PyPI - cardo-python-utils - Versions diffs - 0.5.dev31__tar.gz → 0.5.dev33__tar.gz - Mend

cardo-python-utils 0.5.dev31tar.gz → 0.5.dev33tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (69) hide show

cardo_python_utils-0.5.dev33/MANIFEST.in ADDED Viewed

@@ -0,0 +1,5 @@
+include LICENSE
+include README.rst
+include python_utils/django/admin/templates/user_groups_changelist.html
+include python_utils/django/README.md
+recursive-exclude tests *

{cardo_python_utils-0.5.dev31/cardo_python_utils.egg-info → cardo_python_utils-0.5.dev33}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cardo-python-utils
-Version: 0.5.dev31
+Version: 0.5.dev33
 Summary: Python library enhanced with a wide range of functions for different scenarios.
 Author-email: CardoAI <hello@cardoai.com>
 License: MIT
@@ -27,12 +27,14 @@ License-File: LICENSE
 Provides-Extra: django-keycloak
 Requires-Dist: PyJWT>=2.10.1; extra == "django-keycloak"
 Requires-Dist: mozilla-django-oidc>=4.0.1; extra == "django-keycloak"
+Requires-Dist: requests; extra == "django-keycloak"
 Provides-Extra: django-keycloak-groups
 Requires-Dist: python-keycloak>=5.8.1; extra == "django-keycloak-groups"
 Provides-Extra: all
 Requires-Dist: PyJWT>=2.10.1; extra == "all"
 Requires-Dist: mozilla-django-oidc>=4.0.1; extra == "all"
 Requires-Dist: python-keycloak>=5.8.1; extra == "all"
+Requires-Dist: requests; extra == "all"
 Provides-Extra: dev
 Requires-Dist: pytest>=7.0; extra == "dev"
 Requires-Dist: pytest-django>=4.5; extra == "dev"

{cardo_python_utils-0.5.dev31 → cardo_python_utils-0.5.dev33/cardo_python_utils.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cardo-python-utils
-Version: 0.5.dev31
+Version: 0.5.dev33
 Summary: Python library enhanced with a wide range of functions for different scenarios.
 Author-email: CardoAI <hello@cardoai.com>
 License: MIT
@@ -27,12 +27,14 @@ License-File: LICENSE
 Provides-Extra: django-keycloak
 Requires-Dist: PyJWT>=2.10.1; extra == "django-keycloak"
 Requires-Dist: mozilla-django-oidc>=4.0.1; extra == "django-keycloak"
+Requires-Dist: requests; extra == "django-keycloak"
 Provides-Extra: django-keycloak-groups
 Requires-Dist: python-keycloak>=5.8.1; extra == "django-keycloak-groups"
 Provides-Extra: all
 Requires-Dist: PyJWT>=2.10.1; extra == "all"
 Requires-Dist: mozilla-django-oidc>=4.0.1; extra == "all"
 Requires-Dist: python-keycloak>=5.8.1; extra == "all"
+Requires-Dist: requests; extra == "all"
 Provides-Extra: dev
 Requires-Dist: pytest>=7.0; extra == "dev"
 Requires-Dist: pytest-django>=4.5; extra == "dev"

cardo_python_utils-0.5.dev33/cardo_python_utils.egg-info/SOURCES.txt ADDED Viewed

@@ -0,0 +1,58 @@
+LICENSE
+MANIFEST.in
+README.rst
+pyproject.toml
+cardo_python_utils.egg-info/PKG-INFO
+cardo_python_utils.egg-info/SOURCES.txt
+cardo_python_utils.egg-info/dependency_links.txt
+cardo_python_utils.egg-info/requires.txt
+cardo_python_utils.egg-info/top_level.txt
+python_utils/__init__.py
+python_utils/choices.py
+python_utils/data_structures.py
+python_utils/db.py
+python_utils/django_utils.py
+python_utils/esma_choices.py
+python_utils/exceptions.py
+python_utils/imports.py
+python_utils/math.py
+python_utils/text.py
+python_utils/time.py
+python_utils/types_hinting.py
+python_utils/django/README.md
+python_utils/django/__init__.py
+python_utils/django/apps.py
+python_utils/django/oidc_settings.py
+python_utils/django/settings.py
+python_utils/django/tenant_context.py
+python_utils/django/admin/__init__.py
+python_utils/django/admin/auth.py
+python_utils/django/admin/user_group.py
+python_utils/django/admin/views.py
+python_utils/django/admin/templates/__init__.py
+python_utils/django/admin/templates/user_groups_changelist.html
+python_utils/django/api/__init__.py
+python_utils/django/api/drf.py
+python_utils/django/api/ninja.py
+python_utils/django/api/utils.py
+python_utils/django/auth/service.py
+python_utils/django/celery/__init__.py
+python_utils/django/celery/tenant_aware_task.py
+python_utils/django/db/__init__.py
+python_utils/django/db/routers.py
+python_utils/django/db/transaction.py
+python_utils/django/db/utils.py
+python_utils/django/management/__init__.py
+python_utils/django/management/commands/__init__.py
+python_utils/django/management/commands/migrateall.py
+python_utils/django/management/commands/tenant_aware_command.py
+python_utils/django/middleware/__init__.py
+python_utils/django/middleware/tenant_aware_http_middleware.py
+python_utils/django/models/__init__.py
+python_utils/django/models/user_group.py
+python_utils/django/redis/__init__.py
+python_utils/django/redis/key_function.py
+python_utils/django/storage/__init__.py
+python_utils/django/storage/tenant_aware_storage.py
+python_utils/django/tests/__init__.py
+python_utils/django/tests/conftest.py

