cardo-python-utils 0.5.dev31__tar.gz → 0.5.dev32__tar.gz

cardo_python_utils-0.5.dev32/MANIFEST.in

@@ -0,0 +1,5 @@
+include LICENSE
+include README.rst
+include python_utils/django/admin/templates/user_groups_changelist.html
+include python_utils/django/README.md
+recursive-exclude tests *

{cardo_python_utils-0.5.dev31/cardo_python_utils.egg-info → cardo_python_utils-0.5.dev32}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cardo-python-utils
-Version: 0.5.dev31
+Version: 0.5.dev32
 Summary: Python library enhanced with a wide range of functions for different scenarios.
 Author-email: CardoAI <hello@cardoai.com>
 License: MIT
@@ -27,12 +27,14 @@ License-File: LICENSE
 Provides-Extra: django-keycloak
 Requires-Dist: PyJWT>=2.10.1; extra == "django-keycloak"
 Requires-Dist: mozilla-django-oidc>=4.0.1; extra == "django-keycloak"
+Requires-Dist: requests; extra == "django-keycloak"
 Provides-Extra: django-keycloak-groups
 Requires-Dist: python-keycloak>=5.8.1; extra == "django-keycloak-groups"
 Provides-Extra: all
 Requires-Dist: PyJWT>=2.10.1; extra == "all"
 Requires-Dist: mozilla-django-oidc>=4.0.1; extra == "all"
 Requires-Dist: python-keycloak>=5.8.1; extra == "all"
+Requires-Dist: requests; extra == "all"
 Provides-Extra: dev
 Requires-Dist: pytest>=7.0; extra == "dev"
 Requires-Dist: pytest-django>=4.5; extra == "dev"

{cardo_python_utils-0.5.dev31 → cardo_python_utils-0.5.dev32/cardo_python_utils.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cardo-python-utils
-Version: 0.5.dev31
+Version: 0.5.dev32
 Summary: Python library enhanced with a wide range of functions for different scenarios.
 Author-email: CardoAI <hello@cardoai.com>
 License: MIT
@@ -27,12 +27,14 @@ License-File: LICENSE
 Provides-Extra: django-keycloak
 Requires-Dist: PyJWT>=2.10.1; extra == "django-keycloak"
 Requires-Dist: mozilla-django-oidc>=4.0.1; extra == "django-keycloak"
+Requires-Dist: requests; extra == "django-keycloak"
 Provides-Extra: django-keycloak-groups
 Requires-Dist: python-keycloak>=5.8.1; extra == "django-keycloak-groups"
 Provides-Extra: all
 Requires-Dist: PyJWT>=2.10.1; extra == "all"
 Requires-Dist: mozilla-django-oidc>=4.0.1; extra == "all"
 Requires-Dist: python-keycloak>=5.8.1; extra == "all"
+Requires-Dist: requests; extra == "all"
 Provides-Extra: dev
 Requires-Dist: pytest>=7.0; extra == "dev"
 Requires-Dist: pytest-django>=4.5; extra == "dev"

cardo_python_utils-0.5.dev32/cardo_python_utils.egg-info/SOURCES.txt

@@ -0,0 +1,58 @@
+LICENSE
+MANIFEST.in
+README.rst
+pyproject.toml
+cardo_python_utils.egg-info/PKG-INFO
+cardo_python_utils.egg-info/SOURCES.txt
+cardo_python_utils.egg-info/dependency_links.txt
+cardo_python_utils.egg-info/requires.txt
+cardo_python_utils.egg-info/top_level.txt
+python_utils/__init__.py
+python_utils/choices.py
+python_utils/data_structures.py
+python_utils/db.py
+python_utils/django_utils.py
+python_utils/esma_choices.py
+python_utils/exceptions.py
+python_utils/imports.py
+python_utils/math.py
+python_utils/text.py
+python_utils/time.py
+python_utils/types_hinting.py
+python_utils/django/README.md
+python_utils/django/__init__.py
+python_utils/django/apps.py
+python_utils/django/oidc_settings.py
+python_utils/django/settings.py
+python_utils/django/tenant_context.py
+python_utils/django/admin/__init__.py
+python_utils/django/admin/auth.py
+python_utils/django/admin/user_group.py
+python_utils/django/admin/views.py
+python_utils/django/admin/templates/__init__.py
+python_utils/django/admin/templates/user_groups_changelist.html
+python_utils/django/api/__init__.py
+python_utils/django/api/drf.py
+python_utils/django/api/ninja.py
+python_utils/django/api/utils.py
+python_utils/django/auth/service.py
+python_utils/django/celery/__init__.py
+python_utils/django/celery/tenant_aware_task.py
+python_utils/django/db/__init__.py
+python_utils/django/db/routers.py
+python_utils/django/db/transaction.py
+python_utils/django/db/utils.py
+python_utils/django/management/__init__.py
+python_utils/django/management/commands/__init__.py
+python_utils/django/management/commands/migrateall.py
+python_utils/django/management/commands/tenant_aware_command.py
+python_utils/django/middleware/__init__.py
+python_utils/django/middleware/tenant_aware_http_middleware.py
+python_utils/django/models/__init__.py
+python_utils/django/models/user_group.py
+python_utils/django/redis/__init__.py
+python_utils/django/redis/key_function.py
+python_utils/django/storage/__init__.py
+python_utils/django/storage/tenant_aware_storage.py
+python_utils/django/tests/__init__.py
+python_utils/django/tests/conftest.py

