PyPI - skyplatform-iam - Versions diffs - 1.0.1__py3-none-any.whl → 1.0.5__py3-none-any.whl - Mend

skyplatform-iam 1.0.1py3-none-any.whl → 1.0.5py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

skyplatform_iam/__init__.py +77 -17
skyplatform_iam/api.py +366 -0
skyplatform_iam/config.py +173 -18
skyplatform_iam/connect_agenterra_iam.py +291 -12
skyplatform_iam/global_manager.py +272 -0
skyplatform_iam/middleware.py +363 -24
skyplatform_iam-1.0.5.dist-info/METADATA +461 -0
skyplatform_iam-1.0.5.dist-info/RECORD +10 -0
skyplatform_iam/auth_middleware.py +0 -201
skyplatform_iam-1.0.1.dist-info/METADATA +0 -262
skyplatform_iam-1.0.1.dist-info/RECORD +0 -9
{skyplatform_iam-1.0.1.dist-info → skyplatform_iam-1.0.5.dist-info}/WHEEL +0 -0

skyplatform_iam/config.py CHANGED Viewed

@@ -3,18 +3,21 @@ SkyPlatform IAM SDK 配置模块
 """
 import os
 import fnmatch
-from typing import Optional, List
-from pydantic import BaseModel, Field
+import logging
+from typing import Optional, List, Dict, Any
+from pydantic import BaseModel, Field, validator
 from dotenv import load_dotenv
 # 加载环境变量
 load_dotenv()
+logger = logging.getLogger(__name__)
 class AuthConfig(BaseModel):
     """
     认证配置类
-    支持环境变量和代码配置
+    支持环境变量和代码配置，增强配置验证和管理功能
     """
     # IAM服务配置
     agenterra_iam_host: str
@@ -30,32 +33,184 @@ class AuthConfig(BaseModel):
     # 白名单路径配置（实例变量）
     whitelist_paths: List[str] = Field(default_factory=list)
+    # 连接配置
+    timeout: int = 30
+    max_retries: int = 3
+    # 缓存配置
+    enable_cache: bool = True
+    cache_ttl: int = 300  # 5分钟
     class Config:
-        env_prefix = "AGENTERRA_"
+        env_prefix = "SKYPLATFORM_"
+        validate_assignment = True
+    @validator('agenterra_iam_host')
+    def validate_iam_host(cls, v):
+        """验证IAM主机地址"""
+        if not v:
+            raise ValueError("agenterra_iam_host不能为空")
+        if not (v.startswith('http://') or v.startswith('https://')):
+            raise ValueError("agenterra_iam_host必须以http://或https://开头")
+        return v.rstrip('/')  # 移除末尾的斜杠
+    @validator('server_name')
+    def validate_server_name(cls, v):
+        """验证服务名称"""
+        if not v or not v.strip():
+            raise ValueError("server_name不能为空")
+        return v.strip()
+    @validator('access_key')
+    def validate_access_key(cls, v):
+        """验证访问密钥"""
+        if not v or not v.strip():
+            raise ValueError("access_key不能为空")
+        if len(v.strip()) < 8:
+            raise ValueError("access_key长度不能少于8个字符")
+        return v.strip()
+    @validator('timeout')
+    def validate_timeout(cls, v):
+        """验证超时时间"""
+        if v <= 0:
+            raise ValueError("timeout必须大于0")
+        return v
+    @validator('max_retries')
+    def validate_max_retries(cls, v):
+        """验证最大重试次数"""
+        if v < 0:
+            raise ValueError("max_retries不能小于0")
+        return v
+    @validator('cache_ttl')
+    def validate_cache_ttl(cls, v):
+        """验证缓存TTL"""
+        if v <= 0:
+            raise ValueError("cache_ttl必须大于0")
+        return v
     @classmethod
-    def from_env(cls) -> "AuthConfig":
+    def from_env(cls, prefix: str = "SKYPLATFORM_") -> "AuthConfig":
         """
         从环境变量创建配置
+        Args:
+            prefix: 环境变量前缀，默认为SKYPLATFORM_
+        Returns:
+            AuthConfig: 配置实例
+        Raises:
+            ValueError: 配置验证失败
         """
-        return cls(
-            agenterra_iam_host=os.environ.get('AGENTERRA_IAM_HOST', ''),
-            server_name=os.environ.get('AGENTERRA_SERVER_NAME', ''),
-            access_key=os.environ.get('AGENTERRA_ACCESS_KEY', ''),
-            enable_debug=os.environ.get('AGENTERRA_ENABLE_DEBUG', 'false').lower() == 'true',
-            whitelist_paths=[]  # 初始化空的白名单路径列表
+        logger.info(f"从环境变量加载配置，前缀: {prefix}")
