pypomes-iam 0.8.0__py3-none-any.whl → 0.8.9__py3-none-any.whl

pypomes_iam/provider_pomes.py

@@ -14,6 +14,11 @@ from pypomes_core import (
 from threading import Lock
 from typing import Any, Final
 
+_members: dict[str, str] = {key.upper(): key.lower() for key in
+                            env_get_strs(key=f"{APP_PREFIX}_AUTH_PROVIDERS")}
+IamProvider: type[StrEnum] = StrEnum("IamProvider", _members)
+del _members
+
 
 class ProviderParam(StrEnum):
     """
@@ -28,7 +33,7 @@ class ProviderParam(StrEnum):
     ACCESS_EXPIRATION = "access-expiration"
     REFRESH_TOKEN = "refresh-token"
     REFRESH_EXPIRATION = "refresh-expiration"
-    URL_AUTH = "url-auth"
+    URL_TOKEN = "url-token"
 
 
 # the logger for IAM service operations
@@ -36,43 +41,42 @@ class ProviderParam(StrEnum):
 __JWT_LOGGER: Logger | None = None
 
 
-def __get_provider_data() -> dict[str, dict[ProviderParam, Any]]:
+def __get_provider_data() -> dict[IamProvider, dict[ProviderParam, Any]]:
     """
-    Obtain the configuration data for select *JWT* providers.
+    Obtain the configuration data for select *IAM* providers.
 
-    The configuration parameters for the JWT providers are specified with environment variables,
+    The configuration parameters for the *IAM* providers are specified with environment variables,
     or dynamically with *provider_setup_server()*. Specifying configuration parameters with
     environment variables can be done by following these steps:
 
-    1. Specify *<APP_PREFIX>_IAM_PROVIDERS* with a list of names (typically, in lower-case), and the data set
-       below for each providers, where *<JWT>* stands for the provider's name in upper-case:
-          - *<APP_PREFIX>_<JWT>_BODY_DATA*            (optional)
-          - *<APP_PREFIX>_<JWT>_CUSTOM_AUTH*          (optional)
-          - *<APP_PREFIX>_<JWT>_HEADER_DATA*          (optional)
-          - *<APP_PREFIX>_<JWT>_USER_ID*              (required)
-          - *<APP_PREFIX>_<JWT>_USER_SECRET*          (required)
-          - *<APP_PREFIX>_<JWT>_URL_TOKEN*            (required)
-
-    2. The special environment variable *<APP_PREFIX>_IAM_PROVIDER_ENDPOINT* identifies the endpoint from which
-       to obtain JWT tokens. It is not part of the *JWT* providers' setup, but is meant to be used
-       by function *provider_setup_endpoint()*, wherein the value in that variable would represent the
-       default value for its parameter.
-
-    :return: the configuration data for the select *JWT* providers.
+    1. Specify *<APP_PREFIX>_AUTH_PROVIDERS* with a list of names (typically, in lower-case), and the data set
+       below for each providers, where *<IAM>* stands for the provider's name in upper-case:
+          - *<APP_PREFIX>_<IAM>_BODY_DATA*            (optional)
+          - *<APP_PREFIX>_<IAM>_CUSTOM_AUTH*          (optional)
+          - *<APP_PREFIX>_<IAM>_HEADER_DATA*          (optional)
+          - *<APP_PREFIX>_<IAM>_USER_ID*              (required)
+          - *<APP_PREFIX>_<IAM>_USER_SECRET*          (required)
+          - *<APP_PREFIX>_<IAM>_URL_TOKEN*            (required)
+
+    2. The special environment variable *<APP_PREFIX>_PROVIDER_ENDPOINT_TOKEN* identifies the endpoint
+       from which to obtain JWT tokens. It is not part of the *JWT* providers' setup, but is meant to be
+       used by function *provider_setup_endpoint()*, wherein the value in that variable would represent
+       the default value for its parameter.
+
+    :return: the configuration data for the select *IAM* providers.
     """
     # initialize the return variable
     result: dict[str, dict[ProviderParam, Any]] = {}
 