{cardo_python_utils-0.5.dev31 → cardo_python_utils-0.5.dev32}/cardo_python_utils.egg-info/requires.txt

@@ -3,6 +3,7 @@
 PyJWT>=2.10.1
 mozilla-django-oidc>=4.0.1
 python-keycloak>=5.8.1
+requests
 
 [dev]
 pytest>=7.0
@@ -13,6 +14,7 @@ tox>=3.25
 [django-keycloak]
 PyJWT>=2.10.1
 mozilla-django-oidc>=4.0.1
+requests
 
 [django-keycloak-groups]
 python-keycloak>=5.8.1

{cardo_python_utils-0.5.dev31 → cardo_python_utils-0.5.dev32}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "cardo-python-utils"
-version = "0.5.dev31"
+version = "0.5.dev32"
 description = "Python library enhanced with a wide range of functions for different scenarios."
 readme = "README.rst"
 requires-python = ">=3.8"
@@ -34,6 +34,7 @@ dependencies = []
 django-keycloak = [
     "PyJWT>=2.10.1",
     "mozilla-django-oidc>=4.0.1",
+    "requests",
 ]
 django-keycloak-groups = [
     "python-keycloak>=5.8.1",
@@ -42,6 +43,7 @@ all = [
     "PyJWT>=2.10.1",
     "mozilla-django-oidc>=4.0.1",
     "python-keycloak>=5.8.1",
+    "requests",
 ]
 dev = [
     "pytest>=7.0",