{cardo_python_utils-0.5.dev31 → cardo_python_utils-0.5.dev33}/cardo_python_utils.egg-info/requires.txt RENAMED Viewed

@@ -3,6 +3,7 @@
 PyJWT>=2.10.1
 mozilla-django-oidc>=4.0.1
 python-keycloak>=5.8.1
+requests
 [dev]
 pytest>=7.0
@@ -13,6 +14,7 @@ tox>=3.25
 [django-keycloak]
 PyJWT>=2.10.1
 mozilla-django-oidc>=4.0.1
+requests
 [django-keycloak-groups]
 python-keycloak>=5.8.1

{cardo_python_utils-0.5.dev31 → cardo_python_utils-0.5.dev33}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "cardo-python-utils"
-version = "0.5.dev31"
+version = "0.5.dev33"
 description = "Python library enhanced with a wide range of functions for different scenarios."
 readme = "README.rst"
 requires-python = ">=3.8"
@@ -34,6 +34,7 @@ dependencies = []
 django-keycloak = [
     "PyJWT>=2.10.1",
     "mozilla-django-oidc>=4.0.1",
+    "requests",
 ]
 django-keycloak-groups = [
     "python-keycloak>=5.8.1",
@@ -42,6 +43,7 @@ all = [
     "PyJWT>=2.10.1",
     "mozilla-django-oidc>=4.0.1",
     "python-keycloak>=5.8.1",
+    "requests",
 ]
 dev = [
     "pytest>=7.0",

