pangea-sdk 3.8.0__py3-none-any.whl → 5.3.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pangea/__init__.py +2 -1
- pangea/asyncio/__init__.py +1 -0
- pangea/asyncio/file_uploader.py +39 -0
- pangea/asyncio/request.py +46 -23
- pangea/asyncio/services/__init__.py +2 -0
- pangea/asyncio/services/audit.py +46 -20
- pangea/asyncio/services/authn.py +123 -61
- pangea/asyncio/services/authz.py +57 -31
- pangea/asyncio/services/base.py +21 -2
- pangea/asyncio/services/embargo.py +2 -2
- pangea/asyncio/services/file_scan.py +24 -9
- pangea/asyncio/services/intel.py +104 -30
- pangea/asyncio/services/redact.py +52 -3
- pangea/asyncio/services/sanitize.py +217 -0
- pangea/asyncio/services/share.py +733 -0
- pangea/asyncio/services/vault.py +1709 -766
- pangea/crypto/rsa.py +135 -0
- pangea/deep_verify.py +7 -1
- pangea/dump_audit.py +9 -8
- pangea/file_uploader.py +35 -0
- pangea/request.py +70 -49
- pangea/response.py +36 -17
- pangea/services/__init__.py +2 -0
- pangea/services/audit/audit.py +57 -29
- pangea/services/audit/models.py +12 -3
- pangea/services/audit/signing.py +6 -5
- pangea/services/audit/util.py +3 -3
- pangea/services/authn/authn.py +120 -66
- pangea/services/authn/models.py +167 -11
- pangea/services/authz.py +53 -30
- pangea/services/base.py +16 -2
- pangea/services/embargo.py +2 -2
- pangea/services/file_scan.py +32 -15
- pangea/services/intel.py +155 -30
- pangea/services/redact.py +132 -3
- pangea/services/sanitize.py +388 -0
- pangea/services/share/file_format.py +170 -0
- pangea/services/share/share.py +1440 -0
- pangea/services/vault/models/asymmetric.py +120 -18
- pangea/services/vault/models/common.py +439 -141
- pangea/services/vault/models/keys.py +94 -0
- pangea/services/vault/models/secret.py +27 -3
- pangea/services/vault/models/symmetric.py +68 -22
- pangea/services/vault/vault.py +1690 -766
- pangea/tools.py +6 -7
- pangea/utils.py +94 -33
- pangea/verify_audit.py +270 -83
- {pangea_sdk-3.8.0.dist-info → pangea_sdk-5.3.0.dist-info}/METADATA +21 -29
- pangea_sdk-5.3.0.dist-info/RECORD +56 -0
- {pangea_sdk-3.8.0.dist-info → pangea_sdk-5.3.0.dist-info}/WHEEL +1 -1
- pangea_sdk-3.8.0.dist-info/RECORD +0 -46
@@ -1,10 +1,11 @@
|
|
1
1
|
# Copyright 2022 Pangea Cyber Corporation
|
2
2
|
# Author: Pangea Cyber Corporation
|
3
|
-
import
|
3
|
+
from __future__ import annotations
|
4
|
+
|
4
5
|
import enum
|
5
|
-
from typing import Dict, Generic, List, NewType, Optional, TypeVar, Union
|
6
|
+
from typing import Dict, Generic, List, Literal, Mapping, NewType, Optional, TypeVar, Union
|
6
7
|
|
7
|
-
from pangea.response import APIRequestModel, PangeaResponseResult
|
8
|
+
from pangea.response import APIRequestModel, PangeaDateTime, PangeaResponseResult
|
8
9
|
|
9
10
|
# EncodedPublicKey is a PEM public key, with no further encoding (i.e. no base64)
|
10
11
|
# It may be used for example in openssh with no further processing
|
@@ -18,80 +19,6 @@ EncodedPrivateKey = NewType("EncodedPrivateKey", str)
|
|
18
19
|
EncodedSymmetricKey = NewType("EncodedSymmetricKey", str)
|
19
20
|
|
20
21
|
|
21
|
-
class KeyPurpose(str, enum.Enum):
|
22
|
-
SIGNING = "signing"
|
23
|
-
ENCRYPTION = "encryption"
|
24
|
-
JWT = "jwt"
|
25
|
-
|
26
|
-
def __str__(self):
|
27
|
-
return str(self.value)