cardo_python_utils-0.5.dev32/python_utils/django/README.md

@@ -0,0 +1,122 @@
+This package provides utilities for facilitating IDP communication and multi-tenancy support.
+
+# Usage
+
+
+## Environment variables to set
+
+- AWS_STORAGE_TENANT_BUCKET_NAMES
+    - A JSON dictionary where each key is the tenant name and the value is the bucket name.
+- DATABASE_CONFIG
+    - A dictionary where each key is the tenant name and the value is a dict with the datase config.
+    - If multiple 'DATABASE_CONFIG'-prefixed variables are set, they will be merged into a single dictionary. 
+- KEYCLOAK_SERVER_URL
+    - The URL of the Keycloak deployment
+- KEYCLOAK_CONFIDENTIAL_CLIENT_ID
+    - The id of the confidential client of the backend service
+
+## settings.py file
+
+### For multi-tenancy
+
+```python3
+INSTALLED_APPS = [
+    ...
+    "python_utils.django",
+    ...
+]
+
+MIDDLEWARE = [
+    "python_utils.django.middleware.TenantAwareHttpMiddleware",
+    ...
+]
+
+# Include the database configuration for each tenant in the DATABASES setting.
+# You can use the get_database_configs() function from python_utils.django.db.utils as a helper.
+DATABASES = {
+    'tenant1': { ... },
+    'tenant2': { ... },
+    ...
+}
+
+# If you want to override the database alias to use for local development (when DEBUG is True).
+# By default, the first database defined in DATABASES is used.
+DEVELOPMENT_TENANT = "development"
+
+# This is required to use the tenant context when routing database queries
+DATABASE_ROUTERS = [
+    "python_utils.django.db.routers.TenantAwareRouter"
+]
+
+# If using celery, set the task class to TenantAwareTask:
+CELERY_TASK_CLS = "python_utils.django.celery.TenantAwareTask"
+
+# If using Redis caching, configure the cache backend as follows:
+CACHES = {
+    "default": {
+        "BACKEND": "django_redis.cache.RedisCache",
+        "LOCATION": REDIS_LOCATION,
+        "KEY_FUNCTION": "python_utils.django.redis.make_tenant_aware_key",
+        **OPTIONS,
+    }
+}
+
+# If using Django Storages with S3, configure the storage backends as follows:
+STORAGES = {
+    "default": {
+        "BACKEND": "python_utils.django.storage.TenantAwarePrivateS3Storage",
+    },
+}
+
+# If you want to exclude certain paths from tenant processing, use TENANT_AWARE_EXCLUDED_PATHS:
+# They are considered as prefixes, so all paths starting with the given strings will be excluded.
+TENANT_AWARE_EXCLUDED_PATHS = ("/some/path",)
+```
+
+### For OIDC auth
+
+```python3
+from python_utils.django.admin.templates import TEMPLATE_PATH
+
+INSTALLED_APPS.append("mozilla_django_oidc")
+TEMPLATES[0]["DIRS"].append(TEMPLATE_PATH)
+
+JWT_AUDIENCE = "myapp"
+JWT_SCOPE_PREFIX = "myapp"
+
+# If using DRF
+REST_FRAMEWORK.update(
+    {
+        "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
+        "DEFAULT_AUTHENTICATION_CLASSES": ("python_utils.django.api.drf.AuthenticationBackend",),
+        "DEFAULT_PERMISSION_CLASSES": (
+            "rest_framework.permissions.IsAuthenticated",
+            "python_utils.django.api.drf.HasScope",
+        ),
+    }
+)
+
+# Admin auth backends
+AUTHENTICATION_BACKENDS = [
+    "django.contrib.auth.backends.ModelBackend",
+    "python_utils.django.admin.auth.AdminAuthenticationBackend",
+]
+
+# If user groups are used for Row Level Security (RLS)
+KEYCLOAK_USER_GROUP_MODEL = "myapp.UserGroup"
+
+KEYCLOAK_CONFIDENTIAL_CLIENT_ID = os.getenv("KEYCLOAK_CONFIDENTIAL_CLIENT_ID", f"{JWT_AUDIENCE}_confidential")
+
+OIDC_RP_CLIENT_ID = KEYCLOAK_CONFIDENTIAL_CLIENT_ID
+OIDC_RP_CLIENT_SECRET = None
+OIDC_RP_SIGN_ALGO = "RS256"
+OIDC_CREATE_USER = True
+
+LOGIN_REDIRECT_URL = "/admin"
+SESSION_COOKIE_AGE = 60 * 30  # 30 minutes
+SESSION_SAVE_EVERY_REQUEST = True  # Extend session on each request
+```
+
+## With django-ninja
+
+If using `django-ninja`, apart from the settings configured above, auth utils are provided in the django/api/ninja.py module.

cardo_python_utils-0.5.dev32/python_utils/django/__init__.py

@@ -0,0 +1 @@
+default_app_config = "python_utils.django.apps.DjangoAppConfig"

{cardo_python_utils-0.5.dev31/python_utils/keycloak → cardo_python_utils-0.5.dev32/python_utils}/django/admin/auth.py

@@ -1,17 +1,48 @@
 from django.conf import settings
 from mozilla_django_oidc.auth import OIDCAuthenticationBackend
 
-from ...utils import get_keycloak_confidential_client_token
+from ..oidc_settings import (
+    get_oidc_confidential_client_token,
+    get_oidc_op_token_endpoint,
+    get_oidc_op_user_endpoint,
+    get_oidc_op_jwks_endpoint,
+)
 
 
 class AdminAuthenticationBackend(OIDCAuthenticationBackend):
+    """
+    Tenant-aware OIDC authentication backend for Django admin.
+
+    This backend dynamically resolves OIDC endpoints based on the current
+    tenant context, allowing each tenant to authenticate against their
+    own Keycloak realm.
+    """
+
+    @property
+    def OIDC_OP_TOKEN_ENDPOINT(self):
+        """Dynamically get the token endpoint for the current tenant."""
+
+        return get_oidc_op_token_endpoint()
+
+    @property
+    def OIDC_OP_USER_ENDPOINT(self):
+        """Dynamically get the userinfo endpoint for the current tenant."""
+
+        return get_oidc_op_user_endpoint()
+
+    @property
+    def OIDC_OP_JWKS_ENDPOINT(self):
+        """Dynamically get the JWKS endpoint for the current tenant."""
+
+        return get_oidc_op_jwks_endpoint()
+
     def get_token(self, payload):
         # Instead of passing client_id and client_secret,
         # client_assertion with service account token will be used
         payload.pop("client_id", None)
         payload.pop("client_secret", None)
 