cardo_python_utils-0.5.dev33/python_utils/django/README.md ADDED Viewed

@@ -0,0 +1,125 @@
+This package provides utilities for facilitating IDP communication and multi-tenancy support.
+# Usage
+## Environment variables to set
+- AWS_STORAGE_TENANT_BUCKET_NAMES
+  - _This variable should be set if separate tenant buckets are needed._
+  - A JSON dictionary where each key is the tenant name and the value is the bucket name.
+- DATABASE_CONFIG
+  - A JSON dictionary where each key is the tenant name and the value is a dict with the datase config.
+  - If multiple 'DATABASE_CONFIG'-prefixed variables are set, they will be merged into a single dictionary.
+- KEYCLOAK_SERVER_URL
+  - The URL of the Keycloak deployment
+- KEYCLOAK_CONFIDENTIAL_CLIENT_ID
+  - The id of the confidential client of the backend service
+- KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATHS
+  - A JSON dictionary where each key is the tenant name and the value is the file path of the service account token for the confidential client of that tenant
+## settings.py file
+### For multi-tenancy
+```python3
+INSTALLED_APPS = [
+    ...
+    "python_utils.django",
+    ...
+]
+MIDDLEWARE = [
+    "python_utils.django.middleware.TenantAwareHttpMiddleware",
+    ...
+]
+# Include the database configuration for each tenant in the DATABASES setting.
+# You can use the get_database_configs() function from python_utils.django.db.utils as a helper.
+DATABASES = {
+    'tenant1': { ... },
+    'tenant2': { ... },
+    ...
+}
+# If you want to override the database alias to use for local development (when DEBUG is True).
+# By default, the first database defined in DATABASES is used.
+DEVELOPMENT_TENANT = "development"
+# This is required to use the tenant context when routing database queries
+DATABASE_ROUTERS = [
+    "python_utils.django.db.routers.TenantAwareRouter"
+]
+# If using celery, set the task class to TenantAwareTask:
+CELERY_TASK_CLS = "python_utils.django.celery.TenantAwareTask"
+# If using Redis caching, configure the cache backend as follows:
+CACHES = {
+    "default": {
+        "BACKEND": "django_redis.cache.RedisCache",
+        "LOCATION": REDIS_LOCATION,
+        "KEY_FUNCTION": "python_utils.django.redis.make_tenant_aware_key",
+        **OPTIONS,
+    }
+}
+# If using Django Storages with S3, and separate tenant buckets are needed,
+# configure the storage backends as follows:
+STORAGES = {
+    "default": {
+        "BACKEND": "python_utils.django.storage.TenantAwarePrivateS3Storage",
+    },
+}
+# If you want to exclude certain paths from tenant processing, use TENANT_AWARE_EXCLUDED_PATHS:
+# They are considered as prefixes, so all paths starting with the given strings will be excluded.
+TENANT_AWARE_EXCLUDED_PATHS = ("/some/path",)
+```
+### For OIDC auth
+```python3
+from python_utils.django.admin.templates import TEMPLATE_PATH
+INSTALLED_APPS.append("mozilla_django_oidc")
+TEMPLATES[0]["DIRS"].append(TEMPLATE_PATH)
+JWT_AUDIENCE = "myapp"
+JWT_SCOPE_PREFIX = "myapp"
+# If using DRF
+REST_FRAMEWORK.update(
+    {
+        "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
+        "DEFAULT_AUTHENTICATION_CLASSES": ("python_utils.django.api.drf.AuthenticationBackend",),
+        "DEFAULT_PERMISSION_CLASSES": (
+            "rest_framework.permissions.IsAuthenticated",
+            "python_utils.django.api.drf.HasScope",
+        ),
+    }
+)
+# Admin auth backends
+AUTHENTICATION_BACKENDS = [
+    "django.contrib.auth.backends.ModelBackend",
+    "python_utils.django.admin.auth.AdminAuthenticationBackend",
+]
+# If user groups are used for Row Level Security (RLS)
+KEYCLOAK_USER_GROUP_MODEL = "myapp.UserGroup"
+KEYCLOAK_CONFIDENTIAL_CLIENT_ID = os.getenv("KEYCLOAK_CONFIDENTIAL_CLIENT_ID", f"{JWT_AUDIENCE}_confidential")
+OIDC_RP_CLIENT_ID = KEYCLOAK_CONFIDENTIAL_CLIENT_ID
+OIDC_RP_CLIENT_SECRET = None
+OIDC_RP_SIGN_ALGO = "RS256"
+OIDC_CREATE_USER = True
+LOGIN_REDIRECT_URL = "/admin"
+SESSION_COOKIE_AGE = 60 * 30  # 30 minutes
+SESSION_SAVE_EVERY_REQUEST = True  # Extend session on each request
+```
+## With django-ninja
+If using `django-ninja`, apart from the settings configured above, auth utils are provided in the django/api/ninja.py module.

cardo_python_utils-0.5.dev33/python_utils/django/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ default_app_config = "python_utils.django.apps.DjangoAppConfig"

{cardo_python_utils-0.5.dev31/python_utils/keycloak → cardo_python_utils-0.5.dev33/python_utils}/django/admin/auth.py RENAMED Viewed

@@ -1,17 +1,48 @@
 from django.conf import settings
 from mozilla_django_oidc.auth import OIDCAuthenticationBackend
-from ...utils import get_keycloak_confidential_client_token
+from ..oidc_settings import (
+    get_oidc_confidential_client_token,
+    get_oidc_op_token_endpoint,
+    get_oidc_op_user_endpoint,
+    get_oidc_op_jwks_endpoint,
+)
 class AdminAuthenticationBackend(OIDCAuthenticationBackend):
+    """
+    Tenant-aware OIDC authentication backend for Django admin.
+    This backend dynamically resolves OIDC endpoints based on the current
+    tenant context, allowing each tenant to authenticate against their
+    own Keycloak realm.
+    """
+    @property
+    def OIDC_OP_TOKEN_ENDPOINT(self):
+        """Dynamically get the token endpoint for the current tenant."""
+        return get_oidc_op_token_endpoint()
+    @property
+    def OIDC_OP_USER_ENDPOINT(self):
+        """Dynamically get the userinfo endpoint for the current tenant."""
+        return get_oidc_op_user_endpoint()
+    @property
+    def OIDC_OP_JWKS_ENDPOINT(self):
+        """Dynamically get the JWKS endpoint for the current tenant."""
+        return get_oidc_op_jwks_endpoint()
     def get_token(self, payload):
         # Instead of passing client_id and client_secret,
         # client_assertion with service account token will be used
         payload.pop("client_id", None)
         payload.pop("client_secret", None)
-        return get_keycloak_confidential_client_token(**payload)
+        return get_oidc_confidential_client_token(**payload)
     def _get_user_data(self, claims) -> dict:
         client_roles = (

cardo_python_utils-0.5.dev33/python_utils/django/admin/templates/__init__.py ADDED Viewed