+        # 支持多种环境变量前缀（向后兼容）
+        def get_env_value(key: str, default: str = '') -> str:
+            # 优先使用新前缀
+            value = os.environ.get(f"{prefix}{key}", '')
+            if not value:
+                # 回退到旧前缀
+                value = os.environ.get(f"AGENTERRA_{key}", default)
+            return value
+        # 解析白名单路径
+        whitelist_paths_str = get_env_value('WHITELIST_PATHS', '')
+        whitelist_paths = []
+        if whitelist_paths_str:
+            whitelist_paths = [path.strip() for path in whitelist_paths_str.split(',') if path.strip()]
+        config = cls(
+            agenterra_iam_host=get_env_value('IAM_HOST'),
+            server_name=get_env_value('SERVER_NAME'),
+            access_key=get_env_value('ACCESS_KEY'),
+            enable_debug=get_env_value('ENABLE_DEBUG', 'false').lower() == 'true',
+            whitelist_paths=whitelist_paths,
+            timeout=int(get_env_value('TIMEOUT', '30')),
+            max_retries=int(get_env_value('MAX_RETRIES', '3')),
+            enable_cache=get_env_value('ENABLE_CACHE', 'true').lower() == 'true',
+            cache_ttl=int(get_env_value('CACHE_TTL', '300'))
         )
+        logger.info(f"配置加载完成: server_name={config.server_name}, "
+                   f"iam_host={config.agenterra_iam_host}, "
+                   f"whitelist_paths_count={len(config.whitelist_paths)}")
+        return config
+    def validate_config(self) -> None:
+        """
+        验证配置完整性
+        Raises:
+            ValueError: 配置验证失败
+        """
+        logger.debug("开始验证配置完整性")
+        # Pydantic会自动调用validator，这里只需要检查业务逻辑
+        if not self.agenterra_iam_host:
+            raise ValueError("agenterra_iam_host不能为空")
+        if not self.server_name:
+            raise ValueError("server_name不能为空")
+        if not self.access_key:
+            raise ValueError("access_key不能为空")
+        logger.info("配置验证通过")
-    def validate_config(self) -> bool:
+    def merge_config(self, other: "AuthConfig") -> "AuthConfig":
+        """
+        合并配置，other的非空值会覆盖当前配置
+        Args:
+            other: 要合并的配置
+        Returns:
+            AuthConfig: 合并后的新配置实例
         """
-        验证配置是否完整
+        logger.debug("开始合并配置")
+        # 获取当前配置的字典表示
+        current_dict = self.dict()
+        other_dict = other.dict()
+        # 合并配置
+        merged_dict = current_dict.copy()
+        for key, value in other_dict.items():
+            if key == 'whitelist_paths':
+                # 白名单路径需要合并而不是覆盖
+                merged_paths = list(set(current_dict[key] + value))
+                merged_dict[key] = merged_paths
+            elif value:  # 只有非空值才覆盖
+                merged_dict[key] = value
+        logger.debug(f"配置合并完成，合并后的配置: {merged_dict}")
+        return AuthConfig(**merged_dict)
+    def to_dict(self) -> Dict[str, Any]:
+        """
+        转换为字典格式
+        Returns:
+            Dict: 配置字典
+        """
+        return self.dict()
+    def copy_with_updates(self, **updates) -> "AuthConfig":
+        """
+        创建配置副本并更新指定字段
+        Args:
+            **updates: 要更新的字段
+        Returns:
+            AuthConfig: 更新后的配置副本
         """
-        required_fields = ['agenterra_iam_host', 'server_name', 'access_key']
-        for field in required_fields:
-            if not getattr(self, field):
-                raise ValueError(f"配置项 {field} 不能为空")
-        return True
+        config_dict = self.dict()
+        config_dict.update(updates)
+        return AuthConfig(**config_dict)
     def _normalize_path(self, path: str) -> str:
         """

skyplatform_iam/connect_agenterra_iam.py CHANGED Viewed

@@ -1,13 +1,9 @@
-import os
 import requests
 import logging
 import traceback
 import copy
-from dotenv import load_dotenv
 from enum import Enum
-# 加载环境变量
-load_dotenv()
+from fastapi import HTTPException, status