-        return get_keycloak_confidential_client_token(**payload)
+        return get_oidc_confidential_client_token(**payload)
 
     def _get_user_data(self, claims) -> dict:
         client_roles = (

cardo_python_utils-0.5.dev32/python_utils/django/admin/templates/__init__.py

@@ -0,0 +1,3 @@
+import os
+
+TEMPLATE_PATH = os.path.dirname(__file__)

{cardo_python_utils-0.5.dev31/python_utils/keycloak → cardo_python_utils-0.5.dev32/python_utils}/django/admin/user_group.py

@@ -5,7 +5,7 @@ from django.db.models import Count
 from django.urls import path
 from django.shortcuts import redirect
 
-from ..service import KeycloakService
+from ..auth.service import KeycloakService
 
 
 class UserGroupAdminMetaclass(forms.MediaDefiningClass):

cardo_python_utils-0.5.dev32/python_utils/django/admin/views.py

@@ -0,0 +1,63 @@
+"""
+Tenant-aware OIDC views for mozilla-django-oidc.
+
+These views override the default mozilla-django-oidc views to dynamically
+resolve OIDC endpoints based on the current tenant context.
+"""
+
+from mozilla_django_oidc.views import (
+    OIDCAuthenticationCallbackView,
+    OIDCAuthenticationRequestView,
+    OIDCLogoutView,
+)
+
+from ..oidc_settings import (
+    get_oidc_op_authorization_endpoint,
+    get_oidc_op_logout_endpoint,
+)
+
+
+class TenantAwareOIDCAuthenticationRequestView(OIDCAuthenticationRequestView):
+    """
+    Tenant-aware OIDC authentication request view.
+
+    Dynamically resolves the authorization endpoint based on the current tenant.
+    """
+
+    @property
+    def OIDC_OP_AUTH_ENDPOINT(self):
+        """Dynamically get the authorization endpoint for the current tenant."""
+        return get_oidc_op_authorization_endpoint()
+
+    def get_settings(self, attr, *args):
+        if attr == "OIDC_OP_AUTHORIZATION_ENDPOINT":
+            return self.OIDC_OP_AUTH_ENDPOINT
+        return super().get_settings(attr, *args)
+
+
+class TenantAwareOIDCAuthenticationCallbackView(OIDCAuthenticationCallbackView):
+    """
+    Tenant-aware OIDC authentication callback view.
+
+    Uses the tenant-aware authentication backend.
+    """
+
+    pass
+
+
+class TenantAwareOIDCLogoutView(OIDCLogoutView):
+    """
+    Tenant-aware OIDC logout view.
+
+    Dynamically resolves the logout endpoint based on the current tenant.
+    """
+
+    @property
+    def OIDC_OP_LOGOUT_ENDPOINT(self):
+        """Dynamically get the logout endpoint for the current tenant."""
+        return get_oidc_op_logout_endpoint()
+
+    def get_settings(self, attr, *args):
+        if attr == "OIDC_OP_LOGOUT_ENDPOINT":
+            return self.OIDC_OP_LOGOUT_ENDPOINT
+        return super().get_settings(attr, *args)

{cardo_python_utils-0.5.dev31/python_utils/keycloak → cardo_python_utils-0.5.dev32/python_utils}/django/api/utils.py

@@ -4,10 +4,26 @@ from django.conf import settings
 from django.contrib.auth import get_user_model
 from jwt import decode, PyJWKClient
 
-jwks_client = PyJWKClient(getattr(settings, "JWKS_URL", ""))
+from django.oidc_settings import get_oidc_op_jwks_endpoint
+
+from ..tenant_context import TenantContext
+
+JWKS_CLIENTS = {}  # Cache for PyJWKClient instances
+
+
+def get_jwks_client():
+    tenant = TenantContext.get()
+
+    if tenant not in JWKS_CLIENTS:
+        jwks_client = PyJWKClient(get_oidc_op_jwks_endpoint())
+        JWKS_CLIENTS[tenant] = jwks_client
+
+    return JWKS_CLIENTS[tenant]
+
 