@@ -0,0 +1,3 @@
+import os
+TEMPLATE_PATH = os.path.dirname(__file__)

{cardo_python_utils-0.5.dev31/python_utils/keycloak → cardo_python_utils-0.5.dev33/python_utils}/django/admin/user_group.py RENAMED Viewed

@@ -5,7 +5,7 @@ from django.db.models import Count
 from django.urls import path
 from django.shortcuts import redirect
-from ..service import KeycloakService
+from ..auth.service import KeycloakService
 class UserGroupAdminMetaclass(forms.MediaDefiningClass):

cardo_python_utils-0.5.dev33/python_utils/django/admin/views.py ADDED Viewed

@@ -0,0 +1,63 @@
+"""
+Tenant-aware OIDC views for mozilla-django-oidc.
+These views override the default mozilla-django-oidc views to dynamically
+resolve OIDC endpoints based on the current tenant context.
+"""
+from mozilla_django_oidc.views import (
+    OIDCAuthenticationCallbackView,
+    OIDCAuthenticationRequestView,
+    OIDCLogoutView,
+)
+from ..oidc_settings import (
+    get_oidc_op_authorization_endpoint,
+    get_oidc_op_logout_endpoint,
+)
+class TenantAwareOIDCAuthenticationRequestView(OIDCAuthenticationRequestView):
+    """
+    Tenant-aware OIDC authentication request view.
+    Dynamically resolves the authorization endpoint based on the current tenant.
+    """
+    @property
+    def OIDC_OP_AUTH_ENDPOINT(self):
+        """Dynamically get the authorization endpoint for the current tenant."""
+        return get_oidc_op_authorization_endpoint()
+    def get_settings(self, attr, *args):
+        if attr == "OIDC_OP_AUTHORIZATION_ENDPOINT":
+            return self.OIDC_OP_AUTH_ENDPOINT
+        return super().get_settings(attr, *args)
+class TenantAwareOIDCAuthenticationCallbackView(OIDCAuthenticationCallbackView):
+    """
+    Tenant-aware OIDC authentication callback view.
+    Uses the tenant-aware authentication backend.
+    """
+    pass
+class TenantAwareOIDCLogoutView(OIDCLogoutView):
+    """
+    Tenant-aware OIDC logout view.
+    Dynamically resolves the logout endpoint based on the current tenant.
+    """
+    @property
+    def OIDC_OP_LOGOUT_ENDPOINT(self):
+        """Dynamically get the logout endpoint for the current tenant."""
+        return get_oidc_op_logout_endpoint()
+    def get_settings(self, attr, *args):
+        if attr == "OIDC_OP_LOGOUT_ENDPOINT":
+            return self.OIDC_OP_LOGOUT_ENDPOINT
+        return super().get_settings(attr, *args)

{cardo_python_utils-0.5.dev31/python_utils/keycloak → cardo_python_utils-0.5.dev33/python_utils}/django/api/utils.py RENAMED Viewed

@@ -4,10 +4,25 @@ from django.conf import settings
 from django.contrib.auth import get_user_model
 from jwt import decode, PyJWKClient
-jwks_client = PyJWKClient(getattr(settings, "JWKS_URL", ""))
+from ..oidc_settings import get_oidc_op_jwks_endpoint
+from ..tenant_context import TenantContext
+JWKS_CLIENTS = {}  # Cache for PyJWKClient instances
+def get_jwks_client():
+    tenant = TenantContext.get()
+    if tenant not in JWKS_CLIENTS:
+        jwks_client = PyJWKClient(get_oidc_op_jwks_endpoint())
+        JWKS_CLIENTS[tenant] = jwks_client
+    return JWKS_CLIENTS[tenant]
 User = get_user_model()
 class TokenPayload(TypedDict, total=False):
     exp: int
     iat: int
@@ -35,6 +50,7 @@ def decode_jwt(token: str, audience: Optional[str] = None) -> TokenPayload:
         jwt.exceptions.PyJWKClientError: If there is an error fetching the signing key.
         jwt.exceptions.InvalidTokenError: If the token is invalid or cannot be decoded.
     """
+    jwks_client = get_jwks_client()
     signing_key = jwks_client.get_signing_key_from_jwt(token)
     if audience is None:

cardo_python_utils-0.5.dev33/python_utils/django/apps.py ADDED Viewed

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+class DjangoAppConfig(AppConfig):
+    name = "python_utils.django"

{cardo_python_utils-0.5.dev31/python_utils/keycloak/django → cardo_python_utils-0.5.dev33/python_utils/django/auth}/service.py RENAMED Viewed