|
28
|
-
|
29
|
-
def __repr__(self):
|
30
|
-
return str(self.value)
|
31
|
-
|
32
|
-
|
33
|
-
class AsymmetricAlgorithm(str, enum.Enum):
|
34
|
-
Ed25519 = "ED25519"
|
35
|
-
RSA2048_PKCS1V15_SHA256 = "RSA-PKCS1V15-2048-SHA256"
|
36
|
-
RSA2048_OAEP_SHA256 = "RSA-OAEP-2048-SHA256"
|
37
|
-
ES256 = "ES256"
|
38
|
-
ES384 = "ES384"
|
39
|
-
ES512 = "ES512"
|
40
|
-
ES256K = "ES256K"
|
41
|
-
RSA2048_OAEP_SHA1 = "RSA-OAEP-2048-SHA1"
|
42
|
-
RSA2048_OAEP_SHA512 = "RSA-OAEP-2048-SHA512"
|
43
|
-
RSA3072_OAEP_SHA1 = "RSA-OAEP-3072-SHA1"
|
44
|
-
RSA3072_OAEP_SHA256 = "RSA-OAEP-3072-SHA256"
|
45
|
-
RSA3072_OAEP_SHA512 = "RSA-OAEP-3072-SHA512"
|
46
|
-
RSA4096_OAEP_SHA1 = "RSA-OAEP-4096-SHA1"
|
47
|
-
RSA4096_OAEP_SHA256 = "RSA-OAEP-4096-SHA256"
|
48
|
-
RSA4096_OAEP_SHA512 = "RSA-OAEP-4096-SHA512"
|
49
|
-
RSA2048_PSS_SHA256 = "RSA-PSS-2048-SHA256"
|
50
|
-
RSA3072_PSS_SHA256 = "RSA-PSS-3072-SHA256"
|
51
|
-
RSA4096_PSS_SHA256 = "RSA-PSS-4096-SHA256"
|
52
|
-
RSA4096_PSS_SHA512 = "RSA-PSS-4096-SHA512"
|
53
|
-
RSA = "RSA-PKCS1V15-2048-SHA256" # deprecated, use RSA2048_PKCS1V15_SHA256 instead
|
54
|
-
Ed25519_DILITHIUM2_BETA = "ED25519-DILITHIUM2-BETA"
|
55
|
-
Ed448_DILITHIUM3_BETA = "ED448-DILITHIUM3-BETA"
|
56
|
-
SPHINCSPLUS_128F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-128F-SHAKE256-SIMPLE-BETA"
|
57
|
-
SPHINCSPLUS_128F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-128F-SHAKE256-ROBUST-BETA"
|
58
|
-
SPHINCSPLUS_192F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-192F-SHAKE256-SIMPLE-BETA"
|
59
|
-
SPHINCSPLUS_192F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-192F-SHAKE256-ROBUST-BETA"
|
60
|
-
SPHINCSPLUS_256F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-256F-SHAKE256-SIMPLE-BETA"
|
61
|
-
SPHINCSPLUS_256F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-256F-SHAKE256-ROBUST-BETA"
|
62
|
-
SPHINCSPLUS_128F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-128F-SHA256-SIMPLE-BETA"
|
63
|
-
SPHINCSPLUS_128F_SHA256_ROBUST_BETA = "SPHINCSPLUS-128F-SHA256-ROBUST-BETA"
|
64
|
-
SPHINCSPLUS_192F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-192F-SHA256-SIMPLE-BETA"
|
65
|
-
SPHINCSPLUS_192F_SHA256_ROBUST_BETA = "SPHINCSPLUS-192F-SHA256-ROBUST-BETA"
|
66
|
-
SPHINCSPLUS_256F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-256F-SHA256-SIMPLE-BETA"
|
67
|
-
SPHINCSPLUS_256F_SHA256_ROBUST_BETA = "SPHINCSPLUS-256F-SHA256-ROBUST-BETA"
|
68
|
-
FALCON_1024_BETA = "FALCON-1024-BETA"
|
69
|
-
|
70
|
-
def __str__(self):
|
71
|
-
return str(self.value)
|
72
|
-
|
73
|
-
def __repr__(self):
|
74
|
-
return str(self.value)
|
75
|
-
|
76
|
-
|
77
|
-
class SymmetricAlgorithm(str, enum.Enum):
|
78
|
-
HS256 = "HS256"
|
79
|
-
HS384 = "HS384"
|
80
|
-
HS512 = "HS512"
|
81
|
-
AES128_CFB = "AES-CFB-128"
|
82
|
-
AES256_CFB = "AES-CFB-256"
|
83
|
-
AES256_GCM = "AES-GCM-256"
|
84
|
-
AES128_CBC = "AES-CBC-128"
|
85
|
-
AES256_CBC = "AES-CBC-256"
|
86
|
-
AES = "AES-CFB-128" # deprecated, use AES128_CFB instead
|
87
|
-
|
88
|
-
def __str__(self):
|
89
|
-
return str(self.value)
|
90
|
-
|
91
|
-
def __repr__(self):
|
92
|
-
return str(self.value)
|
93
|
-
|
94
|
-
|
95
22
|
Metadata = NewType("Metadata", Dict[str, str])
|
96
23
|
Tags = NewType("Tags", List[str])
|
