datacosmos 0.0.14__tar.gz → 0.0.27__tar.gz

{datacosmos-0.0.14 → datacosmos-0.0.27}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: datacosmos
-Version: 0.0.14
+Version: 0.0.27
 Summary: A library for interacting with DataCosmos from Python code
 Author-email: Open Cosmos <support@open-cosmos.com>
 Classifier: Programming Language :: Python :: 3
@@ -15,6 +15,8 @@ Requires-Dist: pydantic>=2
 Requires-Dist: pystac==1.12.1
 Requires-Dist: pyyaml==6.0.2
 Requires-Dist: structlog==24.4.0
+Requires-Dist: tenacity>=8.2.3
+Requires-Dist: shapely>=1.8.0
 Provides-Extra: dev
 Requires-Dist: black==22.3.0; extra == "dev"
 Requires-Dist: ruff==0.9.5; extra == "dev"

datacosmos-0.0.27/datacosmos/auth/base_authenticator.py

@@ -0,0 +1,62 @@
+"""Base authenticator class for DatacosmosClient."""
+from __future__ import annotations
+
+from abc import ABC, abstractmethod
+from datetime import datetime
+from typing import TYPE_CHECKING, Optional
+
+if TYPE_CHECKING:
+    import requests
+
+    from datacosmos.config.config import Config
+
+
+class AuthResult:
+    """Authentication result object."""
+
+    def __init__(
+        self,
+        http_client: requests.Session,
+        token: Optional[str] = None,
+        token_expiry: Optional[datetime] = None,
+    ):
+        """Initializes an AuthResult object.
+
+        Args:
+            http_client (requests.Session): The HTTP client/session to use for requests.
+            token (Optional[str], optional): The authentication token, if available.
+            token_expiry (Optional[datetime], optional): The expiry time of the token, if available.
+        """
+        self.http_client = http_client
+        self.token = token
+        self.token_expiry = token_expiry
+
+
+class BaseAuthenticator(ABC):
+    """Abstract base class for all authenticators."""
+
+    def __init__(self, config: Config):
+        """Initializes the BaseAuthenticator with the given configuration.
+
+        Args:
+            config (Config): The configuration object containing authentication settings.
+        """
+        self.config = config
+
+    @abstractmethod
+    def authenticate_and_build_session(self) -> AuthResult:
+        """Authenticates and builds a requests.Session object.
+
+        Returns:
+            AuthResult: An object containing the authenticated session, token, and token expiry.
+        """
+        ...
+
+    @abstractmethod
+    def refresh_token(self) -> AuthResult:
+        """Refreshes the authentication token.
+
+        Returns:
+            AuthResult: An object with the new token and expiry.
+        """
+        ...

datacosmos-0.0.27/datacosmos/auth/local_authenticator.py

@@ -0,0 +1,72 @@
+"""Local (interactive/cached) authenticator for DatacosmosClient."""
+from datetime import datetime, timezone
+from pathlib import Path
+from typing import Any
+
+import requests
+
+from datacosmos.auth.base_authenticator import AuthResult, BaseAuthenticator
+from datacosmos.auth.local_token_fetcher import LocalTokenFetcher
+from datacosmos.exceptions import AuthenticationError
+
+
+class LocalAuthenticator(BaseAuthenticator):
+    """Handles authentication via the interactive local login flow."""
+
+    def __init__(self, config: Any):
+        """Initializes a LocalAuthenticator instance.
+
+        Args:
+            config (Any): Configuration object containing authentication settings.
+        """
+        super().__init__(config)
+        self._local_token_fetcher = self._init_fetcher()
+
+    def _init_fetcher(self) -> LocalTokenFetcher:
+        """Initializes the LocalTokenFetcher."""
+        auth = self.config.authentication
+        try:
+            return LocalTokenFetcher(
+                client_id=auth.client_id,
+                authorization_endpoint=auth.authorization_endpoint,
+                token_endpoint=auth.token_endpoint,
+                redirect_port=int(auth.redirect_port),
+                audience=auth.audience,
+                scopes=auth.scopes,
+                token_file=Path(auth.cache_file).expanduser(),
+            )
+        except Exception as e:
+            raise AuthenticationError(
+                f"Failed to initialize LocalTokenFetcher: {e}"
+            ) from e
+
+    def authenticate_and_build_session(self) -> AuthResult:
+        """Builds an authenticated session using the local token fetcher."""
+        try:
+            tok = self._local_token_fetcher.get_token()
+            token = tok.access_token
+            token_expiry = datetime.fromtimestamp(tok.expires_at, tz=timezone.utc)
+            http_client = requests.Session()
+            http_client.headers.update({"Authorization": f"Bearer {token}"})
+            return AuthResult(
+                http_client=http_client, token=token, token_expiry=token_expiry
+            )
+        except Exception as e:
+            raise AuthenticationError(f"Local authentication failed: {e}") from e
+
+    def refresh_token(self) -> AuthResult:
+        """Refreshes the local token non-interactively."""
+        try:
+            tok = self._local_token_fetcher.get_token()
+            token = tok.access_token
+            token_expiry = datetime.fromtimestamp(tok.expires_at, tz=timezone.utc)
+
+            # Create a new session with the new token
+            http_client = requests.Session()
+            http_client.headers.update({"Authorization": f"Bearer {token}"})
+
+            return AuthResult(
+                http_client=http_client, token=token, token_expiry=token_expiry
+            )
+        except Exception as e:
+            raise AuthenticationError(f"Local token refresh failed: {e}") from e

