pangea-sdk 3.8.0b1__py3-none-any.whl → 5.3.0__py3-none-any.whl
Sign up to get free protection for your applications and to get access to all the features.
- pangea/__init__.py +1 -1
- pangea/asyncio/file_uploader.py +1 -1
- pangea/asyncio/request.py +49 -31
- pangea/asyncio/services/__init__.py +2 -0
- pangea/asyncio/services/audit.py +192 -31
- pangea/asyncio/services/authn.py +187 -109
- pangea/asyncio/services/authz.py +285 -0
- pangea/asyncio/services/base.py +21 -2
- pangea/asyncio/services/embargo.py +2 -2
- pangea/asyncio/services/file_scan.py +24 -9
- pangea/asyncio/services/intel.py +108 -34
- pangea/asyncio/services/redact.py +72 -4
- pangea/asyncio/services/sanitize.py +217 -0
- pangea/asyncio/services/share.py +246 -73
- pangea/asyncio/services/vault.py +1710 -750
- pangea/crypto/rsa.py +135 -0
- pangea/deep_verify.py +7 -1
- pangea/dump_audit.py +9 -8
- pangea/request.py +83 -59
- pangea/response.py +49 -31
- pangea/services/__init__.py +2 -0
- pangea/services/audit/audit.py +205 -42
- pangea/services/audit/models.py +56 -8
- pangea/services/audit/signing.py +6 -5
- pangea/services/audit/util.py +3 -3
- pangea/services/authn/authn.py +140 -70
- pangea/services/authn/models.py +167 -11
- pangea/services/authz.py +400 -0
- pangea/services/base.py +39 -8
- pangea/services/embargo.py +2 -2
- pangea/services/file_scan.py +32 -15
- pangea/services/intel.py +157 -32
- pangea/services/redact.py +152 -4
- pangea/services/sanitize.py +388 -0
- pangea/services/share/share.py +683 -107
- pangea/services/vault/models/asymmetric.py +120 -18
- pangea/services/vault/models/common.py +439 -141
- pangea/services/vault/models/keys.py +94 -0
- pangea/services/vault/models/secret.py +27 -3
- pangea/services/vault/models/symmetric.py +68 -22
- pangea/services/vault/vault.py +1690 -749
- pangea/tools.py +6 -7
- pangea/utils.py +16 -27
- pangea/verify_audit.py +270 -83
- {pangea_sdk-3.8.0b1.dist-info → pangea_sdk-5.3.0.dist-info}/METADATA +43 -35
- pangea_sdk-5.3.0.dist-info/RECORD +56 -0
- {pangea_sdk-3.8.0b1.dist-info → pangea_sdk-5.3.0.dist-info}/WHEEL +1 -1
- pangea_sdk-3.8.0b1.dist-info/RECORD +0 -50
@@ -1,10 +1,11 @@
|
|
1
1
|
# Copyright 2022 Pangea Cyber Corporation
|
2
2
|
# Author: Pangea Cyber Corporation
|
3
|
-
import
|
3
|
+
from __future__ import annotations
|
4
|
+
|
4
5
|
import enum
|
5
|
-
from typing import Dict, Generic, List, NewType, Optional, TypeVar, Union
|
6
|
+
from typing import Dict, Generic, List, Literal, Mapping, NewType, Optional, TypeVar, Union
|
6
7
|
|
7
|
-
from pangea.response import APIRequestModel, PangeaResponseResult
|
8
|
+
from pangea.response import APIRequestModel, PangeaDateTime, PangeaResponseResult
|
8
9
|
|
9
10
|
# EncodedPublicKey is a PEM public key, with no further encoding (i.e. no base64)
|
10
11
|
# It may be used for example in openssh with no further processing
|
@@ -18,80 +19,6 @@ EncodedPrivateKey = NewType("EncodedPrivateKey", str)
|
|
18
19
|
EncodedSymmetricKey = NewType("EncodedSymmetricKey", str)
|
19
20
|
|
20
21
|
|
21
|
-
class KeyPurpose(str, enum.Enum):
|
22
|
-
SIGNING = "signing"
|
23
|
-
ENCRYPTION = "encryption"
|
24
|
-
JWT = "jwt"
|
25
|
-
|
26
|
-
def __str__(self):
|
27
|
-
return str(self.value)
|
28
|
-