@@ -5,12 +5,12 @@ from keycloak import KeycloakAdmin
 from keycloak import KeycloakOpenIDConnection
 from keycloak.exceptions import KeycloakGetError
-from ..utils import (
+from ..oidc_settings import (
     KEYCLOAK_SERVER_URL,
-    KEYCLOAK_REALM,
     KEYCLOAK_CONFIDENTIAL_CLIENT_ID,
-    get_keycloak_confidential_client_token,
+    get_oidc_confidential_client_token,
 )
+from ..tenant_context import TenantContext
 def get_user_group_model():
@@ -67,12 +67,14 @@ class KeycloakService:
             deleted_groups.delete()
     def _get_keycloak_admin(self):
+        tenant = TenantContext.get()
         keycloak_connection = KeycloakOpenIDConnection(
             server_url=KEYCLOAK_SERVER_URL,
-            realm_name=KEYCLOAK_REALM,
-            user_realm_name=KEYCLOAK_REALM,
+            realm_name=tenant,
+            user_realm_name=tenant,
             client_id=KEYCLOAK_CONFIDENTIAL_CLIENT_ID,
-            token=get_keycloak_confidential_client_token(),
+            token=get_oidc_confidential_client_token(),
             verify=True,
         )
         return KeycloakAdmin(connection=keycloak_connection)

cardo_python_utils-0.5.dev33/python_utils/django/middleware/__init__.py ADDED Viewed

@@ -0,0 +1,6 @@
+from .tenant_aware_http_middleware import TenantAwareHttpMiddleware
+__all__ = [
+    "TenantAwareHttpMiddleware",
+]

cardo_python_utils-0.5.dev31/python_utils/multi_tenancy/middleware/tenant_http_middleware.py → cardo_python_utils-0.5.dev33/python_utils/django/middleware/tenant_aware_http_middleware.py RENAMED Viewed

@@ -5,7 +5,7 @@ from django.conf import settings
 from django.core.handlers.wsgi import WSGIRequest
 from django.http import HttpResponse
-from ..settings import DEVELOPMENT_TENANT, TENANT_AWARE_EXCLUDED_PATHS, TENANT_DATABASES
+from ..settings import DEVELOPMENT_TENANT, TENANT_AWARE_EXCLUDED_PATHS
 from ..tenant_context import TenantContext
 logger = logging.getLogger(__name__)
@@ -51,9 +51,6 @@ class TenantAwareHttpMiddleware:
         if self._is_excluded_path(request.path):
             return self.get_response(request)
-        if TenantContext.is_set():
-            raise Exception("Tenant context already set")
         # In DEBUG mode, use DEVELOPMENT_TENANT directly
         # In production, extract tenant from subdomain
         if settings.DEBUG:
@@ -64,10 +61,6 @@ class TenantAwareHttpMiddleware:
             if tenant is None:
                 raise Exception(f"Could not determine tenant from subdomain. Host: {request.get_host()}")
-        # Validate tenant exists in configured databases
-        if not self._is_valid_tenant(tenant):
-            raise Exception(f"Unknown tenant: {tenant}")
         # Call the next middleware in the chain until the response is returned.
         # After that, the database alias is removed from the thread local variable.
         with TenantContext(tenant):
@@ -94,27 +87,17 @@ class TenantAwareHttpMiddleware:
         - <app>.tenant-internal.domain.com -> tenant (strips -internal suffix)
         """
         host = request.get_host().split(":")[0]  # Remove port if present
+        if host == "testserver":
+            logger.debug("Using 'default' tenant for testserver host.")
+            return "default"
         parts = host.split(".")
         # Need at least 3 parts: <app>.<tenant>.<domain>
         if len(parts) >= 3:
-            tenant = self._normalize_tenant(parts[1])
+            tenant = parts[1].replace("-internal", "")
             logger.debug(f"Tenant '{tenant}' extracted from subdomain: {host}")
             return tenant
         return None
-    @staticmethod
-    def _normalize_tenant(tenant: str) -> str:
-        # Remove -internal suffix if present
-        if tenant.endswith("-internal"):
-            return tenant[: -len("-internal")]
-        return tenant
-    @staticmethod
-    def _is_valid_tenant(tenant: str) -> bool:
-        """
-        Validate that the tenant exists in configured databases.
-        Skip 'default' as it's typically a placeholder.
-        """
-        return tenant in TENANT_DATABASES

