PyPI - pangea-sdk - Versions diffs - 3.9.0__py3-none-any.whl → 4.1.0__py3-none-any.whl - Mend

pangea-sdk 3.9.0py3-none-any.whl → 4.1.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

pangea/__init__.py +1 -1
pangea/asyncio/request.py +4 -4
pangea/asyncio/services/audit.py +30 -11
pangea/asyncio/services/authn.py +49 -29
pangea/asyncio/services/authz.py +13 -7
pangea/asyncio/services/embargo.py +2 -2
pangea/asyncio/services/file_scan.py +3 -3
pangea/asyncio/services/intel.py +40 -22
pangea/asyncio/services/redact.py +5 -3
pangea/asyncio/services/vault.py +93 -28
pangea/crypto/rsa.py +47 -0
pangea/dump_audit.py +1 -1
pangea/request.py +8 -5
pangea/response.py +9 -16
pangea/services/audit/audit.py +43 -20
pangea/services/audit/models.py +3 -3
pangea/services/audit/util.py +3 -3
pangea/services/authn/authn.py +39 -29
pangea/services/authn/models.py +9 -4
pangea/services/authz.py +10 -8
pangea/services/embargo.py +2 -2
pangea/services/file_scan.py +2 -2
pangea/services/intel.py +23 -21
pangea/services/redact.py +3 -3
pangea/services/vault/models/asymmetric.py +2 -0
pangea/services/vault/models/common.py +67 -6
pangea/services/vault/models/symmetric.py +6 -2
pangea/services/vault/vault.py +89 -28
pangea/utils.py +4 -16
pangea/verify_audit.py +270 -83
{pangea_sdk-3.9.0.dist-info → pangea_sdk-4.1.0.dist-info}/METADATA +10 -9
pangea_sdk-4.1.0.dist-info/RECORD +47 -0
{pangea_sdk-3.9.0.dist-info → pangea_sdk-4.1.0.dist-info}/WHEEL +1 -1
pangea_sdk-3.9.0.dist-info/RECORD +0 -46