-    servers: list[str] = env_get_strs(key=f"{APP_PREFIX}_IAM_PROVIDERS") or []
-    for server in servers:
-        prefix = server.upper()
-        result[server] = {
+    for provider in IamProvider:
+        prefix = provider.name
+        result[provider] = {
+            ProviderParam.USER_ID: env_get_str(key=f"{APP_PREFIX}_{prefix}_USER_ID"),
+            ProviderParam.USER_SECRET: env_get_str(key=f"{APP_PREFIX}_{prefix}_USER_SECRET"),
             ProviderParam.BODY_DATA: env_get_obj(key=f"{APP_PREFIX}_{prefix}_BODY_DATA"),
             ProviderParam.CUSTOM_AUTH: env_get_strs(key=f"{APP_PREFIX}_{prefix}_CUSTOM_AUTH"),
             ProviderParam.HEADER_DATA: env_get_obj(key=f"{APP_PREFIX}_{prefix}_HEADER_DATA"),
-            ProviderParam.USER_ID: env_get_str(key=f"{APP_PREFIX}_{prefix}_USER_ID"),
-            ProviderParam.USER_SECRET: env_get_str(key=f"{APP_PREFIX}_{prefix}_USER_SECRET"),
-            ProviderParam.URL_AUTH: env_get_str(key=f"{APP_PREFIX}_{prefix}_URL_AUTH"),
+            ProviderParam.URL_TOKEN: env_get_str(key=f"{APP_PREFIX}_{prefix}_URL_TOKEN"),
             ProviderParam.ACCESS_TOKEN: None,
             ProviderParam.ACCESS_EXPIRATION: 0,
             ProviderParam.REFRESH_TOKEN: None,
@@ -85,19 +89,20 @@ def __get_provider_data() -> dict[str, dict[ProviderParam, Any]]:
 # structure:
 # {
 #    <provider-id>: {
-#      "url": <strl>,
-#      "user": <str>,
-#      "pwd": <str>,
+#      "body-data": <dict[str, str],
 #      "custom-auth": <tuple[str, str]>,
 #      "headers-data": <dict[str, str]>,
-#      "body-data": <dict[str, str],
+#      "user-id": <str>,
+#      "user-secret": <str>,
+#      "url-token": <strl>,
+#      # dinamically set
 #      "access-token": <str>,
 #      "access-expiration": <timestamp>,
 #      "refresh-token": <str>,
 #      "refresh-expiration": <timestamp>
 #    }
 # }
-_provider_registry: Final[dict[str, dict[str, Any]]] = __get_provider_data()
+_provider_registry: Final[dict[IamProvider, dict[str, Any]]] = __get_provider_data()
 
 # the lock protecting the data in '_provider_registry'
 # (because it is 'Final' and set at declaration time, it can be accessed through simple imports)
@@ -105,15 +110,15 @@ _provider_lock: Final[Lock] = Lock()
 
 
 @func_capture_params
-def provider_setup_server(provider_id: str,
-                          user_id: str = None,
-                          user_secret: str = None,
-                          custom_auth: tuple[str, str] = None,
-                          header_data: dict[str, str] = None,
-                          body_data: dict[str, str] = None,
-                          url_auth: str = None) -> None:
+def iam_setup_provider(iam_provider: IamProvider,
+                       user_id: str = None,
+                       user_secret: str = None,
+                       custom_auth: tuple[str, str] = None,
+                       header_data: dict[str, str] = None,
+                       body_data: dict[str, str] = None,
+                       url_token: str = None) -> None:
     """
-    Setup the *JWT* provider *provider_id*.
+    Setup the *IAM* provider *iam_provider*.
 
     For the parameters not effectively passed, an attempt is made to obtain a value from the corresponding
     environment variable.
@@ -122,17 +127,18 @@ def provider_setup_server(provider_id: str,
     as key-value pairs in the body of the request. Otherwise, the external provider *provider_id* uses the standard
     HTTP Basic Authorization scheme, wherein the credentials are B64-encoded and sent in the request headers.
 
