From 3aafcec55797f32766109d3db05edf27100757ec Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Thu, 7 Mar 2024 17:15:04 +0200 Subject: [PATCH 01/21] draft: principal api endpointsz --- api/swagger.yml | 128 ++++++++++++++++++++++++++++++++++++- docs/assets/js/swagger.yml | 128 ++++++++++++++++++++++++++++++++++++- pkg/api/controller.go | 25 ++++++++ 3 files changed, 275 insertions(+), 6 deletions(-) diff --git a/api/swagger.yml b/api/swagger.yml index 5ff14ddc041..4b8c6005ef8 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -1632,8 +1632,39 @@ components: required: - installation_id - reports - - + ExternalPrincipalList: + type: object + required: + - pagination + - results + properties: + pagination: + $ref: "#/components/schemas/Pagination" + results: + type: array + items: + $ref: "#/components/schemas/ExternalPrincipal" + ExternalPrincipalSettings: + type: object + additionalProperties: + type: string + description: Additional settings for the external principal. + ExternalPrincipal: + type: object + required: + - users + properties: + users: + type: array + items: + type: string + description: | + List of lakeFS user IDs that are associated with the external principal. + Currently, the only 1 user is allowed. + settings: + type: object + items: + $ref: "#/components/schemas/ExternalPrincipalSettings" paths: /setup_comm_prefs: post: @@ -2523,7 +2554,98 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" - + /auth/external/principals: + get: + tags: + - auth + - external + operationId: listExternalPrincipals + summary: list external principals + parameters: + - $ref: "#/components/parameters/PaginationPrefix" + - $ref: "#/components/parameters/PaginationAfter" + - $ref: "#/components/parameters/PaginationAmount" + responses: + 200: + description: external principal list + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipalList" + 401: + $ref: "#/components/responses/Unauthorized" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" + post: + tags: + - auth + - external + operationId: createExternalPrincipal + summary: Create principal as external identity connected to lakeFS user + requestBody: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipal" + responses: + 201: + description: external principal created successfully + 401: + $ref: "#/components/responses/Unauthorized" + 409: + $ref: "#/components/responses/Conflict" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" + /auth/external/principals/{principalId}: + parameters: + - in: path + name: principalId + required: true + schema: + type: string + get: + tags: + - auth + - external + operationId: getExternalPrincipal + summary: Get principal information + responses: + 200: + description: external principal + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipal" + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" + delete: + tags: + - auth + - external + operationId: deleteExternalPrincipal + summary: Delete principal and lakeFS attachments + responses: + 204: + description: external principal deleted successfully + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" /repositories: get: tags: diff --git a/docs/assets/js/swagger.yml b/docs/assets/js/swagger.yml index 5ff14ddc041..4b8c6005ef8 100644 --- a/docs/assets/js/swagger.yml +++ b/docs/assets/js/swagger.yml @@ -1632,8 +1632,39 @@ components: required: - installation_id - reports - - + ExternalPrincipalList: + type: object + required: + - pagination + - results + properties: + pagination: + $ref: "#/components/schemas/Pagination" + results: + type: array + items: + $ref: "#/components/schemas/ExternalPrincipal" + ExternalPrincipalSettings: + type: object + additionalProperties: + type: string + description: Additional settings for the external principal. + ExternalPrincipal: + type: object + required: + - users + properties: + users: + type: array + items: + type: string + description: | + List of lakeFS user IDs that are associated with the external principal. + Currently, the only 1 user is allowed. + settings: + type: object + items: + $ref: "#/components/schemas/ExternalPrincipalSettings" paths: /setup_comm_prefs: post: @@ -2523,7 +2554,98 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" - + /auth/external/principals: + get: + tags: + - auth + - external + operationId: listExternalPrincipals + summary: list external principals + parameters: + - $ref: "#/components/parameters/PaginationPrefix" + - $ref: "#/components/parameters/PaginationAfter" + - $ref: "#/components/parameters/PaginationAmount" + responses: + 200: + description: external principal list + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipalList" + 401: + $ref: "#/components/responses/Unauthorized" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" + post: + tags: + - auth + - external + operationId: createExternalPrincipal + summary: Create principal as external identity connected to lakeFS user + requestBody: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipal" + responses: + 201: + description: external principal created successfully + 401: + $ref: "#/components/responses/Unauthorized" + 409: + $ref: "#/components/responses/Conflict" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" + /auth/external/principals/{principalId}: + parameters: + - in: path + name: principalId + required: true + schema: + type: string + get: + tags: + - auth + - external + operationId: getExternalPrincipal + summary: Get principal information + responses: + 200: + description: external principal + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipal" + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" + delete: + tags: + - auth + - external + operationId: deleteExternalPrincipal + summary: Delete principal and lakeFS attachments + responses: + 204: + description: external principal deleted successfully + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" /repositories: get: tags: diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 4ab2aaa9317..39c511ca6a1 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -5233,3 +5233,28 @@ func (c *Controller) GetUsageReportSummary(w http.ResponseWriter, r *http.Reques } writeResponse(w, r, http.StatusOK, response) } + +func (c *Controller) ListExternalPrincipals(w http.ResponseWriter, r *http.Request, params apigen.ListExternalPrincipalsParams) { + +} +func (c *Controller) CreateExternalPrincipal(w http.ResponseWriter, r *http.Request, body apigen.CreateExternalPrincipalJSONRequestBody) { + + // CreatedAt: time.Now().UTC(), + // DisplayName: policyID, + // Statement: stmts, + // } + // err := c.Auth.WritePolicy(ctx, p, true) + // if c.handleAPIError(ctx, w, r, err) { + // return + // } + // response := serializePolicy(p) + // writeResponse(w, r, http.StatusOK, response) +} + +func (c *Controller) DeleteExternalPrincipal(w http.ResponseWriter, r *http.Request, principalID string) { + +} + +func (c *Controller) GetExternalPrincipal(w http.ResponseWriter, r *http.Request, principalID string) { + +} From 92b9d7b1d3cb5cc66d45327a17ff01056d4cbd24 Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Thu, 7 Mar 2024 17:43:36 +0200 Subject: [PATCH 02/21] minor fix --- api/swagger.yml | 6 +++++- docs/assets/js/swagger.yml | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/api/swagger.yml b/api/swagger.yml index 4b8c6005ef8..5fd97237d58 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -1643,7 +1643,7 @@ components: results: type: array items: - $ref: "#/components/schemas/ExternalPrincipal" + type: string ExternalPrincipalSettings: type: object additionalProperties: @@ -1653,7 +1653,11 @@ components: type: object required: - users + - id properties: + id: + type: string + description: A unique identifier for the external principal users: type: array items: diff --git a/docs/assets/js/swagger.yml b/docs/assets/js/swagger.yml index 4b8c6005ef8..5fd97237d58 100644 --- a/docs/assets/js/swagger.yml +++ b/docs/assets/js/swagger.yml @@ -1643,7 +1643,7 @@ components: results: type: array items: - $ref: "#/components/schemas/ExternalPrincipal" + type: string ExternalPrincipalSettings: type: object additionalProperties: @@ -1653,7 +1653,11 @@ components: type: object required: - users + - id properties: + id: + type: string + description: A unique identifier for the external principal users: type: array items: From 44e3cd2160f7a3e2bddaedb429735d1ab17314db Mon Sep 17 00:00:00 2001 From: isan_rivkin Date: Thu, 7 Mar 2024 17:44:15 +0200 Subject: [PATCH 03/21] Update api/swagger.yml Co-authored-by: Idan Novogroder <43949240+idanovo@users.noreply.github.com> --- api/swagger.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/swagger.yml b/api/swagger.yml index 5fd97237d58..20d4e9ed853 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -1664,7 +1664,7 @@ components: type: string description: | List of lakeFS user IDs that are associated with the external principal. - Currently, the only 1 user is allowed. + Currently, only 1 user is allowed. settings: type: object items: From 40df3356f9f6a63b9242835d4b8b0589fca21fbc Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Thu, 7 Mar 2024 17:48:18 +0200 Subject: [PATCH 04/21] update comments --- docs/assets/js/swagger.yml | 2 +- pkg/api/controller.go | 11 ----------- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/docs/assets/js/swagger.yml b/docs/assets/js/swagger.yml index 5fd97237d58..20d4e9ed853 100644 --- a/docs/assets/js/swagger.yml +++ b/docs/assets/js/swagger.yml @@ -1664,7 +1664,7 @@ components: type: string description: | List of lakeFS user IDs that are associated with the external principal. - Currently, the only 1 user is allowed. + Currently, only 1 user is allowed. settings: type: object items: diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 39c511ca6a1..309baa94bee 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -5238,17 +5238,6 @@ func (c *Controller) ListExternalPrincipals(w http.ResponseWriter, r *http.Reque } func (c *Controller) CreateExternalPrincipal(w http.ResponseWriter, r *http.Request, body apigen.CreateExternalPrincipalJSONRequestBody) { - - // CreatedAt: time.Now().UTC(), - // DisplayName: policyID, - // Statement: stmts, - // } - // err := c.Auth.WritePolicy(ctx, p, true) - // if c.handleAPIError(ctx, w, r, err) { - // return - // } - // response := serializePolicy(p) - // writeResponse(w, r, http.StatusOK, response) } func (c *Controller) DeleteExternalPrincipal(w http.ResponseWriter, r *http.Request, principalID string) { From 02953d0140db52b3beb15757f0943571a34233d7 Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Thu, 7 Mar 2024 17:49:54 +0200 Subject: [PATCH 05/21] update experimental --- api/swagger.