cardo_python_utils-0.5.dev33/python_utils/django/oidc_settings.py ADDED Viewed

@@ -0,0 +1,85 @@
+"""
+This module provides dynamic OIDC configuration based on the current tenant context.
+Each tenant has its own Keycloak realm, and the OIDC endpoints are computed
+dynamically based on the tenant.
+"""
+import json
+import os
+import requests
+from .tenant_context import TenantContext
+KEYCLOAK_SERVER_URL = os.getenv("KEYCLOAK_SERVER_URL", None)
+KEYCLOAK_CONFIDENTIAL_CLIENT_ID = os.getenv("KEYCLOAK_CONFIDENTIAL_CLIENT_ID", None)
+KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATHS: dict[str, str] = json.loads(
+    os.getenv("KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATHS", "{}")
+)
+KEYCLOAK_CLIENT_CREDENTIALS_GRANT_TYPE = "client_credentials"
+KEYCLOAK_CLIENT_ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
+def get_oidc_op_base_url() -> str:
+    """Get the base URL for the OIDC provider (Keycloak realm URL)."""
+    realm = TenantContext.get()
+    return f"{KEYCLOAK_SERVER_URL}/realms/{realm}"
+def get_oidc_op_authorization_endpoint() -> str:
+    return f"{get_oidc_op_base_url()}/protocol/openid-connect/auth"
+def get_oidc_op_token_endpoint() -> str:
+    return f"{get_oidc_op_base_url()}/protocol/openid-connect/token"
+def get_oidc_op_user_endpoint() -> str:
+    return f"{get_oidc_op_base_url()}/protocol/openid-connect/userinfo"
+def get_oidc_op_jwks_endpoint() -> str:
+    return f"{get_oidc_op_base_url()}/protocol/openid-connect/certs"
+def get_oidc_op_logout_endpoint() -> str:
+    return f"{get_oidc_op_base_url()}/protocol/openid-connect/logout"
+def get_confidential_client_service_account_token() -> str:
+    """
+    Reads the Keycloak confidential client service account token for the current tenant from a file.
+    """
+    tenant = TenantContext.get()
+    token_file_path = KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATHS.get(tenant)
+    if not token_file_path or not os.path.isfile(token_file_path):
+        raise FileNotFoundError(f"Keycloak service account token file for tenant {tenant} not found: {token_file_path}")
+    with open(token_file_path, "r") as f:
+        token = f.read().strip()
+    if not token:
+        raise ValueError(f"Keycloak service account token for tenant {tenant} is empty.")
+    return token
+def get_oidc_confidential_client_token(**kwargs) -> dict:
+    """
+    Obtains token for an OIDC confidential client with the client credentials grant,
+    using a service account token for authentication.
+    """
+    response = requests.post(
+        get_oidc_op_token_endpoint(),
+        data={
+            "grant_type": KEYCLOAK_CLIENT_CREDENTIALS_GRANT_TYPE,
+            "client_assertion_type": KEYCLOAK_CLIENT_ASSERTION_TYPE,
+            "client_assertion": get_confidential_client_service_account_token(),
+            **kwargs,
+        },
+    )
+    response.raise_for_status()
+    return response.json()

cardo_python_utils-0.5.dev33/python_utils/django/redis/__init__.py ADDED Viewed

@@ -0,0 +1,4 @@
+from .key_function import make_tenant_aware_key
+__all__ = ["make_tenant_aware_key"]

{cardo_python_utils-0.5.dev31/python_utils/multi_tenancy → cardo_python_utils-0.5.dev33/python_utils/django}/redis/key_function.py RENAMED Viewed

@@ -1,5 +1,5 @@
 from ..tenant_context import TenantContext
-def make_key(key, key_prefix, version):
+def make_tenant_aware_key(key, key_prefix, version):
     return ":".join([TenantContext.get(), key_prefix, str(version), key])

{cardo_python_utils-0.5.dev31/python_utils/multi_tenancy → cardo_python_utils-0.5.dev33/python_utils/django}/settings.py RENAMED Viewed

@@ -1,7 +1,8 @@
 from django.conf import settings
-TENANT_DATABASES = set(settings.DATABASES.keys()) - {"default"}
 TENANT_KEY = "tenant"
+DATABASES = settings.DATABASES
+TENANT_DATABASES = set(settings.DATABASES.keys()) - {"default"}
 TENANT_AWARE_EXCLUDED_PATHS = getattr(settings, "TENANT_AWARE_EXCLUDED_PATHS", ())
 TENANT_AWARE_EXCLUDED_PATHS = (
@@ -14,4 +15,9 @@ TENANT_AWARE_EXCLUDED_PATHS = (
     "/mediafiles",
 )
-DEVELOPMENT_TENANT = getattr(settings, "DEVELOPMENT_TENANT", list(TENANT_DATABASES)[0])
+DEVELOPMENT_TENANT = getattr(settings, "DEVELOPMENT_TENANT")
+if DEVELOPMENT_TENANT is None:
+    if TENANT_DATABASES:
+        DEVELOPMENT_TENANT = list(TENANT_DATABASES)[0]
+    else:
+        DEVELOPMENT_TENANT = list(DATABASES.keys())[0]