-    Optional constant key-value pairs (such as ['Content-Type', 'application/x-www-form-urlencoded']), to be
-    added to the request headers, may be specified in *headers_data*. Likewise, optional constant key-value pairs
-    (such as ['grant_type', 'client_credentials']), to be added to the request body, may be specified in *body_data*.
+    Optional constant key-value pairs (such as *['Content-Type', 'application/x-www-form-urlencoded']*),
+    to be added to the request headers, may be specified in *headers_data*. Likewise, optional constant
+    key-value pairs (such as *['grant_type', 'client_credentials']*), to be added to the request body,
+    may be specified in *body_data*.
 
-    :param provider_id: the provider's identification
+    :param iam_provider: the provider's identification
     :param user_id: the basic authorization user
     :param user_secret: the basic authorization password
     :param custom_auth: optional key names for sending the credentials as key-value pairs in the body of the request
     :param header_data: optional key-value pairs to be added to the request headers
     :param body_data: optional key-value pairs to be added to the request body
-    :param url_auth: the url to request *JWT* tokens with
+    :param url_token: the url to request *JWT* tokens with
     """
     global _provider_registry
 
@@ -140,7 +146,7 @@ def provider_setup_server(provider_id: str,
     defaulted_params: list[str] = func_defaulted_params.get()
 
     # read from the environment variables
-    prefix: str = provider_id.upper()
+    prefix: str = iam_provider.name
     if "user_id" in defaulted_params:
         user_id = env_get_str(key=f"{APP_PREFIX}_{prefix}_USER_ID")
     if "user_secret" in defaulted_params:
@@ -151,17 +157,17 @@ def provider_setup_server(provider_id: str,
         header_data = env_get_obj(key=f"{APP_PREFIX}_{prefix}_HEADER_DATA")
     if "body_data" in defaulted_params:
         body_data = env_get_obj(key=f"{APP_PREFIX}_{prefix}_BODY_DATA")
-    if "url_auth" in defaulted_params:
-        url_auth = env_get_str(key=f"{APP_PREFIX}_{prefix}_URL_AUTH")
+    if "url_token" in defaulted_params:
+        url_token = env_get_str(key=f"{APP_PREFIX}_{prefix}_URL_TOKEN")
 
     with _provider_lock:
-        _provider_registry[provider_id] = {
-            ProviderParam.URL_AUTH: url_auth,
-            ProviderParam.USER_ID: user_id,
-            ProviderParam.USER_SECRET: user_secret,
+        _provider_registry[iam_provider] = {
+            ProviderParam.BODY_DATA: body_data,
             ProviderParam.CUSTOM_AUTH: custom_auth,
             ProviderParam.HEADER_DATA: header_data,
-            ProviderParam.BODY_DATA: body_data,
+            ProviderParam.USER_ID: user_id,
+            ProviderParam.USER_SECRET: user_secret,
+            ProviderParam.URL_TOKEN: url_token,
             # dynamically set
             ProviderParam.ACCESS_TOKEN: None,
             ProviderParam.ACCESS_EXPIRATION: 0,
@@ -187,12 +193,12 @@ def provider_setup_endpoint(flask_app: Flask,
 
     # read from the environment variable
     if "provider_endpoint" in defaulted_params:
-        provider_endpoint = env_get_str(key=f"{APP_PREFIX}_IAM_PROVIDER_ENDPOINT")
+        provider_endpoint = env_get_str(key=f"{APP_PREFIX}_PROVIDER_ENDPOINT_TOKEN")
 
     # establish the endpoints
     if provider_endpoint:
         flask_app.add_url_rule(rule=provider_endpoint,
-                               endpoint=f"jwt-callback",
+                               endpoint=f"provider-get-token",
                                view_func=service_get_token,
                                methods=["GET"])
 
