pyspiral 0.3.1__cp310-abi3-macosx_11_0_arm64.whl → 0.4.0__cp310-abi3-macosx_11_0_arm64.whl

spiral/authn/device.py

@@ -1,206 +0,0 @@
-import logging
-import sys
-import textwrap
-import time
-import webbrowser
-from pathlib import Path
-
-import httpx
-import jwt
-from pydantic import BaseModel
-
-log = logging.getLogger(__name__)
-
-
-class TokensModel(BaseModel):
-    access_token: str
-    refresh_token: str
-
-    @property
-    def organization_id(self) -> str | None:
-        return self.unverified_access_token().get("org_id")
-
-    def unverified_access_token(self):
-        return jwt.decode(self.access_token, options={"verify_signature": False})
-
-
-class AuthModel(BaseModel):
-    tokens: TokensModel | None = None
-
-
-class DeviceAuth:
-    def __init__(
-        self,
-        auth_file: Path,
-        domain: str,
-        client_id: str,
-        http: httpx.Client = None,
-    ):
-        self._auth_file = auth_file
-        self._domain = domain
-        self._client_id = client_id
-        self._http = http or httpx.Client()
-
-        if self._auth_file.exists():
-            with self._auth_file.open("r") as f:
-                self._auth = AuthModel.model_validate_json(f.read())
-        else:
-            self._auth = AuthModel()
-
-        self._default_scope = ["email", "profile"]
-
-    def is_authenticated(self) -> bool:
-        """Check if the user is authenticated."""
-        tokens = self._auth.tokens
-        if tokens is None:
-            return False
-
-        # Give ourselves a 30-second buffer before the token expires.
-        return tokens.unverified_access_token()["exp"] - 30 > time.time()
-
-    def authenticate(self, force: bool = False, refresh: bool = False, organization_id: str = None) -> TokensModel:
-        """Blocking call to authenticate the user.
-
-        Triggers a device code flow and polls for the user to login.
-        """
-        if force:
-            return self._device_code(organization_id)
-
-        if refresh:
-            if self._auth.tokens is None:
-                raise ValueError("No tokens to refresh.")
-            tokens = self._refresh(self._auth.tokens, organization_id)
-            if not tokens:
-                raise ValueError("Failed to refresh token.")
-            return tokens
-
-        # Check for mis-matched organization.
-        if organization_id is not None:
-            tokens = self._auth.tokens
-            if tokens is not None and tokens.unverified_access_token().get("org_id") != organization_id:
-                tokens = self._refresh(self._auth.tokens, organization_id)
-                if tokens is None:
-                    return self._device_code(organization_id)
-
-        if self.is_authenticated():
-            return self._auth.tokens
-
-        # Try to refresh.
-        tokens = self._auth.tokens
-        if tokens is not None:
-            tokens = self._refresh(tokens)
-            if tokens is not None:
-                return tokens
-
-        # Otherwise, we kick off the device code flow.
-        return self._device_code(organization_id)
-
-    def logout(self):
-        self._remove_tokens()
-
-    def _device_code(self, organization_id: str | None):
-        scope = " ".join(self._default_scope)
-        res = self._http.post(
-            f"{self._domain}/auth/device/code",
-            data={
-                "client_id": self._client_id,
-                "scope": scope,
-                "organization_id": organization_id,
-            },
-        )
-        res = res.raise_for_status().json()
-        device_code = res["device_code"]
-        user_code = res["user_code"]
-        expires_at = res["expires_in"] + time.time()
-        interval = res["interval"]
-        verification_uri_complete = res["verification_uri_complete"]
-
-        # We need to detect if the user is running in a terminal, in Jupyter, etc.
-        # For now, we'll try to open the browser.
-        sys.stderr.write(
-            textwrap.dedent(
-                f"""
-                Please login here: {verification_uri_complete}
-                Your code is {user_code}.
-            """
-            )
-        )
-
-        # Try to open the browser (this also works if the Jupiter notebook is running on the user's machine).
-        opened = webbrowser.open(verification_uri_complete)
-
-        # If we have a server-side Jupyter notebook, we can try to open with client-side JavaScript.
-        if not opened and _in_notebook():
-            from IPython.display import Javascript, display
-
-            display(Javascript(f'window.open("{verification_uri_complete}");'))
-
-        # In the meantime, we need to poll for the user to login.
-        while True:
-            if time.time() > expires_at:
-                raise TimeoutError("Login timed out.")
-            time.sleep(interval)
-            res = self._http.post(
-                f"{self._domain}/auth/token",
-                data={
-                    "client_id": self._client_id,
-                    "device_code": device_code,
-                    "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
-                },
-            )
-            if not res.is_success:
-                continue
-
-            tokens = TokensModel(
-                access_token=res.json()["access_token"],
-                refresh_token=res.json()["refresh_token"],
-            )
-            self._save_tokens(tokens)
-            return self._auth.tokens
-
-    def _refresh(self, tokens: TokensModel, organization_id: str = None) -> TokensModel | None:
-        """Attempt to use the refresh token."""
-        log.debug("Refreshing token %s", self._client_id)
-
-        res = self._http.post(
-            f"{self._domain}/auth/refresh",
-            data={
-                "client_id": self._client_id,
-                "grant_type": "refresh_token",
-                "refresh_token": tokens.refresh_token,
-                "organization_id": organization_id,
-            },
-        )
-        if not res.is_success:
-            print("Failed to refresh token", res.status_code, res.text)
-            return None
-
-        tokens = TokensModel(
-            access_token=res.json()["access_token"],
-            refresh_token=res.json()["refresh_token"],
-        )
-        self._save_tokens(tokens)
-        return tokens
-
-    def _save_tokens(self, tokens: TokensModel):
-        self._auth = self._auth.model_copy(update={"tokens": tokens})
-        self._auth_file.parent.mkdir(parents=True, exist_ok=True)
-        with self._auth_file.open("w") as f:
-            f.write(self._auth.model_dump_json(exclude_defaults=True))
-
-    def _remove_tokens(self):
-        self._auth_file.unlink(missing_ok=True)
-        self._auth = self._auth.model_copy(update={"tokens": None})
-
-
-def _in_notebook():
-    try:
-        from IPython import get_ipython
-
-        if "IPKernelApp" not in get_ipython().config:  # pragma: no cover
-            return False
-    except ImportError:
-        return False
-    except AttributeError:
-        return False
-    return True