 User = get_user_model()
 
+
 class TokenPayload(TypedDict, total=False):
     exp: int
     iat: int
@@ -35,6 +51,7 @@ def decode_jwt(token: str, audience: Optional[str] = None) -> TokenPayload:
         jwt.exceptions.PyJWKClientError: If there is an error fetching the signing key.
         jwt.exceptions.InvalidTokenError: If the token is invalid or cannot be decoded.
     """
+    jwks_client = get_jwks_client()
     signing_key = jwks_client.get_signing_key_from_jwt(token)
 
     if audience is None:

cardo_python_utils-0.5.dev32/python_utils/django/apps.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class DjangoAppConfig(AppConfig):
+    name = "python_utils.django"

{cardo_python_utils-0.5.dev31/python_utils/keycloak/django → cardo_python_utils-0.5.dev32/python_utils/django/auth}/service.py

@@ -5,12 +5,12 @@ from keycloak import KeycloakAdmin
 from keycloak import KeycloakOpenIDConnection
 from keycloak.exceptions import KeycloakGetError
 
-from ..utils import (
+from ..oidc_settings import (
     KEYCLOAK_SERVER_URL,
-    KEYCLOAK_REALM,
     KEYCLOAK_CONFIDENTIAL_CLIENT_ID,
-    get_keycloak_confidential_client_token,
+    get_oidc_confidential_client_token,
 )
+from ..tenant_context import TenantContext
 
 
 def get_user_group_model():
@@ -67,12 +67,14 @@ class KeycloakService:
             deleted_groups.delete()
 
     def _get_keycloak_admin(self):
+        tenant = TenantContext.get()
+
         keycloak_connection = KeycloakOpenIDConnection(
             server_url=KEYCLOAK_SERVER_URL,
-            realm_name=KEYCLOAK_REALM,
-            user_realm_name=KEYCLOAK_REALM,
+            realm_name=tenant,
+            user_realm_name=tenant,
             client_id=KEYCLOAK_CONFIDENTIAL_CLIENT_ID,
-            token=get_keycloak_confidential_client_token(),
+            token=get_oidc_confidential_client_token(),
             verify=True,
         )
         return KeycloakAdmin(connection=keycloak_connection)

cardo_python_utils-0.5.dev32/python_utils/django/middleware/__init__.py

@@ -0,0 +1,6 @@
+from .tenant_aware_http_middleware import TenantAwareHttpMiddleware
+
+
+__all__ = [
+    "TenantAwareHttpMiddleware",
+]

cardo_python_utils-0.5.dev31/python_utils/multi_tenancy/middleware/tenant_http_middleware.py → cardo_python_utils-0.5.dev32/python_utils/django/middleware/tenant_aware_http_middleware.py

@@ -98,19 +98,12 @@ class TenantAwareHttpMiddleware:
 
         # Need at least 3 parts: <app>.<tenant>.<domain>
         if len(parts) >= 3:
-            tenant = self._normalize_tenant(parts[1])
+            tenant = parts[1].replace("-internal", "")
             logger.debug(f"Tenant '{tenant}' extracted from subdomain: {host}")
             return tenant
 
         return None
 
-    @staticmethod
-    def _normalize_tenant(tenant: str) -> str:
-        # Remove -internal suffix if present
-        if tenant.endswith("-internal"):
-            return tenant[: -len("-internal")]
-        return tenant
-
     @staticmethod
     def _is_valid_tenant(tenant: str) -> bool:
         """