|
29
|
-
def __repr__(self):
|
30
|
-
return str(self.value)
|
31
|
-
|
32
|
-
|
33
|
-
class AsymmetricAlgorithm(str, enum.Enum):
|
34
|
-
Ed25519 = "ED25519"
|
35
|
-
RSA2048_PKCS1V15_SHA256 = "RSA-PKCS1V15-2048-SHA256"
|
36
|
-
RSA2048_OAEP_SHA256 = "RSA-OAEP-2048-SHA256"
|
37
|
-
ES256 = "ES256"
|
38
|
-
ES384 = "ES384"
|
39
|
-
ES512 = "ES512"
|
40
|
-
ES256K = "ES256K"
|
41
|
-
RSA2048_OAEP_SHA1 = "RSA-OAEP-2048-SHA1"
|
42
|
-
RSA2048_OAEP_SHA512 = "RSA-OAEP-2048-SHA512"
|
43
|
-
RSA3072_OAEP_SHA1 = "RSA-OAEP-3072-SHA1"
|
44
|
-
RSA3072_OAEP_SHA256 = "RSA-OAEP-3072-SHA256"
|
45
|
-
RSA3072_OAEP_SHA512 = "RSA-OAEP-3072-SHA512"
|
46
|
-
RSA4096_OAEP_SHA1 = "RSA-OAEP-4096-SHA1"
|
47
|
-
RSA4096_OAEP_SHA256 = "RSA-OAEP-4096-SHA256"
|
48
|
-
RSA4096_OAEP_SHA512 = "RSA-OAEP-4096-SHA512"
|
49
|
-
RSA2048_PSS_SHA256 = "RSA-PSS-2048-SHA256"
|
50
|
-
RSA3072_PSS_SHA256 = "RSA-PSS-3072-SHA256"
|
51
|
-
RSA4096_PSS_SHA256 = "RSA-PSS-4096-SHA256"
|
52
|
-
RSA4096_PSS_SHA512 = "RSA-PSS-4096-SHA512"
|
53
|
-
RSA = "RSA-PKCS1V15-2048-SHA256" # deprecated, use RSA2048_PKCS1V15_SHA256 instead
|
54
|
-
Ed25519_DILITHIUM2_BETA = "ED25519-DILITHIUM2-BETA"
|
55
|
-
Ed448_DILITHIUM3_BETA = "ED448-DILITHIUM3-BETA"
|
56
|
-
SPHINCSPLUS_128F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-128F-SHAKE256-SIMPLE-BETA"
|
57
|
-
SPHINCSPLUS_128F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-128F-SHAKE256-ROBUST-BETA"
|
58
|
-
SPHINCSPLUS_192F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-192F-SHAKE256-SIMPLE-BETA"
|
59
|
-
SPHINCSPLUS_192F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-192F-SHAKE256-ROBUST-BETA"
|
60
|
-
SPHINCSPLUS_256F_SHAKE256_SIMPLE_BETA = "SPHINCSPLUS-256F-SHAKE256-SIMPLE-BETA"
|
61
|
-
SPHINCSPLUS_256F_SHAKE256_ROBUST_BETA = "SPHINCSPLUS-256F-SHAKE256-ROBUST-BETA"
|
62
|
-
SPHINCSPLUS_128F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-128F-SHA256-SIMPLE-BETA"
|
63
|
-
SPHINCSPLUS_128F_SHA256_ROBUST_BETA = "SPHINCSPLUS-128F-SHA256-ROBUST-BETA"
|
64
|
-
SPHINCSPLUS_192F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-192F-SHA256-SIMPLE-BETA"
|
65
|
-
SPHINCSPLUS_192F_SHA256_ROBUST_BETA = "SPHINCSPLUS-192F-SHA256-ROBUST-BETA"
|
66
|
-
SPHINCSPLUS_256F_SHA256_SIMPLE_BETA = "SPHINCSPLUS-256F-SHA256-SIMPLE-BETA"
|
67
|
-
SPHINCSPLUS_256F_SHA256_ROBUST_BETA = "SPHINCSPLUS-256F-SHA256-ROBUST-BETA"
|
68
|
-
FALCON_1024_BETA = "FALCON-1024-BETA"
|
69
|
-
|
70
|
-
def __str__(self):
|
71
|
-
return str(self.value)
|
72
|
-
|
73
|
-
def __repr__(self):
|
74
|
-
return str(self.value)
|
75
|
-
|
76
|
-
|
77
|
-
class SymmetricAlgorithm(str, enum.Enum):
|
78
|
-
HS256 = "HS256"
|
79
|
-
HS384 = "HS384"
|
80
|
-
HS512 = "HS512"
|
81
|
-
AES128_CFB = "AES-CFB-128"
|
82
|
-
AES256_CFB = "AES-CFB-256"
|
83
|
-
AES256_GCM = "AES-GCM-256"
|
84
|
-
AES128_CBC = "AES-CBC-128"
|
85
|
-
AES256_CBC = "AES-CBC-256"
|
86
|
-
AES = "AES-CFB-128" # deprecated, use AES128_CFB instead
|
87
|
-
|
88
|
-
def __str__(self):
|
89
|
-
return str(self.value)
|
90
|
-
|
91
|
-
def __repr__(self):
|
92
|
-
return str(self.value)
|
93
|
-
|
94
|
-
|
95
22
|
Metadata = NewType("Metadata", Dict[str, str])
|
96
23
|
Tags = NewType("Tags", List[str])
|
97
24
|
|
