pypomes-iam 0.5.8__tar.gz → 0.5.9__tar.gz

{pypomes_iam-0.5.8 → pypomes_iam-0.5.9}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_iam
-Version: 0.5.8
+Version: 0.5.9
 Summary: A collection of Python pomes, penyeach (IAM modules)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues

{pypomes_iam-0.5.8 → pypomes_iam-0.5.9}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "pypomes_iam"
-version = "0.5.8"
+version = "0.5.9"
 authors = [
   { name="GT Nunes", email="wisecoder01@gmail.com" }
 ]

{pypomes_iam-0.5.8 → pypomes_iam-0.5.9}/src/pypomes_iam/__init__.py

@@ -6,7 +6,7 @@ from .iam_common import (
     IamServer, IamParam
 )
 from .iam_pomes import (
-    iam_setup, iam_get_token
+    iam_setup, iam_get_env_parameters, iam_get_token
 )
 from .iam_services import (
      jwt_required, logger_register
@@ -25,7 +25,7 @@ __all__ = [
     # iam_commons
     "IamServer", "IamParam",
     # iam_pomes
-    "iam_setup", "iam_get_token",
+    "iam_setup", "iam_get_env_parameters", "iam_get_token",
     # iam_services
     "jwt_required", "logger_register",
     # provider_pomes

{pypomes_iam-0.5.8 → pypomes_iam-0.5.9}/src/pypomes_iam/iam_common.py

@@ -3,10 +3,7 @@ import sys
 from datetime import datetime
 from enum import StrEnum, auto
 from logging import Logger
-from pypomes_core import (
-    APP_PREFIX, TZ_LOCAL,
-    env_get_int, env_get_str, env_get_enum, env_get_enums, exc_format
-)
+from pypomes_core import TZ_LOCAL, exc_format
 from pypomes_crypto import crypto_jwk_convert
 from threading import RLock
 from typing import Any, Final
@@ -57,85 +54,38 @@ class UserParam(StrEnum):
     REDIRECT_URI = "redirect-uri"
 
