eodag 3.0.0b3__py3-none-any.whl → 3.1.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- eodag/api/core.py +347 -247
- eodag/api/product/_assets.py +44 -15
- eodag/api/product/_product.py +58 -47
- eodag/api/product/drivers/__init__.py +81 -4
- eodag/api/product/drivers/base.py +65 -4
- eodag/api/product/drivers/generic.py +65 -0
- eodag/api/product/drivers/sentinel1.py +97 -0
- eodag/api/product/drivers/sentinel2.py +95 -0
- eodag/api/product/metadata_mapping.py +129 -93
- eodag/api/search_result.py +28 -12
- eodag/cli.py +61 -24
- eodag/config.py +457 -167
- eodag/plugins/apis/base.py +10 -4
- eodag/plugins/apis/ecmwf.py +53 -23
- eodag/plugins/apis/usgs.py +41 -17
- eodag/plugins/authentication/aws_auth.py +30 -18
- eodag/plugins/authentication/base.py +14 -3
- eodag/plugins/authentication/generic.py +14 -3
- eodag/plugins/authentication/header.py +14 -6
- eodag/plugins/authentication/keycloak.py +44 -25
- eodag/plugins/authentication/oauth.py +18 -4
- eodag/plugins/authentication/openid_connect.py +192 -171
- eodag/plugins/authentication/qsauth.py +12 -4
- eodag/plugins/authentication/sas_auth.py +22 -5
- eodag/plugins/authentication/token.py +95 -17
- eodag/plugins/authentication/token_exchange.py +19 -19
- eodag/plugins/base.py +4 -4
- eodag/plugins/crunch/base.py +8 -5
- eodag/plugins/crunch/filter_date.py +9 -6
- eodag/plugins/crunch/filter_latest_intersect.py +9 -8
- eodag/plugins/crunch/filter_latest_tpl_name.py +8 -8
- eodag/plugins/crunch/filter_overlap.py +9 -11
- eodag/plugins/crunch/filter_property.py +10 -10
- eodag/plugins/download/aws.py +181 -105
- eodag/plugins/download/base.py +49 -67
- eodag/plugins/download/creodias_s3.py +40 -2
- eodag/plugins/download/http.py +247 -223
- eodag/plugins/download/s3rest.py +29 -28
- eodag/plugins/manager.py +176 -41
- eodag/plugins/search/__init__.py +6 -5
- eodag/plugins/search/base.py +123 -60
- eodag/plugins/search/build_search_result.py +1046 -355
- eodag/plugins/search/cop_marine.py +132 -39
- eodag/plugins/search/creodias_s3.py +19 -68
- eodag/plugins/search/csw.py +48 -8
- eodag/plugins/search/data_request_search.py +124 -23
- eodag/plugins/search/qssearch.py +531 -310
- eodag/plugins/search/stac_list_assets.py +85 -0
- eodag/plugins/search/static_stac_search.py +23 -24
- eodag/resources/ext_product_types.json +1 -1
- eodag/resources/product_types.yml +1295 -355
- eodag/resources/providers.yml +1819 -3010
- eodag/resources/stac.yml +3 -163
- eodag/resources/stac_api.yml +2 -2
- eodag/resources/user_conf_template.yml +115 -99
- eodag/rest/cache.py +2 -2
- eodag/rest/config.py +3 -4
- eodag/rest/constants.py +0 -1
- eodag/rest/core.py +157 -117
- eodag/rest/errors.py +181 -0
- eodag/rest/server.py +57 -339
- eodag/rest/stac.py +133 -581
- eodag/rest/types/collections_search.py +3 -3
- eodag/rest/types/eodag_search.py +41 -30
- eodag/rest/types/queryables.py +42 -32
- eodag/rest/types/stac_search.py +15 -16
- eodag/rest/utils/__init__.py +14 -21
- eodag/rest/utils/cql_evaluate.py +6 -6
- eodag/rest/utils/rfc3339.py +2 -2
- eodag/types/__init__.py +153 -32
- eodag/types/bbox.py +2 -2
- eodag/types/download_args.py +4 -4
- eodag/types/queryables.py +183 -73
- eodag/types/search_args.py +6 -6
- eodag/types/whoosh.py +127 -3
- eodag/utils/__init__.py +228 -106