97
24
|
|
@@ -132,12 +59,11 @@ class ItemType(str, enum.Enum):
|
|
132
59
|
SYMMETRIC_KEY = "symmetric_key"
|
133
60
|
SECRET = "secret"
|
134
61
|
PANGEA_TOKEN = "pangea_token"
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
return str(self.value)
|
62
|
+
PANGEA_CLIENT_SECRET = "pangea_client_secret"
|
63
|
+
FOLDER = "folder"
|
64
|
+
CERTIFICATE = "certificate"
|
65
|
+
CERTIFICATE_AUTHORITY = "ca"
|
66
|
+
CERTIFICATE_REVOCATION_LIST = "crl"
|
141
67
|
|
142
68
|
|
143
69
|
class ItemVersionState(str, enum.Enum):
|
@@ -148,33 +74,45 @@ class ItemVersionState(str, enum.Enum):
|
|
148
74
|
DESTROYED = "destroyed"
|
149
75
|
INHERITED = "inherited"
|
150
76
|
|
151
|
-
def __str__(self):
|
152
|
-
return str(self.value)
|
153
77
|
|
154
|
-
|
155
|
-
|
78
|
+
class RotationState(str, enum.Enum):
|
79
|
+
DEACTIVATED = "deactivated"
|
80
|
+
DESTROYED = "destroyed"
|
81
|
+
|
82
|
+
|
83
|
+
class RequestRotationState(str, enum.Enum):
|
84
|
+
DEACTIVATED = "deactivated"
|
85
|
+
DESTROYED = "destroyed"
|
86
|
+
INHERITED = "inherited"
|
87
|
+
|
88
|
+
|
89
|
+
class RequestManualRotationState(str, enum.Enum):
|
90
|
+
DEACTIVATED = "deactivated"
|
91
|
+
SUSPENDED = "suspended"
|
92
|
+
DESTROYED = "destroyed"
|
93
|
+
INHERITED = "inherited"
|
156
94
|
|
157
95
|
|
158
96
|
class ItemState(str, enum.Enum):
|
159
97
|
ENABLED = "enabled"
|
160
98
|
DISABLED = "disabled"
|
161
99
|
|
162
|
-
|
163
|
-
return str(self.value)
|
100
|
+
value: str
|
164
101
|
|
165
|
-
def __repr__(self):
|
166
|
-
return str(self.value)
|
167
102
|
|
103
|
+
class ExportEncryptionType(str, enum.Enum):
|
104
|
+
NONE = "none"
|
105
|
+
ASYMMETRIC = "asymmetric"
|
106
|
+
KEM = "kem"
|
168
107
|
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
expiration: Optional[datetime.datetime] = None
|
108
|
+
|
109
|
+
class ExportEncryptionAlgorithm(str, enum.Enum):
|
110
|
+
"""Algorithm of an exported public key."""
|
111
|
+
|
112
|
+
RSA4096_OAEP_SHA512 = "RSA-OAEP-4096-SHA512"
|
113
|
+
"""RSA 4096-bit key, OAEP padding, SHA512 digest."""
|
114
|
+
|
115
|
+
RSA_NO_PADDING_4096_KEM = "RSA-NO-PADDING-4096-KEM"
|
178
116
|
|
179
117
|
|
180
118
|
class CommonStoreResult(PangeaResponseResult):
|
@@ -183,17 +121,6 @@ class CommonStoreResult(PangeaResponseResult):
|
|
183
121
|
version: int
|
184
122
|
|
185
123
|
|
186
|
-
class CommonGenerateRequest(APIRequestModel):
|
187
|
-
type: ItemType
|
188
|
-
name: str
|
189
|
-
folder: Optional[str] = None
|
190
|
-
metadata: Optional[Metadata] = None
|
191
|
-
tags: Optional[Tags] = None
|
192
|
-
rotation_frequency: Optional[str] = None
|
193
|
-
rotation_state: Optional[ItemVersionState] = None
|
194
|
-
expiration: Optional[datetime.datetime] = None
|
195
|
-
|
196
|
-
|
197
124
|
class CommonGenerateResult(PangeaResponseResult):
|
198
125
|
type: str
|
199
126
|
version: int
|
@@ -202,25 +129,40 @@ class CommonGenerateResult(PangeaResponseResult):
|
|
202
129
|
|
203
130
|
class GetRequest(APIRequestModel):
|
204
131
|
id: str
|
205
|
-
version:
|
206
|
-
|
207
|
-
|
132
|
+
version: Union[Literal["all"], int, None] = None
|
133
|
+
|
134
|
+
|
135
|
+
class GetBulkRequest(APIRequestModel):
|
136
|
+
filter: Mapping[str, str]
|
137
|
+
"""Filters to customize a search."""
