cribl-control-plane 0.1.0b2__py3-none-any.whl → 0.2.0a1__py3-none-any.whl

cribl_control_plane/_hooks/clientcredentials.py

@@ -21,6 +21,7 @@ class Credentials:
     client_id: str
     client_secret: str
     token_url: str
+    scopes: Optional[List[str]]
     additional_properties: Dict[str, str]
 
     def __init__(
@@ -28,25 +29,27 @@ class Credentials:
         client_id: str,
         client_secret: str,
         token_url: str,
+        scopes: Optional[List[str]],
         additional_properties: Optional[Dict[str, str]] = None,
     ):
         self.client_id = client_id
         self.client_secret = client_secret
         self.token_url = token_url
+        self.scopes = scopes
         self.additional_properties = additional_properties or {}
 
 
 class Session:
     credentials: Credentials
     token: str
-    scopes: Optional[List[str]] = None
+    scopes: List[str]
     expires_at: Optional[int] = None
 
     def __init__(
         self,
         credentials: Credentials,
         token: str,
-        scopes: Optional[List[str]] = None,
+        scopes: List[str],
         expires_at: Optional[int] = None,
     ):
         self.credentials = credentials
@@ -57,7 +60,7 @@ class Session:
 
 class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
     client: HttpClient
-    sessions: Dict[str, Session] = {}
+    sessions: Dict[str, Dict[str, Session]] = {}
 
     def sdk_init(self, config: SDKConfiguration) -> SDKConfiguration:
         if config.client is None:
@@ -69,8 +72,7 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
     def before_request(
         self, hook_ctx: BeforeRequestContext, request: httpx.Request
     ) -> httpx.Request:
-        if hook_ctx.oauth2_scopes is None:
-            # OAuth2 not in use
+        if self.is_hook_disabled(hook_ctx):
             return request
 
         credentials = self.get_credentials(hook_ctx)
@@ -81,22 +83,24 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
             credentials.client_id, credentials.client_secret
         )
 
-        if (
-            session_key not in self.sessions
-            or not self.has_required_scopes(
-                self.sessions[session_key].scopes, hook_ctx.oauth2_scopes
-            )
-            or self.has_token_expired(self.sessions[session_key].expires_at)
-        ):
-            sess = self.do_token_request(
+        scopes = self.get_required_scopes(credentials, hook_ctx)
+        session = self.get_existing_session(session_key, scopes)
+
+        if session is None:
+            # Create new session
+            session = self.do_token_request(
                 hook_ctx,
                 credentials,
-                self.get_scopes(hook_ctx.oauth2_scopes, self.sessions.get(session_key)),
+                scopes,
             )
 
-            self.sessions[session_key] = sess
+            if session_key not in self.sessions:
+                self.sessions[session_key] = {}
+
+            scope_key = self.get_scope_key(scopes)
+            self.sessions[session_key][scope_key] = session
 
-        request.headers["Authorization"] = f"Bearer {self.sessions[session_key].token}"
+        request.headers["Authorization"] = f"Bearer {session.token}"
 
         return request
 
@@ -106,8 +110,7 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
         response: Optional[httpx.Response],
         error: Optional[Exception],
     ) -> Union[Tuple[Optional[httpx.Response], Optional[Exception]], Exception]:
-        if hook_ctx.oauth2_scopes is None:
-            # OAuth2 not in use
+        if self.is_hook_disabled(hook_ctx):
             return (response, error)
 
         # We don't want to refresh the token if the error is not related to the token
@@ -122,12 +125,15 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
             session_key = self.get_session_key(
                 credentials.client_id, credentials.client_secret
             )
-
-            if session_key in self.sessions:
-                del self.sessions[session_key]
+            scopes = self.get_required_scopes(credentials, hook_ctx)
+            scope_key = self.get_scope_key(scopes)
+            self.remove_session(session_key, scope_key)
 
         return (response, error)
 
+    def is_hook_disabled(self, hook_ctx: HookContext) -> bool:
+        return hook_ctx.oauth2_scopes is None
+
     def get_credentials(self, hook_ctx: HookContext) -> Optional[Credentials]:
         source = hook_ctx.security_source
 
@@ -145,21 +151,19 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
         # Extract additional properties from security object
         additional_properties = {}
         for key, value in dict(security.client_oauth).items():
-            if key not in ["client_id", "client_secret", "token_url"]:
+            if key not in ["client_id", "client_secret", "token_url", "scopes"]:
                 additional_properties[key] = value
 
         return Credentials(
             client_id=security.client_oauth.client_id,
             client_secret=security.client_oauth.client_secret,
             token_url=security.client_oauth.token_url,
+            scopes=None,
             additional_properties=additional_properties,
         )
 
     def do_token_request(
-        self,
-        hook_ctx: HookContext,
-        credentials: Credentials,
-        scopes: Optional[List[str]],
+        self, hook_ctx: HookContext, credentials: Credentials, scopes: List[str]
     ) -> Session:
         payload = {
             "grant_type": "client_credentials",
@@ -167,7 +171,7 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
             "client_secret": credentials.client_secret,
         }
 