{cardo_python_utils-0.5.dev31/python_utils/multi_tenancy → cardo_python_utils-0.5.dev33/python_utils/django}/tenant_context.py RENAMED Viewed

@@ -4,7 +4,7 @@ from contextlib import ContextDecorator
 from threading import local
 from typing import Optional
-from .settings import TENANT_DATABASES
+from .settings import DATABASES
 logger = logging.getLogger(__name__)
 thread_namespace = local()
@@ -75,7 +75,7 @@ class TenantContext(ContextDecorator):
                 logger.info("Tenant context already set to %s", tenant)
                 return
-        if tenant not in TENANT_DATABASES:
+        if tenant not in DATABASES:
             logger.error(f"Tenant '{tenant}' not found in DATABASES settings.")
             return sys.exit(1)

cardo_python_utils-0.5.dev31/MANIFEST.in DELETED Viewed

@@ -1,5 +0,0 @@
-include LICENSE
-include README.rst
-include python_utils/keycloak/django/admin/user_groups_changelist.html
-include python_utils/multi_tenancy/README.md
-recursive-exclude tests *

cardo_python_utils-0.5.dev31/cardo_python_utils.egg-info/SOURCES.txt DELETED Viewed

@@ -1,57 +0,0 @@
-LICENSE
-MANIFEST.in
-README.rst
-pyproject.toml
-cardo_python_utils.egg-info/PKG-INFO
-cardo_python_utils.egg-info/SOURCES.txt
-cardo_python_utils.egg-info/dependency_links.txt
-cardo_python_utils.egg-info/requires.txt
-cardo_python_utils.egg-info/top_level.txt
-python_utils/__init__.py
-python_utils/choices.py
-python_utils/data_structures.py
-python_utils/db.py
-python_utils/django_utils.py
-python_utils/esma_choices.py
-python_utils/exceptions.py
-python_utils/imports.py
-python_utils/math.py
-python_utils/text.py
-python_utils/time.py
-python_utils/types_hinting.py
-python_utils/keycloak/utils.py
-python_utils/keycloak/django/__init__.py
-python_utils/keycloak/django/service.py
-python_utils/keycloak/django/admin/__init__.py
-python_utils/keycloak/django/admin/auth.py
-python_utils/keycloak/django/admin/user_group.py
-python_utils/keycloak/django/admin/user_groups_changelist.html
-python_utils/keycloak/django/api/__init__.py
-python_utils/keycloak/django/api/drf.py
-python_utils/keycloak/django/api/ninja.py
-python_utils/keycloak/django/api/utils.py
-python_utils/keycloak/django/models/__init__.py
-python_utils/keycloak/django/models/user_group.py
-python_utils/keycloak/django/tests/__init__.py
-python_utils/keycloak/django/tests/conftest.py
-python_utils/multi_tenancy/README.md
-python_utils/multi_tenancy/__init__.py
-python_utils/multi_tenancy/apps.py
-python_utils/multi_tenancy/settings.py
-python_utils/multi_tenancy/tenant_context.py
-python_utils/multi_tenancy/celery/__init__.py
-python_utils/multi_tenancy/celery/tenant_aware_task.py
-python_utils/multi_tenancy/db/__init__.py
-python_utils/multi_tenancy/db/routers.py
-python_utils/multi_tenancy/db/transaction.py
-python_utils/multi_tenancy/db/utils.py
-python_utils/multi_tenancy/management/__init__.py
-python_utils/multi_tenancy/management/commands/__init__.py
-python_utils/multi_tenancy/management/commands/migrateall.py
-python_utils/multi_tenancy/management/commands/tenant_aware_command.py
-python_utils/multi_tenancy/middleware/__init__.py
-python_utils/multi_tenancy/middleware/tenant_http_middleware.py
-python_utils/multi_tenancy/redis/__init__.py
-python_utils/multi_tenancy/redis/key_function.py
-python_utils/multi_tenancy/storage/__init__.py
-python_utils/multi_tenancy/storage/tenant_aware_storage.py

