
+        # Construct the token endpoint URL
+        self.token_endpoint = f"{self.server_url}/realms/{self.realm}/protocol/openid-connect/token"
+        self.userinfo_endpoint = f"{self.server_url}/realms/{self.realm}/protocol/openid-connect/userinfo"
+        # Create a session for connection pooling
+        self.session = requests.Session()
+    def authenticate(self, username: str, password: str) -> str:
+        """Authenticate with username and password.
+        Args:
+            username (str): Username
+            password (str): Password
+        Returns:
+            str: Access token
+        Raises:
+            Exception: If authentication fails
+        """
+        data = {
+            "client_id": self.client_id,
+            "grant_type": "password",
+            "username": username,
+            "password": password,
+        }
+        if self.client_secret:
+            data["client_secret"] = self.client_secret
+        try:
+            response = self.session.post(self.token_endpoint, data=data, verify=self.ssl_verify, timeout=self.timeout)
+            if response.status_code != 200:
+                raise Exception(f"Authentication failed: {response.text}")
+            token_data = response.json()
+            self._update_token_data(token_data)
+            return self.access_token
+        except requests.RequestException as e:
+            raise Exception(f"Failed to connect to Keycloak: {str(e)}")
+    def refresh_tokens(self) -> str:
+        """Refresh the access token using the refresh token.
+        Returns:
+            str: New access token
+        Raises:
+            Exception: If refresh fails
+        """
+        if not self.refresh_token:
+            raise Exception("No refresh token available")
+        data = {
+            "client_id": self.client_id,
+            "grant_type": "refresh_token",
+            "refresh_token": self.refresh_token,
+        }
+        if self.client_secret:
+            data["client_secret"] = self.client_secret
+        try:
+            response = self.session.post(self.token_endpoint, data=data, verify=self.ssl_verify, timeout=self.timeout)
+            if response.status_code != 200:
+                raise Exception(f"Token refresh failed: {response.text}")
+            token_data = response.json()
+            self._update_token_data(token_data)
+            return self.access_token
+        except requests.RequestException as e:
+            raise Exception(f"Failed to connect to Keycloak: {str(e)}")
+    def validate_token(self) -> bool:
+        """Check if the current token is valid and not expired.
+        Returns:
+            bool: True if valid, False otherwise
+        """
+        if not self.access_token:
+            return False
+        # Check if the token is expired based on our local expiry time
+        if time.time() > self.token_expires_at:
+            return False
+        return True
+    def get_active_token(self) -> str:
+        """Get a valid access token, refreshing if necessary.
+        Returns:
+            str: Valid access token
+        Raises:
+            Exception: If no valid token can be obtained
+        """
+        if self.validate_token():
+            return self.access_token
+        if self.refresh_token:
+            try:
+                return self.refresh_tokens()
+            except Exception:
+                pass
+        raise Exception("No valid token available and unable to refresh")
+    def get_user_info(self) -> Dict[str, Any]:
+        """Get information about the authenticated user.
+        Returns:
+            Dict[str, Any]: User information
+        Raises:
+            Exception: If request fails
+        """
+        if not self.access_token:
+            raise Exception("Not authenticated")
+        headers = {"Authorization": f"Bearer {self.access_token}"}
+        try:
+            response = self.session.get(self.userinfo_endpoint, headers=headers, verify=self.ssl_verify, timeout=self.timeout)
+            if response.status_code != 200:
+                raise Exception(f"Failed to get user info: {response.text}")
+            return response.json()
+        except requests.RequestException as e:
+            raise Exception(f"Failed to connect to Keycloak: {str(e)}")
+    def _update_token_data(self, token_data: Dict[str, Any]) -> None:
+        """Update the stored token data.
+        Args:
+            token_data (Dict[str, Any]): Token data from Keycloak
+        """
+        self.access_token = token_data["access_token"]
+        self.refresh_token = token_data.get("refresh_token")
+        # Calculate token expiration time with configurable buffer
+        expires_in = token_data.get("expires_in", 300)
+        self.token_expires_at = time.time() + expires_in - self.token_refresh_threshold
+    def close(self) -> None:
+        """Close the session and release resources."""
+        if hasattr(self, 'session'):
+            self.session.close()
+    @staticmethod
+    def decode_token(token: str) -> Dict[str, Any]:
+        """Decode a JWT token without verification.
+        Args:
+            token (str): JWT token
+        Returns:
+            Dict[str, Any]: Decoded token payload
+        """
+        parts = token.split(".")
+        if len(parts) != 3:
+            raise Exception("Invalid token format")
+        # Decode the payload (second part)
+        payload = parts[1]
+        # Add padding if necessary
+        payload += "=" * (4 - len(payload) % 4) if len(payload) % 4 else ""
+        try:
+            decoded = base64.b64decode(payload)
+            return json.loads(decoded)
+        except Exception as e:
+            raise Exception(f"Failed to decode token: {str(e)}")