@@ -132,12 +59,11 @@ class ItemType(str, enum.Enum):
|
|
132
59
|
SYMMETRIC_KEY = "symmetric_key"
|
133
60
|
SECRET = "secret"
|
134
61
|
PANGEA_TOKEN = "pangea_token"
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
return str(self.value)
|
62
|
+
PANGEA_CLIENT_SECRET = "pangea_client_secret"
|
63
|
+
FOLDER = "folder"
|
64
|
+
CERTIFICATE = "certificate"
|
65
|
+
CERTIFICATE_AUTHORITY = "ca"
|
66
|
+
CERTIFICATE_REVOCATION_LIST = "crl"
|
141
67
|
|
142
68
|
|
143
69
|
class ItemVersionState(str, enum.Enum):
|
@@ -148,33 +74,45 @@ class ItemVersionState(str, enum.Enum):
|
|
148
74
|
DESTROYED = "destroyed"
|
149
75
|
INHERITED = "inherited"
|
150
76
|
|
151
|
-
def __str__(self):
|
152
|
-
return str(self.value)
|
153
77
|
|
154
|
-
|
155
|
-
|
78
|
+
class RotationState(str, enum.Enum):
|
79
|
+
DEACTIVATED = "deactivated"
|
80
|
+
DESTROYED = "destroyed"
|
81
|
+
|
82
|
+
|
83
|
+
class RequestRotationState(str, enum.Enum):
|
84
|
+
DEACTIVATED = "deactivated"
|
85
|
+
DESTROYED = "destroyed"
|
86
|
+
INHERITED = "inherited"
|
87
|
+
|
88
|
+
|
89
|
+
class RequestManualRotationState(str, enum.Enum):
|
90
|
+
DEACTIVATED = "deactivated"
|
91
|
+
SUSPENDED = "suspended"
|
92
|
+
DESTROYED = "destroyed"
|
93
|
+
INHERITED = "inherited"
|
156
94
|
|
157
95
|
|
158
96
|
class ItemState(str, enum.Enum):
|
159
97
|
ENABLED = "enabled"
|
160
98
|
DISABLED = "disabled"
|
161
99
|
|
162
|
-
|
163
|
-
return str(self.value)
|
100
|
+
value: str
|
164
101
|
|
165
|
-
def __repr__(self):
|
166
|
-
return str(self.value)
|
167
102
|
|
103
|
+
class ExportEncryptionType(str, enum.Enum):
|
104
|
+
NONE = "none"
|
105
|
+
ASYMMETRIC = "asymmetric"
|
106
|
+
KEM = "kem"
|
168
107
|
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
expiration: Optional[datetime.datetime] = None
|
108
|
+
|
109
|
+
class ExportEncryptionAlgorithm(str, enum.Enum):
|
110
|
+
"""Algorithm of an exported public key."""
|
111
|
+
|
112
|
+
RSA4096_OAEP_SHA512 = "RSA-OAEP-4096-SHA512"
|
113
|
+
"""RSA 4096-bit key, OAEP padding, SHA512 digest."""
|
114
|
+
|
115
|
+
RSA_NO_PADDING_4096_KEM = "RSA-NO-PADDING-4096-KEM"
|
178
116
|
|
179
117
|
|
180
118
|
class CommonStoreResult(PangeaResponseResult):
|
@@ -183,17 +121,6 @@ class CommonStoreResult(PangeaResponseResult):
|
|
183
121
|
version: int
|
184
122
|
|
185
123
|
|
186
|
-
class CommonGenerateRequest(APIRequestModel):
|
187
|
-
type: ItemType
|
188
|
-
name: str
|
189
|
-
folder: Optional[str] = None
|
190
|
-
metadata: Optional[Metadata] = None
|
191
|
-
tags: Optional[Tags] = None
|
192
|
-
rotation_frequency: Optional[str] = None
|
193
|
-
rotation_state: Optional[ItemVersionState] = None
|
194
|
-
expiration: Optional[datetime.datetime] = None
|
195
|
-
|
196
|
-
|
197
124
|
class CommonGenerateResult(PangeaResponseResult):
|
198
125
|
type: str
|
199
126
|
version: int
|
@@ -202,25 +129,40 @@ class CommonGenerateResult(PangeaResponseResult):
|
|
202
129
|
|
203
130
|
class GetRequest(APIRequestModel):
|
204
131
|
id: str
|
205
|
-
version:
|
206
|
-
|
207
|
-
|
132
|
+
version: Union[Literal["all"], int, None] = None
|
133
|
+
|
134
|
+
|
135
|
+
class GetBulkRequest(APIRequestModel):
|
136
|
+
filter: Mapping[str, str]
|
137
|
+
"""Filters to customize a search."""