@@ -207,7 +213,7 @@ def provider_setup_logger(logger: Logger) -> None:
     __JWT_LOGGER = logger
 
 
-# @flask_app.route(rule=<token_endpoint>,  # IAM_PROVIDER_ENDPOINT_TOKEN
+# @flask_app.route(rule=<token_endpoint>,
 #                  methods=["GET"])
 def service_get_token() -> Response:
     """
@@ -222,24 +228,27 @@ def service_get_token() -> Response:
 
     :return: *Response* containing the JWT token, or *BAD REQUEST*
     """
+    # retrieve the request arguments
+    args: dict[str, Any] = dict(request.args) or {}
+
     # log the request
     if __JWT_LOGGER:
-        params: str = json.dumps(obj=request.args,
-                                 ensure_ascii=False)
-        __JWT_LOGGER.debug(msg=f"Request {request.method}:{request.path}, params {params}")
+        __JWT_LOGGER.debug(msg=f"Request {request.method}:{request.path}; {json.dumps(obj=args,
+                                                                                      ensure_ascii=False)}")
 
     # obtain the provider JWT
-    provider_id: str = request.args.get("jwt-provider")
+    provider_id: str = args.get("iam-provider")
+    iam_provider: IamProvider = IamProvider(provider_id) if provider_id in IamProvider else None
 
     # retrieve the token
     token: str | None = None
     errors: list[str] = []
-    if provider_id:
-        token: str = provider_get_token(provider_id=provider_id,
+    if iam_provider:
+        token: str = provider_get_token(iam_provider=iam_provider,
                                         errors=errors,
                                         logger=__JWT_LOGGER)
     else:
-        msg: str = "JWT provider not informed"
+        msg: str = "IAM provider unknown or not informed"
         errors.append(msg)
         if __JWT_LOGGER:
             __JWT_LOGGER.error(msg=msg)
@@ -257,13 +266,13 @@ def service_get_token() -> Response:
     return result
 
 
-def provider_get_token(provider_id: str,
+def provider_get_token(iam_provider: IamProvider,
                        errors: list[str] = None,
                        logger: Logger = None) -> str | None:
     """
     Obtain an JWT token from the external provider *provider_id*.
 
-    :param provider_id: the provider's identification
+    :param iam_provider: the provider's identification
     :param errors: incidental error messages
     :param logger: optional logger
     :return: the JWT token, or *None* if error
@@ -274,7 +283,7 @@ def provider_get_token(provider_id: str,
     result: str | None = None
 
     with _provider_lock:
-        provider: dict[str, Any] = _provider_registry.get(provider_id)
+        provider: dict[str, Any] = _provider_registry.get(iam_provider)
         if provider:
             now: int = int(datetime.now(tz=TZ_LOCAL).timestamp())
             if now < provider.get(ProviderParam.ACCESS_EXPIRATION):
@@ -284,7 +293,7 @@ def provider_get_token(provider_id: str,
                 # access token has expired
                 header_data: dict[str, str] | None = None
                 body_data: dict[str, str] | None = None
-                url: str = provider.get(ProviderParam.URL_AUTH)
+                url: str = provider.get(ProviderParam.URL_TOKEN)
                 refresh_token: str = provider.get(ProviderParam.REFRESH_TOKEN)
                 if refresh_token:
                     # refresh token exists
@@ -298,7 +307,7 @@ def provider_get_token(provider_id: str,
                             "grant_type": "refresh_token",
                             "refresh_token": refresh_token
                         }
-                if not body_data:
+                if not header_data:
                     # refresh token does not exist or has expired
                     user: str = provider.get(ProviderParam.USER_ID)
                     pwd: str = provider.get(ProviderParam.USER_SECRET)
@@ -330,7 +339,7 @@ def provider_get_token(provider_id: str,
                             if refresh_exp else sys.maxsize
 
         elif logger or isinstance(errors, list):
-            msg: str = f"Unknown provider '{provider_id}'"
+            msg: str = f"Unknown provider '{iam_provider}'"
             if logger:
                 logger.error(msg=msg)
             if isinstance(errors, list):