pangea/services/vault/vault.py CHANGED Viewed

@@ -31,6 +31,9 @@ from pangea.services.vault.models.common import (
     EncryptStructuredResult,
     EncryptTransformRequest,
     EncryptTransformResult,
+    ExportEncryptionAlgorithm,
+    ExportRequest,
+    ExportResult,
     FolderCreateRequest,
     FolderCreateResult,
     GetRequest,
@@ -151,7 +154,7 @@ class Vault(ServiceBase):
         input = DeleteRequest(
             id=id,
         )
-        return self.request.post("v1/delete", DeleteResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/delete", DeleteResult, data=input.model_dump(exclude_none=True))
     # Get endpoint
     def get(
@@ -198,7 +201,7 @@ class Vault(ServiceBase):
             verbose=verbose,
             version_state=version_state,
         )
-        return self.request.post("v1/get", GetResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/get", GetResult, data=input.model_dump(exclude_none=True))
     # List endpoint
     def list(
@@ -254,7 +257,7 @@ class Vault(ServiceBase):
             )
         """
         input = ListRequest(filter=filter, last=last, order=order, order_by=order_by, size=size)
-        return self.request.post("v1/list", ListResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/list", ListResult, data=input.model_dump(exclude_none=True))
     # Update endpoint
     def update(
@@ -335,7 +338,7 @@ class Vault(ServiceBase):
             expiration=expiration,
             item_state=item_state,
         )
-        return self.request.post("v1/update", UpdateResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/update", UpdateResult, data=input.model_dump(exclude_none=True))
     def secret_store(
         self,
@@ -405,7 +408,7 @@ class Vault(ServiceBase):
             rotation_state=rotation_state,
             expiration=expiration,
         )
-        return self.request.post("v1/secret/store", SecretStoreResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/secret/store", SecretStoreResult, data=input.model_dump(exclude_none=True))
     def pangea_token_store(
         self,
@@ -475,7 +478,7 @@ class Vault(ServiceBase):
             rotation_state=rotation_state,
             expiration=expiration,
         )
-        return self.request.post("v1/secret/store", SecretStoreResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/secret/store", SecretStoreResult, data=input.model_dump(exclude_none=True))
     # Rotate endpoint
     def secret_rotate(
@@ -515,7 +518,7 @@ class Vault(ServiceBase):
             )
         """
         input = SecretRotateRequest(id=id, secret=secret, rotation_state=rotation_state)
-        return self.request.post("v1/secret/rotate", SecretRotateResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/secret/rotate", SecretRotateResult, data=input.model_dump(exclude_none=True))
     # Rotate endpoint
     def pangea_token_rotate(self, id: str) -> PangeaResponse[SecretRotateResult]:
@@ -543,7 +546,7 @@ class Vault(ServiceBase):
             )
         """
         input = SecretRotateRequest(id=id)  # type: ignore[call-arg]
-        return self.request.post("v1/secret/rotate", SecretRotateResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/secret/rotate", SecretRotateResult, data=input.model_dump(exclude_none=True))
     def symmetric_generate(
         self,
@@ -556,6 +559,7 @@ class Vault(ServiceBase):
         rotation_frequency: Optional[str] = None,
         rotation_state: Optional[ItemVersionState] = None,
         expiration: Optional[datetime.datetime] = None,
+        exportable: Optional[bool] = None,
     ) -> PangeaResponse[SymmetricGenerateResult]:
         """
         Symmetric generate
@@ -577,6 +581,7 @@ class Vault(ServiceBase):
                 - `deactivated`
                 - `destroyed`
             expiration (str, optional): Expiration timestamp
+            exportable (bool, optional): Whether the key is exportable or not
         Raises:
             PangeaAPIException: If an API Error happens
@@ -616,11 +621,12 @@ class Vault(ServiceBase):
             rotation_frequency=rotation_frequency,
             rotation_state=rotation_state,
             expiration=expiration,
+            exportable=exportable,
         )
         return self.request.post(
             "v1/key/generate",
             SymmetricGenerateResult,
-            data=input.dict(exclude_none=True),
+            data=input.model_dump(exclude_none=True),
         )
     def asymmetric_generate(
@@ -634,6 +640,7 @@ class Vault(ServiceBase):
         rotation_frequency: Optional[str] = None,
         rotation_state: Optional[ItemVersionState] = None,
         expiration: Optional[datetime.datetime] = None,
+        exportable: Optional[bool] = None,
     ) -> PangeaResponse[AsymmetricGenerateResult]:
         """
         Asymmetric generate
@@ -655,6 +662,7 @@ class Vault(ServiceBase):
                 - `deactivated`
                 - `destroyed`
             expiration (str, optional): Expiration timestamp
+            exportable (bool, optional): Whether the key is exportable or not
         Raises:
             PangeaAPIException: If an API Error happens
@@ -694,11 +702,12 @@ class Vault(ServiceBase):
             rotation_frequency=rotation_frequency,
             rotation_state=rotation_state,
             expiration=expiration,
+            exportable=exportable,
         )
         return self.request.post(
             "v1/key/generate",
             AsymmetricGenerateResult,
-            data=input.dict(exclude_none=True),
+            data=input.model_dump(exclude_none=True),
         )
     # Store endpoints
@@ -715,6 +724,7 @@ class Vault(ServiceBase):
         rotation_frequency: Optional[str] = None,
         rotation_state: Optional[ItemVersionState] = None,
         expiration: Optional[datetime.datetime] = None,
+        exportable: Optional[bool] = None,
     ) -> PangeaResponse[AsymmetricStoreResult]:
         """
         Asymmetric store
@@ -738,6 +748,7 @@ class Vault(ServiceBase):
                 - `deactivated`
                 - `destroyed`
             expiration (str, optional): Expiration timestamp
+            exportable (bool, optional): Whether the key is exportable or not
         Raises:
             PangeaAPIException: If an API Error happens
@@ -781,8 +792,9 @@ class Vault(ServiceBase):
             rotation_frequency=rotation_frequency,
             rotation_state=rotation_state,
             expiration=expiration,
+            exportable=exportable,
         )
-        return self.request.post("v1/key/store", AsymmetricStoreResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/key/store", AsymmetricStoreResult, data=input.model_dump(exclude_none=True))
     def symmetric_store(
         self,
@@ -796,6 +808,7 @@ class Vault(ServiceBase):
         rotation_frequency: Optional[str] = None,
         rotation_state: Optional[ItemVersionState] = None,
         expiration: Optional[datetime.datetime] = None,
+        exportable: Optional[bool] = None,
     ) -> PangeaResponse[SymmetricStoreResult]:
         """
         Symmetric store
@@ -818,6 +831,7 @@ class Vault(ServiceBase):
                 - `deactivated`
                 - `destroyed`
             expiration (str, optional): Expiration timestamp
+            exportable (bool, optional): Whether the key is exportable or not
         Raises:
             PangeaAPIException: If an API Error happens
@@ -859,8 +873,9 @@ class Vault(ServiceBase):
             rotation_frequency=rotation_frequency,
             rotation_state=rotation_state,