|
138
|
+
|
139
|
+
size: Optional[int] = None
|
140
|
+
"""Maximum number of items in the response."""
|
141
|
+
|
142
|
+
order: Optional[ItemOrder] = None
|
143
|
+
"""Direction for ordering the results."""
|
144
|
+
|
145
|
+
order_by: Optional[ItemOrderBy] = None
|
146
|
+
"""Property by which to order the results."""
|
147
|
+
|
148
|
+
last: Optional[str] = None
|
149
|
+
"""
|
150
|
+
Internal ID returned in the previous look up response. Used for pagination.
|
151
|
+
"""
|
208
152
|
|
209
153
|
|
210
|
-
class
|
154
|
+
class ItemVersion(PangeaResponseResult):
|
211
155
|
version: int
|
212
|
-
state: str
|
213
156
|
created_at: str
|
214
|
-
|
215
|
-
|
216
|
-
secret: Optional[str] = None
|
157
|
+
state: ItemVersionState
|
158
|
+
destroyed_at: Optional[str] = None
|
217
159
|
|
218
160
|
|
219
161
|
class ItemData(PangeaResponseResult):
|
220
162
|
type: str
|
221
163
|
id: Optional[str] = None
|
222
164
|
item_state: Optional[str] = None
|
223
|
-
current_version: Optional[
|
165
|
+
current_version: Optional[ItemVersion] = None
|
224
166
|
name: Optional[str] = None
|
225
167
|
folder: Optional[str] = None
|
226
168
|
metadata: Optional[Metadata] = None
|
@@ -233,6 +175,8 @@ class ItemData(PangeaResponseResult):
|
|
233
175
|
created_at: Optional[str] = None
|
234
176
|
algorithm: Optional[str] = None
|
235
177
|
purpose: Optional[str] = None
|
178
|
+
exportable: Optional[bool] = None
|
179
|
+
"""Whether the key is exportable or not."""
|
236
180
|
|
237
181
|
|
238
182
|
class InheritedSettings(PangeaResponseResult):
|
@@ -241,24 +185,105 @@ class InheritedSettings(PangeaResponseResult):
|
|
241
185
|
rotation_grace_period: Optional[str] = None
|
242
186
|
|
243
187
|
|
244
|
-
class
|
245
|
-
|
246
|
-
|
247
|
-
|
188
|
+
class Key(PangeaResponseResult):
|
189
|
+
id: str
|
190
|
+
type: ItemType
|
191
|
+
item_state: Optional[ItemState] = None
|
192
|
+
enabled: bool
|
193
|
+
current_version: Optional[ItemVersion] = None
|
194
|
+
name: str
|
195
|
+
folder: str
|
196
|
+
metadata: Optional[Metadata] = None
|
197
|
+
tags: Optional[Tags] = None
|
198
|
+
rotation_frequency: str
|
199
|
+
rotation_state: RotationState
|
200
|
+
last_rotated: Optional[str] = None
|
201
|
+
next_rotation: str
|
202
|
+
disabled_at: Optional[str] = None
|
203
|
+
created_at: str
|
204
|
+
algorithm: str
|
205
|
+
purpose: str
|
206
|
+
encrypting_item_id: Optional[str] = None
|
207
|
+
inherited_settings: InheritedSettings
|
208
|
+
exportable: bool
|
209
|
+
"""Whether the key is exportable or not."""
