feat: add who authorized

indykite · Apr 24, 2023 · 91976f7 · 91976f7
1 parent ae39711
commit 91976f7
Show file tree

Hide file tree

Showing 17 changed files with 631 additions and 235 deletions.
diff --git a/indykite_sdk/api.py b/indykite_sdk/api.py
@@ -15,6 +15,7 @@
 from indykite_sdk.identity import IdentityClient
 from indykite_sdk.config import ConfigClient
 from indykite_sdk.authorization import AuthorizationClient
+from indykite_sdk.ingest import IngestClient
 from indykite_sdk.oauth2 import HttpClient
 from indykite_sdk.indykite.config.v1beta1.model_pb2 import (SendGridProviderConfig, MailJetProviderConfig, AmazonSESProviderConfig, MailgunProviderConfig)
 from indykite_sdk.indykite.config.v1beta1.model_pb2 import (EmailServiceConfig, AuthFlowConfig, OAuth2ClientConfig, IngestMappingConfig, WebAuthnProviderConfig, AuthorizationPolicyConfig )
@@ -26,8 +27,11 @@
 from indykite_sdk.indykite.identity.v1beta2.import_pb2 import Email as EmailIdentity
 from indykite_sdk.model.is_authorized import IsAuthorizedResource
 from indykite_sdk.model.what_authorized import WhatAuthorizedResourceTypes
+from indykite_sdk.model.who_authorized import WhoAuthorizedResource
 from indykite_sdk.model.tenant import Tenant
 from indykite_sdk.indykite.identity.v1beta2 import attributes_pb2 as attributes
+from indykite_sdk.indykite.objects.v1beta1 import struct_pb2
+from indykite_sdk.indykite.ingest.v1beta1.model_pb2 import Record
 from indykite_sdk.identity import helper
 import logging
 
@@ -342,6 +346,7 @@ def main():
     delete_service_account_credential_parser = subparsers.add_parser("delete_service_account_credential")
     delete_service_account_credential_parser.add_argument("service_account_credential_id",
                                                           help="Service account credential id")
+    delete_service_account_credential_parser.add_argument("etag", nargs='?', help="Optional Etag")
 
     # create_email_service_config_node
     create_email_service_config_node_parser = subparsers.add_parser("create_email_service_config_node")
@@ -528,6 +533,9 @@ def main():
     what_authorized_property_parser.add_argument("property_type", help="Digital Twin Identity Property")
     what_authorized_property_parser.add_argument("property_value", help="Digital Twin Identity Property value")
 
+    # who_authorized
+    who_authorized_parser = subparsers.add_parser("who_authorized")
+
     # create_consent
     create_consent_parser = subparsers.add_parser("create_consent")
     create_consent_parser.add_argument("pii_processor_id", help="ID of OAuth2 Application")
@@ -601,11 +609,16 @@ def main():
     # get_refreshable_token_source
     get_refreshable_token_source = subparsers.add_parser("get_refreshable_token_source")
 
+    # record
+    record_parser = subparsers.add_parser("record")
+    record_parser.add_argument("config_id", help="gid ID of ingest mapping config node")
+
     args = parser.parse_args()
     local = args.local
     client = IdentityClient(local)
     client_config = ConfigClient(local)
     client_authorization = AuthorizationClient(local)
+    client_ingest = IngestClient(local)
 
     command = args.command
 
@@ -745,7 +758,7 @@ def main():
     elif command == "customer_id":
 
         try:
-            service_account = client_config.get_service_account()
+            service_account = client_config.read_service_account()
         except Exception as exception:
             print(exception)
             return None
@@ -767,7 +780,7 @@ def main():
 
     elif command == "service_account":
 
-        service_account = client_config.get_service_account()
+        service_account = client_config.read_service_account()
         if service_account:
             print_response(service_account)
         else:
@@ -1098,7 +1111,7 @@ def main():
 
     elif command == "service_account_id":
         service_account_id = args.service_account_id
-        service_account = client_config.get_service_account(service_account_id)
+        service_account = client_config.read_service_account(service_account_id)
         if service_account:
             print_response(service_account)
         else:
@@ -1107,7 +1120,7 @@ def main():
     elif command == "service_account_name":
         customer_id = args.customer_id
         service_account_name = args.service_account_name
-        service_account = client_config.get_service_account_by_name(customer_id, service_account_name)
+        service_account = client_config.read_service_account_by_name(customer_id, service_account_name)
         if service_account:
             print_response(service_account)
         else:
@@ -1152,7 +1165,7 @@ def main():
 
     elif command == "service_account_credential":
         service_account_credential_id = args.service_account_credential_id
-        service_account_credential = client_config.get_service_account_credential(service_account_credential_id)
+        service_account_credential = client_config.read_service_account_credential(service_account_credential_id)
         if service_account_credential:
             print_response(service_account_credential)
         else:
@@ -1192,8 +1205,16 @@ def main():
 
     elif command == "delete_service_account_credential":
         service_account_credential_id = args.service_account_credential_id
+        if args.etag:
+            etag = args.etag
+        else:
+            etag = None
 
