PyPI - kstlib - Versions diffs - 0.0.1a0__py3-none-any.whl → 1.0.0__py3-none-any.whl - Mend

kstlib 0.0.1a0py3-none-any.whl → 1.0.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (166) hide show

kstlib/__init__.py +266 -1
kstlib/__main__.py +16 -0
kstlib/alerts/__init__.py +110 -0
kstlib/alerts/channels/__init__.py +36 -0
kstlib/alerts/channels/base.py +197 -0
kstlib/alerts/channels/email.py +227 -0
kstlib/alerts/channels/slack.py +389 -0
kstlib/alerts/exceptions.py +72 -0
kstlib/alerts/manager.py +651 -0
kstlib/alerts/models.py +142 -0
kstlib/alerts/throttle.py +263 -0
kstlib/auth/__init__.py +139 -0
kstlib/auth/callback.py +399 -0
kstlib/auth/config.py +502 -0
kstlib/auth/errors.py +127 -0
kstlib/auth/models.py +316 -0
kstlib/auth/providers/__init__.py +14 -0
kstlib/auth/providers/base.py +393 -0
kstlib/auth/providers/oauth2.py +645 -0
kstlib/auth/providers/oidc.py +821 -0
kstlib/auth/session.py +338 -0
kstlib/auth/token.py +482 -0
kstlib/cache/__init__.py +50 -0
kstlib/cache/decorator.py +261 -0
kstlib/cache/strategies.py +516 -0
kstlib/cli/__init__.py +8 -0
kstlib/cli/app.py +195 -0
kstlib/cli/commands/__init__.py +5 -0
kstlib/cli/commands/auth/__init__.py +39 -0
kstlib/cli/commands/auth/common.py +122 -0
kstlib/cli/commands/auth/login.py +325 -0
kstlib/cli/commands/auth/logout.py +74 -0
kstlib/cli/commands/auth/providers.py +57 -0
kstlib/cli/commands/auth/status.py +291 -0
kstlib/cli/commands/auth/token.py +199 -0
kstlib/cli/commands/auth/whoami.py +106 -0
kstlib/cli/commands/config.py +89 -0
kstlib/cli/commands/ops/__init__.py +39 -0
kstlib/cli/commands/ops/attach.py +49 -0
kstlib/cli/commands/ops/common.py +269 -0
kstlib/cli/commands/ops/list_sessions.py +252 -0
kstlib/cli/commands/ops/logs.py +49 -0
kstlib/cli/commands/ops/start.py +98 -0
kstlib/cli/commands/ops/status.py +138 -0
kstlib/cli/commands/ops/stop.py +60 -0
kstlib/cli/commands/rapi/__init__.py +60 -0
kstlib/cli/commands/rapi/call.py +341 -0
kstlib/cli/commands/rapi/list.py +99 -0
kstlib/cli/commands/rapi/show.py +206 -0
kstlib/cli/commands/secrets/__init__.py +35 -0
kstlib/cli/commands/secrets/common.py +425 -0
kstlib/cli/commands/secrets/decrypt.py +88 -0
kstlib/cli/commands/secrets/doctor.py +743 -0
kstlib/cli/commands/secrets/encrypt.py +242 -0
kstlib/cli/commands/secrets/shred.py +96 -0
kstlib/cli/common.py +86 -0
kstlib/config/__init__.py +76 -0
kstlib/config/exceptions.py +110 -0
kstlib/config/export.py +225 -0
kstlib/config/loader.py +963 -0
kstlib/config/sops.py +287 -0
kstlib/db/__init__.py +54 -0
kstlib/db/aiosqlcipher.py +137 -0
kstlib/db/cipher.py +112 -0
kstlib/db/database.py +367 -0
kstlib/db/exceptions.py +25 -0
kstlib/db/pool.py +302 -0
kstlib/helpers/__init__.py +35 -0
kstlib/helpers/exceptions.py +11 -0
kstlib/helpers/time_trigger.py +396 -0
kstlib/kstlib.conf.yml +890 -0
kstlib/limits.py +963 -0
kstlib/logging/__init__.py +108 -0
kstlib/logging/manager.py +633 -0
kstlib/mail/__init__.py +42 -0
kstlib/mail/builder.py +626 -0
kstlib/mail/exceptions.py +27 -0
kstlib/mail/filesystem.py +248 -0
kstlib/mail/transport.py +224 -0
kstlib/mail/transports/__init__.py +19 -0
kstlib/mail/transports/gmail.py +268 -0
