cribl-control-plane 0.0.21__py3-none-any.whl → 0.4.0b23__py3-none-any.whl

cribl_control_plane/_hooks/clientcredentials.py

@@ -1,5 +1,6 @@
+"""Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
+
 import hashlib
-import os
 import httpx
 import time
 from .types import (
@@ -20,26 +21,35 @@ class Credentials:
     client_id: str
     client_secret: str
     token_url: str
-    audience: str
+    scopes: Optional[List[str]]
+    additional_properties: Dict[str, str]
 
-    def __init__(self, client_id: str, client_secret: str, token_url: str):
+    def __init__(
+        self,
+        client_id: str,
+        client_secret: str,
+        token_url: str,
+        scopes: Optional[List[str]],
+        additional_properties: Optional[Dict[str, str]] = None,
+    ):
         self.client_id = client_id
         self.client_secret = client_secret
         self.token_url = token_url
-        self.audience = os.getenv("CRIBLCONTROLPLANE_AUDIENCE", "https://api.cribl.cloud") # Set default audience here
+        self.scopes = scopes
+        self.additional_properties = additional_properties or {}
 
 
 class Session:
     credentials: Credentials
     token: str
-    scopes: Optional[List[str]] = None
+    scopes: List[str]
     expires_at: Optional[int] = None
 
     def __init__(
         self,
         credentials: Credentials,
         token: str,
-        scopes: Optional[List[str]] = None,
+        scopes: List[str],
         expires_at: Optional[int] = None,
     ):
         self.credentials = credentials
@@ -50,7 +60,7 @@ class Session:
 
 class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
     client: HttpClient
-    sessions: Dict[str, Session] = {}
+    sessions: Dict[str, Dict[str, Session]] = {}
 
     def sdk_init(self, config: SDKConfiguration) -> SDKConfiguration:
         if config.client is None:
@@ -62,8 +72,7 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
     def before_request(
         self, hook_ctx: BeforeRequestContext, request: httpx.Request
     ) -> httpx.Request:
-        if hook_ctx.oauth2_scopes is None:
-            # OAuth2 not in use
+        if self.is_hook_disabled(hook_ctx):
             return request
 
         credentials = self.get_credentials(hook_ctx)
@@ -74,22 +83,24 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
             credentials.client_id, credentials.client_secret
         )
 
-        if (
-            session_key not in self.sessions
-            or not self.has_required_scopes(
-                self.sessions[session_key].scopes, hook_ctx.oauth2_scopes
-            )
-            or self.has_token_expired(self.sessions[session_key].expires_at)
-        ):
-            sess = self.do_token_request(
+        scopes = self.get_required_scopes(credentials, hook_ctx)
+        session = self.get_existing_session(session_key, scopes)
+
+        if session is None:
+            # Create new session
+            session = self.do_token_request(
                 hook_ctx,
                 credentials,
-                self.get_scopes(hook_ctx.oauth2_scopes, self.sessions.get(session_key)),
+                scopes,
             )
 
-            self.sessions[session_key] = sess
+            if session_key not in self.sessions:
+                self.sessions[session_key] = {}
+
+            scope_key = self.get_scope_key(scopes)
+            self.sessions[session_key][scope_key] = session
 
-        request.headers["Authorization"] = f"Bearer {self.sessions[session_key].token}"
+        request.headers["Authorization"] = f"Bearer {session.token}"
 
         return request
 
@@ -99,8 +110,7 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
         response: Optional[httpx.Response],
         error: Optional[Exception],
     ) -> Union[Tuple[Optional[httpx.Response], Optional[Exception]], Exception]:
-        if hook_ctx.oauth2_scopes is None:
-            # OAuth2 not in use
+        if self.is_hook_disabled(hook_ctx):
             return (response, error)
 
         # We don't want to refresh the token if the error is not related to the token
@@ -115,12 +125,15 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
             session_key = self.get_session_key(
                 credentials.client_id, credentials.client_secret
             )
-
-            if session_key in self.sessions:
-                del self.sessions[session_key]
+            scopes = self.get_required_scopes(credentials, hook_ctx)
+            scope_key = self.get_scope_key(scopes)
+            self.remove_session(session_key, scope_key)
 
         return (response, error)
 
+    def is_hook_disabled(self, hook_ctx: HookContext) -> bool:
+        return hook_ctx.oauth2_scopes is None
+
     def get_credentials(self, hook_ctx: HookContext) -> Optional[Credentials]:
         source = hook_ctx.security_source
 
@@ -135,17 +148,22 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
         if security is None or security.client_oauth is None:
             return None
 
