kbase · MrCreosote · Sep 30, 2025 · Sep 22, 2025 · Sep 22, 2025 · Sep 23, 2025
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,23 @@
+version: 2
+updates:
+
+  # Docker
+  - package-ecosystem: docker
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 25
+
+  # Python
+  - package-ecosystem: "pip" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 25
+
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: ".github/workflows"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 25
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,38 @@
+name: "CodeQL"
+
+on:
+  pull_request:
+    types:
+    - opened
+    - reopened
+    - synchronize
+    - ready_for_review
+  push:
+    # run workflow when merging to main or develop
+    branches:
+      - main
+      - master
+      - develop
+
+jobs:
+  CodeQL-Build:
+    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
+    runs-on: ubuntu-latest
+
+    permissions:
+      # required for all workflows
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        # Override language selection by uncommenting this and choosing your languages
+        with:
+          languages: python
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,52 @@
+name: KBase Auth Client Tests
+
+on:
+  pull_request:
+    types:
+    - opened
+    - reopened
+    - synchronize
+    - ready_for_review
+  push:
+    # run workflow when merging to main or develop
+    branches:
+      - main
+      - develop
+
+jobs:
+
+  auth_client_tests:
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        include:
+          - python-version: "3.12"
+
+    steps:
+
+    - name: Repo checkout
+      uses: actions/checkout@v4
+
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Install uv
+      uses: astral-sh/setup-uv@v6
+
+    - name: Install dependencies
+      shell: bash
+      run: |
+        export UV_PROJECT_ENVIRONMENT="${pythonLocation}"
+        uv sync --locked
+
+    - name: Run tests
+      shell: bash
+      run: PYTHONPATH=src pytest --cov=src --cov-report=xml test
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v5
+      with:
+        token: ${{ secrets.CODECOV_TOKEN }}
+        fail_ci_if_error: true
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,28 @@
+##########################################
+# READ BEFORE ALTERING THIS FILE
+#
+# Only files specific to this repo or that will be generated as part of using this repo should
+# be ignored here. Files that are specific to particular development environments or users
+# should be ignored in the global gitignore to ignore for all repos, or in .git/info/exclude
+# to ignore for just this repo.
+# 
+# Examples of appropriate files for each location:
+# This file:
+#    python pyc files
+#    python cache files
+#    test configuration and output, including coverage data
+#
+# Global gitignore
+#    Eclipse .settings, .project, and .pyproject files
+#    Mac .DS_store files
+#    VSCode .vscode directory
+#
+# .git/info/exclude
+#    Temporary code / notes while exploring new repo features
+#    Personal data used for manual testing
+#
+##########################################
+
+/.pytest_cache/
+__pycache__
+/.venv/
diff --git a/.python-version b/.python-version
@@ -0,0 +1 @@
+3.12
diff --git a/LICENSE.md b/LICENSE.md
@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2025-present KBase Software
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/README.md b/README.md
@@ -0,0 +1,51 @@
+# Auth2 client for Python
+
+This repo contains a minimal client for the [KBase Auth2 server](https://github.com/kbase/auth2),
+covering only the most common operations - e.g. validating tokens and user names
+and getting user roles.
+
+Most other uses are easily done with any http/REST client like `requests` or `httpx`.
+
+## Installation
+
+TODO INSTALL setup a KBase pypi org and publish there
+
+## Usage
+
+TODO USAGE
+
+## Development
+
+### Creating the synchronous client
+
+The synchronous client is generated from the asynchronous client code - do not make any changes in
+the `_sync` directory as they will be overwritten.
+
+To update the synchronous code after modifying the asynchronous code run
+
+```
+uv sync --dev  # only required on first run or when the uv.lock file changes
+uv run scripts/process_unasync.py
+```
+
+### Adding and releasing code
+
+* Adding code
+  * All code additions and updates must be made as pull requests directed at the develop branch.
+    * All tests must pass and all new code must be covered by tests.
+    * All new code must be documented appropriately
+      * Pydocs
+      * General documentation if appropriate
+      * Release notes
+* Releases
+  * The main branch is the stable branch. Releases are made from the develop branch to the main
+    branch.
+  * Tag the version in git and github.
+  * Create a github release.
+
+### Testing
+
+```
+uv sync --dev  # only required on first run or when the uv.lock file changes
+PYTHONPATH=src uv run pytest test
+```
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -0,0 +1,27 @@
+services:
+
+  auth:
+    image: ghcr.io/kbase/auth2:0.7.1
+    platform: linux/amd64
+    ports:
+      - 50001:8080
+    environment:
+      mongo_host: "mongodb:27017"
+      test_mode_enabled: "true"
+      identity_providers: ""
+    command:
+      - "-template"
+      - "/kb/deployment/conf/.templates/deployment.cfg.templ:/kb/deployment/conf/deployment.cfg"
+      - "/kb/deployment/bin/start_auth2.sh"
+    depends_on:
+      - mongodb
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/"]
+      interval: 1s
+      # https://github.com/kbase/auth2/issues/443
+      retries: 30
+
+  mongodb:
+    image: mongo:7.0.14
+    ports:
+      - 27017:27017
diff --git a/pyproject.toml b/pyproject.toml
@@ -0,0 +1,33 @@
+[project]
+name = "kbase-auth"
+version = "0.1.0"
+description = "Client for the KBase Authentication Service"
+readme = "README.md"
+authors = [{ name = "KBase Development Team" }]
+requires-python = ">=3.12"
+license = { text = "MIT" }
+classifiers = [
+    "Programming Language :: Python :: 3",
+    "License :: OSI Approved :: MIT License",
+    "Operating System :: OS Independent",
+]
+dependencies = [
+    "httpx==0.28.1",
+]
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/kbase"]
+
+[dependency-groups]
+dev = [
+    "ipython==9.5.0",
+    "pytest==8.4.2",
+    "pytest-asyncio==1.2.0",
+    "pytest-cov==7.0.0",
+    "requests==2.32.5",
+    "unasync==0.6.0",
+]
diff --git a/scripts/process_unasync.py b/scripts/process_unasync.py
@@ -0,0 +1,32 @@
+"""
+Convert the async client to a sync client.
+"""
+
+from pathlib import Path
+import unasync
+
+
+def main():
+    additional_replacements = {
+        "AsyncClient": "Client",
+        "aclose": "close",
+    }
+
+
+    rules = [
+        unasync.Rule(
+            fromdir="/src/kbase/auth/_async/",
+            todir="/src/kbase/auth/_sync/",
+            additional_replacements=additional_replacements,
+        ),
+    ]
+
+    filepaths = [
+        str(Path(__file__).parent.parent / "src" / "kbase" / "auth" / "_async" / "client.py")
+    ]
+
+    unasync.unasync_files(filepaths, rules)
+
+
+if __name__ == "__main__":
+    main()