 
-def __get_iam_data() -> dict[IamServer, dict[IamParam, Any]]:
-    """
-    Establish the configuration data for select *IAM* servers, from environment variables.
-
-    The preferred way to specify configuration parameters is dynamically with *iam_setup()*;.
-    Specifying configuration parameters with environment variables can be done in two ways:
-
-    1. for a single *IAM* server, specify the data set
-          - *<APP_PREFIX>_IAM_SERVER*               (required, one of *jusbr*, *keycloak*)
-          - *<APP_PREFIX>_IAM_ADMIN_ID*             (optional, needed only if administrative duties are performed)
-          - *<APP_PREFIX>_IAM_ADMIN_PWD*            (optional, needed only if administrative duties are performed)
-          - *<APP_PREFIX>_IAM_CLIENT_ID*            (required)
-          - *<APP_PREFIX>_IAM_CLIENT_REALM*         (required)
-          - *<APP_PREFIX>_IAM_CLIENT_SECRET*        (required)
-          - *<APP_PREFIX>_IAM_ENDPOINT_CALLBACK*    (optional)
-          - *<APP_PREFIX>_IAM_ENDPOINT_LOGIN*       (optional)
-          - *<APP_PREFIX>_IAM_ENDPOINT_LOGOUT*      (optional)
-          - *<APP_PREFIX>_IAM_ENDPOINT_TOKEN*       (optional)
-          - *<APP_PREFIX>_IAM_ENDPOINT_EXCHANGE*    (optional)
-          - *<APP_PREFIX>_IAM_LOGIN_TIMEOUT*        (optional, defaults to no timeout)
-          - *<APP_PREFIX>_IAM_PK_LIFETIME*          (optional, defaults to non-terminating lifetime)
-          - *<APP_PREFIX>_IAM_RECIPIENT_ATTR*       (required)
-          - *<APP_PREFIX>_IAM_URL_BASE*             (required)
-
-    2. the parameters *PUBLIC_KEY*, *PK_EXPIRATION*, and *USERS* cannot be assigned values,
-       as they are reserved for internal use
-
-    3. for multiple *IAM* servers, specify a comma-separated list of servers in
-       *<APP_PREFIX>_IAM_SERVERS*, and for each server, specify the data set above,
-       respectively replacing *_IAM_* with *_JUSBR_* or *_KEYCLOAK_*, for the servers listed above
-
-    :return: the configuration data for the selected *IAM* servers
-    """
-    # initialize the return valiable
-    result: dict[IamServer, dict[IamParam, Any]] = {}
-
-    servers: list[IamServer] = []
-    single_server: IamServer = env_get_enum(key=f"{APP_PREFIX}_IAM_SERVER",
-                                            enum_class=IamServer)
-    if single_server:
-        default_setup: bool = True
-        servers.append(single_server)
-    else:
-        default_setup: bool = False
-        multi_servers: list[IamServer] = env_get_enums(key=f"{APP_PREFIX}_IAM_SERVERS",
-                                                       enum_class=IamServer)
-        if multi_servers:
-            servers.extend(multi_servers)
-
-    for server in servers:
-        if default_setup:
-            prefix: str = "IAM"
-            default_setup = False
-        else:
-            prefix: str = server
-        result[server] = {
-            IamParam.ADMIN_ID: env_get_str(key=f"{APP_PREFIX}_{prefix}_ADMIN_ID"),
-            IamParam.ADMIN_SECRET: env_get_str(key=f"{APP_PREFIX}_{prefix}_ADMIN_PWD"),
-            IamParam.CLIENT_ID: env_get_str(key=f"{APP_PREFIX}_{prefix}_CLIENT_ID"),
-            IamParam.CLIENT_REALM: env_get_str(key=f"{APP_PREFIX}_{prefix}_CLIENT_REALM"),
-            IamParam.CLIENT_SECRET: env_get_str(key=f"{APP_PREFIX}_{prefix}_CLIENT_SECRET"),
-            IamParam.LOGIN_TIMEOUT: env_get_int(key=f"{APP_PREFIX}_{prefix}_CLIENT_TIMEOUT"),
-            IamParam.ENDPOINT_CALLBACK: env_get_str(key=f"{APP_PREFIX}_{prefix}_ENDPOINT_CALLBACK"),
-            IamParam.ENDPOINT_LOGIN: env_get_str(key=f"{APP_PREFIX}_{prefix}_ENDPOINT_LOGIN"),
-            IamParam.ENDPOINT_LOGOUT: env_get_str(key=f"{APP_PREFIX}_{prefix}_ENDPOINT_LOGOUT"),
-            IamParam.ENDPOINT_TOKEN: env_get_str(key=f"{APP_PREFIX}_{prefix}_ENDPOINT_TOKEN"),
-            IamParam.ENDPOINT_EXCHANGE: env_get_str(key=f"{APP_PREFIX}_{prefix}_ENDPOINT_EXCHANGE"),
-            IamParam.PK_LIFETIME: env_get_str(key=f"{APP_PREFIX}_{prefix}_PK_LIFETIME"),
-            IamParam.RECIPIENT_ATTR: env_get_str(key=f"{APP_PREFIX}_{prefix}_RECIPIENT_ATTR"),
-            IamParam.URL_BASE: env_get_str(key=f"{APP_PREFIX}_{prefix}_URL_BASE")
-        }
-
-    return result
-
+# The configuration parameters for the IAM servers are specified dynamically dynamically with *iam_setup()*
+# Specifying configuration parameters with environment variables can be done in two ways:
+#
+# 1. for a single *IAM* server, specify the data set
+#       - *<APP_PREFIX>_IAM_SERVER*               (required, one of *jusbr*, *keycloak*)
+#       - *<APP_PREFIX>_IAM_ADMIN_ID*             (optional, needed only if administrative duties are performed)
+#       - *<APP_PREFIX>_IAM_ADMIN_PWD*            (optional, needed only if administrative duties are performed)
+#       - *<APP_PREFIX>_IAM_CLIENT_ID*            (required)
+#       - *<APP_PREFIX>_IAM_CLIENT_REALM*         (required)
+#       - *<APP_PREFIX>_IAM_CLIENT_SECRET*        (required)
+#       - *<APP_PREFIX>_IAM_ENDPOINT_CALLBACK*    (optional)
+#       - *<APP_PREFIX>_IAM_ENDPOINT_LOGIN*       (optional)
+#       - *<APP_PREFIX>_IAM_ENDPOINT_LOGOUT*      (optional)
+#       - *<APP_PREFIX>_IAM_ENDPOINT_TOKEN*       (optional)
+#       - *<APP_PREFIX>_IAM_ENDPOINT_EXCHANGE*    (optional)
+#       - *<APP_PREFIX>_IAM_LOGIN_TIMEOUT*        (optional, defaults to no timeout)
+#       - *<APP_PREFIX>_IAM_PK_LIFETIME*          (optional, defaults to non-terminating lifetime)
+#       - *<APP_PREFIX>_IAM_RECIPIENT_ATTR*       (required)
+#       - *<APP_PREFIX>_IAM_URL_BASE*             (required)
+#
+# 2. for multiple *IAM* servers, specify the data set above for each server,
+#    respectively replacing *IAM* with a name in *IamServer* (currently, *JUSBR* and *KEYCLOAK* are supported).
+#
+# 3. the parameters *PUBLIC_KEY*, *PK_EXPIRATION*, and *USERS* cannot be assigned values,
+#    as they are reserved for internal use
 