spiral/authn/github_.py

@@ -1,33 +0,0 @@
-import os
-
-import httpx
-
-from spiral.api import Authn
-
-
-class GitHubActionsProvider(Authn):
-    AUDIENCE = "https://iss.spiraldb.com"
-
-    def __init__(self):
-        self._gh_token = None
-
-    def token(self) -> str | None:
-        if self._gh_token is not None:
-            return self._gh_token
-
-        if os.environ.get("GITHUB_ACTIONS") == "true":
-            # Next, we check to see if we're running in GitHub actions and if so, grab an ID token.
-            if "ACTIONS_ID_TOKEN_REQUEST_TOKEN" in os.environ and "ACTIONS_ID_TOKEN_REQUEST_URL" in os.environ:
-                if not hasattr(self, "__gh_token"):
-                    resp = httpx.get(
-                        f"{os.environ['ACTIONS_ID_TOKEN_REQUEST_URL']}&audience={self.AUDIENCE}",
-                        headers={"Authorization": f'Bearer {os.environ["ACTIONS_ID_TOKEN_REQUEST_TOKEN"]}'},
-                    )
-                    if not resp.is_success:
-                        raise ValueError(f"Failed to get GitHub Actions ID token: {resp.text}", resp)
-                    self._gh_token = resp.json()["value"]
-            else:
-                raise ValueError("Please set 'id-token: write' permission for this GitHub Actions workflow.")
-
-        # For now, we don't exchange the token for a Spiral one.
-        return self._gh_token

spiral/authn/modal_.py

@@ -1,18 +0,0 @@
-import os
-
-from spiral.api import Authn
-
-
-class ModalProvider(Authn):
-    def __init__(self):
-        self._modal_token = None
-
-    def token(self) -> str | None:
-        if self._modal_token is not None:
-            return self._modal_token
-
-        if os.environ.get("MODAL_IDENTITY_TOKEN") is not None:
-            self._modal_token = os.environ["MODAL_IDENTITY_TOKEN"]
-
-        # For now, we don't exchange the token for a Spiral one.
-        return self._modal_token