             expiration=expiration,
+            exportable=exportable,
         )
-        return self.request.post("v1/key/store", SymmetricStoreResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/key/store", SymmetricStoreResult, data=input.model_dump(exclude_none=True))
     # Rotate endpoint
     def key_rotate(
@@ -913,7 +928,7 @@ class Vault(ServiceBase):
             key=key,
             rotation_state=rotation_state,
         )
-        return self.request.post("v1/key/rotate", KeyRotateResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/key/rotate", KeyRotateResult, data=input.model_dump(exclude_none=True))
     # Encrypt
     def encrypt(self, id: str, plain_text: str, version: Optional[int] = None) -> PangeaResponse[EncryptResult]:
@@ -944,8 +959,8 @@ class Vault(ServiceBase):
                 version=1,
             )
         """
-        input = EncryptRequest(id=id, plain_text=plain_text, version=version)  # type: ignore[call-arg]
-        return self.request.post("v1/key/encrypt", EncryptResult, data=input.dict(exclude_none=True))
+        input = EncryptRequest(id=id, plain_text=plain_text, version=version)
+        return self.request.post("v1/key/encrypt", EncryptResult, data=input.model_dump(exclude_none=True))
     # Decrypt
     def decrypt(self, id: str, cipher_text: str, version: Optional[int] = None) -> PangeaResponse[DecryptResult]:
@@ -976,8 +991,8 @@ class Vault(ServiceBase):
                 version=1,
             )
         """
-        input = DecryptRequest(id=id, cipher_text=cipher_text, version=version)  # type: ignore[call-arg]
-        return self.request.post("v1/key/decrypt", DecryptResult, data=input.dict(exclude_none=True))
+        input = DecryptRequest(id=id, cipher_text=cipher_text, version=version)
+        return self.request.post("v1/key/decrypt", DecryptResult, data=input.model_dump(exclude_none=True))
     # Sign
     def sign(self, id: str, message: str, version: Optional[int] = None) -> PangeaResponse[SignResult]:
@@ -1009,7 +1024,7 @@ class Vault(ServiceBase):
             )
         """
         input = SignRequest(id=id, message=message, version=version)
-        return self.request.post("v1/key/sign", SignResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/key/sign", SignResult, data=input.model_dump(exclude_none=True))
     # Verify
     def verify(
@@ -1050,7 +1065,7 @@ class Vault(ServiceBase):
             signature=signature,
             version=version,
         )
-        return self.request.post("v1/key/verify", VerifyResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/key/verify", VerifyResult, data=input.model_dump(exclude_none=True))
     def jwt_verify(self, jws: str) -> PangeaResponse[JWTVerifyResult]:
         """
@@ -1077,7 +1092,7 @@ class Vault(ServiceBase):
             )
         """
         input = JWTVerifyRequest(jws=jws)
-        return self.request.post("v1/key/verify/jwt", JWTVerifyResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/key/verify/jwt", JWTVerifyResult, data=input.model_dump(exclude_none=True))
     def jwt_sign(self, id: str, payload: str) -> PangeaResponse[JWTSignResult]:
         """
@@ -1106,7 +1121,7 @@ class Vault(ServiceBase):
             )
         """
         input = JWTSignRequest(id=id, payload=payload)
-        return self.request.post("v1/key/sign/jwt", JWTSignResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/key/sign/jwt", JWTSignResult, data=input.model_dump(exclude_none=True))
     # Get endpoint
     def jwk_get(self, id: str, version: Optional[str] = None) -> PangeaResponse[JWKGetResult]:
@@ -1137,7 +1152,7 @@ class Vault(ServiceBase):
             )
         """
         input = JWKGetRequest(id=id, version=version)
-        return self.request.post("v1/get/jwk", JWKGetResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/get/jwk", JWKGetResult, data=input.model_dump(exclude_none=True))
     # State change
     def state_change(
@@ -1180,7 +1195,7 @@ class Vault(ServiceBase):
             )
         """
         input = StateChangeRequest(id=id, state=state, version=version, destroy_period=destroy_period)
-        return self.request.post("v1/state/change", StateChangeResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/state/change", StateChangeResult, data=input.model_dump(exclude_none=True))
     # Folder create
     def folder_create(
@@ -1217,7 +1232,7 @@ class Vault(ServiceBase):
             )
         """
         input = FolderCreateRequest(name=name, folder=folder, metadata=metadata, tags=tags)
-        return self.request.post("v1/folder/create", FolderCreateResult, data=input.dict(exclude_none=True))
+        return self.request.post("v1/folder/create", FolderCreateResult, data=input.model_dump(exclude_none=True))
     # Encrypt structured
     def encrypt_structured(
@@ -1265,7 +1280,7 @@ class Vault(ServiceBase):
         return self.request.post(
             "v1/key/encrypt/structured",
             EncryptStructuredResult,
-            data=input.dict(exclude_none=True),
+            data=input.model_dump(exclude_none=True),
         )
     # Decrypt structured
@@ -1314,7 +1329,7 @@ class Vault(ServiceBase):
         return self.request.post(
             "v1/key/decrypt/structured",
             EncryptStructuredResult,
-            data=input.dict(exclude_none=True),
+            data=input.model_dump(exclude_none=True),
         )
     def encrypt_transform(
@@ -1364,7 +1379,7 @@ class Vault(ServiceBase):
         return self.request.post(
             "v1/key/encrypt/transform",
             EncryptTransformResult,
-            data=input.dict(exclude_none=True),
+            data=input.model_dump(exclude_none=True),
         )
     def decrypt_transform(
@@ -1403,5 +1418,51 @@ class Vault(ServiceBase):
         return self.request.post(
             "v1/key/decrypt/transform",
             DecryptTransformResult,
-            data=input.dict(exclude_none=True),
+            data=input.model_dump(exclude_none=True),
+        )
+    def export(
+        self,
+        id: str,
+        version: int | None = None,
+        encryption_key: str | None = None,
+        encryption_algorithm: ExportEncryptionAlgorithm | None = None,
+    ) -> PangeaResponse[ExportResult]:
+        """
+        Export
+        Export a symmetric or asymmetric key.
+        OperationId: vault_post_v1_export
+        Args:
+            id: The ID of the item.
+            version: The item version.
+            encryption_key: Public key in pem format used to encrypt exported key(s).
+            encryption_algorithm: The algorithm of the public key.
+        Raises:
+            PangeaAPIException: If an API error happens.
+        Returns:
+            A `PangeaResponse` where the exported key is returned in the
+            `response.result` field. Available response fields can be found in
+            our [API documentation](https://pangea.cloud/docs/api/vault#export).
+        Examples:
+            exp_encrypted_resp = self.vault.export(
+                id=id,
+                version=1,
+                encryption_key=rsa_pub_key_pem,
+                encryption_algorithm=ExportEncryptionAlgorithm.RSA4096_OAEP_SHA512,
+            )
+        """
+        input: ExportRequest = ExportRequest(
+            id=id, version=version, encryption_algorithm=encryption_algorithm, encryption_key=encryption_key
+        )
+        return self.request.post(
+            "v1/export",
+            ExportResult,
+            data=input.model_dump(exclude_none=True),
         )