{pypomes_iam-0.8.0.dist-info → pypomes_iam-0.8.9.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pypomes_iam
-Version: 0.8.0
+Version: 0.8.9
 Summary: A collection of Python pomes, penyeach (IAM modules)
 Project-URL: Homepage, https://github.com/TheWiseCoder/PyPomes-IAM
 Project-URL: Bug Tracker, https://github.com/TheWiseCoder/PyPomes-IAM/issues

pypomes_iam-0.8.9.dist-info/RECORD

@@ -0,0 +1,11 @@
+pypomes_iam/__init__.py,sha256=TU9WVKe9CdfEH2bFnLv249Hzo9xIq6NT8SgIUzWYlZE,1685
+pypomes_iam/iam_actions.py,sha256=NY3gsZK72JQAUAwt8LsaSYhrbXdxyIcbzaG1U-VNF70,51234
+pypomes_iam/iam_common.py,sha256=P2IzDQhfrf40VZBkC4p4pOUbR0IW7kq5_xmcAzPvW5s,17546
+pypomes_iam/iam_pomes.py,sha256=2yLTOY_A8bkM7QsOynJOdmVoMu8ZSwFaO7RmxHVDDsU,8931
+pypomes_iam/iam_services.py,sha256=4k2MEKQG5xwHuZylVLFGyohXRlraB4BXBOVPWxig2tg,26689
+pypomes_iam/provider_pomes.py,sha256=uhH8tqdA6AVC8TiPfFdH5gkrrEw_cpkLerRFICdks58,17954
+pypomes_iam/token_pomes.py,sha256=KiTlBNj3HURbZS_Rmti2RC6hny8VFPpbXeIO--HZ-fI,7703
+pypomes_iam-0.8.9.dist-info/METADATA,sha256=y586FcTfUOqMNv9YRjmm_ssEbPVmNxxuQMrTrdDA5Kk,661
+pypomes_iam-0.8.9.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+pypomes_iam-0.8.9.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
+pypomes_iam-0.8.9.dist-info/RECORD,,

pypomes_iam-0.8.0.dist-info/RECORD

@@ -1,11 +0,0 @@
-pypomes_iam/__init__.py,sha256=CbAH4lmonMxJTa3mWsWqA-pztmMb5-4Vsb4yA7HJ-hw,1561
-pypomes_iam/iam_actions.py,sha256=Le0uzKU9OfI9a5U0q2FvGDGrVwskMuV_e_kb5ZOveFQ,46227
-pypomes_iam/iam_common.py,sha256=xT1OFxX8wdRUN7GURL2kr6yBsh5j_Zb3iyqKykWEMYA,17523
-pypomes_iam/iam_pomes.py,sha256=IUwxMevYvDsH-PVNkbOF-b0U_W_5ACi-REBjm1ZT2PE,8421
-pypomes_iam/iam_services.py,sha256=bWPxzIsZFD9fP7bkLKqgi7Z23h107Qd_GKgL2KjQzuE,22995
-pypomes_iam/provider_pomes.py,sha256=gkE0LvOzfPASDCilPRhqSql4LhU6sCilucE5zbM3lF8,17534
-pypomes_iam/token_pomes.py,sha256=KiTlBNj3HURbZS_Rmti2RC6hny8VFPpbXeIO--HZ-fI,7703
-pypomes_iam-0.8.0.dist-info/METADATA,sha256=olIXbMd6htlsfw0TuEd4aSYEFwNuL_dne4tphUxwILM,661
-pypomes_iam-0.8.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-pypomes_iam-0.8.0.dist-info/licenses/LICENSE,sha256=YvUELgV8qvXlaYsy9hXG5EW3Bmsrkw-OJmmILZnonAc,1086
-pypomes_iam-0.8.0.dist-info/RECORD,,