cardo_python_utils-0.5.dev32/python_utils/django/oidc_settings.py

@@ -0,0 +1,91 @@
+"""
+This module provides dynamic OIDC configuration based on the current tenant context.
+Each tenant has its own Keycloak realm, and the OIDC endpoints are computed
+dynamically based on the tenant.
+"""
+
+import json
+import os
+import requests
+
+from .tenant_context import TenantContext
+
+
+KEYCLOAK_SERVER_URL = os.getenv("KEYCLOAK_SERVER_URL", None)
+if not KEYCLOAK_SERVER_URL:
+    raise ValueError("KEYCLOAK_SERVER_URL env variable is not set.")
+
+KEYCLOAK_CONFIDENTIAL_CLIENT_ID = os.getenv("KEYCLOAK_CONFIDENTIAL_CLIENT_ID", None)
+if not KEYCLOAK_CONFIDENTIAL_CLIENT_ID:
+    raise ValueError("KEYCLOAK_CONFIDENTIAL_CLIENT_ID env variable is not set.")
+
+KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATHS: dict[str, str] = json.loads(
+    os.getenv("KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATHS")
+)
+KEYCLOAK_CLIENT_CREDENTIALS_GRANT_TYPE = "client_credentials"
+KEYCLOAK_CLIENT_ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
+
+
+def get_oidc_op_base_url() -> str:
+    """Get the base URL for the OIDC provider (Keycloak realm URL)."""
+
+    realm = TenantContext.get()
+    return f"{KEYCLOAK_SERVER_URL}/realms/{realm}"
+
+
+def get_oidc_op_authorization_endpoint() -> str:
+    return f"{get_oidc_op_base_url()}/protocol/openid-connect/auth"
+
+
+def get_oidc_op_token_endpoint() -> str:
+    return f"{get_oidc_op_base_url()}/protocol/openid-connect/token"
+
+
+def get_oidc_op_user_endpoint() -> str:
+    return f"{get_oidc_op_base_url()}/protocol/openid-connect/userinfo"
+
+
+def get_oidc_op_jwks_endpoint() -> str:
+    return f"{get_oidc_op_base_url()}/protocol/openid-connect/certs"
+
+
+def get_oidc_op_logout_endpoint() -> str:
+    return f"{get_oidc_op_base_url()}/protocol/openid-connect/logout"
+
+
+def get_confidential_client_service_account_token() -> str:
+    """
+    Reads the Keycloak confidential client service account token for the current tenant from a file.
+    """
+    tenant = TenantContext.get()
+    token_file_path = KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATHS.get(tenant)
+    if not token_file_path or not os.path.isfile(token_file_path):
+        raise FileNotFoundError(f"Keycloak service account token file for tenant {tenant} not found: {token_file_path}")
+
+    with open(token_file_path, "r") as f:
+        token = f.read().strip()
+
+    if not token:
+        raise ValueError(f"Keycloak service account token for tenant {tenant} is empty.")
+
+    return token
+
+
+def get_oidc_confidential_client_token(**kwargs) -> dict:
+    """
+    Obtains token for an OIDC confidential client with the client credentials grant,
+    using a service account token for authentication.
+    """
+
+    response = requests.post(
+        get_oidc_op_token_endpoint(),
+        data={
+            "grant_type": KEYCLOAK_CLIENT_CREDENTIALS_GRANT_TYPE,
+            "client_assertion_type": KEYCLOAK_CLIENT_ASSERTION_TYPE,
+            "client_assertion": get_confidential_client_service_account_token(),
+            **kwargs,
+        },
+    )
+    response.raise_for_status()
+
+    return response.json()

cardo_python_utils-0.5.dev32/python_utils/django/redis/__init__.py

@@ -0,0 +1,4 @@
+from .key_function import make_tenant_aware_key
+
+
+__all__ = ["make_tenant_aware_key"]

{cardo_python_utils-0.5.dev31/python_utils/multi_tenancy → cardo_python_utils-0.5.dev32/python_utils/django}/redis/key_function.py

@@ -1,5 +1,5 @@
 from ..tenant_context import TenantContext
 
 
-def make_key(key, key_prefix, version):
+def make_tenant_aware_key(key, key_prefix, version):
     return ":".join([TenantContext.get(), key_prefix, str(version), key])

cardo_python_utils-0.5.dev31/MANIFEST.in

@@ -1,5 +0,0 @@
-include LICENSE
-include README.rst
-include python_utils/keycloak/django/admin/user_groups_changelist.html
-include python_utils/multi_tenancy/README.md
-recursive-exclude tests *