pangea/utils.py CHANGED Viewed

@@ -3,10 +3,9 @@ import copy
 import datetime
 import io
 import json
-from collections import OrderedDict
 from hashlib import new, sha1, sha256, sha512
-from google_crc32c import Checksum as CRC32C  # type: ignore[import]
+from google_crc32c import Checksum as CRC32C  # type: ignore[import-untyped]
 from pydantic import BaseModel
@@ -34,20 +33,9 @@ def str2str_b64(data: str, encoding: str = "utf-8") -> str:
     return base64.b64encode(data.encode(encoding)).decode("ascii")
-def dict_order_keys(data: dict) -> OrderedDict:
-    if isinstance(data, dict):
-        return OrderedDict(sorted(data.items()))
-    else:
-        return data
-def dict_order_keys_recursive(data: dict) -> OrderedDict:
-    if isinstance(data, dict):
-        for k, v in data.items():
-            if type(v) is dict:
-                data[k] = dict_order_keys_recursive(v)
-    return data  # type: ignore[return-value]
+def str_b64_2bytes(data: str) -> bytes:
+    data += "=" * ((4 - len(data) % 4) % 4)  # add padding if needed
+    return base64.urlsafe_b64decode(data)
 def canonicalize_nested_json(data: dict) -> dict:

pangea-sdk 3.9.0__py3-none-any.whl → 4.1.0__py3-none-any.whl

pangea-sdk 3.9.0py3-none-any.whl → 4.1.0py3-none-any.whl