-        delete_service_account_credential_response = client_config.delete_service_account_credential(service_account_credential_id, [])
+        delete_service_account_credential_response = client_config.delete_service_account_credential(
+            service_account_credential_id,
+            etag,
+            []
+        )
         if delete_service_account_credential_response:
             print(delete_service_account_credential_response)
         else:
@@ -1430,6 +1451,33 @@ def main():
             )
         )
 
+        ingest_mapping_config = IngestMappingConfig(
+            upsert=IngestMappingConfig.UpsertData(
+                entities=[IngestMappingConfig.Entity(
+                    tenant_id="gid:AAAAA2CHw7x3Dk68uWSkjl7FoG0",
+                    labels=["DigitalTwin", "Person"],
+                    external_id=IngestMappingConfig.Property(
+                        source_name="email",
+                        mapped_name="email",
+                        is_required=True),
+                    relationships=[IngestMappingConfig.Relationship(
+                        external_id="email",
+                        type="OWNS",
+                        direction="DIRECTION_INBOUND",
+                        match_label="Cars")]
+                ),
+                    IngestMappingConfig.Entity(
+                        tenant_id="gid:AAAAA2CHw7x3Dk68uWSkjl7FoG0",
+                        labels=["Resource", "Car"],
+                        external_id=IngestMappingConfig.Property(
+                            source_name="number",
+                            mapped_name="number",
+                            is_required=True)
+                    )
+                ]
+            )
+        )
+
         create_ingest_mapping_config_node_response = client_config.create_ingest_mapping_config_node(
             location, name, display_name, description, ingest_mapping_config, [])
         if create_ingest_mapping_config_node_response:
@@ -1765,7 +1813,7 @@ def main():
             state="DIGITAL_TWIN_STATE_ACTIVE",
             password=PasswordCredential(
                 email=EmailIdentity(
-                    email="test2105@example.com",
+                    email="test2108@example.com",
                     verified=True
                 ),
                 value="password"
@@ -1777,7 +1825,7 @@ def main():
                 state="DIGITAL_TWIN_STATE_ACTIVE",
                 password=PasswordCredential(
                     email=EmailIdentity(
-                        email="test2106@example.com",
+                        email="test2109@example.com",
                         verified=True
                     ),
                     value="password"
@@ -1789,7 +1837,7 @@ def main():
                 state="DIGITAL_TWIN_STATE_ACTIVE",
                 password=PasswordCredential(
                     email=EmailIdentity(
-                        email="test2107@example.com",
+                        email="test2110@example.com",
                         verified=True
                     ),
                     value="password"
@@ -1974,6 +2022,19 @@ def main():
             print("Invalid what_authorized")
         return what_authorized
 
+    elif command == "who_authorized":
+        actions = ["ACTION1", "ACTION2"]
+        resources = [WhoAuthorizedResource("resourceID", "TypeName", actions),
+                     WhoAuthorizedResource("resource2ID", "TypeName", actions)]
+        options = {"age": "21"}
+        who_authorized = client_authorization.who_authorized(resources, options)
+
+        if who_authorized:
+            print_response(who_authorized)
+        else:
+            print("Invalid who_authorized")
+        return who_authorized
+
     elif command == "create_consent":
         pii_processor_id = args.pii_processor_id
         pii_principal_id = args.pii_principal_id
@@ -2157,6 +2218,18 @@ def main():
         response = client_http.get_refreshable_token_source(token_source, credentials)
         access_token_bytes = response.token.access_token
 
+    elif command == "record":
+        config_id = args.config_id
+        record_data = {
+            "number": struct_pb2.Value(string_value="126"),
+            "model": struct_pb2.Value(string_value="Civic"),
+            "owner": struct_pb2.Value(string_value="test2108@example.com")
+        }
+        record = Record(id="3", external_id="number", data=record_data)
+
+        response = client_ingest.stream_records(config_id, [record])
+        print(response)
+
 
 def print_verify_info(digital_twin_info):  # pragma: no cover
     print("Digital twin info")