- eodag/utils/exceptions.py +47 -26
- eodag/utils/import_system.py +2 -2
- eodag/utils/logging.py +37 -77
- eodag/utils/repr.py +65 -6
- eodag/utils/requests.py +13 -15
- eodag/utils/rest.py +2 -2
- eodag/utils/s3.py +231 -0
- eodag/utils/stac_reader.py +11 -11
- {eodag-3.0.0b3.dist-info → eodag-3.1.0.dist-info}/METADATA +81 -81
- eodag-3.1.0.dist-info/RECORD +113 -0
- {eodag-3.0.0b3.dist-info → eodag-3.1.0.dist-info}/WHEEL +1 -1
- {eodag-3.0.0b3.dist-info → eodag-3.1.0.dist-info}/entry_points.txt +5 -2
- eodag/resources/constraints/climate-dt.json +0 -13
- eodag/resources/constraints/extremes-dt.json +0 -8
- eodag/utils/constraints.py +0 -244
- eodag-3.0.0b3.dist-info/RECORD +0 -110
- {eodag-3.0.0b3.dist-info → eodag-3.1.0.dist-info}/LICENSE +0 -0
- {eodag-3.0.0b3.dist-info → eodag-3.1.0.dist-info}/top_level.txt +0 -0
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
from __future__ import annotations
|
|
19
19
|
|
|
20
20
|
import logging
|
|
21
|
-
from typing import TYPE_CHECKING, Any
|
|
21
|
+
from typing import TYPE_CHECKING, Any
|
|
22
22
|
|
|
23
23
|
import requests
|
|
24
24
|
|
|
@@ -41,19 +41,38 @@ logger = logging.getLogger("eodag.auth.keycloak")
|
|
|
41
41
|
class KeycloakOIDCPasswordAuth(OIDCRefreshTokenBase):
|
|
42
42
|
"""Authentication plugin using Keycloak and OpenId Connect.
|
|
43
43
|
|
|
44
|
-
This plugin
|
|
44
|
+
This plugin requests a token which is added to a query-string or a header for authentication.
|
|
45
|
+
|
|
46
|
+
:param provider: provider name
|
|
47
|
+
:param config: Authentication plugin configuration:
|
|
48
|
+
|
|
49
|
+
* :attr:`~eodag.config.PluginConfig.type` (``str``) (**mandatory**): KeycloakOIDCPasswordAuth
|
|
50
|
+
* :attr:`~eodag.config.PluginConfig.oidc_config_url` (``str``) (**mandatory**):
|
|
51
|
+
The url to get the OIDC Provider's endpoints
|
|
52
|
+
* :attr:`~eodag.config.PluginConfig.client_id` (``str``) (**mandatory**): keycloak client id
|
|
53
|
+
* :attr:`~eodag.config.PluginConfig.client_secret` (``str``) (**mandatory**): keycloak
|
|
54
|
+
client secret, set to null if no secret is used
|
|
55
|
+
* :attr:`~eodag.config.PluginConfig.token_provision` (``str``) (**mandatory**): if the
|
|
56
|
+
token should be added to the query string (``qs``) or to the header (``header``)
|
|
57
|
+
* :attr:`~eodag.config.PluginConfig.token_qs_key` (``str``): (**mandatory if token_provision=qs**)
|
|
58
|
+
key of the param added to the query string
|
|
59
|
+
* :attr:`~eodag.config.PluginConfig.allowed_audiences` (``list[str]``) (**mandatory**):
|
|
60
|
+
The allowed audiences that have to be present in the user token.
|
|
61
|
+
* :attr:`~eodag.config.PluginConfig.auth_error_code` (``int``): which error code is
|
|
62
|
+
returned in case of an authentication error
|
|
63
|
+
* :attr:`~eodag.config.PluginConfig.ssl_verify` (``bool``): if the ssl certificates
|
|
64
|
+
should be verified in the token request; default: ``True``
|
|
45
65
|
|
|
46
66
|
Using :class:`~eodag.plugins.download.http.HTTPDownload` a download link
|
|
47
|
-
|
|
48
|
-
|
|
67
|
+
``http://example.com?foo=bar`` will become
|
|
68
|
+
``http://example.com?foo=bar&my-token=obtained-token`` if associated to the following
|
|
49
69
|
configuration::
|
|
50
70
|
|
|
51
71
|
provider:
|
|
52
72
|
...