 class CredentialTypeEnum(str, Enum):
@@ -19,14 +15,31 @@ class CredentialTypeEnum(str, Enum):
 class ConnectAgenterraIam(object):
-    def __init__(self, logger_name="skyplatform_iam", log_level=logging.INFO):
+    _instance = None
+    _initialized = False
+    def __new__(cls, config=None, logger_name="skyplatform_iam", log_level=logging.INFO):
+        """
+        单例模式实现
+        确保整个应用中只有一个ConnectAgenterraIam实例
+        """
+        if cls._instance is None:
+            cls._instance = super(ConnectAgenterraIam, cls).__new__(cls)
+        return cls._instance
+    def __init__(self, config=None, logger_name="skyplatform_iam", log_level=logging.INFO):
         """
         初始化AgenterraIAM连接器
         参数:
+        - config: AuthConfig配置对象，如果为None则从环境变量读取
         - logger_name: 日志记录器名称
         - log_level: 日志级别
         """
+        # 防止重复初始化
+        if self._initialized:
+            return
         # 配置日志记录器
         self.logger = logging.getLogger(logger_name)
         if not self.logger.handlers:
@@ -38,10 +51,22 @@ class ConnectAgenterraIam(object):
             self.logger.addHandler(handler)
             self.logger.setLevel(log_level)
-        # 从环境变量读取配置，提供默认值以确保向后兼容
-        self.agenterra_iam_host = os.environ.get('AGENTERRA_IAM_HOST')
-        self.server_name = os.environ.get('AGENTERRA_SERVER_NAME')
-        self.access_key = os.environ.get('AGENTERRA_ACCESS_KEY')
+        # 必须传入config参数，不再支持从环境变量读取
+        if config is None:
+            raise ValueError("必须传入AuthConfig配置对象，不再支持从环境变量读取配置")
+        self.agenterra_iam_host = config.agenterra_iam_host
+        self.server_name = config.server_name
+        self.access_key = config.access_key
+        self.logger.info("使用传入的AuthConfig配置")
+        # 验证必要的配置
+        if not self.agenterra_iam_host:
+            self.logger.warning("AGENTERRA_IAM_HOST 配置未设置")
+        if not self.server_name:
+            self.logger.warning("AGENTERRA_SERVER_NAME 配置未设置")
+        if not self.access_key:
+            self.logger.warning("AGENTERRA_ACCESS_KEY 配置未设置")
         self.logger.info(f"初始化AgenterraIAM连接器 - Host: {self.agenterra_iam_host}, Server: {self._mask_sensitive(self.server_name)}")
@@ -54,6 +79,95 @@ class ConnectAgenterraIam(object):
             "server_name": self.server_name,
             "access_key": self.access_key
         }
+        # 标记为已初始化
+        self._initialized = True
+    @classmethod
+    def get_instance(cls):
+        """
+        获取已初始化的ConnectAgenterraIam单例实例
+        如果实例尚未初始化，会抛出异常提示用户先进行配置
+        这个方法通常在用户已经通过setup_auth()进行配置后使用
+        返回:
+        - ConnectAgenterraIam: 已初始化的单例实例
+        异常:
+        - RuntimeError: 当实例未初始化时抛出
+        """
+        if cls._instance is None or not cls._initialized:
+            raise RuntimeError(
+                "ConnectAgenterraIam实例尚未初始化。请先使用以下方式之一进行配置：\n"
+                "1. 使用setup_auth()进行一键配置\n"
+                "2. 手动创建ConnectAgenterraIam实例：ConnectAgenterraIam(config=your_config)"
+            )
+        return cls._instance
+    @classmethod
+    def get_instance_lazy(cls):
+        """
+        获取已初始化的单例实例（延迟模式）
+        此方法支持延迟初始化，当实例未初始化时返回 None 而不是抛出异常。
+        适用于在模块导入时需要获取实例但可能尚未初始化的场景。
+        返回:
+        - ConnectAgenterraIam: 已初始化的单例实例，如果未初始化则返回 None
+        """
+        if cls._instance is None or not cls._initialized:
+            return None
+        return cls._instance
+    @classmethod
+    def is_initialized(cls):
+        """
+        检查单例实例是否已初始化
+        返回:
+        - bool: 如果实例已初始化返回 True，否则返回 False
+        """
+        return cls._instance is not None and cls._initialized
+    def reload_config(self, config):
+        """
+        重新加载配置
+        用于在运行时更新配置
+        参数:
+        - config: AuthConfig配置对象
+        """
+        if config is None:
+            raise ValueError("必须传入AuthConfig配置对象")