{appmesh-1.4.6.dist-info → appmesh-1.4.7.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: appmesh
-Version: 1.4.6
+Version: 1.4.7
 Summary: Client SDK for App Mesh
 Home-page: https://github.com/laoshanxi/app-mesh
 Author: laoshanxi
@@ -28,13 +28,14 @@ Dynamic: requires-dist
 Dynamic: requires-python
 Dynamic: summary
-[![language.badge]][language.url] [![standard.badge]][standard.url] [![release.badge]][release.url] [![pypi.badge]][pypi.url] [![unittest.badge]][unittest.url] [![docker.badge]][docker.url] [![cockpit.badge]][cockpit.url]
+[![language.badge]][language.url] [![standard.badge]][standard.url] [![unittest.badge]][unittest.url] [![docker.badge]][docker.url] [![cockpit.badge]][cockpit.url]
 [![Documentation Status](https://readthedocs.org/projects/app-mesh/badge/?version=latest)](https://app-mesh.readthedocs.io/en/latest/?badge=latest) [![Join the chat at https://gitter.im/app-mesh/community](https://badges.gitter.im/app-mesh/community.svg)](https://gitter.im/app-mesh/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 <a href="https://scan.coverity.com/projects/laoshanxi-app-mesh">
   <img alt="Coverity Scan Build Status"
        src="https://img.shields.io/coverity/scan/21528.svg"/>
 </a>
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/laoshanxi/app-mesh/badge)](https://api.securityscorecards.dev/projects/github.com/laoshanxi/app-mesh)
+[![release.badge]][release.url] [![pypi.badge]][pypi.url] [![npm.badge]][npm.url]
 # App Mesh: Advanced Application Management Platform
@@ -148,7 +149,7 @@ Refer to the [Installation doc](https://app-mesh.readthedocs.io/en/latest/Instal
 [standard.url]:   https://en.wikipedia.org/wiki/C%2B%2B#Standardization
 [standard.badge]: https://img.shields.io/badge/C%2B%2B-11%2F14%2F17-blue.svg
 [release.url]:    https://github.com/laoshanxi/app-mesh/releases
-[release.badge]:  https://img.shields.io/github/v/release/laoshanxi/app-mesh.svg
+[release.badge]:  https://img.shields.io/github/v/release/laoshanxi/app-mesh?label=Github%20package
 [docker.url]:     https://hub.docker.com/repository/docker/laoshanxi/appmesh
 [docker.badge]:   https://img.shields.io/docker/pulls/laoshanxi/appmesh.svg
 [cockpit.url]:    https://github.com/laoshanxi/app-mesh-ui
@@ -157,3 +158,5 @@ Refer to the [Installation doc](https://app-mesh.readthedocs.io/en/latest/Instal
 [unittest.badge]: https://img.shields.io/badge/UnitTest-Catch2-blue?logo=appveyor
 [pypi.badge]: https://img.shields.io/pypi/v/appmesh?label=PyPI%3Aappmesh
 [pypi.url]: https://pypi.org/project/appmesh/
+[npm.badge]: https://img.shields.io/npm/v/appmesh?label=npm%3Aappmesh
+[npm.url]: https://www.npmjs.com/package/appmesh

{appmesh-1.4.6.dist-info → appmesh-1.4.7.dist-info}/RECORD RENAMED Viewed

@@ -3,11 +3,12 @@ appmesh/app.py,sha256=9Q-SOOej-MH13BU5Dv2iTa-p-sECCJQp6ZX9DjWWmwE,10526
 appmesh/app_output.py,sha256=JK_TMKgjvaw4n_ys_vmN5S4MyWVZpmD7NlKz_UyMIM8,1015
 appmesh/app_run.py,sha256=9ISKGZ3k3kkbQvSsPfRfkOLqD9xhbqNOM7ork9F4w9c,1712
 appmesh/appmesh_client.py,sha256=0ltkqHZUq094gKneYmC0bEZCP0X9kHTp9fccKdWFWP0,339
-appmesh/http_client.py,sha256=qM0es3dM4PM95ymNqdTAuIvTD9-Xy6jPKhDW-Sn7ehg,45180
+appmesh/http_client.py,sha256=dtrZryrkJ-dmT_NQE5v0fZPE00-PCD9VB9xL1Wu8ORI,47403
+appmesh/keycloak.py,sha256=siyifDaH3EASIti8s0DzxBo477m8eCRmzKwK6dqGRDY,7497
 appmesh/tcp_client.py,sha256=RkHl5s8jE333BJOgxJqJ_fvjbdRQza7ciV49vLT6YO4,10923
 appmesh/tcp_messages.py,sha256=w1Kehz_aX4X2CYAUsy9mFVJRhxnLQwwc6L58W4YkQqs,969
 appmesh/tcp_transport.py,sha256=UMGby2oKV4k7lyXZUMSOe2Je34fb1w7nTkxEpatKLKg,7256
-appmesh-1.4.6.dist-info/METADATA,sha256=x8wWJAFfIPR3PU4nGmmZDezdmmeoCLFmkE-nrOM1lPY,11501
-appmesh-1.4.6.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
-appmesh-1.4.6.dist-info/top_level.txt,sha256=-y0MNQOGJxUzLdHZ6E_Rfv5_LNCkV-GTmOBME_b6pg8,8
-appmesh-1.4.6.dist-info/RECORD,,
+appmesh-1.4.7.dist-info/METADATA,sha256=Tinrv6mkVtpVQi-ZZm_rTpCWLu-NoTEUvL-dBAQVaZg,11663
+appmesh-1.4.7.dist-info/WHEEL,sha256=jB7zZ3N9hIM9adW7qlTAyycLYW9npaWKLRzaoVcLKcM,91
+appmesh-1.4.7.dist-info/top_level.txt,sha256=-y0MNQOGJxUzLdHZ6E_Rfv5_LNCkV-GTmOBME_b6pg8,8
+appmesh-1.4.7.dist-info/RECORD,,

{appmesh-1.4.6.dist-info → appmesh-1.4.7.dist-info}/WHEEL RENAMED Viewed

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.8.0)
+Generator: setuptools (75.8.2)
 Root-Is-Purelib: true
 Tag: py3-none-any

{appmesh-1.4.6.dist-info → appmesh-1.4.7.dist-info}/top_level.txt RENAMED Viewed

File without changes

appmesh 1.4.6__py3-none-any.whl → 1.4.7__py3-none-any.whl

appmesh 1.4.6py3-none-any.whl → 1.4.7py3-none-any.whl