kstlib/mail/transports/resend.py +324 -0
kstlib/mail/transports/smtp.py +326 -0
kstlib/meta.py +72 -0
kstlib/metrics/__init__.py +88 -0
kstlib/metrics/decorators.py +1090 -0
kstlib/metrics/exceptions.py +14 -0
kstlib/monitoring/__init__.py +116 -0
kstlib/monitoring/_styles.py +163 -0
kstlib/monitoring/cell.py +57 -0
kstlib/monitoring/config.py +424 -0
kstlib/monitoring/delivery.py +579 -0
kstlib/monitoring/exceptions.py +63 -0
kstlib/monitoring/image.py +220 -0
kstlib/monitoring/kv.py +79 -0
kstlib/monitoring/list.py +69 -0
kstlib/monitoring/metric.py +88 -0
kstlib/monitoring/monitoring.py +341 -0
kstlib/monitoring/renderer.py +139 -0
kstlib/monitoring/service.py +392 -0
kstlib/monitoring/table.py +129 -0
kstlib/monitoring/types.py +56 -0
kstlib/ops/__init__.py +86 -0
kstlib/ops/base.py +148 -0
kstlib/ops/container.py +577 -0
kstlib/ops/exceptions.py +209 -0
kstlib/ops/manager.py +407 -0
kstlib/ops/models.py +176 -0
kstlib/ops/tmux.py +372 -0
kstlib/ops/validators.py +287 -0
kstlib/py.typed +0 -0
kstlib/rapi/__init__.py +118 -0
kstlib/rapi/client.py +875 -0
kstlib/rapi/config.py +861 -0
kstlib/rapi/credentials.py +887 -0
kstlib/rapi/exceptions.py +213 -0
kstlib/resilience/__init__.py +101 -0
kstlib/resilience/circuit_breaker.py +440 -0
kstlib/resilience/exceptions.py +95 -0
kstlib/resilience/heartbeat.py +491 -0
kstlib/resilience/rate_limiter.py +506 -0
kstlib/resilience/shutdown.py +417 -0
kstlib/resilience/watchdog.py +637 -0
kstlib/secrets/__init__.py +29 -0
kstlib/secrets/exceptions.py +19 -0
kstlib/secrets/models.py +62 -0
kstlib/secrets/providers/__init__.py +79 -0
kstlib/secrets/providers/base.py +58 -0
kstlib/secrets/providers/environment.py +66 -0
kstlib/secrets/providers/keyring.py +107 -0
kstlib/secrets/providers/kms.py +223 -0
kstlib/secrets/providers/kwargs.py +101 -0
kstlib/secrets/providers/sops.py +209 -0
kstlib/secrets/resolver.py +221 -0
kstlib/secrets/sensitive.py +130 -0
kstlib/secure/__init__.py +23 -0
kstlib/secure/fs.py +194 -0
kstlib/secure/permissions.py +70 -0
kstlib/ssl.py +347 -0
kstlib/ui/__init__.py +23 -0
kstlib/ui/exceptions.py +26 -0
kstlib/ui/panels.py +484 -0
kstlib/ui/spinner.py +864 -0
kstlib/ui/tables.py +382 -0
kstlib/utils/__init__.py +48 -0
kstlib/utils/dict.py +36 -0
kstlib/utils/formatting.py +338 -0
kstlib/utils/http_trace.py +237 -0
kstlib/utils/lazy.py +49 -0
kstlib/utils/secure_delete.py +205 -0
kstlib/utils/serialization.py +247 -0
kstlib/utils/text.py +56 -0
kstlib/utils/validators.py +124 -0
kstlib/websocket/__init__.py +97 -0
kstlib/websocket/exceptions.py +214 -0
kstlib/websocket/manager.py +1102 -0
kstlib/websocket/models.py +361 -0
kstlib-1.0.0.dist-info/METADATA +201 -0
kstlib-1.0.0.dist-info/RECORD +163 -0
{kstlib-0.0.1a0.dist-info → kstlib-1.0.0.dist-info}/WHEEL +1 -1
kstlib-1.0.0.dist-info/entry_points.txt +2 -0
kstlib-1.0.0.dist-info/licenses/LICENSE.md +9 -0
kstlib-0.0.1a0.dist-info/METADATA +0 -29
kstlib-0.0.1a0.dist-info/RECORD +0 -6
kstlib-0.0.1a0.dist-info/licenses/LICENSE.md +0 -5
{kstlib-0.0.1a0.dist-info → kstlib-1.0.0.dist-info}/top_level.txt +0 -0

kstlib/auth/session.py ADDED Viewed

@@ -0,0 +1,338 @@
+"""Authenticated HTTP session wrapper."""