|
|
53
73
|
auth:
|
|
54
74
|
plugin: KeycloakOIDCPasswordAuth
|
|
55
|
-
|
|
56
|
-
realm: 'the-realm'
|
|
75
|
+
oidc_config_url: 'https://somewhere/auth/realms/realm/.well-known/openid-configuration'
|
|
57
76
|
client_id: 'SOME_ID'
|
|
58
77
|
client_secret: '01234-56789'
|
|
59
78
|
token_provision: qs
|
|
@@ -62,15 +81,14 @@ class KeycloakOIDCPasswordAuth(OIDCRefreshTokenBase):
|
|
|
62
81
|
...
|
|
63
82
|
|
|
64
83
|
If configured to send the token through the header, the download request header will
|
|
65
|
-
be updated with
|
|
84
|
+
be updated with ``Authorization: "Bearer obtained-token"`` if associated to the
|
|
66
85
|
following configuration::
|
|
67
86
|
|
|
68
87
|
provider:
|
|
69
88
|
...
|
|
70
89
|
auth:
|
|
71
90
|
plugin: KeycloakOIDCPasswordAuth
|
|
72
|
-
|
|
73
|
-
realm: 'the-realm'
|
|
91
|
+
oidc_config_url: 'https://somewhere/auth/realms/realm/.well-known/openid-configuration'
|
|
74
92
|
client_id: 'SOME_ID'
|
|
75
93
|
client_secret: '01234-56789'
|
|
76
94
|
token_provision: header
|
|
@@ -79,8 +97,12 @@ class KeycloakOIDCPasswordAuth(OIDCRefreshTokenBase):
|
|
|
79
97
|
"""
|
|
80
98
|
|
|
81
99
|
GRANT_TYPE = "password"
|
|
82
|
-
|
|
83
|
-
|
|
100
|
+
REQUIRED_PARAMS = [
|
|
101
|
+
"oidc_config_url",
|
|
102
|
+
"client_id",
|
|
103
|
+
"client_secret",
|
|
104
|
+
"token_provision",
|
|
105
|
+
]
|
|
84
106
|
|
|
85
107
|
def __init__(self, provider: str, config: PluginConfig) -> None:
|
|
86
108
|
super(KeycloakOIDCPasswordAuth, self).__init__(provider, config)
|
|
@@ -101,15 +123,14 @@ class KeycloakOIDCPasswordAuth(OIDCRefreshTokenBase):
|
|
|
101
123
|
Makes authentication request
|
|
102
124
|
"""
|
|
103
125
|
self.validate_config_credentials()
|
|
104
|
-
|
|
105
|
-
self.token_info["access_token"] = access_token
|
|
126
|
+
self._get_access_token()
|
|
106
127
|
return CodeAuthorizedAuth(
|
|
107
|
-
self.
|
|
128
|
+
self.access_token,
|
|
108
129
|
self.config.token_provision,
|
|
109
130
|
key=getattr(self.config, "token_qs_key", None),
|
|
110
131
|
)
|
|
111
132
|
|
|
112
|
-
def _request_new_token(self) ->
|
|
133
|
+
def _request_new_token(self) -> dict[str, Any]:
|
|
113
134
|
logger.debug("fetching new access token")
|
|
114
135
|
req_data = {
|
|
115
136
|
"client_id": self.config.client_id,
|
|
@@ -117,15 +138,14 @@ class KeycloakOIDCPasswordAuth(OIDCRefreshTokenBase):
|
|
|
117
138
|
"grant_type": self.GRANT_TYPE,
|
|
118
139
|
}
|
|
119
140
|
credentials = {k: v for k, v in self.config.credentials.items()}
|
|
141
|
+
ssl_verify = getattr(self.config, "ssl_verify", True)
|
|
120
142
|
try:
|
|
121
143
|
response = self.session.post(
|
|
122
|
-
self.