 # registry structure:
 # { <IamServer>:
 #    {
 #       "base-url": <str>,
+#       "admin-id": <str>,
+#       "admin-secret": <str>,
 #       "client-id": <str>,
 #       "client-secret": <str>,
 #       "client-realm": <str,
@@ -162,7 +112,7 @@ def __get_iam_data() -> dict[IamServer, dict[IamParam, Any]]:
 #   },
 #   ...
 # }
-_IAM_SERVERS: Final[dict[IamServer, dict[IamParam, Any]]] = __get_iam_data()
+_IAM_SERVERS: Final[dict[IamServer, dict[IamParam, Any]]] = {}
 
 
 # the lock protecting the data in '_IAM_SERVERS'
@@ -186,7 +136,7 @@ def _iam_server_from_endpoint(endpoint: str,
 
     for iam_server in _IAM_SERVERS:
         if endpoint.startswith(iam_server):
-            result = IamServer.JUSRBR
+            result = iam_server
             break
 
     if not result:

{pypomes_iam-0.5.8 → pypomes_iam-0.5.9}/src/pypomes_iam/iam_pomes.py

@@ -1,5 +1,6 @@
 from flask import Flask
 from logging import Logger
+from pypomes_core import APP_PREFIX, env_get_int, env_get_str
 from typing import Any
 
 from .iam_common import (
@@ -16,17 +17,17 @@ def iam_setup(flask_app: Flask,
               base_url: str,
               client_id: str,
               client_realm: str,
+              client_secret: str | None,
               recipient_attribute: str,
-              client_secret: str = None,
-              login_timeout: int = None,
               admin_id: str = None,
               admin_secret: str = None,
+              login_timeout: int = None,
               public_key_lifetime: int = None,
               callback_endpoint: str = None,
+              exchange_endpoint: str = None,
               login_endpoint: str = None,
               logout_endpoint: str = None,
-              token_endpoint: str = None,
-              exchange_endpoint: str = None) -> None:
+              token_endpoint: str = None) -> None:
     """
     Establish the provided parameters for configuring the *IAM* server *iam_server*.
 