|
248
210
|
|
249
211
|
|
250
|
-
class
|
251
|
-
|
212
|
+
class SecretVersion(ItemVersion):
|
213
|
+
secret: Optional[str] = None
|
214
|
+
|
215
|
+
|
216
|
+
class Secret(PangeaResponseResult):
|
217
|
+
id: str
|
218
|
+
type: Literal[ItemType.SECRET] = ItemType.SECRET
|
219
|
+
enabled: bool
|
220
|
+
name: str
|
221
|
+
folder: str
|
222
|
+
metadata: Optional[Metadata] = None
|
223
|
+
tags: Optional[Tags] = None
|
224
|
+
expiration: Optional[str] = None
|
225
|
+
created_at: str
|
226
|
+
encrypting_item_id: Optional[str] = None
|
227
|
+
item_versions: List[SecretVersion]
|
228
|
+
|
229
|
+
|
230
|
+
class ClientSecret(PangeaResponseResult):
|
231
|
+
id: str
|
232
|
+
type: Literal[ItemType.PANGEA_CLIENT_SECRET] = ItemType.PANGEA_CLIENT_SECRET
|
233
|
+
enabled: bool
|
234
|
+
name: str
|
235
|
+
folder: str
|
236
|
+
metadata: Metadata
|
237
|
+
tags: Tags
|
238
|
+
expiration: str
|
239
|
+
created_at: str
|
240
|
+
encrypting_item_id: str
|
241
|
+
rotation_frequency: str
|
242
|
+
rotation_state: RotationState
|
243
|
+
rotation_grace_period: str
|
244
|
+
inherited_settings: InheritedSettings
|
245
|
+
item_versions: List[SecretVersion]
|
246
|
+
|
247
|
+
|
248
|
+
class Folder(PangeaResponseResult):
|
249
|
+
id: str
|
250
|
+
type: Literal[ItemType.FOLDER] = ItemType.FOLDER
|
251
|
+
name: str
|
252
|
+
folder: str
|
253
|
+
metadata: Metadata
|
254
|
+
tags: Tags
|
255
|
+
created_at: str
|
256
|
+
inherited_settings: InheritedSettings
|
257
|
+
|
258
|
+
|
259
|
+
class ListItemData(PangeaResponseResult):
|
260
|
+
id: str
|
261
|
+
type: ItemType
|
262
|
+
name: str
|
263
|
+
folder: str
|
264
|
+
created_at: str
|
265
|
+
tags: Optional[Tags] = None
|
266
|
+
metadata: Optional[Metadata] = None
|
267
|
+
last_rotated: Optional[str] = None
|
268
|
+
next_rotation: Optional[str] = None
|
269
|
+
disabled_at: Optional[str] = None
|
270
|
+
rotation_frequency: Optional[str] = None
|
271
|
+
rotation_state: Optional[RotationState] = None
|
272
|
+
algorithm: Optional[str] = None
|
273
|
+
purpose: Optional[str] = None
|
274
|
+
inherited_settings: Optional[InheritedSettings] = None
|
275
|
+
compromised_versions: Optional[List[ItemVersion]] = None
|
252
276
|
|
253
277
|
|
254
278
|
class ListResult(PangeaResponseResult):
|
255
|
-
items: List[ListItemData]
|
256
|
-
|
257
|
-
last: Optional[str]
|
279
|
+
items: List[ListItemData]
|
280
|
+
|
281
|
+
last: Optional[str] = None
|
282
|
+
"""Internal ID returned in the previous look up response. Used for pagination."""
|
258
283
|
|
259
284
|
|
260
285
|
class ListRequest(APIRequestModel):
|
261
|
-
filter: Optional[
|
286
|
+
filter: Optional[Mapping[str, str]] = None
|
262
287
|
size: Optional[int] = None
|
263
288
|
order: Optional[ItemOrder] = None
|
264
289
|
order_by: Optional[ItemOrderBy] = None
|
@@ -267,7 +292,7 @@ class ListRequest(APIRequestModel):
|
|
267
292
|
|
268
293
|
class CommonRotateRequest(APIRequestModel):
|
269
294
|
id: str
|
270
|
-
rotation_state:
|
295
|
+
rotation_state: RequestManualRotationState = RequestManualRotationState.DEACTIVATED
|
271
296
|
|
272
297
|
|
273
298
|
class CommonRotateResult(PangeaResponseResult):
|
@@ -276,12 +301,6 @@ class CommonRotateResult(PangeaResponseResult):
|
|
276
301
|
type: str
|
277
302
|
|
278
303
|
|
279
|
-
class KeyRotateRequest(CommonRotateRequest):
|
280
|
-
key: Optional[str] = None
|
281
|
-
public_key: Optional[EncodedPublicKey] = None
|
282
|
-
private_key: Optional[EncodedPrivateKey] = None
|
283
|
-
|
284
|
-
|
285
304
|
class KeyRotateResult(CommonRotateResult):
|
286
305
|
public_key: Optional[EncodedPublicKey] = None
|
287
306
|
algorithm: str
|
@@ -290,10 +309,12 @@ class KeyRotateResult(CommonRotateResult):
|
|
290
309
|
|
291
310
|
class DeleteRequest(APIRequestModel):
|
292
311
|
id: str
|
312
|
+
recursive: bool = False
|
293
313
|
|
294
314
|
|
295
315
|
class DeleteResult(PangeaResponseResult):
|
296
316
|
id: str
|
317
|
+
"""The ID of the item."""