+        # Extract additional properties from security object
+        additional_properties = {}
+        for key, value in dict(security.client_oauth).items():
+            if key not in ["client_id", "client_secret", "token_url", "scopes"]:
+                additional_properties[key] = value
+
         return Credentials(
             client_id=security.client_oauth.client_id,
             client_secret=security.client_oauth.client_secret,
             token_url=security.client_oauth.token_url,
+            scopes=None,
+            additional_properties=additional_properties,
         )
 
     def do_token_request(
-        self,
-        hook_ctx: HookContext,
-        credentials: Credentials,
-        scopes: Optional[List[str]],
+        self, hook_ctx: HookContext, credentials: Credentials, scopes: List[str]
     ) -> Session:
         payload = {
             "grant_type": "client_credentials",
@@ -153,12 +171,13 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
             "client_secret": credentials.client_secret,
         }
 
-        if credentials.audience is not None:
-            payload["audience"] = credentials.audience
-
-        if scopes is not None and len(scopes) > 0:
+        if len(scopes) > 0:
             payload["scope"] = " ".join(scopes)
 
+        # Add additional properties to payload
+        for key, value in credentials.additional_properties.items():
+            payload[key] = value
+
         token_url = credentials.token_url
         if not bool(urlparse(credentials.token_url).netloc):
             token_url = urljoin(hook_ctx.base_url, credentials.token_url)
@@ -173,7 +192,7 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
 
         response_data = response.json()
 
-        if response_data.get("token_type") != "Bearer":
+        if response_data.get("token_type", "").lower() != "bearer":
             raise Exception("Unexpected token type from token endpoint")
 
         expires_at = None
@@ -188,24 +207,70 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
         )
 
     def get_session_key(self, client_id: str, client_secret: str) -> str:
+        """Generate a consistent session key for the given client ID and secret."""
         return hashlib.md5(f"{client_id}:{client_secret}".encode()).hexdigest()
 
+    def get_required_scopes(
+        self, credentials: Credentials, hook_ctx: HookContext
+    ) -> List[str]:
+        """Return the list of scopes that need to be requested."""
+        if credentials.scopes is not None:
+            return credentials.scopes
+        return hook_ctx.oauth2_scopes or []
+
+    def get_scope_key(self, scopes: List[str]) -> str:
+        """Generate a consistent scope key for the given scopes."""
+        if not scopes:
+            return ""
+
+        sorted_scopes = sorted(scopes)
+        return "&".join(sorted_scopes)
+
+    def remove_session(self, client_key: str, scope_key: str) -> None:
+        """Remove a session and clean up empty client session maps."""
+        if client_key in self.sessions and scope_key in self.sessions[client_key]:
+            del self.sessions[client_key][scope_key]
+
+            # Clean up empty client sessions
+            if not self.sessions[client_key]:
+                del self.sessions[client_key]
+
+    def get_existing_session(
+        self, client_key: str, required_scopes: List[str]
+    ) -> Optional[Session]:
+        """Find the best session for the required scopes."""
+        if client_key not in self.sessions:
+            return None
+
+        client_sessions = self.sessions[client_key]
+        scope_key = self.get_scope_key(required_scopes)
+
+        if scope_key in client_sessions:
+            exact_match = client_sessions[scope_key]
+            if self.has_token_expired(exact_match.expires_at):
+                self.remove_session(client_key, scope_key)
+            else:
+                return exact_match
+
+        # If no exact match was found, look for a superset match
+        for key, session in client_sessions.items():
+            if self.has_token_expired(session.expires_at):
+                self.remove_session(client_key, key)
+            elif self.has_required_scopes(session.scopes, required_scopes):
+                return session
+
+        return None
+
     def has_required_scopes(
-        self, scopes: Optional[List[str]], required_scopes: List[str]
+        self, scopes: List[str], required_scopes: List[str]
     ) -> bool:
-        if scopes is None:
-            return False
-
+        """Check if all required scopes are present in the given scopes."""
         return all(scope in scopes for scope in required_scopes)
 
-    def get_scopes(
-        self, required_scopes: List[str], sess: Optional[Session]
-    ) -> List[str]:
-        scopes = required_scopes.copy()
-        if sess is not None and sess.scopes is not None:
-            scopes.extend(sess.scopes)
-            scopes = list(set(scopes))
-        return scopes
-
     def has_token_expired(self, expires_at: Optional[int]) -> bool:
-        return expires_at is None or time.time() + 60 >= expires_at
+        """
+        Check if the token has expired.
+        If no expires_in field was returned by the authorization server, the token is considered to never expire.
+        A 60-second buffer is applied to refresh tokens before they actually expire.
+        """
+        return expires_at is not None and time.time() + 60 >= expires_at