|
|
123
|
-
auth_base_uri=self.config.auth_base_uri.rstrip("/"),
|
|
124
|
-
realm=self.config.realm,
|
|
125
|
-
),
|
|
144
|
+
self.token_endpoint,
|
|
126
145
|
data=dict(req_data, **credentials),
|
|
127
146
|
headers=USER_AGENT,
|
|
128
147
|
timeout=HTTP_REQ_TIMEOUT,
|
|
148
|
+
verify=ssl_verify,
|
|
129
149
|
)
|
|
130
150
|
response.raise_for_status()
|
|
131
151
|
except requests.exceptions.Timeout as exc:
|
|
@@ -134,23 +154,22 @@ class KeycloakOIDCPasswordAuth(OIDCRefreshTokenBase):
|
|
|
134
154
|
return self._request_new_token_error(e)
|
|
135
155
|
return response.json()
|
|
136
156
|
|
|
137
|
-
def _get_token_with_refresh_token(self) ->
|
|
157
|
+
def _get_token_with_refresh_token(self) -> dict[str, str]:
|
|
138
158
|
logger.debug("fetching access token with refresh token")
|
|
139
159
|
req_data = {
|
|
140
160
|
"client_id": self.config.client_id,
|
|
141
161
|
"client_secret": self.config.client_secret,
|
|
142
162
|
"grant_type": "refresh_token",
|
|
143
|
-
"refresh_token": self.
|
|
163
|
+
"refresh_token": self.refresh_token,
|
|
144
164
|
}
|
|
165
|
+
ssl_verify = getattr(self.config, "ssl_verify", True)
|
|
145
166
|
try:
|
|
146
167
|
response = self.session.post(
|
|
147
|
-
self.
|
|
148
|
-
auth_base_uri=self.config.auth_base_uri.rstrip("/"),
|
|
149
|
-
realm=self.config.realm,
|
|
150
|
-
),
|
|
168
|
+
self.token_endpoint,
|
|
151
169
|
data=req_data,
|
|
152
170
|
headers=USER_AGENT,
|
|
153
171
|
timeout=HTTP_REQ_TIMEOUT,
|
|
172
|
+
verify=ssl_verify,
|
|
154
173
|
)
|
|
155
174
|
response.raise_for_status()
|
|
156
175
|
except requests.RequestException as e:
|
|
@@ -17,25 +17,39 @@
|
|
|
17
17
|
# limitations under the License.
|
|
18
18
|
from __future__ import annotations
|
|
19
19
|
|
|
20
|
-
from typing import TYPE_CHECKING,
|
|
20
|
+
from typing import TYPE_CHECKING, Optional
|
|
21
21
|
|
|
22
22
|
from eodag.plugins.authentication.base import Authentication
|
|
23
23
|
|
|
24
24
|
if TYPE_CHECKING:
|
|
25
25
|
from eodag.config import PluginConfig
|
|
26
|
+
from eodag.types import S3SessionKwargs
|
|
26
27
|
|
|
27
28
|
|
|
28
29
|
class OAuth(Authentication):
|
|
29
|
-
"""OAuth authentication plugin
|
|
30
|
+
"""OAuth authentication plugin
|
|
31
|
+
|
|
32
|
+
The mandatory parameters that have to be added in the eodag config are ``aws_access_key_id``
|
|
33
|
+
and ``aws_secret_access_key``.
|
|
34
|
+
|
|
35
|
+
:param provider: provider name
|
|
36
|
+
:param config: Authentication plugin configuration:
|
|
37
|
+
|
|
38
|
+
* :attr:`~eodag.config.PluginConfig.type` (``str``) (**mandatory**): OAuth
|
|
39
|
+
|
|
40
|
+
"""
|
|
30
41
|
|
|
31
42
|
def __init__(self, provider: str, config: PluginConfig) -> None:
|
|
32
43
|
super(OAuth, self).__init__(provider, config)
|
|
33
44
|
self.access_key: Optional[str] = None
|
|
34
45
|
self.secret_key: Optional[str] = None
|
|
35
46
|
|
|
36
|
-
def authenticate(self) ->
|
|
47
|
+
def authenticate(self) -> S3SessionKwargs:
|
|
37
48
|
"""Authenticate"""
|
|
38
49
|
self.validate_config_credentials()
|
|
39
50
|
self.access_key = self.config.credentials["aws_access_key_id"]
|
|
40
51
|
self.secret_key = self.config.credentials["aws_secret_access_key"]
|
|
41
|
-
return {
|
|
52
|
+
return {
|
|
53
|
+
"aws_access_key_id": self.access_key,
|
|
54
|
+
"aws_secret_access_key": self.secret_key,
|
|
55
|
+
}
|