-        if scopes is not None and len(scopes) > 0:
+        if len(scopes) > 0:
             payload["scope"] = " ".join(scopes)
 
         # Add additional properties to payload
@@ -203,24 +207,70 @@ class ClientCredentialsHook(SDKInitHook, BeforeRequestHook, AfterErrorHook):
         )
 
     def get_session_key(self, client_id: str, client_secret: str) -> str:
+        """Generate a consistent session key for the given client ID and secret."""
         return hashlib.md5(f"{client_id}:{client_secret}".encode()).hexdigest()
 
+    def get_required_scopes(
+        self, credentials: Credentials, hook_ctx: HookContext
+    ) -> List[str]:
+        """Return the list of scopes that need to be requested."""
+        if credentials.scopes is not None:
+            return credentials.scopes
+        return hook_ctx.oauth2_scopes or []
+
+    def get_scope_key(self, scopes: List[str]) -> str:
+        """Generate a consistent scope key for the given scopes."""
+        if not scopes:
+            return ""
+
+        sorted_scopes = sorted(scopes)
+        return "&".join(sorted_scopes)
+
+    def remove_session(self, client_key: str, scope_key: str) -> None:
+        """Remove a session and clean up empty client session maps."""
+        if client_key in self.sessions and scope_key in self.sessions[client_key]:
+            del self.sessions[client_key][scope_key]
+
+            # Clean up empty client sessions
+            if not self.sessions[client_key]:
+                del self.sessions[client_key]
+
+    def get_existing_session(
+        self, client_key: str, required_scopes: List[str]
+    ) -> Optional[Session]:
+        """Find the best session for the required scopes."""
+        if client_key not in self.sessions:
+            return None
+
+        client_sessions = self.sessions[client_key]
+        scope_key = self.get_scope_key(required_scopes)
+
+        if scope_key in client_sessions:
+            exact_match = client_sessions[scope_key]
+            if self.has_token_expired(exact_match.expires_at):
+                self.remove_session(client_key, scope_key)
+            else:
+                return exact_match
+
+        # If no exact match was found, look for a superset match
+        for key, session in client_sessions.items():
+            if self.has_token_expired(session.expires_at):
+                self.remove_session(client_key, key)
+            elif self.has_required_scopes(session.scopes, required_scopes):
+                return session
+
+        return None
+
     def has_required_scopes(
-        self, scopes: Optional[List[str]], required_scopes: List[str]
+        self, scopes: List[str], required_scopes: List[str]
     ) -> bool:
-        if scopes is None:
-            return False
-
+        """Check if all required scopes are present in the given scopes."""
         return all(scope in scopes for scope in required_scopes)
 
-    def get_scopes(
-        self, required_scopes: List[str], sess: Optional[Session]
-    ) -> List[str]:
-        scopes = required_scopes.copy()
-        if sess is not None and sess.scopes is not None:
-            scopes.extend(sess.scopes)
-            scopes = list(set(scopes))
-        return scopes
-
     def has_token_expired(self, expires_at: Optional[int]) -> bool:
-        return expires_at is None or time.time() + 60 >= expires_at
+        """
+        Check if the token has expired.
+        If no expires_in field was returned by the authorization server, the token is considered to never expire.
+        A 60-second buffer is applied to refresh tokens before they actually expire.
+        """
+        return expires_at is not None and time.time() + 60 >= expires_at

cribl_control_plane/_version.py

@@ -3,10 +3,10 @@
 import importlib.metadata
 
 __title__: str = "cribl-control-plane"
-__version__: str = "0.1.0b2"
-__openapi_doc_version__: str = "4.15.0-alpha.1759327501989-3e9845e9"
-__gen_version__: str = "2.716.16"
-__user_agent__: str = "speakeasy-sdk/python 0.1.0b2 2.716.16 4.15.0-alpha.1759327501989-3e9845e9 cribl-control-plane"
+__version__: str = "0.2.0a1"
+__openapi_doc_version__: str = "4.14.1-alpha.1760352614113-66cf8b7e"
+__gen_version__: str = "2.723.11"
+__user_agent__: str = "speakeasy-sdk/python 0.2.0a1 2.723.11 4.14.1-alpha.1760352614113-66cf8b7e cribl-control-plane"
 
 try:
     if __package__ is not None:

cribl_control_plane/errors/apierror.py

@@ -9,7 +9,7 @@ from cribl_control_plane.errors import CriblControlPlaneError
 MAX_MESSAGE_LEN = 10_000
 