spiral/cli/org.py

@@ -1,90 +0,0 @@
-import webbrowser
-from typing import Annotated
-
-import jwt
-import rich
-import typer
-from rich.table import Table
-from typer import Option
-
-from spiral.api.organizations import CreateOrganization, InviteUser, OrganizationRole, PortalLink
-from spiral.cli import AsyncTyper, OptionalStr, state
-from spiral.cli.types import OrganizationArg
-
-app = AsyncTyper()
-
-
-@app.command(help="Switch the active organization.")
-def switch(org_id: OrganizationArg):
-    state.settings.spiraldb.device_auth().authenticate(refresh=True, organization_id=org_id)
-    rich.print(f"Switched to organization: {org_id}")
-
-
-@app.command(help="Create a new organization.")
-def create(
-    name: Annotated[OptionalStr, Option(help="The human-readable name of the organization.")] = None,
-):
-    res = state.settings.api.organization.create_organization(CreateOrganization.Request(name=name))
-
-    # Authenticate to the new organization
-    state.settings.spiraldb.device_auth().authenticate(refresh=True, organization_id=res.organization.id)
-
-    rich.print(f"{res.organization.name} [dim]{res.organization.id}[/dim]")
-
-
-@app.command(help="List organizations.")
-def ls():
-    org_id = current_org_id()
-
-    table = Table("", "id", "name", "role", title="Organizations")
-    for m in state.settings.api.organization.list_user_memberships():
-        table.add_row("👉" if m.organization.id == org_id else "", m.organization.id, m.organization.name, m.role)
-
-    rich.print(table)
-
-
-@app.command(help="Invite a user to the organization.")
-def invite(email: str, role: OrganizationRole = "member", expires_in_days: int = 7):
-    state.settings.api.organization.invite_user(
-        InviteUser.Request(email=email, role=role, expires_in_days=expires_in_days)
-    )
-    rich.print(f"Invited {email} as a {role.value}.")
-
-
-@app.command(help="Configure single sign-on for your organization.")
-def sso():
-    _do_action(PortalLink.Intent.SSO)
-
-
-@app.command(help="Configure directory services for your organization.")
-def directory():
-    _do_action(PortalLink.Intent.DIRECTORY)
-
-
-@app.command(help="Configure audit logs for your organization.")
-def audit_logs():
-    _do_action(PortalLink.Intent.AUDIT_LOGS)
-
-
-@app.command(help="Configure log streams for your organization.")
-def log_streams():
-    _do_action(PortalLink.Intent.LOG_STREAMS)
-
-
-@app.command(help="Configure domains for your organization.")
-def domains():
-    _do_action(PortalLink.Intent.DOMAIN_VERIFICATION)
-
-
-def _do_action(intent: PortalLink.Intent):
-    res = state.settings.api.organization.portal_link(PortalLink.Request(intent=intent))
-    rich.print(f"Opening the configuration portal:\n{res.url}")
-    webbrowser.open(res.url)
-
-
-def current_org_id():
-    org_id = jwt.decode(state.settings.authn.token(), options={"verify_signature": False}).get("org_id")
-    if not org_id:
-        rich.print("[red]You are not logged in to an organization.[/red]")
-        raise typer.Exit(1)
-    return org_id