cardo_python_utils-0.5.dev31/python_utils/keycloak/utils.py DELETED Viewed

@@ -1,51 +0,0 @@
-import os
-import requests
-KEYCLOAK_SERVER_URL = os.getenv("KEYCLOAK_SERVER_URL")
-KEYCLOAK_REALM = os.getenv("KEYCLOAK_REALM")
-KEYCLOAK_REALM_URL = f"{KEYCLOAK_SERVER_URL}/realms/{KEYCLOAK_REALM}"
-KEYCLOAK_TOKEN_ENDPOINT = f"{KEYCLOAK_REALM_URL}/protocol/openid-connect/token"
-KEYCLOAK_CONFIDENTIAL_CLIENT_ID = os.getenv("KEYCLOAK_CONFIDENTIAL_CLIENT_ID")
-KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATH = os.getenv(
-    "KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATH"
-)
-KEYCLOAK_CLIENT_CREDENTIALS_GRANT_TYPE = "client_credentials"
-KEYCLOAK_CLIENT_ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
-def get_confidential_client_service_account_token() -> str:
-    """
-    Reads the Keycloak confidential client service account token from a file.
-    """
-    token_file_path = KEYCLOAK_CONFIDENTIAL_CLIENT_SERVICE_ACCOUNT_TOKEN_FILE_PATH
-    if not token_file_path or not os.path.isfile(token_file_path):
-        raise FileNotFoundError(f"Keycloak service account token file not found: {token_file_path}")
-    with open(token_file_path, "r") as f:
-        token = f.read().strip()
-    if not token:
-        raise ValueError("Keycloak service account token is empty.")
-    return token
-def get_keycloak_confidential_client_token(**kwargs) -> dict:
-    """
-    Obtains token for a Keycloak confidential client with the client credentials grant,
-    using a service account token for authentication.
-    """
-    response = requests.post(
-        KEYCLOAK_TOKEN_ENDPOINT,
-        data={
-            "grant_type": KEYCLOAK_CLIENT_CREDENTIALS_GRANT_TYPE,
-            "client_assertion_type": KEYCLOAK_CLIENT_ASSERTION_TYPE,
-            "client_assertion": get_confidential_client_service_account_token(),
-            **kwargs,
-        },
-    )
-    response.raise_for_status()
-    return response.json()

cardo_python_utils-0.5.dev31/python_utils/multi_tenancy/README.md DELETED Viewed

@@ -1,62 +0,0 @@
-This package adds multi-tenancy support to a Django application, with a separate database for each tenant.
-Several components are provided to facilitate this, including: database routing, middleware, celery tasks etc.
-It is heavily inspired by the implementation of multi-tenancy in the Mercury app by Klement Omeri.
-# Usage
-To use this package, add the following to your Django settings.py file:
-```python3
-INSTALLED_APPS = [
-    ...
-    "python_utils.multi_tenancy",
-    ...
-]
-MIDDLEWARE = [
-    "python_utils.multi_tenancy.middleware.TenantAwareHttpMiddleware",
-    ...
-]
-# Include the database configuration for each tenant in the DATABASES setting.
-# You can use the get_database_configs() function from python_utils.multi_tenancy.db.utils as a helper.
-DATABASES = {
-    'tenant1': { ... },
-    'tenant2': { ... },
-    ...
-}
-# If you want to override the database alias to use for local development (when DEBUG is True).
-# By default, the first database defined in DATABASES is used.
-DEVELOPMENT_TENANT = "development"
-# This is required to use the tenant context when routing database queries
-DATABASE_ROUTERS = [
-    "python_utils.multi_tenancy.db.routers.TenantAwareRouter"
-]
-# If using celery, set the task class to TenantAwareTask:
-CELERY_TASK_CLS = "python_utils.multi_tenancy.celery.TenantAwareTask"
-# If using Redis caching, configure the cache backend as follows:
-CACHES = {
-    "default": {
-        "BACKEND": "django_redis.cache.RedisCache",
-        "LOCATION": REDIS_LOCATION,
-        "KEY_FUNCTION": "python_utils.multi_tenancy.redis.make_key",
-        **OPTIONS,
-    }
-}
-# If using Django Storages with S3, configure the storage backends as follows:
-STORAGES = {
-    "default": {
-        "BACKEND": "python_utils.multi_tenancy.storage.TenantAwarePrivateS3Storage",
-    },
-}
-# If you want to exclude certain paths from tenant processing, use TENANT_AWARE_EXCLUDED_PATHS:
-# They are considered as prefixes, so all paths starting with the given strings will be excluded.
-TENANT_AWARE_EXCLUDED_PATHS = ("/some/path",)
-```

cardo_python_utils-0.5.dev31/python_utils/multi_tenancy/__init__.py DELETED Viewed

	@@ -1 +0,0 @@
1	- default_app_config = "python_utils.multi_tenancy.apps.MultiTenancyConfig"

cardo_python_utils-0.5.dev31/python_utils/multi_tenancy/apps.py DELETED Viewed

@@ -1,7 +0,0 @@
-from django.apps import AppConfig
-class MultiTenancyConfig(AppConfig):
-    name = "python_utils.multi_tenancy"
-    label = "multi_tenancy"
-    verbose_name = "Multi-Tenancy"