 
-@dataclass(frozen=True)
+@dataclass(unsafe_hash=True)
 class APIError(CriblControlPlaneError):
     """The fallback error class if no more specific error class is matched."""
 

cribl_control_plane/errors/criblcontrolplaneerror.py

@@ -5,7 +5,7 @@ from typing import Optional
 from dataclasses import dataclass, field
 
 
-@dataclass(frozen=True)
+@dataclass(unsafe_hash=True)
 class CriblControlPlaneError(Exception):
     """The base class for all HTTP error responses."""
 

cribl_control_plane/errors/error.py

@@ -13,7 +13,7 @@ class ErrorData(BaseModel):
     r"""Error message"""
 
 
-@dataclass(frozen=True)
+@dataclass(unsafe_hash=True)
 class Error(CriblControlPlaneError):
     data: ErrorData = field(hash=False)
 

cribl_control_plane/errors/healthstatus_error.py

@@ -25,7 +25,7 @@ class HealthStatusErrorData(BaseModel):
     ] = None
 
 
-@dataclass(frozen=True)
+@dataclass(unsafe_hash=True)
 class HealthStatusError(CriblControlPlaneError):
     data: HealthStatusErrorData = field(hash=False)
 

cribl_control_plane/errors/no_response_error.py

@@ -3,7 +3,7 @@
 from dataclasses import dataclass
 
 
-@dataclass(frozen=True)
+@dataclass(unsafe_hash=True)
 class NoResponseError(Exception):
     """Error raised when no HTTP response is received from the server."""
 

cribl_control_plane/errors/responsevalidationerror.py

@@ -7,7 +7,7 @@ from dataclasses import dataclass
 from cribl_control_plane.errors import CriblControlPlaneError
 
 
-@dataclass(frozen=True)
+@dataclass(unsafe_hash=True)
 class ResponseValidationError(CriblControlPlaneError):
     """Error raised when there is a type mismatch between the response data and the expected Pydantic model."""
 

cribl_control_plane/groups_sdk.py

@@ -224,7 +224,7 @@ class GroupsSDK(BaseSDK):
         config_version: Optional[str] = None,
         deploying_worker_count: Optional[float] = None,
         description: Optional[str] = None,
-        estimated_ingest_rate: Optional[models.EstimatedIngestRate] = None,
+        estimated_ingest_rate: Optional[float] = None,
         git: Optional[Union[models.Git, models.GitTypedDict]] = None,
         incompatible_worker_count: Optional[float] = None,
         inherits: Optional[str] = None,
@@ -395,7 +395,7 @@ class GroupsSDK(BaseSDK):
         config_version: Optional[str] = None,
         deploying_worker_count: Optional[float] = None,
         description: Optional[str] = None,
-        estimated_ingest_rate: Optional[models.EstimatedIngestRate] = None,
+        estimated_ingest_rate: Optional[float] = None,
         git: Optional[Union[models.Git, models.GitTypedDict]] = None,
         incompatible_worker_count: Optional[float] = None,
         inherits: Optional[str] = None,
@@ -757,7 +757,7 @@ class GroupsSDK(BaseSDK):
         config_version: Optional[str] = None,
         deploying_worker_count: Optional[float] = None,
         description: Optional[str] = None,
-        estimated_ingest_rate: Optional[models.EstimatedIngestRate] = None,
+        estimated_ingest_rate: Optional[float] = None,
         git: Optional[Union[models.Git, models.GitTypedDict]] = None,
         incompatible_worker_count: Optional[float] = None,
         inherits: Optional[str] = None,
@@ -931,7 +931,7 @@ class GroupsSDK(BaseSDK):
         config_version: Optional[str] = None,
         deploying_worker_count: Optional[float] = None,
         description: Optional[str] = None,
-        estimated_ingest_rate: Optional[models.EstimatedIngestRate] = None,
+        estimated_ingest_rate: Optional[float] = None,
         git: Optional[Union[models.Git, models.GitTypedDict]] = None,
         incompatible_worker_count: Optional[float] = None,
         inherits: Optional[str] = None,

cribl_control_plane/httpclient.py

@@ -107,7 +107,6 @@ def close_clients(
     # to them from the owning SDK instance and they can be reaped.
     owner.client = None
     owner.async_client = None
-
     if sync_client is not None and not sync_client_supplied:
         try:
             sync_client.close()