|
138
|
+
|
139
|
+
size: Optional[int] = None
|
140
|
+
"""Maximum number of items in the response."""
|
141
|
+
|
142
|
+
order: Optional[ItemOrder] = None
|
143
|
+
"""Direction for ordering the results."""
|
144
|
+
|
145
|
+
order_by: Optional[ItemOrderBy] = None
|
146
|
+
"""Property by which to order the results."""
|
147
|
+
|
148
|
+
last: Optional[str] = None
|
149
|
+
"""
|
150
|
+
Internal ID returned in the previous look up response. Used for pagination.
|
151
|
+
"""
|
208
152
|
|
209
153
|
|
210
|
-
class
|
154
|
+
class ItemVersion(PangeaResponseResult):
|
211
155
|
version: int
|
212
|
-
state: str
|
213
156
|
created_at: str
|
214
|
-
|
215
|
-
|
216
|
-
secret: Optional[str] = None
|
157
|
+
state: ItemVersionState
|
158
|
+
destroyed_at: Optional[str] = None
|
217
159
|
|
218
160
|
|
219
161
|
class ItemData(PangeaResponseResult):
|
220
162
|
type: str
|
221
163
|
id: Optional[str] = None
|
222
164
|
item_state: Optional[str] = None
|
223
|
-
current_version: Optional[
|
165
|
+
current_version: Optional[ItemVersion] = None
|
224
166
|
name: Optional[str] = None
|
225
167
|
folder: Optional[str] = None
|
226
168
|
metadata: Optional[Metadata] = None
|
@@ -233,6 +175,8 @@ class ItemData(PangeaResponseResult):
|
|
233
175
|
created_at: Optional[str] = None
|
234
176
|
algorithm: Optional[str] = None
|
235
177
|
purpose: Optional[str] = None
|
178
|
+
exportable: Optional[bool] = None
|
179
|
+
"""Whether the key is exportable or not."""
|
236
180
|
|
237
181
|
|
238
182
|
class InheritedSettings(PangeaResponseResult):
|
@@ -241,24 +185,105 @@ class InheritedSettings(PangeaResponseResult):
|
|
241
185
|
rotation_grace_period: Optional[str] = None
|
242
186
|
|
243
187
|
|
244
|
-
class
|
245
|
-
|
246
|
-
|
247
|
-
|
188
|
+
class Key(PangeaResponseResult):
|
189
|
+
id: str
|
190
|
+
type: ItemType
|
191
|
+
item_state: Optional[ItemState] = None
|
192
|
+
enabled: bool
|
193
|
+
current_version: Optional[ItemVersion] = None
|
194
|
+
name: str
|
195
|
+
folder: str
|
196
|
+
metadata: Optional[Metadata] = None
|
197
|
+
tags: Optional[Tags] = None
|
198
|
+
rotation_frequency: str
|
199
|
+
rotation_state: RotationState
|
200
|
+
last_rotated: Optional[str] = None
|
201
|
+
next_rotation: str
|
202
|
+
disabled_at: Optional[str] = None
|
203
|
+
created_at: str
|
204
|
+
algorithm: str
|
205
|
+
purpose: str
|
206
|
+
encrypting_item_id: Optional[str] = None
|
207
|
+
inherited_settings: InheritedSettings
|
208
|
+
exportable: bool
|
209
|
+
"""Whether the key is exportable or not."""