cardo_python_utils-0.5.dev31/cardo_python_utils.egg-info/SOURCES.txt

@@ -1,57 +0,0 @@
-LICENSE
-MANIFEST.in
-README.rst
-pyproject.toml
-cardo_python_utils.egg-info/PKG-INFO
-cardo_python_utils.egg-info/SOURCES.txt
-cardo_python_utils.egg-info/dependency_links.txt
-cardo_python_utils.egg-info/requires.txt
-cardo_python_utils.egg-info/top_level.txt
-python_utils/__init__.py
-python_utils/choices.py
-python_utils/data_structures.py
-python_utils/db.py
-python_utils/django_utils.py
-python_utils/esma_choices.py
-python_utils/exceptions.py
-python_utils/imports.py
-python_utils/math.py
-python_utils/text.py
-python_utils/time.py
-python_utils/types_hinting.py
-python_utils/keycloak/utils.py
-python_utils/keycloak/django/__init__.py
-python_utils/keycloak/django/service.py
-python_utils/keycloak/django/admin/__init__.py
-python_utils/keycloak/django/admin/auth.py
-python_utils/keycloak/django/admin/user_group.py
-python_utils/keycloak/django/admin/user_groups_changelist.html
-python_utils/keycloak/django/api/__init__.py
-python_utils/keycloak/django/api/drf.py
-python_utils/keycloak/django/api/ninja.py
-python_utils/keycloak/django/api/utils.py
-python_utils/keycloak/django/models/__init__.py
-python_utils/keycloak/django/models/user_group.py
-python_utils/keycloak/django/tests/__init__.py
-python_utils/keycloak/django/tests/conftest.py
-python_utils/multi_tenancy/README.md
-python_utils/multi_tenancy/__init__.py
-python_utils/multi_tenancy/apps.py
-python_utils/multi_tenancy/settings.py
-python_utils/multi_tenancy/tenant_context.py
-python_utils/multi_tenancy/celery/__init__.py
-python_utils/multi_tenancy/celery/tenant_aware_task.py
-python_utils/multi_tenancy/db/__init__.py
-python_utils/multi_tenancy/db/routers.py
-python_utils/multi_tenancy/db/transaction.py
-python_utils/multi_tenancy/db/utils.py
-python_utils/multi_tenancy/management/__init__.py
-python_utils/multi_tenancy/management/commands/__init__.py
-python_utils/multi_tenancy/management/commands/migrateall.py
-python_utils/multi_tenancy/management/commands/tenant_aware_command.py
-python_utils/multi_tenancy/middleware/__init__.py
-python_utils/multi_tenancy/middleware/tenant_http_middleware.py
-python_utils/multi_tenancy/redis/__init__.py
-python_utils/multi_tenancy/redis/key_function.py
-python_utils/multi_tenancy/storage/__init__.py
-python_utils/multi_tenancy/storage/tenant_aware_storage.py

cardo_python_utils-0.5.dev31/python_utils/keycloak/utils.py

@@ -1,51 +0,0 @@
-import os
-import requests
-
-KEYCLOAK_SERVER_URL = os.getenv("KEYCLOAK_SERVER_URL")
-KEYCLOAK_REALM = os.getenv("KEYCLOAK_REALM")
-KEYCLOAK_REALM_URL = f"{KEYCLOAK_SERVER_URL}/realms/{KEYCLOAK_REALM}"
-KEYCLOAK_TOKEN_ENDPOINT = f"{KEYCLOAK_REALM_URL}/protocol/openid-connect/token"
-
-KEYCLOAK_CONFIDENTIAL_CLIENT_ID = os.getenv("KEYCLOAK_CONFIDENTIAL_CLIENT_ID")
-KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATH = os.getenv(
-    "KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATH"
-)
-KEYCLOAK_CLIENT_CREDENTIALS_GRANT_TYPE = "client_credentials"
-KEYCLOAK_CLIENT_ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
-
-
-def get_confidential_client_service_account_token() -> str:
-    """
-    Reads the Keycloak confidential client service account token from a file.
-    """
-    token_file_path = KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATH
-    if not token_file_path or not os.path.isfile(token_file_path):
-        raise FileNotFoundError(f"Keycloak service account token file not found: {token_file_path}")
-
-    with open(token_file_path, "r") as f:
-        token = f.read().strip()
-
-    if not token:
-        raise ValueError("Keycloak service account token is empty.")
-
-    return token
-
-
-def get_keycloak_confidential_client_token(**kwargs) -> dict:
-    """
-    Obtains token for a Keycloak confidential client with the client credentials grant,
-    using a service account token for authentication.
-    """
-
-    response = requests.post(
-        KEYCLOAK_TOKEN_ENDPOINT,
-        data={
-            "grant_type": KEYCLOAK_CLIENT_CREDENTIALS_GRANT_TYPE,
-            "client_assertion_type": KEYCLOAK_CLIENT_ASSERTION_TYPE,
-            "client_assertion": get_confidential_client_service_account_token(),
-            **kwargs,
-        },
-    )
-    response.raise_for_status()
-
-    return response.json()