+        self.logger.info("重新加载配置")
+        # 更新配置
+        self.agenterra_iam_host = config.agenterra_iam_host
+        self.server_name = config.server_name
+        self.access_key = config.access_key
+        # 验证必要的配置
+        if not self.agenterra_iam_host:
+            self.logger.warning("AGENTERRA_IAM_HOST 配置未设置")
+        if not self.server_name:
+            self.logger.warning("AGENTERRA_SERVER_NAME 配置未设置")
+        if not self.access_key:
+            self.logger.warning("AGENTERRA_ACCESS_KEY 配置未设置")
+        # 更新headers和body
+        self.headers = {
+            "Content-Type": "application/json",
+            "SERVER-AK": self.server_name,
+            "SERVER-SK": self.access_key
+        }
+        self.body = {
+            "server_name": self.server_name,
+            "access_key": self.access_key
+        }
+        self.logger.info(f"配置重新加载完成 - Host: {self.agenterra_iam_host}, Server: {self._mask_sensitive(self.server_name)}")
     def _mask_sensitive(self, value, mask_char="*", show_chars=4):
         """
@@ -430,6 +544,11 @@ class ConnectAgenterraIam(object):
                 "server_sk": server_sk,
             }
             uri = "/api/v2/service/verify"
+            # 检查agenterra_iam_host是否为None
+            if self.agenterra_iam_host is None:
+                raise ValueError("AGENTERRA_IAM_HOST 配置未设置或为空，请确保传入正确的AuthConfig对象")
             url = self.agenterra_iam_host + uri
             # 记录请求信息
@@ -463,7 +582,6 @@ class ConnectAgenterraIam(object):
                     else:
                         # token有效但无权限，抛出403异常
                         self.logger.warning(f"[{method_name}] token有效但用户无权限访问API: {api}")
-                        from fastapi import HTTPException, status
                         raise HTTPException(
                             status_code=status.HTTP_403_FORBIDDEN,
                             detail=result.get("message", "用户无权限访问此API")
@@ -475,7 +593,6 @@ class ConnectAgenterraIam(object):
                 result = response.json()
                 # 处理403响应
                 self.logger.warning(f"[{method_name}] 收到403响应 - {result.get('message', '用户无权限访问此API')}")
-                from fastapi import HTTPException, status
                 raise HTTPException(
                     status_code=status.HTTP_403_FORBIDDEN,
                     detail=result.get("message", "用户无权限访问此API")
@@ -690,6 +807,168 @@ class ConnectAgenterraIam(object):
             self.logger.error(f"[{method_name}] 异常堆栈: {traceback.format_exc()}")
             return False
+    def add_custom_config(self, user_id, config_name, config_value=None):
+        """
+        机机接口：添加用户自定义配置
+        为指定用户添加或更新自定义属性配置。
+        参数:
+        - user_id: 用户ID
+        - config_name: 配置项名称
+        - config_value: 配置项值（可选）
+        返回:
+        - 成功: 返回响应对象
+        - 失败: 返回False
+        """
+        method_name = "add_custom_config"
+        self.logger.info(f"[{method_name}] 开始添加用户自定义配置 - user_id: {user_id}, config_name: {config_name}")
+        try:
+            body = {
+                "server_name": self.server_name,
+                "access_key": self.access_key,
+                "user_id": user_id,
+                "config_name": config_name
+            }
+            # 添加可选参数
+            if config_value is not None:
+                body["config_value"] = config_value
+            uri = "/api/v2/service/add_custom_config"
+            url = self.agenterra_iam_host + uri
+            # 记录请求信息
+            self._log_request(method_name, url, self.headers, body)
+            response = requests.post(
+                url=url,
+                headers=self.headers,
+                json=body,
+                verify=False
+            )
+            # 记录响应信息
+            self._log_response(method_name, response)