|
248
210
|
|
249
211
|
|
250
|
-
class
|
251
|
-
|
212
|
+
class SecretVersion(ItemVersion):
|
213
|
+
secret: Optional[str] = None
|
214
|
+
|
215
|
+
|
216
|
+
class Secret(PangeaResponseResult):
|
217
|
+
id: str
|
218
|
+
type: Literal[ItemType.SECRET] = ItemType.SECRET
|
219
|
+
enabled: bool
|
220
|
+
name: str
|
221
|
+
folder: str
|
222
|
+
metadata: Optional[Metadata] = None
|
223
|
+
tags: Optional[Tags] = None
|
224
|
+
expiration: Optional[str] = None
|
225
|
+
created_at: str
|
226
|
+
encrypting_item_id: Optional[str] = None
|
227
|
+
item_versions: List[SecretVersion]
|
228
|
+
|
229
|
+
|
230
|
+
class ClientSecret(PangeaResponseResult):
|
231
|
+
id: str
|
232
|
+
type: Literal[ItemType.PANGEA_CLIENT_SECRET] = ItemType.PANGEA_CLIENT_SECRET
|
233
|
+
enabled: bool
|
234
|
+
name: str
|
235
|
+
folder: str
|
236
|
+
metadata: Metadata
|
237
|
+
tags: Tags
|
238
|
+
expiration: str
|
239
|
+
created_at: str
|
240
|
+
encrypting_item_id: str
|
241
|
+
rotation_frequency: str
|
242
|
+
rotation_state: RotationState
|
243
|
+
rotation_grace_period: str
|
244
|
+
inherited_settings: InheritedSettings
|
245
|
+
item_versions: List[SecretVersion]
|
246
|
+
|
247
|
+
|
248
|
+
class Folder(PangeaResponseResult):
|
249
|
+
id: str
|
250
|
+
type: Literal[ItemType.FOLDER] = ItemType.FOLDER
|
251
|
+
name: str
|
252
|
+
folder: str
|
253
|
+
metadata: Metadata
|
254
|
+
tags: Tags
|
255
|
+
created_at: str
|
256
|
+
inherited_settings: InheritedSettings
|
257
|
+
|
258
|
+
|
259
|
+
class ListItemData(PangeaResponseResult):
|
260
|
+
id: str
|
261
|
+
type: ItemType
|
262
|
+
name: str
|
263
|
+
folder: str
|
264
|
+
created_at: str
|
265
|
+
tags: Optional[Tags] = None
|
266
|
+
metadata: Optional[Metadata] = None
|
267
|
+
last_rotated: Optional[str] = None
|
268
|
+
next_rotation: Optional[str] = None
|
269
|
+
disabled_at: Optional[str] = None
|
270
|
+
rotation_frequency: Optional[str] = None
|
271
|
+
rotation_state: Optional[RotationState] = None
|
272
|
+
algorithm: Optional[str] = None
|
273
|
+
purpose: Optional[str] = None
|
274
|
+
inherited_settings: Optional[InheritedSettings] = None
|
275
|
+
compromised_versions: Optional[List[ItemVersion]] = None
|
252
276
|
|
253
277
|
|
254
278
|
class ListResult(PangeaResponseResult):
|
255
|
-
items: List[ListItemData]
|
256
|
-
|
257
|
-
last: Optional[str]
|
279
|
+
items: List[ListItemData]
|
280
|
+
|
281
|
+
last: Optional[str] = None
|
282
|
+
"""Internal ID returned in the previous look up response. Used for pagination."""
|
258
283
|
|
259
284
|
|
260
285
|
class ListRequest(APIRequestModel):
|
261
|
-
filter: Optional[
|
286
|
+
filter: Optional[Mapping[str, str]] = None
|
262
287
|
size: Optional[int] = None
|
263
288
|
order: Optional[ItemOrder] = None
|
264
289
|
order_by: Optional[ItemOrderBy] = None
|
@@ -267,7 +292,7 @@ class ListRequest(APIRequestModel):
|
|
267
292
|
|
268
293
|
class CommonRotateRequest(APIRequestModel):
|
269
294
|
id: str
|
270
|
-
rotation_state:
|
295
|
+
rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED
|
271
296
|
|
272
297
|
|
273
298
|
class CommonRotateResult(PangeaResponseResult):
|
@@ -276,12 +301,6 @@ class CommonRotateResult(PangeaResponseResult):
|
|
276
301
|
type: str
|
277
302
|
|
278
303
|
|
279
|
-
class KeyRotateRequest(CommonRotateRequest):
|
280
|
-
key: Optional[str] = None
|
281
|
-
public_key: Optional[EncodedPublicKey] = None
|
282
|
-
private_key: Optional[EncodedPrivateKey] = None
|
283
|
-
|
284
|
-
|
285
304
|
class KeyRotateResult(CommonRotateResult):
|
286
305
|
public_key: Optional[EncodedPublicKey] = None
|
287
306
|
algorithm: str
|
@@ -290,10 +309,12 @@ class KeyRotateResult(CommonRotateResult):
|
|
290
309
|
|
291
310
|
class DeleteRequest(APIRequestModel):
|
292
311
|
id: str
|
312
|
+
recursive: bool = False
|
293
313
|
|
294
314
|
|
295
315
|
class DeleteResult(PangeaResponseResult):
|
296
316
|
id: str
|
317
|
+
"""The ID of the item."""