spiral/cli/project.py

@@ -1,109 +0,0 @@
-from typing import Annotated
-
-import rich
-import typer
-from typer import Option
-
-from spiral.api.organizations import OrganizationRole
-from spiral.api.projects import CreateProject, Grant, GrantRole, ListGrants, Project
-from spiral.cli import AsyncTyper, OptionalStr, printer, state
-from spiral.cli.org import current_org_id
-from spiral.cli.types import ProjectArg
-
-app = AsyncTyper()
-
-
-@app.command(help="List projects.")
-def ls():
-    projects = list(state.settings.api.project.list())
-    rich.print(printer.table_of_models(Project, projects))
-
-
-@app.command(help="Create a new project.")
-def create(
-    id_prefix: Annotated[
-        OptionalStr, Option(help="An optional ID prefix to which a random number will be appended.")
-    ] = None,
-    org_id: Annotated[OptionalStr, Option(help="Organization ID in which to create the project.")] = None,
-    name: Annotated[OptionalStr, Option(help="Friendly name for the project.")] = None,
-):
-    res = state.settings.api.project.create(
-        CreateProject.Request(organization_id=org_id or current_org_id(), id_prefix=id_prefix, name=name)
-    )
-    rich.print(f"Created project {res.project.id}")
-
-
-@app.command(help="Grant a role on a project.")
-def grant(
-    project: ProjectArg,
-    role: Annotated[str, Option(help="Role to grant.")],
-    org_id: Annotated[
-        OptionalStr, Option(help="Pass an organization ID to grant a role to an organization user(s).")
-    ] = None,
-    user_id: Annotated[
-        OptionalStr, Option(help="Pass a user ID when using --org-id to grant a role to grant a role to a user.")
-    ] = None,
-    org_role: Annotated[
-        OptionalStr,
-        Option(help="Pass an organization role when using --org-id to grant a role to all users with that role."),
-    ] = None,
-    workload_id: Annotated[OptionalStr, Option(help="Pass a workload ID to grant a role to a workload.")] = None,
-    github: Annotated[
-        OptionalStr, Option(help="Pass an `<org>/<repo>` string to grant a role to a job running in GitHub Actions.")
-    ] = None,
-    modal: Annotated[
-        OptionalStr,
-        Option(help="Pass a `<workspace_id>/<env_name>` string to grant a role to a job running in Modal environment."),
-    ] = None,
-    conditions: list[str] | None = Option(
-        default=None,
-        help="`<key>=<value>` token conditions to apply to the grant when using --github or --modal.",
-    ),
-):
-    conditions = conditions or []
-
-    # Check mutual exclusion
-    if sum(int(bool(opt)) for opt in {org_id, workload_id, github, modal}) != 1:
-        raise typer.BadParameter("Only one of --org-id, --github or --modal may be specified.")
-
-    if github:
-        org, repo = github.split("/", 1)
-        conditions = {GrantRole.GitHubClaim(k): v for k, v in dict(c.split("=", 1) for c in conditions).items()}
-        principal = GrantRole.GitHubPrincipal(org=org, repo=repo, conditions=conditions)
-    elif modal:
-        workspace_id, environment_name = modal.split("/", 1)
-        conditions = {GrantRole.ModalClaim(k): v for k, v in dict(c.split("=", 1) for c in conditions).items()}
-        principal = GrantRole.ModalPrincipal(
-            workspace_id=workspace_id, environment_name=environment_name, conditions=conditions
-        )
-    elif org_id:
-        # Check mutual exclusion
-        if sum(int(bool(opt)) for opt in {user_id, org_role}) != 1:
-            raise typer.BadParameter("Only one of --user-id or --org-role may be specified.")
-
-        if user_id is not None:
-            principal = GrantRole.OrgUserPrincipal(org_id=org_id, user_id=user_id)
-        elif org_role is not None:
-            principal = GrantRole.OrgRolePrincipal(org_id=org_id, role=OrganizationRole(org_role))
-        else:
-            raise NotImplementedError("Only user or role principal is supported at this time.")
-    elif workload_id:
-        principal = GrantRole.WorkloadPrincipal(workload_id=workload_id)
-    else:
-        raise NotImplementedError("Only organization, GitHub or Modal principal is supported at this time.")
-
-    state.settings.api.project.grant_role(
-        GrantRole.Request(
-            project_id=project,
-            role_id=role,
-            principal=principal,
-        )
-    )
-
-    rich.print(f"Granted role {role} on project {project}")
-
-
-@app.command(help="List project grants.")
-def grants(project: ProjectArg):
-    project_grants = list(state.settings.api.project.list_grants(ListGrants.Request(project_id=project)))
-    rich.print(printer.table_of_models(Grant, project_grants, title="Project Grants"))

spiral/cli/table.py

@@ -1,20 +0,0 @@
-from typing import Annotated
-
-import rich
-from typer import Option
-
-from spiral.api.tables import ListTables, Table
-from spiral.cli import AsyncTyper, OptionalStr, printer, state
-from spiral.cli.types import ProjectArg
-
-app = AsyncTyper()
-
-
-@app.command(help="List tables.")
-def ls(
-    project: ProjectArg,
-    dataset: Annotated[OptionalStr, Option(help="Filter by dataset name.")] = None,
-):
-    """List tables."""
-    tables = list(state.settings.api.table.list(ListTables.Request(project_id=project, dataset=dataset)))
-    rich.print(printer.table_of_models(Table, tables, fields=["id", "project_id", "dataset", "table"]))

spiral/cli/token.py

@@ -1,27 +0,0 @@
-from typing import Annotated
-
-import rich
-from typer import Argument, Option
-
-from spiral.api.tokens import ListTokens, RevokeToken, Token
-from spiral.cli import AsyncTyper, OptionalStr, printer, state
-from spiral.cli.types import ProjectArg
-
-app = AsyncTyper()
-
-
-@app.command(help="List tokens.")
-def ls(
-    project: ProjectArg,
-    on_behalf_of: Annotated[OptionalStr, Option(help="Filter by on behalf of.")] = None,
-):
-    tokens = list(state.settings.api.token.list(ListTokens.Request(project_id=project, on_behalf_of=on_behalf_of)))
-    rich.print(printer.table_of_models(Token, tokens, fields=["id", "project_id", "on_behalf_of"]))
-
-
-@app.command(help="Revoke a token.")
-def revoke(token_id: Annotated[str, Argument(help="Token ID.")]):
-    res = state.settings.api.token.revoke(RevokeToken.Request(token_id=token_id))
-    rich.print(
-        f"Revoked token {res.token.id} for project {res.token.project_id} acting on behalf of {res.token.on_behalf_of}"
-    )