@@ -43,17 +44,17 @@ def iam_setup(flask_app: Flask,
     :param base_url: base URL to request services
     :param client_id: the client's identification with the *IAM* server
     :param client_realm: the client realm
-    :param recipient_attribute: attribute in the token's payload holding the token's subject
     :param client_secret: the client's password with the *IAM* server
-    :param login_timeout: timeout for login authentication (in seconds,defaults to no timeout)
+    :param recipient_attribute: attribute in the token's payload holding the token's subject
     :param admin_id: identifies the realm administrator
     :param admin_secret: password for the realm administrator
+    :param login_timeout: timeout for login authentication (in seconds,defaults to no timeout)
     :param public_key_lifetime: how long to use *IAM* server's public key, before refreshing it (in seconds)
     :param callback_endpoint: endpoint for the callback from the front end
+    :param exchange_endpoint: endpoint for requesting token exchange
     :param login_endpoint: endpoint for redirecting user to the *IAM* server's login page
     :param logout_endpoint: endpoint for terminating user access
     :param token_endpoint: endpoint for retrieving authentication token
-    :param exchange_endpoint: endpoint for requesting token exchange
     """
 
     # configure the Keycloak registry
@@ -63,18 +64,15 @@ def iam_setup(flask_app: Flask,
             IamParam.CLIENT_ID: client_id,
             IamParam.CLIENT_REALM: client_realm,
             IamParam.CLIENT_SECRET: client_secret,
-            IamParam.LOGIN_TIMEOUT: login_timeout,
             IamParam.RECIPIENT_ATTR: recipient_attribute,
+            IamParam.ADMIN_ID: admin_id,
+            IamParam.ADMIN_SECRET: admin_secret,
+            IamParam.LOGIN_TIMEOUT: login_timeout,
+            IamParam.PK_LIFETIME: public_key_lifetime,
             IamParam.PK_EXPIRATION: 0,
             IamParam.PUBLIC_KEY: None,
             IamParam.USERS: {}
         }
-        if admin_id and admin_secret:
-            IamParam.ADMIN_ID = admin_id
-            IamParam.ADMIN_SECRET = admin_secret
-
-        if public_key_lifetime:
-            IamParam.PK_LIFETIME = public_key_lifetime
 
     # establish the endpoints
     if callback_endpoint:
@@ -104,6 +102,34 @@ def iam_setup(flask_app: Flask,
                                methods=["POST"])
 
 
+def iam_get_env_parameters(iam_prefix: str = None) -> dict[str, Any]:
+    """
+    Retrieve the set parameters for a *IAM* server from the environment.
+
+    the parameters are returned ready to be used as a '**kwargs' parameter set in a call to *iam_setup()*,
+    and sorted in the order appropriate to use them instead with a '*args' parameter set.
+
+    :param iam_prefix: the prefix classifying the parameters
+    :return: the sorted parameters classified by *prefix*
+    """
+    return {
+        "url_base": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_URL_BASE"),
+        "client_id": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_CLIENT_ID"),
+        "client_realm": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_CLIENT_REALM"),
+        "client_secret": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_CLIENT_SECRET"),
+        "recipient_attr": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_RECIPIENT_ATTR"),
+        "admin_id": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_ADMIN_ID"),
+        "admin_secret": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_ADMIN_SECRET"),
+        "login_timeout": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_LOGIN_TIMEOUT"),
+        "public_key_lifetime": env_get_int(key=f"{APP_PREFIX}_{iam_prefix}_PUBLIC_KEY_LIFETIME"),
+        "callback_endpoint": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_ENDPOINT_CALLBACK"),
+        "exchange_endpoint": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_ENDPOINT_EXCHANGE"),
+        "login_endpoint": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_ENDPOINT_LOGIN"),
+        "logout_endpoint": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}__ENDPOINT_LOGOUT"),
+        "token_endpoint": env_get_str(key=f"{APP_PREFIX}_{iam_prefix}_ENDPOINT_TOKEN")
+    }
+
+
 def iam_get_token(iam_server: IamServer,
                   user_id: str,
                   errors: list[str] = None,