datacosmos-0.0.27/datacosmos/auth/m2m_authenticator.py

@@ -0,0 +1,65 @@
+"""M2M (Machine-to-Machine) authenticator for DatacosmosClient."""
+from datetime import datetime, timedelta, timezone
+
+import requests
+from oauthlib.oauth2 import BackendApplicationClient
+from requests.exceptions import ConnectionError
+from requests.exceptions import HTTPError as RequestsHTTPError
+from requests.exceptions import RequestException, Timeout
+from requests_oauthlib import OAuth2Session
+from tenacity import (
+    retry,
+    retry_if_exception_type,
+    stop_after_attempt,
+    wait_exponential,
+)
+
+from datacosmos.auth.base_authenticator import AuthResult, BaseAuthenticator
+from datacosmos.exceptions import AuthenticationError
+
+
+class M2MAuthenticator(BaseAuthenticator):
+    """Handles authentication using the Client Credentials (M2M) flow."""
+
+    @retry(
+        stop=stop_after_attempt(3),
+        wait=wait_exponential(multiplier=1, min=2, max=10),
+        retry=retry_if_exception_type((ConnectionError, Timeout)),
+    )
+    def authenticate_and_build_session(self) -> AuthResult:
+        """Builds an authenticated session using the M2M flow."""
+        auth = self.config.authentication
+        try:
+            client = BackendApplicationClient(client_id=auth.client_id)
+            oauth_session = OAuth2Session(client=client)
+            token_response = oauth_session.fetch_token(
+                token_url=auth.token_url,
+                client_id=auth.client_id,
+                client_secret=auth.client_secret,
+                audience=auth.audience,
+            )
+            token = token_response["access_token"]
+            expires_at = token_response.get("expires_at")
+            if isinstance(expires_at, (int, float)):
+                token_expiry = datetime.fromtimestamp(expires_at, tz=timezone.utc)
+            else:
+                expires_in = int(token_response.get("expires_in", 3600))
+                token_expiry = datetime.now(timezone.utc) + timedelta(
+                    seconds=expires_in
+                )
+
+            http_client = requests.Session()
+            http_client.headers.update({"Authorization": f"Bearer {token}"})
+            return AuthResult(
+                http_client=http_client, token=token, token_expiry=token_expiry
+            )
+        except (RequestsHTTPError, ConnectionError, Timeout) as e:
+            raise AuthenticationError(f"M2M authentication failed: {e}") from e
+        except RequestException as e:
+            raise AuthenticationError(
+                f"Unexpected request failure during M2M authentication: {e}"
+            ) from e
+
+    def refresh_token(self) -> AuthResult:
+        """Refreshes the M2M token by re-running the authentication flow."""
+        return self.authenticate_and_build_session()

{datacosmos-0.0.14 → datacosmos-0.0.27}/datacosmos/config/auth/factory.py

@@ -5,11 +5,6 @@ This module normalizes the `authentication` config into a concrete model:
 - `apply_auth_defaults` fills sensible defaults per auth type without inventing secrets.
 - `check_required_auth_fields` enforces the minimum required inputs.
 - `normalize_authentication` runs the whole pipeline.
-
-Design notes:
-- Auth models accept partial data (fields are Optional with None defaults).
-- We DO NOT pass `None` explicitly when constructing models here.
-- Required-ness is enforced centrally by `check_required_auth_fields`, not by model init.
 """
 
 from typing import Optional, Union, cast
@@ -28,54 +23,51 @@ from datacosmos.config.models.local_user_account_authentication_config import (
     LocalUserAccountAuthenticationConfig,
 )
 from datacosmos.config.models.m2m_authentication_config import M2MAuthenticationConfig
+from datacosmos.exceptions import AuthenticationError
 