cardo_python_utils-0.5.dev31/python_utils/multi_tenancy/README.md

@@ -1,62 +0,0 @@
-This package adds multi-tenancy support to a Django application, with a separate database for each tenant.
-Several components are provided to facilitate this, including: database routing, middleware, celery tasks etc.
-
-It is heavily inspired by the implementation of multi-tenancy in the Mercury app by Klement Omeri.
-
-# Usage
-
-To use this package, add the following to your Django settings.py file:
-
-```python3
-INSTALLED_APPS = [
-    ...
-    "python_utils.multi_tenancy",
-    ...
-]
-
-MIDDLEWARE = [
-    "python_utils.multi_tenancy.middleware.TenantAwareHttpMiddleware",
-    ...
-]
-
-# Include the database configuration for each tenant in the DATABASES setting.
-# You can use the get_database_configs() function from python_utils.multi_tenancy.db.utils as a helper.
-DATABASES = {
-    'tenant1': { ... },
-    'tenant2': { ... },
-    ...
-}
-
-# If you want to override the database alias to use for local development (when DEBUG is True).
-# By default, the first database defined in DATABASES is used.
-DEVELOPMENT_TENANT = "development"
-
-# This is required to use the tenant context when routing database queries
-DATABASE_ROUTERS = [
-    "python_utils.multi_tenancy.db.routers.TenantAwareRouter"
-]
-
-# If using celery, set the task class to TenantAwareTask:
-CELERY_TASK_CLS = "python_utils.multi_tenancy.celery.TenantAwareTask"
-
-# If using Redis caching, configure the cache backend as follows:
-CACHES = {
-    "default": {
-        "BACKEND": "django_redis.cache.RedisCache",
-        "LOCATION": REDIS_LOCATION,
-        "KEY_FUNCTION": "python_utils.multi_tenancy.redis.make_key",
-        **OPTIONS,
-    }
-}
-
-# If using Django Storages with S3, configure the storage backends as follows:
-STORAGES = {
-    "default": {
-        "BACKEND": "python_utils.multi_tenancy.storage.TenantAwarePrivateS3Storage",
-    },
-}
-
-# If you want to exclude certain paths from tenant processing, use TENANT_AWARE_EXCLUDED_PATHS:
-# They are considered as prefixes, so all paths starting with the given strings will be excluded.
-TENANT_AWARE_EXCLUDED_PATHS = ("/some/path",)
-```

cardo_python_utils-0.5.dev31/python_utils/multi_tenancy/__init__.py

@@ -1 +0,0 @@
-default_app_config = "python_utils.multi_tenancy.apps.MultiTenancyConfig"

cardo_python_utils-0.5.dev31/python_utils/multi_tenancy/apps.py

@@ -1,7 +0,0 @@
-from django.apps import AppConfig
-
-
-class MultiTenancyConfig(AppConfig):
-    name = "python_utils.multi_tenancy"
-    label = "multi_tenancy"
-    verbose_name = "Multi-Tenancy"

cardo_python_utils-0.5.dev31/python_utils/multi_tenancy/middleware/__init__.py

@@ -1,6 +0,0 @@
-from .tenant_http_middleware import TenantAwareHttpMiddleware
-
-
-__all__ = [
-    "TenantAwareHttpMiddleware",
-]

cardo_python_utils-0.5.dev31/python_utils/multi_tenancy/redis/__init__.py

@@ -1,4 +0,0 @@
-from .key_function import make_key
-
-
-__all__ = ["make_key"]

{cardo_python_utils-0.5.dev31/python_utils/multi_tenancy → cardo_python_utils-0.5.dev32/python_utils/django}/settings.py

@@ -1,7 +1,7 @@
 from django.conf import settings
 
-TENANT_DATABASES = set(settings.DATABASES.keys()) - {"default"}
 TENANT_KEY = "tenant"
+TENANT_DATABASES = set(settings.DATABASES.keys()) - {"default"}
 
 TENANT_AWARE_EXCLUDED_PATHS = getattr(settings, "TENANT_AWARE_EXCLUDED_PATHS", ())
 TENANT_AWARE_EXCLUDED_PATHS = (