|
297
318
|
|
298
319
|
|
299
320
|
class UpdateRequest(APIRequestModel):
|
@@ -302,11 +323,11 @@ class UpdateRequest(APIRequestModel):
|
|
302
323
|
folder: Optional[str] = None
|
303
324
|
metadata: Optional[Metadata] = None
|
304
325
|
tags: Optional[Tags] = None
|
326
|
+
disabled_at: Optional[str] = None
|
327
|
+
enabled: Optional[bool] = None
|
305
328
|
rotation_frequency: Optional[str] = None
|
306
|
-
rotation_state:
|
329
|
+
rotation_state: RequestRotationState = RequestRotationState.INHERITED
|
307
330
|
rotation_grace_period: Optional[str] = None
|
308
|
-
expiration: Optional[datetime.datetime] = None
|
309
|
-
item_state: Optional[ItemState] = None
|
310
331
|
|
311
332
|
|
312
333
|
class UpdateResult(PangeaResponseResult):
|
@@ -355,6 +376,7 @@ class JWTVerifyRequest(APIRequestModel):
|
|
355
376
|
|
356
377
|
class JWTVerifyResult(PangeaResponseResult):
|
357
378
|
valid_signature: bool
|
379
|
+
"""Indicates if messages have been verified."""
|
358
380
|
|
359
381
|
|
360
382
|
class JWTSignRequest(APIRequestModel):
|
@@ -364,6 +386,7 @@ class JWTSignRequest(APIRequestModel):
|
|
364
386
|
|
365
387
|
class JWTSignResult(PangeaResponseResult):
|
366
388
|
jws: str
|
389
|
+
"""The signed JSON Web Token (JWS)."""
|
367
390
|
|
368
391
|
|
369
392
|
class StateChangeRequest(APIRequestModel):
|
@@ -386,12 +409,38 @@ class FolderCreateRequest(APIRequestModel):
|
|
386
409
|
metadata: Optional[Metadata] = None
|
387
410
|
tags: Optional[Tags] = None
|
388
411
|
rotation_frequency: Optional[str] = None
|
389
|
-
rotation_state: Optional[
|
412
|
+
rotation_state: Optional[RequestRotationState] = None
|
390
413
|
rotation_grace_period: Optional[str] = None
|
414
|
+
disabled_at: Optional[PangeaDateTime] = None
|
391
415
|
|
392
416
|
|
393
417
|
class FolderCreateResult(PangeaResponseResult):
|
394
418
|
id: str
|
419
|
+
"""The ID of the item."""
|
420
|
+
|
421
|
+
type: str
|
422
|
+
"""The type of the folder."""
|
423
|
+
|
424
|
+
name: str
|
425
|
+
"""The name of this item."""
|
426
|
+
|
427
|
+
folder: str
|
428
|
+
"""The folder where this item is stored."""
|
429
|
+
|
430
|
+
metadata: Optional[Metadata] = None
|
431
|
+
"""User-provided metadata."""
|
432
|
+
|
433
|
+
tags: Optional[Tags] = None
|
434
|
+
"""A list of user-defined tags."""
|
435
|
+
|
436
|
+
created_at: str
|
437
|
+
"""Timestamp indicating when the item was created."""
|
438
|
+
|
439
|
+
inherited_settings: InheritedSettings
|
440
|
+
"""
|
441
|
+
For settings that inherit a value from a parent folder, the full path of the
|
442
|
+
folder where the value is set.
|
443
|
+
"""
|
395
444
|
|
396
445
|
|
397
446
|
TDict = TypeVar("TDict", bound=Dict)
|
@@ -427,3 +476,252 @@ class EncryptStructuredResult(PangeaResponseResult, Generic[TDict]):
|
|
427
476
|
|
428
477
|
structured_data: TDict
|
429
478
|
"""Encrypted structured data."""
|
479
|
+
|
480
|
+
|
481
|
+
class TransformAlphabet(str, enum.Enum):
|
482
|
+
"""Set of characters to use for format-preserving encryption (FPE)."""
|
483
|
+
|
484
|
+
NUMERIC = "numeric"
|
485
|
+
"""Numeric (0-9)."""
|
486
|
+
|
487
|
+
ALPHA_LOWER = "alphalower"
|
488
|
+
"""Lowercase alphabet (a-z)."""
|
489
|
+
|
490
|
+
ALPHA_UPPER = "alphaupper"
|
491
|
+
"""Uppercase alphabet (A-Z)."""
|
492
|
+
|
493
|
+
ALPHANUMERIC_LOWER = "alphanumericlower"
|
494
|
+
"""Lowercase alphabet with numbers (a-z, 0-9)."""
|
495
|
+
|
496
|
+
ALPHANUMERIC_UPPER = "alphanumericupper"
|
497
|
+
"""Uppercase alphabet with numbers (A-Z, 0-9)."""
|
498
|
+
|
499
|
+
ALPHANUMERIC = "alphanumeric"
|
500
|
+
"""Alphanumeric (a-z, A-Z, 0-9)."""
|
501
|
+
|
502
|
+
|
503
|
+
class EncryptTransformRequest(APIRequestModel):
|
504
|
+
id: str
|
505
|
+
"""The item ID."""