cribl_control_plane/_version.py

@@ -3,10 +3,10 @@
 import importlib.metadata
 
 __title__: str = "cribl-control-plane"
-__version__: str = "0.0.21"
-__openapi_doc_version__: str = "4.14.0-alpha.1754075358312-9b381cdf"
-__gen_version__: str = "2.660.0"
-__user_agent__: str = "speakeasy-sdk/python 0.0.21 2.660.0 4.14.0-alpha.1754075358312-9b381cdf cribl-control-plane"
+__version__: str = "0.4.0b23"
+__openapi_doc_version__: str = "4.16.0-alpha.1765487092497-ed578836"
+__gen_version__: str = "2.778.0"
+__user_agent__: str = "speakeasy-sdk/python 0.4.0b23 2.778.0 4.16.0-alpha.1765487092497-ed578836 cribl-control-plane"
 
 try:
     if __package__ is not None:

cribl_control_plane/acl.py

@@ -0,0 +1,225 @@
+"""Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
+
+from .basesdk import BaseSDK
+from .sdkconfiguration import SDKConfiguration
+from cribl_control_plane import errors, models, utils
+from cribl_control_plane._hooks import HookContext
+from cribl_control_plane.teams import Teams
+from cribl_control_plane.types import OptionalNullable, UNSET
+from cribl_control_plane.utils import get_security_from_env
+from cribl_control_plane.utils.unmarshal_json_response import unmarshal_json_response
+from typing import Any, Mapping, Optional
+
+
+class ACL(BaseSDK):
+    teams: Teams
+
+    def __init__(
+        self, sdk_config: SDKConfiguration, parent_ref: Optional[object] = None
+    ) -> None:
+        BaseSDK.__init__(self, sdk_config, parent_ref=parent_ref)
+        self.sdk_configuration = sdk_config
+        self._init_sdks()
+
+    def _init_sdks(self):
+        self.teams = Teams(self.sdk_configuration, parent_ref=self.parent_ref)
+
+    def get(
+        self,
+        *,
+        product: models.ProductsCore,
+        id: str,
+        type_: Optional[models.RbacResource] = None,
+        retries: OptionalNullable[utils.RetryConfig] = UNSET,
+        server_url: Optional[str] = None,
+        timeout_ms: Optional[int] = None,
+        http_headers: Optional[Mapping[str, str]] = None,
+    ) -> models.CountedUserAccessControlList:
+        r"""Get the Access Control List for a Worker Group or Edge Fleet
+
+        Get the Access Control List (ACL) for the specified Worker Group or Edge Fleet.
+
+        :param product: Name of the Cribl product to get the Worker Groups or Edge Fleets for.
+        :param id: The <code>id</code> of the Worker Group or Edge Fleet to get the ACL for.
+        :param type: Filter for limiting the response to ACL entries for the specified RBAC resource type.
+        :param retries: Override the default retry configuration for this method
+        :param server_url: Override the default server URL for this method
+        :param timeout_ms: Override the default request timeout configuration for this method in milliseconds
+        :param http_headers: Additional headers to set or replace on requests.
+        """
+        base_url = None
+        url_variables = None
+        if timeout_ms is None:
+            timeout_ms = self.sdk_configuration.timeout_ms
+
+        if server_url is not None:
+            base_url = server_url
+        else:
+            base_url = self._get_url(base_url, url_variables)
+
+        request = models.GetConfigGroupACLByProductAndIDRequest(
+            product=product,
+            id=id,
+            type=type_,
+        )
+
+        req = self._build_request(
+            method="GET",
+            path="/products/{product}/groups/{id}/acl",
+            base_url=base_url,
+            url_variables=url_variables,
+            request=request,
+            request_body_required=False,
+            request_has_path_params=True,
+            request_has_query_params=True,
+            user_agent_header="user-agent",
+            accept_header_value="application/json",
+            http_headers=http_headers,
+            security=self.sdk_configuration.security,
+            allow_empty_value=None,
+            timeout_ms=timeout_ms,
+        )
+
+        if retries == UNSET:
+            if self.sdk_configuration.retry_config is not UNSET:
+                retries = self.sdk_configuration.retry_config
+            else:
+                retries = utils.RetryConfig(
+                    "backoff", utils.BackoffStrategy(500, 60000, 1.5, 3600000), True
+                )
+
+        retry_config = None
+        if isinstance(retries, utils.RetryConfig):
+            retry_config = (retries, ["429"])
+
+        http_res = self.do_request(
+            hook_ctx=HookContext(
+                config=self.sdk_configuration,
+                base_url=base_url or "",
+                operation_id="getConfigGroupAclByProductAndId",
+                oauth2_scopes=[],
+                security_source=get_security_from_env(
+                    self.sdk_configuration.security, models.Security
+                ),
+            ),
+            request=req,
+            error_status_codes=["401", "4XX", "500", "5XX"],
+            retry_config=retry_config,
+        )
+
+        response_data: Any = None
+        if utils.match_response(http_res, "200", "application/json"):