cribl_control_plane/lakedatasets.py

@@ -849,7 +849,6 @@ class LakeDatasets(BaseSDK):
         *,
         lake_id: str,
         id_param: str,
-        id: str,
         accelerated_fields: Optional[List[str]] = None,
         bucket_name: Optional[str] = None,
         cache_connection: Optional[
@@ -857,8 +856,9 @@ class LakeDatasets(BaseSDK):
         ] = None,
         deletion_started_at: Optional[float] = None,
         description: Optional[str] = None,
-        format_: Optional[models.CriblLakeDatasetFormat] = None,
+        format_: Optional[models.CriblLakeDatasetUpdateFormat] = None,
         http_da_used: Optional[bool] = None,
+        id: Optional[str] = None,
         retention_period_in_days: Optional[float] = None,
         search_config: Optional[
             Union[
@@ -878,7 +878,6 @@ class LakeDatasets(BaseSDK):
 
         :param lake_id: The <code>id</code> of the Lake that contains the Lake Dataset to update.
         :param id_param: The <code>id</code> of the Lake Dataset to update.
-        :param id:
         :param accelerated_fields:
         :param bucket_name:
         :param cache_connection:
@@ -886,6 +885,7 @@ class LakeDatasets(BaseSDK):
         :param description:
         :param format_:
         :param http_da_used:
+        :param id:
         :param retention_period_in_days:
         :param search_config:
         :param storage_location_id:
@@ -908,7 +908,7 @@ class LakeDatasets(BaseSDK):
         request = models.UpdateCriblLakeDatasetByLakeIDAndIDRequest(
             lake_id=lake_id,
             id_param=id_param,
-            cribl_lake_dataset=models.CriblLakeDataset(
+            cribl_lake_dataset_update=models.CriblLakeDatasetUpdate(
                 accelerated_fields=accelerated_fields,
                 bucket_name=bucket_name,
                 cache_connection=utils.get_pydantic_model(
@@ -942,11 +942,11 @@ class LakeDatasets(BaseSDK):
             http_headers=http_headers,
             security=self.sdk_configuration.security,
             get_serialized_body=lambda: utils.serialize_request_body(
-                request.cribl_lake_dataset,
+                request.cribl_lake_dataset_update,
                 False,
                 False,
                 "json",
-                models.CriblLakeDataset,
+                models.CriblLakeDatasetUpdate,
             ),
             timeout_ms=timeout_ms,
         )
@@ -996,7 +996,6 @@ class LakeDatasets(BaseSDK):
         *,
         lake_id: str,
         id_param: str,
-        id: str,
         accelerated_fields: Optional[List[str]] = None,
         bucket_name: Optional[str] = None,
         cache_connection: Optional[
@@ -1004,8 +1003,9 @@ class LakeDatasets(BaseSDK):
         ] = None,
         deletion_started_at: Optional[float] = None,
         description: Optional[str] = None,
-        format_: Optional[models.CriblLakeDatasetFormat] = None,
+        format_: Optional[models.CriblLakeDatasetUpdateFormat] = None,
         http_da_used: Optional[bool] = None,
+        id: Optional[str] = None,
         retention_period_in_days: Optional[float] = None,
         search_config: Optional[
             Union[
@@ -1025,7 +1025,6 @@ class LakeDatasets(BaseSDK):
 
         :param lake_id: The <code>id</code> of the Lake that contains the Lake Dataset to update.
         :param id_param: The <code>id</code> of the Lake Dataset to update.
-        :param id:
         :param accelerated_fields:
         :param bucket_name:
         :param cache_connection:
@@ -1033,6 +1032,7 @@ class LakeDatasets(BaseSDK):
         :param description:
         :param format_:
         :param http_da_used:
+        :param id:
         :param retention_period_in_days:
         :param search_config:
         :param storage_location_id:
@@ -1055,7 +1055,7 @@ class LakeDatasets(BaseSDK):
         request = models.UpdateCriblLakeDatasetByLakeIDAndIDRequest(
             lake_id=lake_id,
             id_param=id_param,
-            cribl_lake_dataset=models.CriblLakeDataset(
+            cribl_lake_dataset_update=models.CriblLakeDatasetUpdate(
                 accelerated_fields=accelerated_fields,
                 bucket_name=bucket_name,
                 cache_connection=utils.get_pydantic_model(
@@ -1089,11 +1089,11 @@ class LakeDatasets(BaseSDK):
             http_headers=http_headers,
             security=self.sdk_configuration.security,
             get_serialized_body=lambda: utils.serialize_request_body(
-                request.cribl_lake_dataset,
+                request.cribl_lake_dataset_update,
                 False,
                 False,
                 "json",
-                models.CriblLakeDataset,
+                models.CriblLakeDatasetUpdate,
             ),
             timeout_ms=timeout_ms,
         )