diff --git a/indykite_sdk/authorization/__init__.py b/indykite_sdk/authorization/__init__.py
@@ -51,3 +51,4 @@ def __init__(self, local=False):
     # Imported methods
     from .is_authorized import is_authorized_token, is_authorized_digital_twin, is_authorized_property_filter
     from .what_authorized import what_authorized_token, what_authorized_digital_twin, what_authorized_property_filter
+    from .who_authorized import who_authorized
diff --git a/indykite_sdk/authorization/who_authorized.py b/indykite_sdk/authorization/who_authorized.py
@@ -0,0 +1,38 @@
+from indykite_sdk.indykite.authorization.v1beta1 import authorization_service_pb2 as pb2
+from indykite_sdk.indykite.authorization.v1beta1 import model_pb2 as pb2_model
+from indykite_sdk.model.who_authorized import WhoAuthorizedResponse
+import sys
+import indykite_sdk.utils.logger as logger
+
+
+def who_authorized(self,  resources=[], options={}):
+    sys.excepthook = logger.handle_excepthook
+    try:
+        response = self.stub.WhoAuthorized(
+            pb2.WhoAuthorizedRequest(
+                resources=request_resource(resources),
+                options=request_options(options)
+            )
+        )
+    except Exception as exception:
+        return logger.logger_error(exception)
+
+    if not response:
+        return None
+
+    return WhoAuthorizedResponse.deserialize(response)
+
+
+def request_resource(resources):
+    return [
+        pb2.WhoAuthorizedRequest.Resource(id=r.id, type=r.type, actions=list(r.actions))
+        for r in resources
+    ]
+
+
+def request_options(options):
+    options_dict = {
+        k: pb2_model.Option(string_value=str(v))
+        for k, v in options.items()
+    }
+    return options_dict
diff --git a/indykite_sdk/config/__init__.py b/indykite_sdk/config/__init__.py
@@ -52,14 +52,14 @@ def __init__(self, local=False):
 
     # Imported methods
     from .customer import get_customer_by_id, get_customer_by_name
-    from .service_account import get_service_account, get_service_account_by_name, create_service_account, update_service_account, delete_service_account
+    from .service_account import read_service_account, read_service_account_by_name, create_service_account, update_service_account, delete_service_account
     from .app_space import get_app_space_by_id, get_app_space_by_name, create_app_space, update_app_space, list_app_spaces, delete_app_space
     from .tenant import get_tenant_by_id, get_tenant_by_name, create_tenant, update_tenant, list_tenants, delete_tenant
     from .application import get_application_by_id, get_application_by_name, create_application, update_application, list_applications, delete_application
     from .application_agent import get_application_agent_by_id, get_application_agent_by_name, create_application_agent, update_application_agent, \
         list_application_agents, delete_application_agent
     from .application_agent_credential import get_application_agent_credential, register_application_agent_credential_jwk, register_application_agent_credential_pem, delete_application_agent_credential
-    from .service_account_credential import get_service_account_credential, register_service_account_credential_jwk, register_service_account_credential_pem, delete_service_account_credential
+    from .service_account_credential import read_service_account_credential, register_service_account_credential_jwk, register_service_account_credential_pem, delete_service_account_credential
     from .config_node import create_email_service_config_node, read_config_node, update_email_service_config_node, delete_config_node, create_auth_flow_config_node, update_auth_flow_config_node, \
         create_oauth2_client_config_node, update_oauth2_client_config_node, create_ingest_mapping_config_node, update_ingest_mapping_config_node, \
         create_webauthn_provider_config_node, update_webauthn_provider_config_node, \

diff --git a/indykite_sdk/config/service_account.py b/indykite_sdk/config/service_account.py
@@ -8,7 +8,7 @@
 import indykite_sdk.utils.logger as logger
 
 
-def get_service_account(self,service_account=None):
+def read_service_account(self,service_account=None):
     sys.excepthook = logger.handle_excepthook
     try:
         if service_account:
@@ -38,7 +38,7 @@ def get_service_account(self,service_account=None):
     return service_account
 
 
-def get_service_account_by_name(self, customer_id, service_account_name):
+def read_service_account_by_name(self, customer_id, service_account_name):
     sys.excepthook = logger.handle_excepthook
     try:
         response = self.stub.ReadServiceAccount(

diff --git a/indykite_sdk/config/service_account_credential.py b/indykite_sdk/config/service_account_credential.py
@@ -1,12 +1,13 @@
 from indykite_sdk.indykite.config.v1beta1 import config_management_api_pb2 as pb2
 from indykite_sdk.model.service_account_credential import ServiceAccountCredential
 from indykite_sdk.model.register_service_account_credential import RegisterServiceAccountCredential
+from indykite_sdk.indykite.config.v1beta1.model_pb2 import google_dot_protobuf_dot_wrappers__pb2 as wrappers
 from google.protobuf.timestamp_pb2 import Timestamp
 import sys
 import indykite_sdk.utils.logger as logger
 
 
-def get_service_account_credential(self, service_account_credential_id):
+def read_service_account_credential(self, service_account_credential_id):
     sys.excepthook = logger.handle_excepthook
     try:
         response = self.stub.ReadServiceAccountCredential(
@@ -63,12 +64,14 @@ def register_service_account_credential_pem(self, service_account_id, display_na
     return RegisterServiceAccountCredential.deserialize(response)
 
 
-def delete_service_account_credential(self, service_account_credential_id, bookmarks):
+def delete_service_account_credential(self, service_account_credential_id, etag, bookmarks):
     sys.excepthook = logger.handle_excepthook
     try:
         response = self.stub.DeleteServiceAccountCredential(
             pb2.DeleteServiceAccountCredentialRequest(
-                id=service_account_credential_id, bookmarks=bookmarks
+                id=service_account_credential_id,
+                etag=wrappers.StringValue(value=etag),
+                bookmarks=bookmarks
             )
         )
     except Exception as exception: