pangea-sdk 6.2.0b2__py3-none-any.whl → 6.4.0__py3-none-any.whl

pangea/services/audit/models.py

@@ -11,7 +11,7 @@ import enum
 from typing import Any, Dict, List, Optional, Sequence, Union
 
 from pydantic import Field
-from typing_extensions import Annotated, Literal
+from typing_extensions import Annotated
 
 from pangea.response import APIRequestModel, APIResponseModel, PangeaDateTime, PangeaResponseResult
 
@@ -120,20 +120,25 @@ class Event(Dict[str, Any]):
 
 
 class EventEnvelope(APIResponseModel):
-    """
-    Contain extra information about an event.
+    event: Optional[dict[str, Any]] = None
 
-    Arguments:
-    event -- Event describing auditable activity.
-    signature -- An optional client-side signature for forgery protection.
-    public_key -- The base64-encoded ed25519 public key used for the signature, if one is provided
-    received_at -- A server-supplied timestamp
+    signature: Optional[str] = None
+    """
+    This is the signature of the hash of the canonicalized event that can be
+    verified with the public key provided in the public_key field. Signatures
+    cannot be used with the redaction feature turned on. If redaction is
+    required, the user needs to perform redaction before computing the signature
+    that is to be sent with the message. The SDK facilitates this for users.
     """
 
-    event: Dict[str, Any]
-    signature: Optional[str] = None
     public_key: Optional[str] = None
-    received_at: PangeaDateTime
+    """
+    The base64-encoded ed25519 public key used for the signature, if one is
+    provided
+    """
+
+    received_at: Optional[PangeaDateTime] = None
+    """A Pangea provided timestamp of when the event was received."""
 
 
 class LogRequest(APIRequestModel):
@@ -184,21 +189,28 @@ class LogBulkRequest(APIRequestModel):
 
 
 class LogResult(PangeaResponseResult):
+    envelope: Optional[EventEnvelope] = None
     """
-    Result class after an audit log action
-
-    envelope -- Event envelope information.
-    hash -- Event envelope hash.
-    unpublished_root -- The current unpublished root.
-    membership_proof -- A proof for verifying the unpublished root.
-    consistency_proof -- If prev_root was present in the request, this proof verifies that the new unpublished root is a continuation of the prev_root
+    The sealed envelope containing the event that was logged. Includes event
+    metadata such as optional client-side signature details and server-added
+    timestamps.
     """
 
-    envelope: Optional[EventEnvelope] = None
-    hash: str
+    hash: Annotated[Optional[str], Field(max_length=64, min_length=64)] = None
+    """The hash of the event data."""
+
     unpublished_root: Optional[str] = None
+    """The current unpublished root."""
+
     membership_proof: Optional[str] = None
+    """A proof for verifying that the buffer_root contains the received event"""
+
     consistency_proof: Optional[List[str]] = None
+    """
+    If prev_buffer_root was present in the request, this proof verifies that the
+    new unpublished root is a continuation of prev_unpublished_root
+    """
+
     consistency_verification: EventVerification = EventVerification.NONE
     membership_verification: EventVerification = EventVerification.NONE
     signature_verification: EventVerification = EventVerification.NONE
@@ -361,29 +373,47 @@ class RootResult(PangeaResponseResult):
 
 
 class SearchEvent(APIResponseModel):
+    envelope: EventEnvelope
+
+    membership_proof: Optional[str] = None
+    """A cryptographic proof that the record has been persisted in the log"""
+
+    hash: Annotated[Optional[str], Field(max_length=64, min_length=64)] = None
+    """The record's hash"""
+
+    published: Optional[bool] = None
+    """
+    If true, a root has been published after this event. If false, there is no
+    published root for this event
     """
-    Event information received after a search request
 
-    Arguments:
-    envelope -- Event related information.
-    hash -- The record's hash.
-    leaf_index -- The index of the leaf of the Merkle Tree where this record was inserted.
-    membership_proof -- A cryptographic proof that the record has been persisted in the log.
-    consistency_verification -- Consistency verification calculated if required.
-    membership_verification -- Membership verification calculated if required.
-    signature_verification -- Signature verification calculated if required.
-    fpe_context -- The context data needed to decrypt secure audit events that have been redacted with format preserving encryption.
+    imported: Optional[bool] = None
+    """
+    If true, the even was imported manually and not logged by the standard
+    procedure. Some features such as tamper proofing may not be available
     """
 
-    envelope: EventEnvelope
-    hash: str
-    membership_proof: Optional[str] = None
-    published: Optional[bool] = None
     leaf_index: Optional[int] = None
+    """
+    The index of the leaf of the Merkle Tree where this record was inserted or
+    null if published=false
+    """
+
+    valid_signature: Optional[bool] = None
+    """
+    Result of the verification of the Vault signature, if the event was signed
+    and the parameter `verify_signature` is `true`
+    """
+
+    fpe_context: Optional[str] = None
+    """
+    The context data needed to decrypt secure audit events that have been
+    redacted with format preserving encryption.
+    """
+
     consistency_verification: EventVerification = EventVerification.NONE
     membership_verification: EventVerification = EventVerification.NONE
     signature_verification: EventVerification = EventVerification.NONE
-    fpe_context: Optional[str] = None
 
 
 class SearchResultOutput(PangeaResponseResult):
@@ -502,275 +532,3 @@ class ExportRequest(APIRequestModel):
     Whether or not to include the root hash of the tree and the membership proof
     for each record.
     """
-
-
-class AuditSchemaField(APIResponseModel):
-    """A description of a field in an audit log."""
-
-    id: str
-    """Prefix name / identity for the field."""
-
-    type: Literal["boolean", "datetime", "integer", "string", "string-unindexed", "text"]
-    """The data type for the field."""
-
-    description: Optional[str] = None
-    """Human display description of the field."""
-
-    name: Optional[str] = None
-    """Human display name/title of the field."""
-
-    redact: Optional[bool] = None
-    """If true, redaction is performed against this field (if configured.) Only valid for string type."""
-
-    required: Optional[bool] = None
-    """If true, this field is required to exist in all logged events."""
-
-    size: Optional[int] = None
-    """The maximum size of the field. Only valid for strings, which limits number of UTF-8 characters."""
-
-    ui_default_visible: Optional[bool] = None
-    """If true, this field is visible by default in audit UIs."""
-
-
-class AuditSchema(APIResponseModel):
-    """A description of acceptable fields for an audit log."""
-
-    client_signable: Optional[bool] = None
-    """If true, records contain fields to support client/vault signing."""
-
-    save_malformed: Optional[str] = None
-    """Save (or reject) malformed AuditEvents."""
-
-    tamper_proofing: Optional[bool] = None
-    """If true, records contain fields to support tamper-proofing."""
-
-    fields: Optional[List[AuditSchemaField]] = None
-    """List of field definitions."""
-
-
-class ForwardingConfiguration(APIResponseModel):
-    """Configuration for forwarding audit logs to external systems."""
-
-    type: str
-    """Type of forwarding configuration."""
-
-    forwarding_enabled: Optional[bool] = False
-    """Whether forwarding is enabled."""
-
-    event_url: Optional[str] = None
-    """URL where events will be written to. Must use HTTPS."""
-
-    ack_url: Optional[str] = None
-    """If indexer acknowledgement is required, this must be provided along with a 'channel_id'."""
-
-    channel_id: Optional[str] = None
-    """An optional splunk channel included in each request if indexer acknowledgement is required."""
-
-    public_cert: Optional[str] = None
-    """Public certificate if a self signed TLS cert is being used."""
-
-    index: Optional[str] = None
-    """Optional splunk index passed in the record bodies."""
-
-    vault_config_id: Optional[str] = None
-    """The vault config used to store the HEC token."""
-
-    vault_secret_id: Optional[str] = None
-    """The secret ID where the HEC token is stored in vault."""
-
-
-class ServiceConfigV1(PangeaResponseResult):
-    """Configuration options available for audit service"""
-
-    id: Optional[str] = None
-    """The config ID"""
-
-    version: Literal[1] = 1
-
-    created_at: Optional[str] = None
-    """The DB timestamp when this config was created. Ignored when submitted."""
-
-    updated_at: Optional[str] = None
-    """The DB timestamp when this config was last updated at"""
-
-    name: Optional[str] = None
-    """Configuration name"""
-
-    retention: Optional[str] = None
-    """Retention window to store audit logs."""
-
-    cold_query_result_retention: Optional[str] = None
-    """Retention window for cold query result / state information."""
-
-    hot_storage: Optional[str] = None
-    """Retention window to keep audit logs in hot storage."""
-
-    query_result_retention: Optional[str] = None
-    """Length of time to preserve server-side query result caching."""
-
-    redact_service_config_id: Optional[str] = None
-    """A redact service config that will be used to redact PII from logs."""
-
-    redaction_fields: Optional[List[str]] = None
-    """Fields to perform redaction against."""
-
-    vault_service_config_id: Optional[str] = None
-    """A vault service config that will be used to sign logs."""
-
-    vault_key_id: Optional[str] = None
-    """ID of the Vault key used for signing. If missing, use a default Audit key"""
-
-    vault_sign: Optional[bool] = None
-    """Enable/disable event signing"""
-
-
-class ServiceConfigV2(PangeaResponseResult):
-    """Configuration options available for audit service"""
-
-    audit_schema: AuditSchema = Field(alias="schema")
-    """Audit log field configuration. Only settable at create time."""
-
-    version: Literal[2] = 2
-
-    cold_query_result_retention: Optional[str] = None
-    """Retention window for cold query result / state information."""
-
-    created_at: Optional[str] = None
-    """The DB timestamp when this config was created. Ignored when submitted."""
-
-    hot_storage: Optional[str] = None
-    """Retention window to keep audit logs in hot storage."""
-
-    id: Optional[str] = None
-    """The config ID"""
-
-    name: Optional[str] = None
-    """Configuration name"""
-
-    query_result_retention: Optional[str] = None
-    """Length of time to preserve server-side query result caching."""
-
-    redact_service_config_id: Optional[str] = None
-    """A redact service config that will be used to redact PII from logs."""
-
-    retention: Optional[str] = None
-    """Retention window to store audit logs."""
-
-    updated_at: Optional[str] = None
-    """The DB timestamp when this config was last updated at"""
-
-    vault_key_id: Optional[str] = None
-    """ID of the Vault key used for signing. If missing, use a default Audit key"""
-
-    vault_service_config_id: Optional[str] = None
-    """A vault service config that will be used to sign logs."""
-
-    vault_sign: Optional[bool] = None
-    """Enable/disable event signing"""
-
-    forwarding_configuration: Optional[ForwardingConfiguration] = None
-    """Configuration for forwarding audit logs to external systems."""
-
-
-class ServiceConfigV3(PangeaResponseResult):
-    """Configuration options available for audit service"""
-
-    audit_schema: AuditSchema = Field(alias="schema")
-    """Audit log field configuration. Only settable at create time."""
-
-    version: Literal[3] = 3
-    """Version of the service config."""
-
-    cold_storage: Optional[str] = None
-    """Retention window for logs in cold storage. Deleted afterwards."""
-
-    created_at: Optional[str] = None
-    """The DB timestamp when this config was created. Ignored when submitted."""
-
-    forwarding_configuration: Optional[ForwardingConfiguration] = None
-    """Configuration for forwarding audit logs to external systems."""
-
-    hot_storage: Optional[str] = None
-    """Retention window for logs in hot storage. Migrated to warm, cold, or deleted afterwards."""
-
-    id: Optional[str] = None
-    """The config ID"""
-
-    name: Optional[str] = None
-    """Configuration name"""
-
-    redact_service_config_id: Optional[str] = None
-    """A redact service config that will be used to redact PII from logs."""
-
-    updated_at: Optional[str] = None
-    """The DB timestamp when this config was last updated at"""
-
-    vault_key_id: Optional[str] = None
-    """ID of the Vault key used for signing. If missing, use a default Audit key"""
-
-    vault_service_config_id: Optional[str] = None
-    """A vault service config that will be used to sign logs."""
-
-    vault_sign: Optional[bool] = None
-    """Enable/disable event signing"""
-
-    warm_storage: Optional[str] = None
-    """Retention window for logs in warm storage. Migrated to cold or deleted afterwards."""
-
-
-ServiceConfig = Annotated[
-    Union[ServiceConfigV1, ServiceConfigV2, ServiceConfigV3],
-    Field(discriminator="version"),
-]
-"""Configuration options available for audit service"""
-
-
-class ServiceConfigFilter(APIRequestModel):
-    id: Optional[str] = None
-    """Only records where id equals this value."""
-
-    id__contains: Optional[Sequence[str]] = None
-    """Only records where id includes each substring."""
-
-    id__in: Optional[Sequence[str]] = None
-    """Only records where id equals one of the provided substrings."""
-
-    created_at: Optional[str] = None
-    """Only records where created_at equals this value."""
-
-    created_at__gt: Optional[str] = None
-    """Only records where created_at is greater than this value."""
-
-    created_at__gte: Optional[str] = None
-    """Only records where created_at is greater than or equal to this value."""
-
-    created_at__lt: Optional[str] = None
-    """Only records where created_at is less than this value."""
-
-    created_at__lte: Optional[str] = None
-    """Only records where created_at is less than or equal to this value."""
-
-    updated_at: Optional[str] = None
-    """Only records where updated_at equals this value."""
-
-    updated_at__gt: Optional[str] = None
-    """Only records where updated_at is greater than this value."""
-
-    updated_at__gte: Optional[str] = None
-    """Only records where updated_at is greater than or equal to this value."""
-
-    updated_at__lt: Optional[str] = None
-    """Only records where updated_at is less than this value."""
-
-    updated_at__lte: Optional[str] = None
-    """Only records where updated_at is less than or equal to this value."""
-
-
-class ServiceConfigListResult(PangeaResponseResult):
-    count: int
-    """The total number of service configs matched by the list request."""
-
-    last: str
-    """Used to fetch the next page of the current listing when provided in a repeated request's last parameter."""
-
-    items: Sequence[ServiceConfig]

pangea/services/authn/authn.py

@@ -6,6 +6,7 @@
 
 from __future__ import annotations
 
+from collections.abc import Mapping
 from typing import Dict, List, Literal, Optional, Union
 
 import pangea.services.authn.models as m
@@ -437,7 +438,7 @@ class AuthN(ServiceBase):
             ):
                 super().__init__(token, config, logger_name=logger_name)
 
-            def check(self, token: str) -> PangeaResponse[m.ClientTokenCheckResult]:
+            def check(self, token: m.Token) -> PangeaResponse[m.ClientTokenCheckResult]:
                 """
                 Check a token
 
@@ -446,7 +447,7 @@ class AuthN(ServiceBase):
                 OperationId: authn_post_v2_client_token_check
 
                 Args:
-                    token (str): A token value
+                    token: A token value
 
                 Returns:
                     A PangeaResponse with a token and its information in the response.result field.
@@ -458,10 +459,7 @@ class AuthN(ServiceBase):
                         token="ptu_wuk7tvtpswyjtlsx52b7yyi2l7zotv4a",
                     )
                 """
-                input = m.ClientTokenCheckRequest(token=token)
-                return self.request.post(
-                    "v2/client/token/check", m.ClientTokenCheckResult, data=input.model_dump(exclude_none=True)
-                )
+                return self.request.post("v2/client/token/check", m.ClientTokenCheckResult, data={"token": token})
 
     class User(ServiceBase):
         service_name = _SERVICE_NAME
@@ -481,7 +479,7 @@ class AuthN(ServiceBase):
         def create(
             self,
             email: str,
-            profile: m.Profile,
+            profile: Mapping[str, str],
             *,
             username: str | None = None,
         ) -> PangeaResponse[m.UserCreateResult]:
@@ -868,7 +866,7 @@ class AuthN(ServiceBase):
 
             def update(
                 self,
-                profile: m.Profile,
+                profile: Mapping[str, str],
                 id: str | None = None,
                 email: str | None = None,
                 *,