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/api/swagger.yml b/api/swagger.yml index 20d4e9ed853..903e86deca2 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -2563,6 +2563,7 @@ paths: tags: - auth - external + - experimental operationId: listExternalPrincipals summary: list external principals parameters: @@ -2586,6 +2587,7 @@ paths: tags: - auth - external + - experimental operationId: createExternalPrincipal summary: Create principal as external identity connected to lakeFS user requestBody: @@ -2616,6 +2618,7 @@ paths: tags: - auth - external + - experimental operationId: getExternalPrincipal summary: Get principal information responses: @@ -2637,6 +2640,7 @@ paths: tags: - auth - external + - experimental operationId: deleteExternalPrincipal summary: Delete principal and lakeFS attachments responses: From aade81b8f497db7201813cf9bfa1f74603c11bfd Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Thu, 7 Mar 2024 18:20:30 +0200 Subject: [PATCH 06/21] update user not users --- api/swagger.yml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/api/swagger.yml b/api/swagger.yml index 903e86deca2..7e7674643e8 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -1648,23 +1648,20 @@ components: type: object additionalProperties: type: string - description: Additional settings for the external principal. + description: Additional settings to be consumed by the remote authenticator ExternalPrincipal: type: object required: - - users + - userId - id properties: id: type: string description: A unique identifier for the external principal - users: - type: array - items: - type: string + userId: + type: string description: | - List of lakeFS user IDs that are associated with the external principal. - Currently, only 1 user is allowed. + lakeFS user IDs to associate with an external principal. settings: type: object items: From 9cc77c86de342922bd2740bffb97e86430123a93 Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Sun, 10 Mar 2024 11:55:35 +0200 Subject: [PATCH 07/21] update review --- api/swagger.yml | 41 +++++++++++++++++++++++++++--- docs/assets/js/swagger.yml | 52 +++++++++++++++++++++++++++++++------- pkg/api/controller.go | 4 +++ 3 files changed, 84 insertions(+), 13 deletions(-) diff --git a/api/swagger.yml b/api/swagger.yml index 7e7674643e8..519e70d5ee9 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -1652,16 +1652,16 @@ components: ExternalPrincipal: type: object required: - - userId + - user_id - id properties: id: type: string description: A unique identifier for the external principal - userId: + user_id: type: string description: | - lakeFS user IDs to associate with an external principal. + lakeFS user ID to associate with an external principal. settings: type: object items: @@ -2425,7 +2425,40 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" - + /auth/users/{userId}/external/principals: + parameters: + - in: path + name: userId + required: true + schema: + type: string + get: + tags: + - auth + - external + - experimental + parameters: + - $ref: "#/components/parameters/PaginationPrefix" + - $ref: "#/components/parameters/PaginationAfter" + - $ref: "#/components/parameters/PaginationAmount" + description: will return all external principals id attached to the user + operationId: listUserExternalPrincipals + summary: list user external policies + responses: + 200: + description: external principals list + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipalList" + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" /auth/groups/{groupId}/policies: parameters: - in: path diff --git a/docs/assets/js/swagger.yml b/docs/assets/js/swagger.yml index 20d4e9ed853..519e70d5ee9 100644 --- a/docs/assets/js/swagger.yml +++ b/docs/assets/js/swagger.yml @@ -1648,23 +1648,20 @@ components: type: object additionalProperties: type: string - description: Additional settings for the external principal. + description: Additional settings to be consumed by the remote authenticator ExternalPrincipal: type: object required: - - users + - user_id - id properties: id: type: string description: A unique identifier for the external principal - users: - type: array - items: - type: string + user_id: + type: string description: | - List of lakeFS user IDs that are associated with the external principal. - Currently, only 1 user is allowed. + lakeFS user ID to associate with an external principal. settings: type: object items: @@ -2428,7 +2425,40 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" - + /auth/users/{userId}/external/principals: + parameters: + - in: path + name: userId + required: true + schema: + type: string + get: + tags: + - auth + - external + - experimental + parameters: + - $ref: "#/components/parameters/PaginationPrefix" + - $ref: "#/components/parameters/PaginationAfter" + - $ref: "#/components/parameters/PaginationAmount" + description: will return all external principals id attached to the user + operationId: listUserExternalPrincipals + summary: list user external policies + responses: + 200: + description: external principals list + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipalList" + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" /auth/groups/{groupId}/policies: parameters: - in: path @@ -2563,6 +2593,7 @@ paths: tags: - auth - external + - experimental operationId: listExternalPrincipals summary: list external principals parameters: @@ -2586,6 +2617,7 @@ paths: tags: - auth - external + - experimental operationId: createExternalPrincipal summary: Create principal as external identity connected to lakeFS user requestBody: @@ -2616,6 +2648,7 @@ paths: tags: - auth - external + - experimental operationId: getExternalPrincipal summary: Get principal information responses: @@ -2637,6 +2670,7 @@ paths: tags: - auth - external + - experimental operationId: deleteExternalPrincipal summary: Delete principal and lakeFS attachments responses: diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 309baa94bee..44e7486cf23 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -5247,3 +5247,7 @@ func (c *Controller) DeleteExternalPrincipal(w http.ResponseWriter, r *http.Requ func (c *Controller) GetExternalPrincipal(w http.ResponseWriter, r *http.Request, principalID string) { } + +func (c *Controller) ListUserExternalPrincipals(w http.ResponseWriter, r *http.Request, userID string, params apigen.ListUserExternalPrincipalsParams) { + +} From 9b2b07651d706830b1b886fae911ce778acaa0e7 Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Sun, 10 Mar 2024 12:21:12 +0200 Subject: [PATCH 08/21] update spsaces --- api/swagger.yml | 4 ++++ docs/assets/js/swagger.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/api/swagger.yml b/api/swagger.yml index 519e70d5ee9..762de7ddb7e 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -2425,6 +2425,7 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" + /auth/users/{userId}/external/principals: parameters: - in: path @@ -2588,6 +2589,7 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" + /auth/external/principals: get: tags: @@ -2637,6 +2639,7 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" + /auth/external/principals/{principalId}: parameters: - in: path @@ -2684,6 +2687,7 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" + /repositories: get: tags: diff --git a/docs/assets/js/swagger.yml b/docs/assets/js/swagger.yml index 519e70d5ee9..762de7ddb7e 100644 --- a/docs/assets/js/swagger.yml +++ b/docs/assets/js/swagger.yml @@ -2425,6 +2425,7 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" + /auth/users/{userId}/external/principals: parameters: - in: path @@ -2588,6 +2589,7 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" + /auth/external/principals: get: tags: @@ -2637,6 +2639,7 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" + /auth/external/principals/{principalId}: parameters: - in: path @@ -2684,6 +2687,7 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" + /repositories: get: tags: From d336de49d7078f509aa1e37cd3d0463efbf7165c Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Sun, 10 Mar 2024 13:46:16 +0200 Subject: [PATCH 09/21] add initial rbac --- pkg/api/controller.go | 44 +++++++++++++++++++++++++++++++---- pkg/permissions/actions.go | 4 ++++ pkg/permissions/permission.go | 3 +++ 3 files changed, 47 insertions(+), 4 deletions(-) diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 44e7486cf23..36a22f3f177 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -5235,19 +5235,55 @@ func (c *Controller) GetUsageReportSummary(w http.ResponseWriter, r *http.Reques } func (c *Controller) ListExternalPrincipals(w http.ResponseWriter, r *http.Request, params apigen.ListExternalPrincipalsParams) { - + if !c.authorize(w, r, permissions.Node{ + Permission: permissions.Permission{ + Action: permissions.ListExternalPrincipalsAction, + Resource: permissions.All, + }, + }) { + return + } } func (c *Controller) CreateExternalPrincipal(w http.ResponseWriter, r *http.Request, body apigen.CreateExternalPrincipalJSONRequestBody) { + if !c.authorize(w, r, permissions.Node{ + Permission: permissions.Permission{ + Action: permissions.CreateExternalPrincipalAction, + Resource: permissions.UserArn(body.UserId), + }, + }) { + return + } } func (c *Controller) DeleteExternalPrincipal(w http.ResponseWriter, r *http.Request, principalID string) { - + if !c.authorize(w, r, permissions.Node{ + Permission: permissions.Permission{ + Action: permissions.DeleteExternalPrincipalAction, + Resource: permissions.ExternalPrincipalArn(principalID), + }, + }) { + return + } } func (c *Controller) GetExternalPrincipal(w http.ResponseWriter, r *http.Request, principalID string) { - + if !c.authorize(w, r, permissions.Node{ + Permission: permissions.Permission{ + Action: permissions.ReadExternalPrincipalAction, + Resource: permissions.ExternalPrincipalArn(principalID), + }, + }) { + return + } } func (c *Controller) ListUserExternalPrincipals(w http.ResponseWriter, r *http.Request, userID string, params apigen.ListUserExternalPrincipalsParams) { - + if !c.authorize(w, r, permissions.Node{ + Permission: permissions.Permission{ + Action: permissions.ReadUserAction, + Resource: permissions.UserArn(userID), + }, + }) { + return + } } diff --git a/pkg/permissions/actions.go b/pkg/permissions/actions.go index cc6d51a4e06..e1c6a18f537 100644 --- a/pkg/permissions/actions.go +++ b/pkg/permissions/actions.go @@ -61,6 +61,10 @@ const ( CreateCredentialsAction = "auth:CreateCredentials" //nolint:gosec DeleteCredentialsAction = "auth:DeleteCredentials" //nolint:gosec ListCredentialsAction = "auth:ListCredentials" //nolint:gosec + CreateExternalPrincipalAction = "auth:CreateExternalPrincipal" + DeleteExternalPrincipalAction = "auth:DeleteExternalPrincipal" + ListExternalPrincipalsAction = "auth:ListExternalPrincipals" + ReadExternalPrincipalAction = "auth:ReadExternalPrincipal" ReadActionsAction = "ci:ReadAction" PrepareGarbageCollectionCommitsAction = "retention:PrepareGarbageCollectionCommits" GetGarbageCollectionRulesAction = "retention:GetGarbageCollectionRules" diff --git a/pkg/permissions/permission.go b/pkg/permissions/permission.go index 78b81fc4b67..24d7d43f2a8 100644 --- a/pkg/permissions/permission.go +++ b/pkg/permissions/permission.go @@ -57,3 +57,6 @@ func GroupArn(groupID string) string { func PolicyArn(policyID string) string { return authArnPrefix + "policy/" + policyID } +func ExternalPrincipalArn(principalID string) string { + return authArnPrefix + "external/principals/" + principalID +} From 200caf3727e018818cc932519674a44cba2ed8fb Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Sun, 10 Mar 2024 13:57:15 +0200 Subject: [PATCH 10/21] update perms --- pkg/api/controller.go | 25 +++++++++++++++++++++++++ pkg/permissions/actions.gen.go | 4 ++++ 2 files changed, 29 insertions(+) diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 36a22f3f177..dbcacdaaf46 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -5235,6 +5235,11 @@ func (c *Controller) GetUsageReportSummary(w http.ResponseWriter, r *http.Reques } func (c *Controller) ListExternalPrincipals(w http.ResponseWriter, r *http.Request, params apigen.ListExternalPrincipalsParams) { + // TODO(isan) add a check to see if RemoteAuthenticator.Enabled is true + if c.Config.IsAuthUISimplified() { + writeError(w, r, http.StatusNotImplemented, "Not implemented") + return + } if !c.authorize(w, r, permissions.Node{ Permission: permissions.Permission{ Action: permissions.ListExternalPrincipalsAction, @@ -5245,6 +5250,11 @@ func (c *Controller) ListExternalPrincipals(w http.ResponseWriter, r *http.Reque } } func (c *Controller) CreateExternalPrincipal(w http.ResponseWriter, r *http.Request, body apigen.CreateExternalPrincipalJSONRequestBody) { + // TODO(isan) add a check to see if RemoteAuthenticator.Enabled is true + if c.Config.IsAuthUISimplified() { + writeError(w, r, http.StatusNotImplemented, "Not implemented") + return + } if !c.authorize(w, r, permissions.Node{ Permission: permissions.Permission{ Action: permissions.CreateExternalPrincipalAction, @@ -5256,6 +5266,11 @@ func (c *Controller) CreateExternalPrincipal(w http.ResponseWriter, r *http.Requ } func (c *Controller) DeleteExternalPrincipal(w http.ResponseWriter, r *http.Request, principalID string) { + // TODO(isan) add a check to see if RemoteAuthenticator.Enabled is true + if c.Config.IsAuthUISimplified() { + writeError(w, r, http.StatusNotImplemented, "Not implemented") + return + } if !c.authorize(w, r, permissions.Node{ Permission: permissions.Permission{ Action: permissions.DeleteExternalPrincipalAction, @@ -5267,6 +5282,11 @@ func (c *Controller) DeleteExternalPrincipal(w http.ResponseWriter, r *http.Requ } func (c *Controller) GetExternalPrincipal(w http.ResponseWriter, r *http.Request, principalID string) { + // TODO(isan) add a check to see if RemoteAuthenticator.Enabled is true + if c.Config.IsAuthUISimplified() { + writeError(w, r, http.StatusNotImplemented, "Not implemented") + return + } if !c.authorize(w, r, permissions.Node{ Permission: permissions.Permission{ Action: permissions.ReadExternalPrincipalAction, @@ -5278,6 +5298,11 @@ func (c *Controller) GetExternalPrincipal(w http.ResponseWriter, r *http.Request } func (c *Controller) ListUserExternalPrincipals(w http.ResponseWriter, r *http.Request, userID string, params apigen.ListUserExternalPrincipalsParams) { + // TODO(isan) add a check to see if RemoteAuthenticator.Enabled is true + if c.Config.IsAuthUISimplified() { + writeError(w, r, http.StatusNotImplemented, "Not implemented") + return + } if !c.authorize(w, r, permissions.Node{ Permission: permissions.Permission{ Action: permissions.ReadUserAction, diff --git a/pkg/permissions/actions.gen.go b/pkg/permissions/actions.gen.go index 16fc74eb39d..6a8f18600e8 100644 --- a/pkg/permissions/actions.gen.go +++ b/pkg/permissions/actions.gen.go @@ -50,6 +50,10 @@ var Actions = []string{ "auth:CreateCredentials", "auth:DeleteCredentials", "auth:ListCredentials", + "auth:CreateExternalPrincipal", + "auth:DeleteExternalPrincipal", + "auth:ListExternalPrincipals", + "auth:ReadExternalPrincipal", "ci:ReadAction", "retention:PrepareGarbageCollectionCommits", "retention:GetGarbageCollectionRules", From b57a5ffe264d2f352ad9f813c0cb41c41efaf552 Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Sun, 10 Mar 2024 14:18:10 +0200 Subject: [PATCH 11/21] update --- pkg/api/controller.go | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/pkg/api/controller.go b/pkg/api/controller.go index dbcacdaaf46..1e6ecac697f 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -5235,8 +5235,7 @@ func (c *Controller) GetUsageReportSummary(w http.ResponseWriter, r *http.Reques } func (c *Controller) ListExternalPrincipals(w http.ResponseWriter, r *http.Request, params apigen.ListExternalPrincipalsParams) { - // TODO(isan) add a check to see if RemoteAuthenticator.Enabled is true - if c.Config.IsAuthUISimplified() { + if c.Config.IsAuthUISimplified() && c.Config.Auth.RemoteAuthenticator.Enabled { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5250,8 +5249,7 @@ func (c *Controller) ListExternalPrincipals(w http.ResponseWriter, r *http.Reque } } func (c *Controller) CreateExternalPrincipal(w http.ResponseWriter, r *http.Request, body apigen.CreateExternalPrincipalJSONRequestBody) { - // TODO(isan) add a check to see if RemoteAuthenticator.Enabled is true - if c.Config.IsAuthUISimplified() { + if c.Config.IsAuthUISimplified() && c.Config.Auth.RemoteAuthenticator.Enabled { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5266,8 +5264,7 @@ func (c *Controller) CreateExternalPrincipal(w http.ResponseWriter, r *http.Requ } func (c *Controller) DeleteExternalPrincipal(w http.ResponseWriter, r *http.Request, principalID string) { - // TODO(isan) add a check to see if RemoteAuthenticator.Enabled is true - if c.Config.IsAuthUISimplified() { + if c.Config.IsAuthUISimplified() && c.Config.Auth.RemoteAuthenticator.Enabled { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5282,8 +5279,7 @@ func (c *Controller) DeleteExternalPrincipal(w http.ResponseWriter, r *http.Requ } func (c *Controller) GetExternalPrincipal(w http.ResponseWriter, r *http.Request, principalID string) { - // TODO(isan) add a check to see if RemoteAuthenticator.Enabled is true - if c.Config.IsAuthUISimplified() { + if c.Config.IsAuthUISimplified() && c.Config.Auth.RemoteAuthenticator.Enabled { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5298,8 +5294,7 @@ func (c *Controller) GetExternalPrincipal(w http.ResponseWriter, r *http.Request } func (c *Controller) ListUserExternalPrincipals(w http.ResponseWriter, r *http.Request, userID string, params apigen.ListUserExternalPrincipalsParams) { - // TODO(isan) add a check to see if RemoteAuthenticator.Enabled is true - if c.Config.IsAuthUISimplified() { + if c.Config.IsAuthUISimplified() && c.Config.Auth.RemoteAuthenticator.Enabled { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } From 5a3bb8b11e29b9fe55df94e2bdd13439404f889b Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Sun, 10 Mar 2024 18:42:55 +0200 Subject: [PATCH 12/21] integration authenticator --- api/authorization.yml | 144 ++++++++++++++++++ cmd/lakefs/cmd/run.go | 1 + pkg/api/controller.go | 78 +++++++++- pkg/auth/errors.go | 1 + pkg/auth/mock/mock_auth_client.go | 120 +++++++++++++++ pkg/auth/model/model.go | 5 + pkg/auth/remoteauthenticator/authenticator.go | 2 + pkg/auth/service.go | 136 +++++++++++++++-- pkg/config/config.go | 2 + 9 files changed, 475 insertions(+), 14 deletions(-) diff --git a/api/authorization.yml b/api/authorization.yml index b5d86c093ba..e7a78bcd3a7 100644 --- a/api/authorization.yml +++ b/api/authorization.yml @@ -340,6 +340,30 @@ components: format: int64 description: Unix Epoch in seconds + ExternalPrincipal: + type: object + required: + - user_id + - id + properties: + user_id: + type: string + id: + type: string + + ExternalPrincipalList: + type: object + required: + - pagination + - results + properties: + pagination: + $ref: "#/components/schemas/Pagination" + results: + type: array + items: + type: string + paths: /auth/users: get: @@ -983,6 +1007,37 @@ paths: default: $ref: "#/components/responses/ServerError" + /auth/users/{userId}/external/principals: + parameters: + - in: path + name: userId + required: true + schema: + type: string + get: + tags: + - auth + - experimental + parameters: + - $ref: "#/components/parameters/PaginationPrefix" + - $ref: "#/components/parameters/PaginationAfter" + - $ref: "#/components/parameters/PaginationAmount" + operationId: listUserExternalPrincipals + summary: list external principals for user + responses: + 200: + description: external principals + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipalList" + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + default: + $ref: "#/components/responses/ServerError" + /auth/groups/{groupId}/policies: parameters: - in: path @@ -1080,6 +1135,95 @@ paths: default: $ref: "#/components/responses/ServerError" + /auth/external/principals: + get: + tags: + - auth + - experimental + operationId: listExternalPrincipals + summary: list external principals + parameters: + - $ref: "#/components/parameters/PaginationPrefix" + - $ref: "#/components/parameters/PaginationAfter" + - $ref: "#/components/parameters/PaginationAmount" + responses: + 200: + description: external principal list + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipalList" + 401: + $ref: "#/components/responses/Unauthorized" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" + post: + tags: + - auth + operationId: createExternalPrincipal + summary: Create principal as external identity connected to lakeFS user + requestBody: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipal" + responses: + 201: + description: external principal created successfully + 401: + $ref: "#/components/responses/Unauthorized" + 409: + $ref: "#/components/responses/Conflict" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" + + /auth/external/principals/{principalId}: + parameters: + - in: path + name: principalId + required: true + schema: + type: string + get: + tags: + - auth + - experimental + operationId: getExternalPrincipal + summary: get external principal + responses: + 200: + description: external principal + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipal" + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + default: + $ref: "#/components/responses/ServerError" + delete: + tags: + - auth + - experimental + operationId: deleteExternalPrincipalFromUser + summary: delete external principal from user's external principal list + responses: + 204: + description: external principal deleted + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + default: + $ref: "#/components/responses/ServerError" + /healthcheck: get: operationId: healthCheck diff --git a/cmd/lakefs/cmd/run.go b/cmd/lakefs/cmd/run.go index 043fe1e7afd..bc6e71a6806 100644 --- a/cmd/lakefs/cmd/run.go +++ b/cmd/lakefs/cmd/run.go @@ -120,6 +120,7 @@ var runCmd = &cobra.Command{ apiService, err := auth.NewAPIAuthService( cfg.Auth.API.Endpoint, cfg.Auth.API.Token.SecureValue(), + cfg.Auth.RemoteAuthenticator.ExternalPrincipalsEnabled, crypt.NewSecretStore([]byte(cfg.Auth.Encrypt.SecretKey)), authparams.ServiceCache(cfg.Auth.Cache), logger.WithField("service", "auth_api"), diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 1e6ecac697f..d2fd822d346 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -5235,7 +5235,8 @@ func (c *Controller) GetUsageReportSummary(w http.ResponseWriter, r *http.Reques } func (c *Controller) ListExternalPrincipals(w http.ResponseWriter, r *http.Request, params apigen.ListExternalPrincipalsParams) { - if c.Config.IsAuthUISimplified() && c.Config.Auth.RemoteAuthenticator.Enabled { + ctx := r.Context() + if c.Config.IsAuthUISimplified() && c.Auth.IsExternalPrincipalsEnabled(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5247,9 +5248,28 @@ func (c *Controller) ListExternalPrincipals(w http.ResponseWriter, r *http.Reque }) { return } + c.LogAction(ctx, "list_external_principals", r, "", "", "") + externalPrincipalIds, paginator, err := c.Auth.ListExternalPrincipals(ctx, &model.PaginationParams{ + Prefix: paginationPrefix(params.Prefix), + Amount: paginationAmount(params.Amount), + After: paginationAfter(params.After), + }) + if c.handleAPIError(ctx, w, r, err) { + return + } + response := apigen.ExternalPrincipalList{ + Results: externalPrincipalIds, + Pagination: apigen.Pagination{ + HasMore: paginator.NextPageToken != "", + NextOffset: paginator.NextPageToken, + Results: paginator.Amount, + }, + } + writeResponse(w, r, http.StatusOK, response) } func (c *Controller) CreateExternalPrincipal(w http.ResponseWriter, r *http.Request, body apigen.CreateExternalPrincipalJSONRequestBody) { - if c.Config.IsAuthUISimplified() && c.Config.Auth.RemoteAuthenticator.Enabled { + ctx := r.Context() + if c.Config.IsAuthUISimplified() && c.Auth.IsExternalPrincipalsEnabled(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5261,10 +5281,18 @@ func (c *Controller) CreateExternalPrincipal(w http.ResponseWriter, r *http.Requ }) { return } + c.LogAction(ctx, "create_external_principal", r, "", "", "") + // TODO(isan) Settings should be passed here as part of the request. i.e using session name or not + err := c.Auth.CreateExternalPrincipal(ctx, body.Id, body.UserId) + if c.handleAPIError(ctx, w, r, err) { + return + } + writeResponse(w, r, http.StatusCreated, nil) } func (c *Controller) DeleteExternalPrincipal(w http.ResponseWriter, r *http.Request, principalID string) { - if c.Config.IsAuthUISimplified() && c.Config.Auth.RemoteAuthenticator.Enabled { + ctx := r.Context() + if c.Config.IsAuthUISimplified() && c.Auth.IsExternalPrincipalsEnabled(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5276,10 +5304,17 @@ func (c *Controller) DeleteExternalPrincipal(w http.ResponseWriter, r *http.Requ }) { return } + c.LogAction(ctx, "delete_external_principal", r, "", "", "") + err := c.Auth.DeleteExternalPrincipalFromUser(ctx, principalID) + if c.handleAPIError(ctx, w, r, err) { + return + } + writeResponse(w, r, http.StatusNoContent, nil) } func (c *Controller) GetExternalPrincipal(w http.ResponseWriter, r *http.Request, principalID string) { - if c.Config.IsAuthUISimplified() && c.Config.Auth.RemoteAuthenticator.Enabled { + ctx := r.Context() + if c.Config.IsAuthUISimplified() && c.Auth.IsExternalPrincipalsEnabled(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5291,10 +5326,22 @@ func (c *Controller) GetExternalPrincipal(w http.ResponseWriter, r *http.Request }) { return } + c.LogAction(ctx, "get_external_principal", r, "", "", "") + // TODO(isan) pass settings as well + principal, err := c.Auth.GetExternalPrincipal(ctx, principalID) + if c.handleAPIError(ctx, w, r, err) { + return + } + response := apigen.ExternalPrincipal{ + Id: principal.ID, + UserId: principal.Username, + } + writeResponse(w, r, http.StatusOK, response) } func (c *Controller) ListUserExternalPrincipals(w http.ResponseWriter, r *http.Request, userID string, params apigen.ListUserExternalPrincipalsParams) { - if c.Config.IsAuthUISimplified() && c.Config.Auth.RemoteAuthenticator.Enabled { + ctx := r.Context() + if c.Config.IsAuthUISimplified() && c.Auth.IsExternalPrincipalsEnabled(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5306,4 +5353,25 @@ func (c *Controller) ListUserExternalPrincipals(w http.ResponseWriter, r *http.R }) { return } + + c.LogAction(ctx, "list_user_external_principals", r, "", "", "") + + principalIds, paginator, err := c.Auth.ListUserExternalPrincipals(ctx, userID, &model.PaginationParams{ + Prefix: paginationPrefix(params.Prefix), + Amount: paginationAmount(params.Amount), + After: paginationAfter(params.After), + }) + + if c.handleAPIError(ctx, w, r, err) { + return + } + + response := apigen.ExternalPrincipalList{ + Results: principalIds, + Pagination: apigen.Pagination{ + HasMore: paginator.NextPageToken != "", + NextOffset: paginator.NextPageToken, + Results: paginator.Amount, + }} + writeResponse(w, r, http.StatusOK, response) } diff --git a/pkg/auth/errors.go b/pkg/auth/errors.go index 15341d6d5fe..f903b3d7f9a 100644 --- a/pkg/auth/errors.go +++ b/pkg/auth/errors.go @@ -20,4 +20,5 @@ var ( ErrInvalidRequest = errors.New("invalid request") ErrUserNotFound = errors.New("user not found") ErrInvalidResponse = errors.New("invalid response") + ErrNotImplemented = errors.New("not implemented") ) diff --git a/pkg/auth/mock/mock_auth_client.go b/pkg/auth/mock/mock_auth_client.go index f72212b92eb..54b6a91716f 100644 --- a/pkg/auth/mock/mock_auth_client.go +++ b/pkg/auth/mock/mock_auth_client.go @@ -156,6 +156,46 @@ func (mr *MockClientWithResponsesInterfaceMockRecorder) CreateCredentialsWithRes return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateCredentialsWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).CreateCredentialsWithResponse), varargs...) } +// CreateExternalPrincipalWithBodyWithResponse mocks base method. +func (m *MockClientWithResponsesInterface) CreateExternalPrincipalWithBodyWithResponse(arg0 context.Context, arg1 string, arg2 io.Reader, arg3 ...auth.RequestEditorFn) (*auth.CreateExternalPrincipalResponse, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1, arg2} + for _, a := range arg3 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "CreateExternalPrincipalWithBodyWithResponse", varargs...) + ret0, _ := ret[0].(*auth.CreateExternalPrincipalResponse) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// CreateExternalPrincipalWithBodyWithResponse indicates an expected call of CreateExternalPrincipalWithBodyWithResponse. +func (mr *MockClientWithResponsesInterfaceMockRecorder) CreateExternalPrincipalWithBodyWithResponse(arg0, arg1, arg2 interface{}, arg3 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1, arg2}, arg3...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateExternalPrincipalWithBodyWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).CreateExternalPrincipalWithBodyWithResponse), varargs...) +} + +// CreateExternalPrincipalWithResponse mocks base method. +func (m *MockClientWithResponsesInterface) CreateExternalPrincipalWithResponse(arg0 context.Context, arg1 auth.CreateExternalPrincipalJSONRequestBody, arg2 ...auth.RequestEditorFn) (*auth.CreateExternalPrincipalResponse, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "CreateExternalPrincipalWithResponse", varargs...) + ret0, _ := ret[0].