|
506
|
+
|
507
|
+
plain_text: str
|
508
|
+
"""A message to be encrypted."""
|
509
|
+
|
510
|
+
alphabet: TransformAlphabet
|
511
|
+
"""Set of characters to use for format-preserving encryption (FPE)."""
|
512
|
+
|
513
|
+
tweak: Optional[str] = None
|
514
|
+
"""
|
515
|
+
User provided tweak string. If not provided, a random string will be
|
516
|
+
generated and returned. The user must securely store the tweak source which
|
517
|
+
will be needed to decrypt the data.
|
518
|
+
"""
|
519
|
+
|
520
|
+
version: Optional[int] = None
|
521
|
+
"""The item version."""
|
522
|
+
|
523
|
+
|
524
|
+
class EncryptTransformResult(PangeaResponseResult):
|
525
|
+
id: str
|
526
|
+
"""The item ID."""
|
527
|
+
|
528
|
+
version: int
|
529
|
+
"""The item version."""
|
530
|
+
|
531
|
+
algorithm: str
|
532
|
+
"""The algorithm of the key."""
|
533
|
+
|
534
|
+
cipher_text: str
|
535
|
+
"""The encrypted message."""
|
536
|
+
|
537
|
+
tweak: str
|
538
|
+
"""
|
539
|
+
User provided tweak string. If not provided, a random string will be
|
540
|
+
generated and returned. The user must securely store the tweak source which
|
541
|
+
will be needed to decrypt the data.
|
542
|
+
"""
|
543
|
+
|
544
|
+
alphabet: str
|
545
|
+
"""Set of characters to use for format-preserving encryption (FPE)."""
|
546
|
+
|
547
|
+
|
548
|
+
class DecryptTransformRequest(APIRequestModel):
|
549
|
+
id: str
|
550
|
+
"""The item ID."""
|
551
|
+
|
552
|
+
cipher_text: str
|
553
|
+
"""A message encrypted by Vault."""
|
554
|
+
|
555
|
+
tweak: str
|
556
|
+
"""
|
557
|
+
User provided tweak string. If not provided, a random string will be
|
558
|
+
generated and returned. The user must securely store the tweak source which
|
559
|
+
will be needed to decrypt the data.
|
560
|
+
"""
|
561
|
+
|
562
|
+
alphabet: TransformAlphabet
|
563
|
+
"""Set of characters to use for format-preserving encryption (FPE)."""
|
564
|
+
|
565
|
+
version: Optional[int] = None
|
566
|
+
"""The item version."""
|
567
|
+
|
568
|
+
|
569
|
+
class DecryptTransformResult(PangeaResponseResult):
|
570
|
+
id: str
|
571
|
+
"""The item ID."""
|
572
|
+
|
573
|
+
version: int
|
574
|
+
"""The item version."""
|
575
|
+
|
576
|
+
algorithm: str
|
577
|
+
"""The algorithm of the key."""
|
578
|
+
|
579
|
+
plain_text: str
|
580
|
+
"""Decrypted message."""
|
581
|
+
|
582
|
+
|
583
|
+
class ExportRequest(APIRequestModel):
|
584
|
+
id: str
|
585
|
+
"""The ID of the item."""
|
586
|
+
|
587
|
+
version: Optional[int] = None
|
588
|
+
"""The item version."""
|
589
|
+
|
590
|
+
kem_password: Optional[str] = None
|
591
|
+
"""
|
592
|
+
This is the password that will be used along with a salt to derive the
|
593
|
+
symmetric key that is used to encrypt the exported key material.
|
594
|
+
"""
|
595
|
+
|
596
|
+
asymmetric_public_key: Optional[str] = None
|
597
|
+
"""Public key in pem format used to encrypt exported key(s)."""
|
598
|
+
|
599
|
+
asymmetric_algorithm: Optional[ExportEncryptionAlgorithm] = None
|
600
|
+
"""The algorithm of the public key."""
|
601
|
+
|
602
|
+
|
603
|
+
class ExportResult(PangeaResponseResult):
|
604
|
+
id: str
|
605
|
+
"""The ID of the key."""
|
606
|
+
|
607
|
+
type: ItemType
|
608
|
+
"""The type of the key."""
|
609
|
+
|
610
|
+
version: int
|
611
|
+
"""The item version."""
|
612
|
+
|
613
|
+
enabled: bool
|
614
|
+
"""True if the item is enabled."""
|
615
|
+
|
616
|
+
algorithm: str
|
617
|
+
"""The algorithm of the key."""
|
618
|
+
|
619
|
+
asymmetric_algorithm: Optional[ExportEncryptionAlgorithm] = None
|
620
|
+
"""The algorithm of the public key used to encrypt exported material."""