 AuthModel = Union[M2MAuthenticationConfig, LocalUserAccountAuthenticationConfig]
 
 
 def parse_auth_config(raw: dict | AuthModel | None) -> Optional[AuthModel]:
-    """Turn a raw dict (e.g., from YAML) into a concrete auth model.
-
-    - If `raw` is already an auth model (M2M or local), return it unchanged.
-    - If `raw` is a dict, choose/validate the type using `raw['type']`
-      (or DEFAULT_AUTH_TYPE), then construct the corresponding model.
-      For missing fields we *may* apply non-secret defaults (endpoints, etc.).
-    """
-    if raw is None or isinstance(
-        raw, (M2MAuthenticationConfig, LocalUserAccountAuthenticationConfig)
-    ):
+    """Turn a raw dict (e.g., from YAML/env) into a concrete auth model."""
+    if isinstance(raw, (M2MAuthenticationConfig, LocalUserAccountAuthenticationConfig)):
         return cast(Optional[AuthModel], raw)
 
-    auth_type = _normalize_auth_type(raw.get("type") or DEFAULT_AUTH_TYPE)
+    if raw is None:
+        raw_data = {}
+    else:
+        raw_data = raw.copy()
+
+    if raw is None and not raw_data:
+        return None
+
+    auth_type = _normalize_auth_type(raw_data.get("type") or DEFAULT_AUTH_TYPE)
 
     if auth_type == "local":
         return LocalUserAccountAuthenticationConfig(
             type="local",
-            client_id=raw.get("client_id"),
-            authorization_endpoint=raw.get(
+            client_id=raw_data.get("client_id"),
+            authorization_endpoint=raw_data.get(
                 "authorization_endpoint", DEFAULT_LOCAL_AUTHORIZATION_ENDPOINT
             ),
-            token_endpoint=raw.get("token_endpoint", DEFAULT_LOCAL_TOKEN_ENDPOINT),
-            redirect_port=raw.get("redirect_port", DEFAULT_LOCAL_REDIRECT_PORT),
-            scopes=raw.get("scopes", DEFAULT_LOCAL_SCOPES),
-            audience=raw.get("audience", DEFAULT_AUTH_AUDIENCE),
-            cache_file=raw.get("cache_file", DEFAULT_LOCAL_CACHE_FILE),
+            token_endpoint=raw_data.get("token_endpoint", DEFAULT_LOCAL_TOKEN_ENDPOINT),
+            redirect_port=raw_data.get("redirect_port", DEFAULT_LOCAL_REDIRECT_PORT),
+            scopes=raw_data.get("scopes", DEFAULT_LOCAL_SCOPES),
+            audience=raw_data.get("audience", DEFAULT_AUTH_AUDIENCE),
+            cache_file=raw_data.get("cache_file", DEFAULT_LOCAL_CACHE_FILE),
         )
 
     return M2MAuthenticationConfig(
         type="m2m",
-        token_url=raw.get("token_url", DEFAULT_AUTH_TOKEN_URL),
-        audience=raw.get("audience", DEFAULT_AUTH_AUDIENCE),
-        client_id=raw.get("client_id"),
-        client_secret=raw.get("client_secret"),
+        token_url=raw_data.get("token_url", DEFAULT_AUTH_TOKEN_URL),
+        audience=raw_data.get("audience", DEFAULT_AUTH_AUDIENCE),
+        client_id=raw_data.get("client_id"),
+        client_secret=raw_data.get("client_secret"),
     )
 
 
 def apply_auth_defaults(auth: AuthModel | None) -> AuthModel:
-    """Fill in any missing defaults by type (non-secret values only).
-
-    If `auth` is None, construct a default "shell" based on DEFAULT_AUTH_TYPE,
-    without passing None for unknown credentials.
-    """
+    """Fill in any missing defaults by type (non-secret values only)."""
     if auth is None:
         default_type = _normalize_auth_type(DEFAULT_AUTH_TYPE)
         if default_type == "local":
@@ -101,7 +93,6 @@ def apply_auth_defaults(auth: AuthModel | None) -> AuthModel:
         auth.audience = auth.audience or DEFAULT_AUTH_AUDIENCE
         return auth
 