+            if response.status_code == 200:
+                self.logger.info(f"[{method_name}] 添加用户自定义配置成功")
+                return response
+            else:
+                self.logger.warning(f"[{method_name}] 添加用户自定义配置失败 - 状态码: {response.status_code}")
+            return False
+        except Exception as e:
+            self.logger.error(f"[{method_name}] 添加用户自定义配置请求异常: {str(e)}")
+            self.logger.error(f"[{method_name}] 异常堆栈: {traceback.format_exc()}")
+            return False
+    def get_custom_configs(self, user_id):
+        """
+        机机接口：获取用户自定义配置
+        获取指定用户的所有自定义属性配置。
+        参数:
+        - user_id: 用户ID
+        返回:
+        - 成功: 返回响应对象
+        - 失败: 返回False
+        """
+        method_name = "get_custom_configs"
+        self.logger.info(f"[{method_name}] 开始获取用户自定义配置 - user_id: {user_id}")
+        try:
+            body = {
+                "server_name": self.server_name,
+                "access_key": self.access_key,
+                "user_id": user_id
+            }
+            uri = "/api/v2/service/get_custom_configs"
+            url = self.agenterra_iam_host + uri
+            # 记录请求信息
+            self._log_request(method_name, url, self.headers, body)
+            response = requests.post(
+                url=url,
+                headers=self.headers,
+                json=body,
+                verify=False
+            )
+            # 记录响应信息
+            self._log_response(method_name, response)
+            if response.status_code == 200:
+                self.logger.info(f"[{method_name}] 获取用户自定义配置成功")
+                return response
+            else:
+                self.logger.warning(f"[{method_name}] 获取用户自定义配置失败 - 状态码: {response.status_code}")
+            return False
+        except Exception as e:
+            self.logger.error(f"[{method_name}] 获取用户自定义配置请求异常: {str(e)}")
+            self.logger.error(f"[{method_name}] 异常堆栈: {traceback.format_exc()}")
+            return False
+    def delete_custom_config(self, user_id, config_name):
+        """
+        机机接口：删除用户自定义配置
+        删除指定用户的指定自定义属性配置。
+        参数:
+        - user_id: 用户ID
+        - config_name: 配置项名称
+        返回:
+        - 成功: 返回响应对象
+        - 失败: 返回False
+        """
+        method_name = "delete_custom_config"
+        self.logger.info(f"[{method_name}] 开始删除用户自定义配置 - user_id: {user_id}, config_name: {config_name}")
+        try:
+            body = {
+                "server_name": self.server_name,
+                "access_key": self.access_key,
+                "user_id": user_id,
+                "config_name": config_name
+            }
+            uri = "/api/v2/service/delete_custom_config"
+            url = self.agenterra_iam_host + uri
+            # 记录请求信息
+            self._log_request(method_name, url, self.headers, body)
+            response = requests.post(
+                url=url,
+                headers=self.headers,
+                json=body,
+                verify=False
+            )
+            # 记录响应信息
+            self._log_response(method_name, response)
+            if response.status_code == 200:
+                self.logger.info(f"[{method_name}] 删除用户自定义配置成功")
+                return response
+            else:
+                self.logger.warning(f"[{method_name}] 删除用户自定义配置失败 - 状态码: {response.status_code}")
+            return False
+        except Exception as e:
+            self.logger.error(f"[{method_name}] 删除用户自定义配置请求异常: {str(e)}")
+            self.logger.error(f"[{method_name}] 异常堆栈: {traceback.format_exc()}")
+            return False
     def merge_credential(self, target_user_id, cred_type, cred_value, merge_reason=None):
         """
         机机接口：凭证合并

skyplatform-iam 1.0.1__py3-none-any.whl → 1.0.5__py3-none-any.whl

skyplatform-iam 1.0.1py3-none-any.whl → 1.0.5py3-none-any.whl