spiral/core/metastore/__init__.pyi

@@ -1,91 +0,0 @@
-"""The SpiralDB metastore API."""
-
-from collections.abc import Callable
-
-from spiral.core.spec import ColumnGroup, ColumnGroupMetadata, FileFormat, LogEntry, Schema, WriteAheadLog
-from spiral.types_ import Timestamp, Uri
-from spiraldb.proto.spiral.table import ManifestHandle
-
-class FileHandle:
-    def __init__(self, *, uri: str, format: FileFormat, spfs_token: str | None): ...
-
-    uri: str
-    format: FileFormat
-    spfs_token: str | None
-
-class FileRef:
-    def __init__(self, *, id: str, file_type: FileType, file_format: FileFormat): ...
-
-    id: str
-    file_type: FileType
-    file_format: FileFormat
-
-    def resolve_uri(self, root_uri: str) -> str:
-        """Resolves the file reference URI given the root URI."""
-
-class FileType:
-    FragmentFile: FileType
-    FragmentManifest: FileType
-    ReferenceFile: FileType
-
-    def __int__(self) -> int:
-        """Returns the protobuf enum int value."""
-
-class PyMetastore:
-    """Rust implementation of the metastore API."""
-
-    @property
-    def table_id(self) -> str: ...
-    @property
-    def root_uri(self) -> Uri: ...
-    @property
-    def key_schema(self) -> Schema: ...
-    def get_wal(self) -> WriteAheadLog:
-        """Return the log for the table."""
-        ...
-
-    def append_wal(self, prev_last_modified_at: Timestamp, entries: list[LogEntry]) -> WriteAheadLog:
-        """Append additional entries into the write-ahead log given the previous write-ahead log timestamp.
-
-        The given entries should have a timestamp of zero and will be assigned an actual timestamp by the server.
-
-        This API is designed to support both a trivial compare-and-swap on the WAL, and also to support more advanced
-        conflict resolution within the metastore.
-        """
-        ...
-
-    def update_wal(
-        self,
-        prev_ks_manifest_handle_id: str,
-        truncate_ts_max: Timestamp | None = None,
-        new_ks_manifest_handle: ManifestHandle | None = None,
-    ) -> WriteAheadLog:
-        """Update the write-ahead log atomically.
-
-        Supports WAL truncation and manifest handle updates necessary for flushing.
-        """
-        ...
-
-    def get_column_group_metadata(self, column_group: ColumnGroup) -> ColumnGroupMetadata:
-        """Return the metadata for column group."""
-        ...
-
-    def update_column_group_metadata(
-        self, prev_last_modified_at: Timestamp, column_group_metadata: ColumnGroupMetadata
-    ) -> ColumnGroupMetadata:
-        """Update the column group metadata to the metastore given the previous metadata timestamp."""
-        ...
-
-    def list_column_groups(self) -> tuple[list[ColumnGroup], Timestamp]:
-        """List all column groups in the table, or None if no index is available."""
-        ...
-
-    @staticmethod
-    def http(
-        table_id: str, root_uri: str, key_schema: Schema, base_url: str, token_provider: Callable[[], str]
-    ) -> PyMetastore:
-        """Construct a PyMetastore backed by an HTTP metastore service."""
-
-    @staticmethod
-    def test(table_id: str, root_uri: str, key_schema: Schema) -> PyMetastore:
-        """Construct a PyMetastore backed by an in-memory mock metastore service."""

spiral/proto/_/spfs/__init__.py

@@ -1,36 +0,0 @@
-# Generated by the protocol buffer compiler.  DO NOT EDIT!
-# sources: spfs/spfs.proto
-# plugin: python-betterproto
-# This file has been @generated
-
-from dataclasses import dataclass
-
-import betterproto
-
-
-@dataclass(eq=False, repr=False)
-class FileMetadata(betterproto.Message):
-    protobuf: "ProtobufFileSpecificMetadata" = betterproto.message_field(
-        1, group="format_specific"
-    )
-    parquet: "ParquetFileSpecificMetadata" = betterproto.message_field(
-        2, group="format_specific"
-    )
-    vortex: "VortexFileSpecificMetadata" = betterproto.message_field(
-        3, group="format_specific"
-    )
-
-
-@dataclass(eq=False, repr=False)
-class ProtobufFileSpecificMetadata(betterproto.Message):
-    pass
-
-
-@dataclass(eq=False, repr=False)
-class ParquetFileSpecificMetadata(betterproto.Message):
-    metadata_size_bytes: int = betterproto.uint32_field(1)
-
-
-@dataclass(eq=False, repr=False)
-class VortexFileSpecificMetadata(betterproto.Message):
-    metadata_size_bytes: int = betterproto.uint32_field(1)