|
621
|
+
|
622
|
+
symmetric_algorithm: Optional[str] = None
|
623
|
+
|
624
|
+
encryption_type: ExportEncryptionType
|
625
|
+
"""
|
626
|
+
Encryption format of the exported key(s). It could be `none` if returned in
|
627
|
+
plain text, `asymmetric` if it is encrypted just with the public key sent in
|
628
|
+
`encryption_public_key`, or `kem` if it was encrypted using KEM protocol.
|
629
|
+
"""
|
630
|
+
|
631
|
+
kdf: Optional[str] = None
|
632
|
+
"""
|
633
|
+
Key derivation function used to derivate the symmetric key when
|
634
|
+
`encryption_type` is `kem`.
|
635
|
+
"""
|
636
|
+
|
637
|
+
hash_algorithm: Optional[str] = None
|
638
|
+
"""
|
639
|
+
Hash algorithm used to derivate the symmetric key when `encryption_type` is
|
640
|
+
`kem`.
|
641
|
+
"""
|
642
|
+
|
643
|
+
iteration_count: Optional[int] = None
|
644
|
+
"""
|
645
|
+
Iteration count used to derivate the symmetric key when `encryption_type` is
|
646
|
+
`kem`.
|
647
|
+
"""
|
648
|
+
|
649
|
+
encrypted_salt: Optional[str] = None
|
650
|
+
"""
|
651
|
+
Salt used to derivate the symmetric key when `encryption_type` is `kem`,
|
652
|
+
encrypted with the public key provided in `asymmetric_key`.
|
653
|
+
"""
|
654
|
+
|
655
|
+
public_key: Optional[str] = None
|
656
|
+
"""The public key (in PEM format)."""
|
657
|
+
|
658
|
+
private_key: Optional[str] = None
|
659
|
+
"""The private key (in PEM format)."""
|
660
|
+
|
661
|
+
key: Optional[str] = None
|
662
|
+
"""The key material."""
|
663
|
+
|
664
|
+
|
665
|
+
class PangeaTokenVersion(ItemVersion):
|
666
|
+
token: Optional[str] = None
|
667
|
+
"""Pangea token value."""
|
668
|
+
|
669
|
+
|
670
|
+
class PangeaToken(PangeaResponseResult):
|
671
|
+
id: str
|
672
|
+
"""ID of the token."""
|
673
|
+
|
674
|
+
type: Literal[ItemType.PANGEA_TOKEN] = ItemType.PANGEA_TOKEN
|
675
|
+
"""Type of the Vault item."""
|
676
|
+
|
677
|
+
item_versions: List[PangeaTokenVersion]
|
678
|
+
|
679
|
+
metadata: Optional[Metadata] = None
|
680
|
+
"""Metadata provided by the user."""
|
681
|
+
|
682
|
+
num_versions: int
|
683
|
+
"""Total number of versions of the item."""
|
684
|
+
|
685
|
+
enabled: bool
|
686
|
+
"""`true` if the item is enabled."""
|
687
|
+
|
688
|
+
name: str
|
689
|
+
"""Name of the item."""
|
690
|
+
|
691
|
+
folder: str
|
692
|
+
"""Folder where the item is stored."""
|
693
|
+
|
694
|
+
tags: Tags
|
695
|
+
"""List of user-defined tags."""
|
696
|
+
|
697
|
+
last_rotated: Optional[str] = None
|
698
|
+
"""Timestamp of the last rotation."""
|
699
|
+
|
700
|
+
next_rotation: Optional[str] = None
|
701
|
+
"""Timestamp of the next rotation if auto-rotation is enabled."""
|
702
|
+
|
703
|
+
disabled_at: Optional[str] = None
|
704
|
+
"""Timestamp indicating when the item will be disabled."""
|
705
|
+
|
706
|
+
created_at: str
|
707
|
+
"""Timestamp indicating when the item was created."""
|
708
|
+
|
709
|
+
rotation_frequency: str
|
710
|
+
"""Time interval between item rotations."""
|
711
|
+
|
712
|
+
rotation_state: RotationState
|
713
|
+
"""Target state for the previous version after rotation."""
|
714
|
+
|
715
|
+
rotation_grace_period: str
|
716
|
+
"""Grace period for the previous version."""
|
717
|
+
|
718
|
+
inherited_settings: InheritedSettings
|
719
|
+
"""Full paths of the parent folders from which settings inherit their values."""
|
720
|
+
|
721
|
+
|
722
|
+
class PangeaTokenRotateRequest(CommonRotateRequest):
|
723
|
+
rotation_grace_period: Optional[str] = None
|
724
|
+
|
725
|
+
|
726
|
+
class ClientSecretRotateRequest(CommonRotateRequest):
|
727
|
+
rotation_grace_period: Optional[str] = None
|