+            return unmarshal_json_response(
+                models.CountedUserAccessControlList, http_res
+            )
+        if utils.match_response(http_res, "500", "application/json"):
+            response_data = unmarshal_json_response(errors.ErrorData, http_res)
+            raise errors.Error(response_data, http_res)
+        if utils.match_response(http_res, ["401", "4XX"], "*"):
+            http_res_text = utils.stream_to_text(http_res)
+            raise errors.APIError("API error occurred", http_res, http_res_text)
+        if utils.match_response(http_res, "5XX", "*"):
+            http_res_text = utils.stream_to_text(http_res)
+            raise errors.APIError("API error occurred", http_res, http_res_text)
+
+        raise errors.APIError("Unexpected response received", http_res)
+
+    async def get_async(
+        self,
+        *,
+        product: models.ProductsCore,
+        id: str,
+        type_: Optional[models.RbacResource] = None,
+        retries: OptionalNullable[utils.RetryConfig] = UNSET,
+        server_url: Optional[str] = None,
+        timeout_ms: Optional[int] = None,
+        http_headers: Optional[Mapping[str, str]] = None,
+    ) -> models.CountedUserAccessControlList:
+        r"""Get the Access Control List for a Worker Group or Edge Fleet
+
+        Get the Access Control List (ACL) for the specified Worker Group or Edge Fleet.
+
+        :param product: Name of the Cribl product to get the Worker Groups or Edge Fleets for.
+        :param id: The <code>id</code> of the Worker Group or Edge Fleet to get the ACL for.
+        :param type: Filter for limiting the response to ACL entries for the specified RBAC resource type.
+        :param retries: Override the default retry configuration for this method
+        :param server_url: Override the default server URL for this method
+        :param timeout_ms: Override the default request timeout configuration for this method in milliseconds
+        :param http_headers: Additional headers to set or replace on requests.
+        """
+        base_url = None
+        url_variables = None
+        if timeout_ms is None:
+            timeout_ms = self.sdk_configuration.timeout_ms
+
+        if server_url is not None:
+            base_url = server_url
+        else:
+            base_url = self._get_url(base_url, url_variables)
+
+        request = models.GetConfigGroupACLByProductAndIDRequest(
+            product=product,
+            id=id,
+            type=type_,
+        )
+
+        req = self._build_request_async(
+            method="GET",
+            path="/products/{product}/groups/{id}/acl",
+            base_url=base_url,
+            url_variables=url_variables,
+            request=request,
+            request_body_required=False,
+            request_has_path_params=True,
+            request_has_query_params=True,
+            user_agent_header="user-agent",
+            accept_header_value="application/json",
+            http_headers=http_headers,
+            security=self.sdk_configuration.security,
+            allow_empty_value=None,
+            timeout_ms=timeout_ms,
+        )
+
+        if retries == UNSET:
+            if self.sdk_configuration.retry_config is not UNSET:
+                retries = self.sdk_configuration.retry_config
+            else:
+                retries = utils.RetryConfig(
+                    "backoff", utils.BackoffStrategy(500, 60000, 1.5, 3600000), True
+                )
+
+        retry_config = None
+        if isinstance(retries, utils.RetryConfig):
+            retry_config = (retries, ["429"])
+
+        http_res = await self.do_request_async(
+            hook_ctx=HookContext(
+                config=self.sdk_configuration,
+                base_url=base_url or "",
+                operation_id="getConfigGroupAclByProductAndId",
+                oauth2_scopes=[],
+                security_source=get_security_from_env(
+                    self.sdk_configuration.security, models.Security
+                ),
+            ),
+            request=req,
+            error_status_codes=["401", "4XX", "500", "5XX"],
+            retry_config=retry_config,
+        )
+
+        response_data: Any = None
+        if utils.match_response(http_res, "200", "application/json"):
+            return unmarshal_json_response(
+                models.CountedUserAccessControlList, http_res
+            )
+        if utils.match_response(http_res, "500", "application/json"):
+            response_data = unmarshal_json_response(errors.ErrorData, http_res)
+            raise errors.Error(response_data, http_res)
+        if utils.match_response(http_res, ["401", "4XX"], "*"):
+            http_res_text = await utils.stream_to_text_async(http_res)
+            raise errors.APIError("API error occurred", http_res, http_res_text)
+        if utils.match_response(http_res, "5XX", "*"):
+            http_res_text = await utils.stream_to_text_async(http_res)
+            raise errors.APIError("API error occurred", http_res, http_res_text)
+
+        raise errors.APIError("Unexpected response received", http_res)