|
297
318
|
|
298
319
|
|
299
320
|
class UpdateRequest(APIRequestModel):
|
@@ -302,11 +323,11 @@ class UpdateRequest(APIRequestModel):
|
|
302
323
|
folder: Optional[str] = None
|
303
324
|
metadata: Optional[Metadata] = None
|
304
325
|
tags: Optional[Tags] = None
|
326
|
+
disabled_at: Optional[str] = None
|
327
|
+
enabled: Optional[bool] = None
|
305
328
|
rotation_frequency: Optional[str] = None
|
306
|
-
rotation_state:
|
329
|
+
rotation_state: RequestRotationState = RequestRotationState.INHERITED
|
307
330
|
rotation_grace_period: Optional[str] = None
|
308
|
-
expiration: Optional[datetime.datetime] = None
|
309
|
-
item_state: Optional[ItemState] = None
|
310
331
|
|
311
332
|
|
312
333
|
class UpdateResult(PangeaResponseResult):
|
@@ -355,6 +376,7 @@ class JWTVerifyRequest(APIRequestModel):
|
|
355
376
|
|
356
377
|
class JWTVerifyResult(PangeaResponseResult):
|
357
378
|
valid_signature: bool
|
379
|
+
"""Indicates if messages have been verified."""
|
358
380
|
|
359
381
|
|
360
382
|
class JWTSignRequest(APIRequestModel):
|
@@ -364,6 +386,7 @@ class JWTSignRequest(APIRequestModel):
|
|
364
386
|
|
365
387
|
class JWTSignResult(PangeaResponseResult):
|
366
388
|
jws: str
|
389
|
+
"""The signed JSON Web Token (JWS)."""
|
367
390
|
|
368
391
|
|
369
392
|
class StateChangeRequest(APIRequestModel):
|
@@ -386,12 +409,38 @@ class FolderCreateRequest(APIRequestModel):
|
|
386
409
|
metadata: Optional[Metadata] = None
|
387
410
|
tags: Optional[Tags] = None
|
388
411
|
rotation_frequency: Optional[str] = None
|
389
|
-
rotation_state: Optional[
|
412
|
+
rotation_state: Optional[RequestRotationState] = None
|
390
413
|
rotation_grace_period: Optional[str] = None
|
414
|
+
disabled_at: Optional[PangeaDateTime] = None
|
391
415
|
|
392
416
|
|
393
417
|
class FolderCreateResult(PangeaResponseResult):
|
394
418
|
id: str
|
419
|
+
"""The ID of the item."""
|
420
|
+
|
421
|
+
type: str
|
422
|
+
"""The type of the folder."""
|
423
|
+
|
424
|
+
name: str
|
425
|
+
"""The name of this item."""
|
426
|
+
|
427
|
+
folder: str
|
428
|
+
"""The folder where this item is stored."""
|
429
|
+
|
430
|
+
metadata: Optional[Metadata] = None
|
431
|
+
"""User-provided metadata."""
|
432
|
+
|
433
|
+
tags: Optional[Tags] = None
|
434
|
+
"""A list of user-defined tags."""
|
435
|
+
|
436
|
+
created_at: str
|
437
|
+
"""Timestamp indicating when the item was created."""
|
438
|
+
|
439
|
+
inherited_settings: InheritedSettings
|
440
|
+
"""
|
441
|
+
For settings that inherit a value from a parent folder, the full path of the
|
442
|
+
folder where the value is set.
|
443
|
+
"""
|
395
444
|
|
396
445
|
|
397
446
|
TDict = TypeVar("TDict", bound=Dict)
|
@@ -427,3 +476,252 @@ class EncryptStructuredResult(PangeaResponseResult, Generic[TDict]):
|
|
427
476
|
|
428
477
|
structured_data: TDict
|
429
478
|
"""Encrypted structured data."""
|
479
|
+
|
480
|
+
|
481
|
+
class TransformAlphabet(str, enum.Enum):
|
482
|
+
"""Set of characters to use for format-preserving encryption (FPE)."""
|
483
|
+
|
484
|
+
NUMERIC = "numeric"
|
485
|
+
"""Numeric (0-9)."""
|
486
|
+
|
487
|
+
ALPHA_LOWER = "alphalower"
|
488
|
+
"""Lowercase alphabet (a-z)."""
|
489
|
+
|
490
|
+
ALPHA_UPPER = "alphaupper"
|
491
|
+
"""Uppercase alphabet (A-Z)."""
|
492
|
+
|
493
|
+
ALPHANUMERIC_LOWER = "alphanumericlower"
|
494
|
+
"""Lowercase alphabet with numbers (a-z, 0-9)."""
|
495
|
+
|
496
|
+
ALPHANUMERIC_UPPER = "alphanumericupper"
|
497
|
+
"""Uppercase alphabet with numbers (A-Z, 0-9)."""
|
498
|
+
|
499
|
+
ALPHANUMERIC = "alphanumeric"
|
500
|
+
"""Alphanumeric (a-z, A-Z, 0-9)."""
|
501
|
+
|
502
|
+
|
503
|
+
class EncryptTransformRequest(APIRequestModel):
|
504
|
+
id: str
|
505
|
+
"""The item ID."""