+from __future__ import annotations
+from enum import Enum
+from http import HTTPStatus
+from typing import TYPE_CHECKING, Any
+import httpx
+from typing_extensions import Self
+from kstlib.auth.errors import AuthError, TokenExpiredError
+from kstlib.logging import TRACE_LEVEL, get_logger
+from kstlib.ssl import build_ssl_context
+if TYPE_CHECKING:
+    import types
+    from kstlib.auth.providers.base import AbstractAuthProvider
+logger = get_logger(__name__)
+# Default timeout for HTTP requests
+DEFAULT_TIMEOUT = 30.0
+class AuthSession:
+    """HTTP session with automatic token injection and refresh.
+    Wraps httpx.Client (sync) or httpx.AsyncClient (async) to automatically:
+    - Inject Bearer token in Authorization header
+    - Refresh expired tokens before making requests
+    - Handle 401 responses by refreshing and retrying
+    Example (sync):
+        >>> from kstlib.auth import AuthSession, get_provider  # doctest: +SKIP
+        >>> provider = get_provider("corporate")  # doctest: +SKIP
+        >>> with AuthSession(provider) as session:  # doctest: +SKIP
+        ...     response = session.get("https://api.example.com/users/me")
+        ...     print(response.json())
+    Example (async):
+        >>> async with AuthSession(provider) as session:  # doctest: +SKIP
+        ...     response = await session.get("https://api.example.com/users/me")
+        ...     print(response.json())
+    """
+    def __init__(
+        self,
+        provider: AbstractAuthProvider,
+        *,
+        timeout: float = DEFAULT_TIMEOUT,
+        auto_refresh: bool = True,
+        retry_on_401: bool = True,
+        ssl_verify: bool | None = None,
+        ssl_ca_bundle: str | None = None,
+    ) -> None:
+        """Initialize authenticated session.
+        Args:
+            provider: Authentication provider to use for tokens.
+            timeout: Default request timeout in seconds.
+            auto_refresh: Automatically refresh expired tokens before requests.
+            retry_on_401: Retry request after token refresh on 401 response.
+            ssl_verify: Override SSL verification (True/False).
+                If None, uses provider's SSL config or global config.
+            ssl_ca_bundle: Override CA bundle path.
+                If None, uses provider's SSL config or global config.
+        """
+        self.provider = provider
+        self.timeout = timeout
+        self.auto_refresh = auto_refresh
+        self.retry_on_401 = retry_on_401
+        # Build SSL context: kwargs > provider config > global config
+        if ssl_verify is None and ssl_ca_bundle is None and hasattr(provider, "config"):
+            # Use provider's SSL settings if available
+            # Check for actual bool/str values (not MagicMock from tests)
+            provider_config = getattr(provider, "config", None)
+            provider_ssl_verify: bool | None = None
+            provider_ca_bundle: str | None = None
+            if provider_config is not None:
+                ssl_verify_attr = getattr(provider_config, "ssl_verify", None)
+                if isinstance(ssl_verify_attr, bool):
+                    provider_ssl_verify = ssl_verify_attr
+                ca_bundle_attr = getattr(provider_config, "ssl_ca_bundle", None)
+                if isinstance(ca_bundle_attr, str):
+                    provider_ca_bundle = ca_bundle_attr
+            self._ssl_context = build_ssl_context(
+                ssl_verify=provider_ssl_verify,
+                ssl_ca_bundle=provider_ca_bundle,
+            )
+        else:
+            # Use explicit kwargs or fall back to global config
+            self._ssl_context = build_ssl_context(
+                ssl_verify=ssl_verify,
+                ssl_ca_bundle=ssl_ca_bundle,
+            )
+        self._sync_client: httpx.Client | None = None
+        self._async_client: httpx.AsyncClient | None = None
+    # ─────────────────────────────────────────────────────────────────────────
+    # Context managers
+    # ─────────────────────────────────────────────────────────────────────────
+    def __enter__(self) -> Self:
+        """Enter sync context manager."""
+        self._sync_client = httpx.Client(timeout=self.timeout, verify=self._ssl_context)
+        return self
+    def __exit__(
+        self,
+        exc_type: type[BaseException] | None,
+        exc_val: BaseException | None,
+        exc_tb: types.TracebackType | None,
+    ) -> None:
+        """Exit sync context manager."""
+        if self._sync_client:
+            self._sync_client.close()
+            self._sync_client = None
+    async def __aenter__(self) -> Self:
+        """Enter async context manager."""
+        self._async_client = httpx.AsyncClient(timeout=self.timeout, verify=self._ssl_context)
+        return self
+    async def __aexit__(
+        self,
+        exc_type: type[BaseException] | None,
+        exc_val: BaseException | None,
+        exc_tb: types.TracebackType | None,
+    ) -> None:
+        """Exit async context manager."""
+        if self._async_client:
+            await self._async_client.aclose()
+            self._async_client = None
+    # ─────────────────────────────────────────────────────────────────────────
+    # Token handling
+    # ─────────────────────────────────────────────────────────────────────────
+    def _get_auth_header(self) -> dict[str, str]:
+        """Get Authorization header with current token.
+        Returns:
+            Dict with Authorization header.
+        Raises:
+            TokenExpiredError: If no valid token is available.
+        """
+        token = self.provider.get_token(auto_refresh=self.auto_refresh)
+        if token is None:
+            raise TokenExpiredError("No token available - authentication required")
+        if token.is_expired and not token.is_refreshable:
+            raise TokenExpiredError("Token expired and cannot be refreshed")
+        # Extract string value from TokenType enum or use as-is if already a string
+        token_type = token.token_type.value if isinstance(token.token_type, Enum) else token.token_type
+        return {"Authorization": f"{token_type} {token.access_token}"}
+    def _should_retry(self, response: httpx.Response, retried: bool) -> bool:
+        """Check if request should be retried after 401."""
+        return (
+            self.retry_on_401
+            and not retried
+            and response.status_code == HTTPStatus.UNAUTHORIZED
+            and self.provider.get_token(auto_refresh=False) is not None
+        )
+    # ─────────────────────────────────────────────────────────────────────────
+    # Sync HTTP methods
+    # ─────────────────────────────────────────────────────────────────────────
+    def _request(
+        self,
+        method: str,
+        url: str,
+        *,
+        _retried: bool = False,
+        **kwargs: Any,
+    ) -> httpx.Response:
+        """Make an authenticated HTTP request (sync).
+        Args:
+            method: HTTP method.
+            url: Request URL.
+            _retried: Internal flag to prevent infinite retry.
+            **kwargs: Additional arguments for httpx.
+        Returns:
+            HTTP response.
+        """
+        if self._sync_client is None:
+            msg = "Session not initialized - use 'with AuthSession(...) as session:'"
+            raise AuthError(msg)
+        # Merge auth header with any existing headers
+        headers = kwargs.pop("headers", {})
+        headers.update(self._get_auth_header())
+        kwargs["headers"] = headers
+        if logger.isEnabledFor(TRACE_LEVEL):
+            logger.log(TRACE_LEVEL, "[SESSION] %s %s", method, url)
+        response = self._sync_client.request(method, url, **kwargs)
+        if logger.isEnabledFor(TRACE_LEVEL):
+            logger.log(TRACE_LEVEL, "[SESSION] Response: %d %s", response.status_code, response.reason_phrase)
+        # Retry on 401 if configured
+        if self._should_retry(response, _retried):
+            logger.debug("Got 401, attempting token refresh and retry")
+            try:
+                self.provider.refresh()
+                return self._request(method, url, _retried=True, **kwargs)
+            except Exception:  # pylint: disable=broad-exception-caught
+                # Intentional catch-all for best-effort refresh
+                logger.warning("Token refresh failed, returning original 401 response")
+        return response
+    def get(self, url: str, **kwargs: Any) -> httpx.Response:
+        """Make authenticated GET request."""
+        return self._request("GET", url, **kwargs)
+    def post(self, url: str, **kwargs: Any) -> httpx.Response:
+        """Make authenticated POST request."""
+        return self._request("POST", url, **kwargs)
+    def put(self, url: str, **kwargs: Any) -> httpx.Response:
+        """Make authenticated PUT request."""
+        return self._request("PUT", url, **kwargs)
+    def patch(self, url: str, **kwargs: Any) -> httpx.Response:
+        """Make authenticated PATCH request."""
+        return self._request("PATCH", url, **kwargs)
+    def delete(self, url: str, **kwargs: Any) -> httpx.Response:
+        """Make authenticated DELETE request."""
+        return self._request("DELETE", url, **kwargs)
+    def head(self, url: str, **kwargs: Any) -> httpx.Response:
+        """Make authenticated HEAD request."""
+        return self._request("HEAD", url, **kwargs)
+    def options(self, url: str, **kwargs: Any) -> httpx.Response:
+        """Make authenticated OPTIONS request."""
+        return self._request("OPTIONS", url, **kwargs)
+    # ─────────────────────────────────────────────────────────────────────────
+    # Async HTTP methods
+    # ─────────────────────────────────────────────────────────────────────────
+    async def _arequest(
+        self,
+        method: str,
+        url: str,
+        *,
+        _retried: bool = False,
+        **kwargs: Any,
+    ) -> httpx.Response:
+        """Make an authenticated HTTP request (async).
+        Args:
+            method: HTTP method.
+            url: Request URL.
+            _retried: Internal flag to prevent infinite retry.
+            **kwargs: Additional arguments for httpx.
+        Returns:
+            HTTP response.
+        """
+        if self._async_client is None:
+            msg = "Session not initialized - use 'async with AuthSession(...) as session:'"
+            raise AuthError(msg)
+        # Merge auth header with any existing headers
+        headers = kwargs.pop("headers", {})
+        headers.update(self._get_auth_header())
+        kwargs["headers"] = headers
+        if logger.isEnabledFor(TRACE_LEVEL):
+            logger.log(TRACE_LEVEL, "[SESSION] %s %s (async)", method, url)
+        response = await self._async_client.request(method, url, **kwargs)
+        if logger.isEnabledFor(TRACE_LEVEL):
+            logger.log(TRACE_LEVEL, "[SESSION] Response: %d %s", response.status_code, response.reason_phrase)
+        # Retry on 401 if configured
+        if self._should_retry(response, _retried):
+            logger.debug("Got 401, attempting token refresh and retry")
+            try:
+                self.provider.refresh()
+                return await self._arequest(method, url, _retried=True, **kwargs)
+            except Exception:  # pylint: disable=broad-exception-caught
+                # Intentional catch-all for best-effort refresh
+                logger.warning("Token refresh failed, returning original 401 response")
+        return response
+    async def aget(self, url: str, **kwargs: Any) -> httpx.Response:
+        """Make authenticated async GET request."""
+        return await self._arequest("GET", url, **kwargs)
+    async def apost(self, url: str, **kwargs: Any) -> httpx.Response:
+        """Make authenticated async POST request."""
+        return await self._arequest("POST", url, **kwargs)
+    async def aput(self, url: str, **kwargs: Any) -> httpx.Response:
+        """Make authenticated async PUT request."""
+        return await self._arequest("PUT", url, **kwargs)
+    async def apatch(self, url: str, **kwargs: Any) -> httpx.Response:
+        """Make authenticated async PATCH request."""
+        return await self._arequest("PATCH", url, **kwargs)
+    async def adelete(self, url: str, **kwargs: Any) -> httpx.Response:
+        """Make authenticated async DELETE request."""
+        return await self._arequest("DELETE", url, **kwargs)
+    async def ahead(self, url: str, **kwargs: Any) -> httpx.Response:
+        """Make authenticated async HEAD request."""
+        return await self._arequest("HEAD", url, **kwargs)
+    async def aoptions(self, url: str, **kwargs: Any) -> httpx.Response:
+        """Make authenticated async OPTIONS request."""
+        return await self._arequest("OPTIONS", url, **kwargs)
+__all__ = ["AuthSession"]

kstlib 0.0.1a0__py3-none-any.whl → 1.0.0__py3-none-any.whl

kstlib 0.0.1a0py3-none-any.whl → 1.0.0py3-none-any.whl