-    # Local defaults (Pydantic already coerces types; only set when missing)
     auth.type = auth.type or "local"
     auth.authorization_endpoint = (
         auth.authorization_endpoint or DEFAULT_LOCAL_AUTHORIZATION_ENDPOINT
@@ -116,22 +107,18 @@ def apply_auth_defaults(auth: AuthModel | None) -> AuthModel:
 
 
 def check_required_auth_fields(auth: AuthModel) -> None:
-    """Enforce required fields per auth type.
-
-    - m2m requires client_id and client_secret.
-    - local requires client_id.
-    """
+    """Enforce required fields per auth type."""
     if isinstance(auth, M2MAuthenticationConfig):
         missing = [f for f in ("client_id", "client_secret") if not getattr(auth, f)]
         if missing:
-            raise ValueError(
+            raise AuthenticationError(
                 f"Missing required authentication fields for m2m: {', '.join(missing)}"
             )
         return
 
     if isinstance(auth, LocalUserAccountAuthenticationConfig):
         if not auth.client_id:
-            raise ValueError(
+            raise AuthenticationError(
                 "Missing required authentication field for local: client_id"
             )
         return

{datacosmos-0.0.14 → datacosmos-0.0.27}/datacosmos/config/config.py

@@ -7,7 +7,7 @@ and supports environment variable-based overrides.
 
 from typing import Optional
 
-from pydantic import field_validator
+from pydantic import Field, field_validator
 from pydantic_settings import BaseSettings, SettingsConfigDict
 
 from datacosmos.config.auth.factory import normalize_authentication, parse_auth_config
@@ -18,6 +18,10 @@ from datacosmos.config.constants import (
 )
 from datacosmos.config.loaders.yaml_source import yaml_settings_source
 from datacosmos.config.models.authentication_config import AuthenticationConfig
+from datacosmos.config.models.local_user_account_authentication_config import (
+    LocalUserAccountAuthenticationConfig,
+)
+from datacosmos.config.models.m2m_authentication_config import M2MAuthenticationConfig
 from datacosmos.config.models.url import URL
 
 
@@ -31,9 +35,14 @@ class Config(BaseSettings):
     )
 
     authentication: Optional[AuthenticationConfig] = None
-    stac: URL | None = None
-    datacosmos_cloud_storage: URL | None = None
-    datacosmos_public_cloud_storage: URL | None = None
+
+    stac: URL = Field(default_factory=lambda: URL(**DEFAULT_STAC))
+    datacosmos_cloud_storage: URL = Field(
+        default_factory=lambda: URL(**DEFAULT_STORAGE)
+    )
+    datacosmos_public_cloud_storage: URL = Field(
+        default_factory=lambda: URL(**DEFAULT_STORAGE)
+    )
 
     @classmethod
     def settings_customise_sources(cls, *args, **kwargs):
@@ -65,13 +74,6 @@ class Config(BaseSettings):
     def _parse_authentication(cls, raw):
         if raw is None:
             return None
-        from datacosmos.config.models.local_user_account_authentication_config import (
-            LocalUserAccountAuthenticationConfig,
-        )
-        from datacosmos.config.models.m2m_authentication_config import (
-            M2MAuthenticationConfig,
-        )
-
         if isinstance(
             raw, (M2MAuthenticationConfig, LocalUserAccountAuthenticationConfig)
         ):
@@ -84,18 +86,3 @@ class Config(BaseSettings):
     @classmethod
     def _validate_authentication(cls, auth: Optional[AuthenticationConfig]):
         return normalize_authentication(auth)
-
-    @field_validator("stac", mode="before")
-    @classmethod
-    def _default_stac(cls, value: URL | None) -> URL:
-        return value or URL(**DEFAULT_STAC)
-
-    @field_validator("datacosmos_cloud_storage", mode="before")
-    @classmethod
-    def _default_cloud_storage(cls, value: URL | None) -> URL:
-        return value or URL(**DEFAULT_STORAGE)
-
-    @field_validator("datacosmos_public_cloud_storage", mode="before")
-    @classmethod
-    def _default_public_cloud_storage(cls, value: URL | None) -> URL:
-        return value or URL(**DEFAULT_STORAGE)