|
506
|
+
|
507
|
+
plain_text: str
|
508
|
+
"""A message to be encrypted."""
|
509
|
+
|
510
|
+
alphabet: TransformAlphabet
|
511
|
+
"""Set of characters to use for format-preserving encryption (FPE)."""
|
512
|
+
|
513
|
+
tweak: Optional[str] = None
|
514
|
+
"""
|
515
|
+
User provided tweak string. If not provided, a random string will be
|
516
|
+
generated and returned. The user must securely store the tweak source which
|
517
|
+
will be needed to decrypt the data.
|
518
|
+
"""
|
519
|
+
|
520
|
+
version: Optional[int] = None
|
521
|
+
"""The item version."""
|
522
|
+
|
523
|
+
|
524
|
+
class EncryptTransformResult(PangeaResponseResult):
|
525
|
+
id: str
|
526
|
+
"""The item ID."""
|
527
|
+
|
528
|
+
version: int
|
529
|
+
"""The item version."""
|
530
|
+
|
531
|
+
algorithm: str
|
532
|
+
"""The algorithm of the key."""
|
533
|
+
|
534
|
+
cipher_text: str
|
535
|
+
"""The encrypted message."""
|
536
|
+
|
537
|
+
tweak: str
|
538
|
+
"""
|
539
|
+
User provided tweak string. If not provided, a random string will be
|
540
|
+
generated and returned. The user must securely store the tweak source which
|
541
|
+
will be needed to decrypt the data.
|
542
|
+
"""
|
543
|
+
|
544
|
+
alphabet: str
|
545
|
+
"""Set of characters to use for format-preserving encryption (FPE)."""
|
546
|
+
|
547
|
+
|
548
|
+
class DecryptTransformRequest(APIRequestModel):
|
549
|
+
id: str
|
550
|
+
"""The item ID."""
|
551
|
+
|
552
|
+
cipher_text: str
|
553
|
+
"""A message encrypted by Vault."""
|
554
|
+
|
555
|
+
tweak: str
|
556
|
+
"""
|
557
|
+
User provided tweak string. If not provided, a random string will be
|
558
|
+
generated and returned. The user must securely store the tweak source which
|
559
|
+
will be needed to decrypt the data.
|
560
|
+
"""
|
561
|
+
|
562
|
+
alphabet: TransformAlphabet
|
563
|
+
"""Set of characters to use for format-preserving encryption (FPE)."""
|
564
|
+
|
565
|
+
version: Optional[int] = None
|
566
|
+
"""The item version."""
|
567
|
+
|
568
|
+
|
569
|
+
class DecryptTransformResult(PangeaResponseResult):
|
570
|
+
id: str
|
571
|
+
"""The item ID."""
|
572
|
+
|
573
|
+
version: int
|
574
|
+
"""The item version."""
|
575
|
+
|
576
|
+
algorithm: str
|
577
|
+
"""The algorithm of the key."""
|
578
|
+
|
579
|
+
plain_text: str
|
580
|
+
"""Decrypted message."""
|
581
|
+
|
582
|
+
|
583
|
+
class ExportRequest(APIRequestModel):
|
584
|
+
id: str
|
585
|
+
"""The ID of the item."""
|
586
|
+
|
587
|
+
version: Optional[int] = None
|
588
|
+
"""The item version."""
|
589
|
+
|
590
|
+
kem_password: Optional[str] = None
|
591
|
+
"""
|
592
|
+
This is the password that will be used along with a salt to derive the
|
593
|
+
symmetric key that is used to encrypt the exported key material.
|
594
|
+
"""
|
595
|
+
|
596
|
+
asymmetric_public_key: Optional[str] = None
|
597
|
+
"""Public key in pem format used to encrypt exported key(s)."""
|
598
|
+
|
599
|
+
asymmetric_algorithm: Optional[ExportEncryptionAlgorithm] = None
|
600
|
+
"""The algorithm of the public key."""
|
601
|
+
|
602
|
+
|
603
|
+
class ExportResult(PangeaResponseResult):
|
604
|
+
id: str
|
605
|
+
"""The ID of the key."""
|
606
|
+
|
607
|
+
type: ItemType
|
608
|
+
"""The type of the key."""
|
609
|
+
|
610
|
+
version: int
|
611
|
+
"""The item version."""
|
612
|
+
|
613
|
+
enabled: bool
|
614
|
+
"""True if the item is enabled."""
|
615
|
+
|
616
|
+
algorithm: str
|
617
|
+
"""The algorithm of the key."""
|
618
|
+
|
619
|
+
asymmetric_algorithm: Optional[ExportEncryptionAlgorithm] = None
|
620
|
+
"""The algorithm of the public key used to encrypt exported material."""
|
621
|
+
|
622
|
+
symmetric_algorithm: Optional[str] = None
|
623
|
+
|
624
|
+
encryption_type: ExportEncryptionType
|
625
|
+
"""
|
626
|
+
Encryption format of the exported key(s). It could be `none` if returned in
|
627
|
+
plain text, `asymmetric` if it is encrypted just with the public key sent in
|
628
|
+
`encryption_public_key`, or `kem` if it was encrypted using KEM protocol.
|
629
|
+
"""
|
630
|
+
|
631
|
+
kdf: Optional[str] = None
|
632
|
+
"""
|
633
|
+
Key derivation function used to derivate the symmetric key when
|
634
|
+
`encryption_type` is `kem`.
|
635
|
+
"""
|
636
|
+
|
637
|
+
hash_algorithm: Optional[str] = None
|
638
|
+
"""
|
639
|
+
Hash algorithm used to derivate the symmetric key when `encryption_type` is
|
640
|
+
`kem`.
|
641
|
+
"""
|
642
|
+
|
643
|
+
iteration_count: Optional[int] = None
|
644
|
+
"""
|
645
|
+
Iteration count used to derivate the symmetric key when `encryption_type` is
|
646
|
+
`kem`.
|
647
|
+
"""
|
648
|
+
|
649
|
+
encrypted_salt: Optional[str] = None
|
650
|
+
"""
|
651
|
+
Salt used to derivate the symmetric key when `encryption_type` is `kem`,
|
652
|
+
encrypted with the public key provided in `asymmetric_key`.
|
653
|
+
"""
|
654
|
+
|
655
|
+
public_key: Optional[str] = None
|
656
|
+
"""The public key (in PEM format)."""
|
657
|
+
|
658
|
+
private_key: Optional[str] = None
|
659
|
+
"""The private key (in PEM format)."""
|
660
|
+
|
661
|
+
key: Optional[str] = None
|
662
|
+
"""The key material."""
|
663
|
+
|
664
|
+
|
665
|
+
class PangeaTokenVersion(ItemVersion):
|
666
|
+
token: Optional[str] = None
|
667
|
+
"""Pangea token value."""
|
668
|
+
|
669
|
+
|
670
|
+
class PangeaToken(PangeaResponseResult):
|
671
|
+
id: str
|
672
|
+
"""ID of the token."""
|
673
|
+
|
674
|
+
type: Literal[ItemType.PANGEA_TOKEN] = ItemType.PANGEA_TOKEN
|
675
|
+
"""Type of the Vault item."""
|
676
|
+
|
677
|
+
item_versions: List[PangeaTokenVersion]
|
678
|
+
|
679
|
+
metadata: Optional[Metadata] = None
|
680
|
+
"""Metadata provided by the user."""
|
681
|
+
|
682
|
+
num_versions: int
|
683
|
+
"""Total number of versions of the item."""
|
684
|
+
|
685
|
+
enabled: bool
|
686
|
+
"""`true` if the item is enabled."""
|
687
|
+
|
688
|
+
name: str
|
689
|
+
"""Name of the item."""
|
690
|
+
|
691
|
+
folder: str
|
692
|
+
"""Folder where the item is stored."""
|
693
|
+
|
694
|
+
tags: Tags
|
695
|
+
"""List of user-defined tags."""
|
696
|
+
|
697
|
+
last_rotated: Optional[str] = None
|
698
|
+
"""Timestamp of the last rotation."""
|
699
|
+
|
700
|
+
next_rotation: Optional[str] = None
|
701
|
+
"""Timestamp of the next rotation if auto-rotation is enabled."""
|
702
|
+
|
703
|
+
disabled_at: Optional[str] = None
|
704
|
+
"""Timestamp indicating when the item will be disabled."""
|
705
|
+
|
706
|
+
created_at: str
|
707
|
+
"""Timestamp indicating when the item was created."""
|
708
|
+
|
709
|
+
rotation_frequency: str
|
710
|
+
"""Time interval between item rotations."""
|
711
|
+
|
712
|
+
rotation_state: RotationState
|
713
|
+
"""Target state for the previous version after rotation."""
|
714
|
+
|
715
|
+
rotation_grace_period: str
|
716
|
+
"""Grace period for the previous version."""
|
717
|
+
|
718
|
+
inherited_settings: InheritedSettings
|
719
|
+
"""Full paths of the parent folders from which settings inherit their values."""
|
720
|
+
|
721
|
+
|
722
|
+
class PangeaTokenRotateRequest(CommonRotateRequest):
|
723
|
+
rotation_grace_period: Optional[str] = None
|
724
|
+
|
725
|
+
|
726
|
+
class ClientSecretRotateRequest(CommonRotateRequest):
|
727
|
+
rotation_grace_period: Optional[str] = None
|