(*auth.CreateExternalPrincipalResponse) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// CreateExternalPrincipalWithResponse indicates an expected call of CreateExternalPrincipalWithResponse. +func (mr *MockClientWithResponsesInterfaceMockRecorder) CreateExternalPrincipalWithResponse(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateExternalPrincipalWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).CreateExternalPrincipalWithResponse), varargs...) +} + // CreateGroupWithBodyWithResponse mocks base method. func (m *MockClientWithResponsesInterface) CreateGroupWithBodyWithResponse(arg0 context.Context, arg1 string, arg2 io.Reader, arg3 ...auth.RequestEditorFn) (*auth.CreateGroupResponse, error) { m.ctrl.T.Helper() @@ -296,6 +336,26 @@ func (mr *MockClientWithResponsesInterfaceMockRecorder) DeleteCredentialsWithRes return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteCredentialsWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).DeleteCredentialsWithResponse), varargs...) } +// DeleteExternalPrincipalFromUserWithResponse mocks base method. +func (m *MockClientWithResponsesInterface) DeleteExternalPrincipalFromUserWithResponse(arg0 context.Context, arg1 string, arg2 ...auth.RequestEditorFn) (*auth.DeleteExternalPrincipalFromUserResponse, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "DeleteExternalPrincipalFromUserWithResponse", varargs...) + ret0, _ := ret[0].(*auth.DeleteExternalPrincipalFromUserResponse) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DeleteExternalPrincipalFromUserWithResponse indicates an expected call of DeleteExternalPrincipalFromUserWithResponse. +func (mr *MockClientWithResponsesInterfaceMockRecorder) DeleteExternalPrincipalFromUserWithResponse(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteExternalPrincipalFromUserWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).DeleteExternalPrincipalFromUserWithResponse), varargs...) +} + // DeleteGroupMembershipWithResponse mocks base method. func (m *MockClientWithResponsesInterface) DeleteGroupMembershipWithResponse(arg0 context.Context, arg1, arg2 string, arg3 ...auth.RequestEditorFn) (*auth.DeleteGroupMembershipResponse, error) { m.ctrl.T.Helper() @@ -456,6 +516,26 @@ func (mr *MockClientWithResponsesInterfaceMockRecorder) GetCredentialsWithRespon return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetCredentialsWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).GetCredentialsWithResponse), varargs...) } +// GetExternalPrincipalWithResponse mocks base method. +func (m *MockClientWithResponsesInterface) GetExternalPrincipalWithResponse(arg0 context.Context, arg1 string, arg2 ...auth.RequestEditorFn) (*auth.GetExternalPrincipalResponse, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "GetExternalPrincipalWithResponse", varargs...) + ret0, _ := ret[0].(*auth.GetExternalPrincipalResponse) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetExternalPrincipalWithResponse indicates an expected call of GetExternalPrincipalWithResponse. +func (mr *MockClientWithResponsesInterfaceMockRecorder) GetExternalPrincipalWithResponse(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetExternalPrincipalWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).GetExternalPrincipalWithResponse), varargs...) +} + // GetGroupWithResponse mocks base method. func (m *MockClientWithResponsesInterface) GetGroupWithResponse(arg0 context.Context, arg1 string, arg2 ...auth.RequestEditorFn) (*auth.GetGroupResponse, error) { m.ctrl.T.Helper() @@ -556,6 +636,26 @@ func (mr *MockClientWithResponsesInterfaceMockRecorder) HealthCheckWithResponse( return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HealthCheckWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).HealthCheckWithResponse), varargs...) } +// ListExternalPrincipalsWithResponse mocks base method. +func (m *MockClientWithResponsesInterface) ListExternalPrincipalsWithResponse(arg0 context.Context, arg1 *auth.ListExternalPrincipalsParams, arg2 ...auth.RequestEditorFn) (*auth.ListExternalPrincipalsResponse, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "ListExternalPrincipalsWithResponse", varargs...) + ret0, _ := ret[0].(*auth.ListExternalPrincipalsResponse) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListExternalPrincipalsWithResponse indicates an expected call of ListExternalPrincipalsWithResponse. +func (mr *MockClientWithResponsesInterfaceMockRecorder) ListExternalPrincipalsWithResponse(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListExternalPrincipalsWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).ListExternalPrincipalsWithResponse), varargs...) +} + // ListGroupMembersWithResponse mocks base method. func (m *MockClientWithResponsesInterface) ListGroupMembersWithResponse(arg0 context.Context, arg1 string, arg2 *auth.ListGroupMembersParams, arg3 ...auth.RequestEditorFn) (*auth.ListGroupMembersResponse, error) { m.ctrl.T.Helper() @@ -656,6 +756,26 @@ func (mr *MockClientWithResponsesInterfaceMockRecorder) ListUserCredentialsWithR return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListUserCredentialsWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).ListUserCredentialsWithResponse), varargs...) } +// ListUserExternalPrincipalsWithResponse mocks base method. +func (m *MockClientWithResponsesInterface) ListUserExternalPrincipalsWithResponse(arg0 context.Context, arg1 string, arg2 *auth.ListUserExternalPrincipalsParams, arg3 ...auth.RequestEditorFn) (*auth.ListUserExternalPrincipalsResponse, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1, arg2} + for _, a := range arg3 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "ListUserExternalPrincipalsWithResponse", varargs...) + ret0, _ := ret[0].(*auth.ListUserExternalPrincipalsResponse) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListUserExternalPrincipalsWithResponse indicates an expected call of ListUserExternalPrincipalsWithResponse. +func (mr *MockClientWithResponsesInterfaceMockRecorder) ListUserExternalPrincipalsWithResponse(arg0, arg1, arg2 interface{}, arg3 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1, arg2}, arg3...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListUserExternalPrincipalsWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).ListUserExternalPrincipalsWithResponse), varargs...) +} + // ListUserGroupsWithResponse mocks base method. func (m *MockClientWithResponsesInterface) ListUserGroupsWithResponse(arg0 context.Context, arg1 string, arg2 *auth.ListUserGroupsParams, arg3 ...auth.RequestEditorFn) (*auth.ListUserGroupsResponse, error) { m.ctrl.T.Helper() diff --git a/pkg/auth/model/model.go b/pkg/auth/model/model.go index 74829950294..336487e0c3f 100644 --- a/pkg/auth/model/model.go +++ b/pkg/auth/model/model.go @@ -199,6 +199,11 @@ type CredentialKeys struct { SecretAccessKey string `json:"secret_access_key"` } +type ExternalPrincipal struct { + ID string `db:"id"` + Username string `db:"username"` +} + func (u *User) UpdatePassword(password string) error { pw, err := HashPassword(password) if err != nil { diff --git a/pkg/auth/remoteauthenticator/authenticator.go b/pkg/auth/remoteauthenticator/authenticator.go index 2b59ddeb393..e79c0775bdd 100644 --- a/pkg/auth/remoteauthenticator/authenticator.go +++ b/pkg/auth/remoteauthenticator/authenticator.go @@ -24,6 +24,8 @@ var ErrBadConfig = errors.New("invalid configuration") type AuthenticatorConfig struct { // Enabled if set true will enable authenticator Enabled bool + // ExternalPrincipalAuth support external principals + ExternalPrincipalsEnabled bool // Endpoint URL of the remote authentication service (e.g. https://my-auth.example.com/auth) Endpoint string // DefaultUserGroup is the default group for the users authenticated by the remote service diff --git a/pkg/auth/service.go b/pkg/auth/service.go index de2cf59473c..f82425d5e1c 100644 --- a/pkg/auth/service.go +++ b/pkg/auth/service.go @@ -77,6 +77,15 @@ type EmailInviter interface { InviteUser(ctx context.Context, email string) error } +type ExternalPrincipalsService interface { + IsExternalPrincipalsEnabled(ctx context.Context) bool + CreateExternalPrincipal(ctx context.Context, externalPrincipalID, username string) error + DeleteExternalPrincipalFromUser(ctx context.Context, externalPrincipalID string) error + GetExternalPrincipal(ctx context.Context, externalPrincipalID string) (*model.ExternalPrincipal, error) + ListExternalPrincipals(ctx context.Context, params *model.PaginationParams) ([]string, *model.Paginator, error) + ListUserExternalPrincipals(ctx context.Context, username string, params *model.PaginationParams) ([]string, *model.Paginator, error) +} + type Service interface { SecretStore() crypt.SecretStore Cache() Cache @@ -90,6 +99,9 @@ type Service interface { GetUserByEmail(ctx context.Context, email string) (*model.User, error) ListUsers(ctx context.Context, params *model.PaginationParams) ([]*model.User, *model.Paginator, error) + // external principals + ExternalPrincipalsService + // groups CreateGroup(ctx context.Context, group *model.Group) (*model.Group, error) DeleteGroup(ctx context.Context, groupID string) error @@ -1102,6 +1114,25 @@ func claimTokenIDOnce(ctx context.Context, tokenID string, expiresAt int64, mark return nil } +func (s *AuthService) IsExternalPrincipalsEnabled(ctx context.Context) bool { + return false +} +func (s *AuthService) CreateExternalPrincipal(ctx context.Context, externalPrincipalID, username string) error { + return ErrNotImplemented +} +func (s *AuthService) DeleteExternalPrincipalFromUser(ctx context.Context, externalPrincipalID string) error { + return ErrNotImplemented +} +func (s *AuthService) GetExternalPrincipal(ctx context.Context, externalPrincipalID string) (*model.ExternalPrincipal, error) { + return nil, ErrNotImplemented +} +func (s *AuthService) ListExternalPrincipals(ctx context.Context, params *model.PaginationParams) ([]string, *model.Paginator, error) { + return nil, nil, ErrNotImplemented +} +func (s *AuthService) ListUserExternalPrincipals(ctx context.Context, username string, params *model.PaginationParams) ([]string, *model.Paginator, error) { + return nil, nil, ErrNotImplemented +} + // markTokenSingleUse returns true if token is valid for single use func (s *AuthService) markTokenSingleUse(ctx context.Context, tokenID string, tokenExpiresAt time.Time) (bool, error) { tokenPath := model.ExpiredTokenPath(tokenID) @@ -1159,10 +1190,11 @@ const ( ) type APIAuthService struct { - apiClient ClientWithResponsesInterface - secretStore crypt.SecretStore - logger logging.Logger - cache Cache + apiClient ClientWithResponsesInterface + secretStore crypt.SecretStore + logger logging.Logger + cache Cache + externalPrincipalseEnabled bool } func (a *APIAuthService) InviteUser(ctx context.Context, email string) error { @@ -1933,7 +1965,92 @@ func (a *APIAuthService) CheckHealth(ctx context.Context, logger logging.Logger, return nil } -func NewAPIAuthService(apiEndpoint, token string, secretStore crypt.SecretStore, cacheConf params.ServiceCache, logger logging.Logger) (*APIAuthService, error) { +func (a *APIAuthService) IsExternalPrincipalsEnabled(ctx context.Context) bool { + return a.externalPrincipalseEnabled +} +func (a *APIAuthService) CreateExternalPrincipal(ctx context.Context, externalPrincipalID, username string) error { + if !a.IsExternalPrincipalsEnabled(ctx) { + return fmt.Errorf("not enabled: %w", ErrInvalidRequest) + } + + resp, err := a.apiClient.CreateExternalPrincipalWithResponse(ctx, CreateExternalPrincipalJSONRequestBody{ + Id: externalPrincipalID, + UserId: username, + }) + + if err != nil { + return fmt.Errorf("create principal: %w", err) + } + + return a.validateResponse(resp, http.StatusCreated) +} + +func (a *APIAuthService) DeleteExternalPrincipalFromUser(ctx context.Context, externalPrincipalID string) error { + if !a.IsExternalPrincipalsEnabled(ctx) { + return fmt.Errorf("not enabled: %w", ErrInvalidRequest) + } + resp, err := a.apiClient.DeleteExternalPrincipalFromUserWithResponse(ctx, externalPrincipalID) + if err != nil { + return fmt.Errorf("delete external principal: %w", err) + } + return a.validateResponse(resp, http.StatusNoContent) +} + +func (a *APIAuthService) GetExternalPrincipal(ctx context.Context, externalPrincipalID string) (*model.ExternalPrincipal, error) { + if !a.IsExternalPrincipalsEnabled(ctx) { + return nil, fmt.Errorf("not enabled: %w", ErrInvalidRequest) + } + resp, err := a.apiClient.GetExternalPrincipalWithResponse(ctx, externalPrincipalID) + if err != nil { + return nil, fmt.Errorf("get external principal: %w", err) + } + if err := a.validateResponse(resp, http.StatusOK); err != nil { + return nil, err + } + return &model.ExternalPrincipal{ + ID: resp.JSON200.Id, + Username: resp.JSON200.UserId, + }, nil +} + +func (a *APIAuthService) ListExternalPrincipals(ctx context.Context, params *model.PaginationParams) ([]string, *model.Paginator, error) { + if !a.IsExternalPrincipalsEnabled(ctx) { + return nil, nil, fmt.Errorf("not enabled: %w", ErrInvalidRequest) + } + resp, err := a.apiClient.ListExternalPrincipalsWithResponse(ctx, &ListExternalPrincipalsParams{ + Prefix: paginationPrefix(params.Prefix), + After: paginationAfter(params.After), + Amount: paginationAmount(params.Amount), + }) + if err != nil { + return nil, nil, fmt.Errorf("list external principals: %w", err) + } + if err := a.validateResponse(resp, http.StatusOK); err != nil { + return nil, nil, err + } + + return resp.JSON200.Results, toPagination(resp.JSON200.Pagination), nil +} + +func (a *APIAuthService) ListUserExternalPrincipals(ctx context.Context, username string, params *model.PaginationParams) ([]string, *model.Paginator, error) { + if !a.IsExternalPrincipalsEnabled(ctx) { + return nil, nil, fmt.Errorf("not enabled: %w", ErrInvalidRequest) + } + resp, err := a.apiClient.ListUserExternalPrincipalsWithResponse(ctx, username, &ListUserExternalPrincipalsParams{ + Prefix: paginationPrefix(params.Prefix), + After: paginationAfter(params.After), + Amount: paginationAmount(params.Amount), + }) + if err != nil { + return nil, nil, fmt.Errorf("list user external principals: %w", err) + } + if err := a.validateResponse(resp, http.StatusOK); err != nil { + return nil, nil, err + } + return resp.JSON200.Results, toPagination(resp.JSON200.Pagination), nil +} + +func NewAPIAuthService(apiEndpoint, token string, externalPrincipalseEnabled bool, secretStore crypt.SecretStore, cacheConf params.ServiceCache, logger logging.Logger) (*APIAuthService, error) { if token == "" { // when no token is provided, generate one. // communicate with auth service always uses a token @@ -1966,10 +2083,11 @@ func NewAPIAuthService(apiEndpoint, token string, secretStore crypt.SecretStore, cache = &DummyCache{} } res := &APIAuthService{ - apiClient: client, - secretStore: secretStore, - logger: logger, - cache: cache, + apiClient: client, + secretStore: secretStore, + logger: logger, + cache: cache, + externalPrincipalseEnabled: externalPrincipalseEnabled, } return res, nil } diff --git a/pkg/config/config.go b/pkg/config/config.go index 23a19697377..3b364640371 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -186,6 +186,8 @@ type Config struct { RemoteAuthenticator struct { // Enabled if set true will enable remote authentication Enabled bool `mapstructure:"enabled"` + // ExternalPrincipalAuth configuration related external principals + ExternalPrincipalsEnabled bool `mapstructure:"external_principals_enabled"` // Endpoint URL of the remote authentication service (e.g. https://my-auth.example.com/auth) Endpoint string `mapstructure:"endpoint"` // DefaultUserGroup is the default group for the users authenticated by the remote service From 2108e6dca8e818598d048a4e6250b81ff8a68e27 Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Mon, 11 Mar 2024 11:12:15 +0200 Subject: [PATCH 13/21] update base actions --- pkg/permissions/actions.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/permissions/actions.go b/pkg/permissions/actions.go index e1c6a18f537..0b18a64e31d 100644 --- a/pkg/permissions/actions.go +++ b/pkg/permissions/actions.go @@ -61,10 +61,10 @@ const ( CreateCredentialsAction = "auth:CreateCredentials" //nolint:gosec DeleteCredentialsAction = "auth:DeleteCredentials" //nolint:gosec ListCredentialsAction = "auth:ListCredentials" //nolint:gosec - CreateExternalPrincipalAction = "auth:CreateExternalPrincipal" - DeleteExternalPrincipalAction = "auth:DeleteExternalPrincipal" - ListExternalPrincipalsAction = "auth:ListExternalPrincipals" - ReadExternalPrincipalAction = "auth:ReadExternalPrincipal" + CreateUserExternalPrincipalAction = "auth:CreateUserExternalPrincipal" + DeleteUserExternalPrincipalAction = "auth:DeleteUserExternalPrincipal" + ListUserExternalPrincipalsAction = "auth:ListUserExternalPrincipals" + ReadUserExternalPrincipalAction = "auth:ReadUserExternalPrincipal" ReadActionsAction = "ci:ReadAction" PrepareGarbageCollectionCommitsAction = "retention:PrepareGarbageCollectionCommits" GetGarbageCollectionRulesAction = "retention:GetGarbageCollectionRules" From a347036e627061f4a3e059710aefde53514a4981 Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Mon, 11 Mar 2024 11:25:13 +0200 Subject: [PATCH 14/21] update api public endpoints --- api/swagger.yml | 177 +++++++++++++++++++++--------------------------- 1 file changed, 78 insertions(+), 99 deletions(-) diff --git a/api/swagger.yml b/api/swagger.yml index 762de7ddb7e..a65e3f81b96 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -2426,6 +2426,83 @@ paths: default: $ref: "#/components/responses/ServerError" + /auth/users/{userId}/external/principal/{principalId}: + parameters: + - in: path + name: userId + required: true + schema: + type: string + - in: path + name: principalId + required: true + schema: + type: string + post: + tags: + - auth + - external + - experimental + operationId: createUserExternalPrincipal + summary: attach external principal to user + requestBody: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipal" + responses: + 201: + description: external principal attached successfully + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" + delete: + tags: + - auth + - external + - experimental + operationId: deleteUserExternalPrincipal + summary: delete external principal from user + responses: + 204: + description: external principal detached successfully + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" + get: + tags: + - auth + - external + - experimental + operationId: getUserExternalPrincipal + summary: get external principal of a user + responses: + 200: + description: external principal + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipal" + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" + /auth/users/{userId}/external/principals: parameters: - in: path @@ -2589,105 +2666,7 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" - - /auth/external/principals: - get: - tags: - - auth - - external - - experimental - operationId: listExternalPrincipals - summary: list external principals - parameters: - - $ref: "#/components/parameters/PaginationPrefix" - - $ref: "#/components/parameters/PaginationAfter" - - $ref: "#/components/parameters/PaginationAmount" - responses: - 200: - description: external principal list - content: - application/json: - schema: - $ref: "#/components/schemas/ExternalPrincipalList" - 401: - $ref: "#/components/responses/Unauthorized" - 420: - description: too many requests - default: - $ref: "#/components/responses/ServerError" - post: - tags: - - auth - - external - - experimental - operationId: createExternalPrincipal - summary: Create principal as external identity connected to lakeFS user - requestBody: - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/ExternalPrincipal" - responses: - 201: - description: external principal created successfully - 401: - $ref: "#/components/responses/Unauthorized" - 409: - $ref: "#/components/responses/Conflict" - 420: - description: too many requests - default: - $ref: "#/components/responses/ServerError" - - /auth/external/principals/{principalId}: - parameters: - - in: path - name: principalId - required: true - schema: - type: string - get: - tags: - - auth - - external - - experimental - operationId: getExternalPrincipal - summary: Get principal information - responses: - 200: - description: external principal - content: - application/json: - schema: - $ref: "#/components/schemas/ExternalPrincipal" - 401: - $ref: "#/components/responses/Unauthorized" - 404: - $ref: "#/components/responses/NotFound" - 420: - description: too many requests - default: - $ref: "#/components/responses/ServerError" - delete: - tags: - - auth - - external - - experimental - operationId: deleteExternalPrincipal - summary: Delete principal and lakeFS attachments - responses: - 204: - description: external principal deleted successfully - 401: - $ref: "#/components/responses/Unauthorized" - 404: - $ref: "#/components/responses/NotFound" - 420: - description: too many requests - default: - $ref: "#/components/responses/ServerError" - + /repositories: get: tags: From 4458308b29e967b680b3f75d3635a02cb45f464e Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Mon, 11 Mar 2024 11:52:34 +0200 Subject: [PATCH 15/21] update external api controller --- api/swagger.yml | 9 +- docs/assets/js/swagger.yml | 184 +++++++++++++++------------------ pkg/api/controller.go | 53 ++-------- pkg/permissions/actions.gen.go | 8 +- pkg/permissions/permission.go | 3 - 5 files changed, 107 insertions(+), 150 deletions(-) diff --git a/api/swagger.yml b/api/swagger.yml index a65e3f81b96..366afc604ff 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -1649,6 +1649,13 @@ components: additionalProperties: type: string description: Additional settings to be consumed by the remote authenticator + ExternalPrincipalCreation: + type: object + properties: + settings: + type: object + items: + $ref: "#/components/schemas/ExternalPrincipalSettings" ExternalPrincipal: type: object required: @@ -2450,7 +2457,7 @@ paths: content: application/json: schema: - $ref: "#/components/schemas/ExternalPrincipal" + $ref: "#/components/schemas/ExternalPrincipalCreation" responses: 201: description: external principal attached successfully diff --git a/docs/assets/js/swagger.yml b/docs/assets/js/swagger.yml index 762de7ddb7e..366afc604ff 100644 --- a/docs/assets/js/swagger.yml +++ b/docs/assets/js/swagger.yml @@ -1649,6 +1649,13 @@ components: additionalProperties: type: string description: Additional settings to be consumed by the remote authenticator + ExternalPrincipalCreation: + type: object + properties: + settings: + type: object + items: + $ref: "#/components/schemas/ExternalPrincipalSettings" ExternalPrincipal: type: object required: @@ -2426,6 +2433,83 @@ paths: default: $ref: "#/components/responses/ServerError" + /auth/users/{userId}/external/principal/{principalId}: + parameters: + - in: path + name: userId + required: true + schema: + type: string + - in: path + name: principalId + required: true + schema: + type: string + post: + tags: + - auth + - external + - experimental + operationId: createUserExternalPrincipal + summary: attach external principal to user + requestBody: + required: true + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipalCreation" + responses: + 201: + description: external principal attached successfully + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" + delete: + tags: + - auth + - external + - experimental + operationId: deleteUserExternalPrincipal + summary: delete external principal from user + responses: + 204: + description: external principal detached successfully + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" + get: + tags: + - auth + - external + - experimental + operationId: getUserExternalPrincipal + summary: get external principal of a user + responses: + 200: + description: external principal + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipal" + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + 420: + description: too many requests + default: + $ref: "#/components/responses/ServerError" + /auth/users/{userId}/external/principals: parameters: - in: path @@ -2589,105 +2673,7 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" - - /auth/external/principals: - get: - tags: - - auth - - external - - experimental - operationId: listExternalPrincipals - summary: list external principals - parameters: - - $ref: "#/components/parameters/PaginationPrefix" - - $ref: "#/components/parameters/PaginationAfter" - - $ref: "#/components/parameters/PaginationAmount" - responses: - 200: - description: external principal list - content: - application/json: - schema: - $ref: "#/components/schemas/ExternalPrincipalList" - 401: - $ref: "#/components/responses/Unauthorized" - 420: - description: too many requests - default: - $ref: "#/components/responses/ServerError" - post: - tags: - - auth - - external - - experimental - operationId: createExternalPrincipal - summary: Create principal as external identity connected to lakeFS user - requestBody: - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/ExternalPrincipal" - responses: - 201: - description: external principal created successfully - 401: - $ref: "#/components/responses/Unauthorized" - 409: - $ref: "#/components/responses/Conflict" - 420: - description: too many requests - default: - $ref: "#/components/responses/ServerError" - - /auth/external/principals/{principalId}: - parameters: - - in: path - name: principalId - required: true - schema: - type: string - get: - tags: - - auth - - external - - experimental - operationId: getExternalPrincipal - summary: Get principal information - responses: - 200: - description: external principal - content: - application/json: - schema: - $ref: "#/components/schemas/ExternalPrincipal" - 401: - $ref: "#/components/responses/Unauthorized" - 404: - $ref: "#/components/responses/NotFound" - 420: - description: too many requests - default: - $ref: "#/components/responses/ServerError" - delete: - tags: - - auth - - external - - experimental - operationId: deleteExternalPrincipal - summary: Delete principal and lakeFS attachments - responses: - 204: - description: external principal deleted successfully - 401: - $ref: "#/components/responses/Unauthorized" - 404: - $ref: "#/components/responses/NotFound" - 420: - description: too many requests - default: - $ref: "#/components/responses/ServerError" - + /repositories: get: tags: diff --git a/pkg/api/controller.go b/pkg/api/controller.go index d2fd822d346..75ed0f671d9 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -5234,7 +5234,7 @@ func (c *Controller) GetUsageReportSummary(w http.ResponseWriter, r *http.Reques writeResponse(w, r, http.StatusOK, response) } -func (c *Controller) ListExternalPrincipals(w http.ResponseWriter, r *http.Request, params apigen.ListExternalPrincipalsParams) { +func (c *Controller) CreateUserExternalPrincipal(w http.ResponseWriter, r *http.Request, body apigen.CreateUserExternalPrincipalJSONRequestBody, userID, principalID string) { ctx := r.Context() if c.Config.IsAuthUISimplified() && c.Auth.IsExternalPrincipalsEnabled(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") @@ -5242,55 +5242,22 @@ func (c *Controller) ListExternalPrincipals(w http.ResponseWriter, r *http.Reque } if !c.authorize(w, r, permissions.Node{ Permission: permissions.Permission{ - Action: permissions.ListExternalPrincipalsAction, - Resource: permissions.All, - }, - }) { - return - } - c.LogAction(ctx, "list_external_principals", r, "", "", "") - externalPrincipalIds, paginator, err := c.Auth.ListExternalPrincipals(ctx, &model.PaginationParams{ - Prefix: paginationPrefix(params.Prefix), - Amount: paginationAmount(params.Amount), - After: paginationAfter(params.After), - }) - if c.handleAPIError(ctx, w, r, err) { - return - } - response := apigen.ExternalPrincipalList{ - Results: externalPrincipalIds, - Pagination: apigen.Pagination{ - HasMore: paginator.NextPageToken != "", - NextOffset: paginator.NextPageToken, - Results: paginator.Amount, - }, - } - writeResponse(w, r, http.StatusOK, response) -} -func (c *Controller) CreateExternalPrincipal(w http.ResponseWriter, r *http.Request, body apigen.CreateExternalPrincipalJSONRequestBody) { - ctx := r.Context() - if c.Config.IsAuthUISimplified() && c.Auth.IsExternalPrincipalsEnabled(ctx) { - writeError(w, r, http.StatusNotImplemented, "Not implemented") - return - } - if !c.authorize(w, r, permissions.Node{ - Permission: permissions.Permission{ - Action: permissions.CreateExternalPrincipalAction, - Resource: permissions.UserArn(body.UserId), + Action: permissions.CreateUserExternalPrincipalAction, + Resource: permissions.UserArn(userID), }, }) { return } c.LogAction(ctx, "create_external_principal", r, "", "", "") // TODO(isan) Settings should be passed here as part of the request. i.e using session name or not - err := c.Auth.CreateExternalPrincipal(ctx, body.Id, body.UserId) + err := c.Auth.CreateExternalPrincipal(ctx, principalID, userID) if c.handleAPIError(ctx, w, r, err) { return } writeResponse(w, r, http.StatusCreated, nil) } -func (c *Controller) DeleteExternalPrincipal(w http.ResponseWriter, r *http.Request, principalID string) { +func (c *Controller) DeleteUserExternalPrincipal(w http.ResponseWriter, r *http.Request, userID, principalID string) { ctx := r.Context() if c.Config.IsAuthUISimplified() && c.Auth.IsExternalPrincipalsEnabled(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") @@ -5298,8 +5265,8 @@ func (c *Controller) DeleteExternalPrincipal(w http.ResponseWriter, r *http.Requ } if !c.authorize(w, r, permissions.Node{ Permission: permissions.Permission{ - Action: permissions.DeleteExternalPrincipalAction, - Resource: permissions.ExternalPrincipalArn(principalID), + Action: permissions.DeleteUserExternalPrincipalAction, + Resource: permissions.UserArn(userID), }, }) { return @@ -5312,7 +5279,7 @@ func (c *Controller) DeleteExternalPrincipal(w http.ResponseWriter, r *http.Requ writeResponse(w, r, http.StatusNoContent, nil) } -func (c *Controller) GetExternalPrincipal(w http.ResponseWriter, r *http.Request, principalID string) { +func (c *Controller) GetUserExternalPrincipal(w http.ResponseWriter, r *http.Request, userID, principalID string) { ctx := r.Context() if c.Config.IsAuthUISimplified() && c.Auth.IsExternalPrincipalsEnabled(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") @@ -5320,8 +5287,8 @@ func (c *Controller) GetExternalPrincipal(w http.ResponseWriter, r *http.Request } if !c.authorize(w, r, permissions.Node{ Permission: permissions.Permission{ - Action: permissions.ReadExternalPrincipalAction, - Resource: permissions.ExternalPrincipalArn(principalID), + Action: permissions.ReadUserExternalPrincipalAction, + Resource: permissions.UserArn(userID), }, }) { return diff --git a/pkg/permissions/actions.gen.go b/pkg/permissions/actions.gen.go index 6a8f18600e8..12a31286093 100644 --- a/pkg/permissions/actions.gen.go +++ b/pkg/permissions/actions.gen.go @@ -50,10 +50,10 @@ var Actions = []string{ "auth:CreateCredentials", "auth:DeleteCredentials", "auth:ListCredentials", - "auth:CreateExternalPrincipal", - "auth:DeleteExternalPrincipal", - "auth:ListExternalPrincipals", - "auth:ReadExternalPrincipal", + "auth:CreateUserExternalPrincipal", + "auth:DeleteUserExternalPrincipal", + "auth:ListUserExternalPrincipals", + "auth:ReadUserExternalPrincipal", "ci:ReadAction", "retention:PrepareGarbageCollectionCommits", "retention:GetGarbageCollectionRules", diff --git a/pkg/permissions/permission.go b/pkg/permissions/permission.go index 24d7d43f2a8..78b81fc4b67 100644 --- a/pkg/permissions/permission.go +++ b/pkg/permissions/permission.go @@ -57,6 +57,3 @@ func GroupArn(groupID string) string { func PolicyArn(policyID string) string { return authArnPrefix + "policy/" + policyID } -func ExternalPrincipalArn(principalID string) string { - return authArnPrefix + "external/principals/" + principalID -} From 8bd869ab686f18ca369fad3430053daf969e067f Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Mon, 11 Mar 2024 11:55:25 +0200 Subject: [PATCH 16/21] update --- api/swagger.yml | 2 +- docs/assets/js/swagger.yml | 2 +- pkg/api/controller.go | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/api/swagger.yml b/api/swagger.yml index 366afc604ff..969f6f92921 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -1643,7 +1643,7 @@ components: results: type: array items: - type: string + $ref: "#/components/schemas/ExternalPrincipal" ExternalPrincipalSettings: type: object additionalProperties: diff --git a/docs/assets/js/swagger.yml b/docs/assets/js/swagger.yml index 366afc604ff..969f6f92921 100644 --- a/docs/assets/js/swagger.yml +++ b/docs/assets/js/swagger.yml @@ -1643,7 +1643,7 @@ components: results: type: array items: - type: string + $ref: "#/components/schemas/ExternalPrincipal" ExternalPrincipalSettings: type: object additionalProperties: diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 75ed0f671d9..9776a3fe5aa 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -5323,7 +5323,7 @@ func (c *Controller) ListUserExternalPrincipals(w http.ResponseWriter, r *http.R c.LogAction(ctx, "list_user_external_principals", r, "", "", "") - principalIds, paginator, err := c.Auth.ListUserExternalPrincipals(ctx, userID, &model.PaginationParams{ + _, paginator, err := c.Auth.ListUserExternalPrincipals(ctx, userID, &model.PaginationParams{ Prefix: paginationPrefix(params.Prefix), Amount: paginationAmount(params.Amount), After: paginationAfter(params.After), @@ -5334,7 +5334,7 @@ func (c *Controller) ListUserExternalPrincipals(w http.ResponseWriter, r *http.R } response := apigen.ExternalPrincipalList{ - Results: principalIds, + Results: nil, Pagination: apigen.Pagination{ HasMore: paginator.NextPageToken != "", NextOffset: paginator.NextPageToken, From c2103b889f310e2824b72dcdb50978d12430fe8f Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Tue, 12 Mar 2024 14:09:20 +0200 Subject: [PATCH 17/21] tests --- api/authorization.yml | 151 ++- clients/java-legacy/.openapi-generator/FILES | 12 + clients/java-legacy/README.md | 15 + clients/java-legacy/api/openapi.yaml | 289 ++++++ clients/java-legacy/docs/AuthApi.md | 384 ++++++++ clients/java-legacy/docs/ExperimentalApi.md | 384 ++++++++ clients/java-legacy/docs/ExternalApi.md | 392 ++++++++ clients/java-legacy/docs/ExternalPrincipal.md | 15 + .../docs/ExternalPrincipalCreation.md | 13 + .../java-legacy/docs/ExternalPrincipalList.md | 14 + .../java/io/lakefs/clients/api/AuthApi.java | 570 ++++++++++++ .../lakefs/clients/api/ExperimentalApi.java | 570 ++++++++++++ .../io/lakefs/clients/api/ExternalApi.java | 627 +++++++++++++ .../clients/api/model/ExternalPrincipal.java | 167 ++++ .../api/model/ExternalPrincipalCreation.java | 109 +++ .../api/model/ExternalPrincipalList.java | 136 +++ .../io/lakefs/clients/api/AuthApiTest.java | 70 ++ .../clients/api/ExperimentalApiTest.java | 70 ++ .../lakefs/clients/api/ExternalApiTest.java | 105 +++ .../model/ExternalPrincipalCreationTest.java | 54 ++ .../api/model/ExternalPrincipalListTest.java | 63 ++ .../api/model/ExternalPrincipalTest.java | 70 ++ clients/java/README.md | 15 + clients/java/api/openapi.yaml | 289 ++++++ clients/java/docs/AuthApi.md | 391 ++++++++ clients/java/docs/ExperimentalApi.md | 391 ++++++++ clients/java/docs/ExternalApi.md | 399 ++++++++ clients/java/docs/ExternalPrincipal.md | 15 + .../java/docs/ExternalPrincipalCreation.md | 13 + clients/java/docs/ExternalPrincipalList.md | 14 + .../java/io/lakefs/clients/sdk/AuthApi.java | 876 ++++++++++++++++-- .../lakefs/clients/sdk/ExperimentalApi.java | 764 +++++++++++++++ .../io/lakefs/clients/sdk/ExternalApi.java | 839 +++++++++++++++++ .../main/java/io/lakefs/clients/sdk/JSON.java | 3 + .../clients/sdk/model/ExternalPrincipal.java | 368 ++++++++ .../sdk/model/ExternalPrincipalCreation.java | 297 ++++++ .../sdk/model/ExternalPrincipalList.java | 343 +++++++ .../io/lakefs/clients/sdk/AuthApiTest.java | 65 ++ .../clients/sdk/ExperimentalApiTest.java | 65 ++ .../lakefs/clients/sdk/ExternalApiTest.java | 99 ++ .../model/ExternalPrincipalCreationTest.java | 51 + .../sdk/model/ExternalPrincipalListTest.java | 60 ++ .../sdk/model/ExternalPrincipalTest.java | 67 ++ .../python-legacy/.openapi-generator/FILES | 15 + clients/python-legacy/README.md | 16 + clients/python-legacy/docs/AuthApi.md | 462 +++++++++ clients/python-legacy/docs/ExperimentalApi.md | 462 +++++++++ clients/python-legacy/docs/ExternalApi.md | 470 ++++++++++ .../python-legacy/docs/ExternalPrincipal.md | 14 + .../docs/ExternalPrincipalCreation.md | 12 + .../docs/ExternalPrincipalList.md | 13 + .../docs/ExternalPrincipalSettings.md | 12 + .../lakefs_client/api/auth_api.py | 548 +++++++++++ .../lakefs_client/api/experimental_api.py | 548 +++++++++++ .../lakefs_client/api/external_api.py | 587 ++++++++++++ .../lakefs_client/apis/__init__.py | 1 + clients/python-legacy/lakefs_client/client.py | 2 + .../lakefs_client/model/external_principal.py | 278 ++++++ .../model/external_principal_creation.py | 262 ++++++ .../model/external_principal_list.py | 276 ++++++ .../model/external_principal_settings.py | 252 +++++ .../lakefs_client/models/__init__.py | 4 + clients/python-legacy/test/test_auth_api.py | 28 + .../test/test_experimental_api.py | 28 + .../python-legacy/test/test_external_api.py | 57 ++ .../test/test_external_principal.py | 38 + .../test/test_external_principal_creation.py | 38 + .../test/test_external_principal_list.py | 40 + .../test/test_external_principal_settings.py | 36 + clients/python/.openapi-generator/FILES | 12 + clients/python/README.md | 15 + clients/python/docs/AuthApi.md | 453 +++++++++ clients/python/docs/ExperimentalApi.md | 453 +++++++++ clients/python/docs/ExternalApi.md | 461 +++++++++ clients/python/docs/ExternalPrincipal.md | 31 + .../python/docs/ExternalPrincipalCreation.md | 29 + clients/python/docs/ExternalPrincipalList.md | 30 + clients/python/lakefs_sdk/__init__.py | 4 + clients/python/lakefs_sdk/api/__init__.py | 1 + clients/python/lakefs_sdk/api/auth_api.py | 732 +++++++++++++-- .../python/lakefs_sdk/api/experimental_api.py | 618 +++++++++++- clients/python/lakefs_sdk/api/external_api.py | 662 +++++++++++++ clients/python/lakefs_sdk/client.py | 2 + clients/python/lakefs_sdk/models/__init__.py | 3 + .../lakefs_sdk/models/external_principal.py | 76 ++ .../models/external_principal_creation.py | 72 ++ .../models/external_principal_list.py | 86 ++ clients/python/test/test_auth_api.py | 28 + clients/python/test/test_experimental_api.py | 28 + clients/python/test/test_external_api.py | 62 ++ .../python/test/test_external_principal.py | 63 ++ .../test/test_external_principal_creation.py | 59 ++ .../test/test_external_principal_list.py | 84 ++ pkg/api/controller.go | 43 +- pkg/auth/mock/mock_auth_client.go | 160 ++-- pkg/auth/model/model.go | 4 +- pkg/auth/service.go | 82 +- pkg/auth/service_test.go | 140 ++- pkg/config/config.go | 5 + pkg/permissions/actions.gen.go | 2 - pkg/permissions/actions.go | 2 - 101 files changed, 18328 insertions(+), 377 deletions(-) create mode 100644 clients/java-legacy/docs/ExternalApi.md create mode 100644 clients/java-legacy/docs/ExternalPrincipal.md create mode 100644 clients/java-legacy/docs/ExternalPrincipalCreation.md create mode 100644 clients/java-legacy/docs/ExternalPrincipalList.md create mode 100644 clients/java-legacy/src/main/java/io/lakefs/clients/api/ExternalApi.java create mode 100644 clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipal.java create mode 100644 clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipalCreation.java create mode 100644 clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipalList.java create mode 100644 clients/java-legacy/src/test/java/io/lakefs/clients/api/ExternalApiTest.java create mode 100644 clients/java-legacy/src/test/java/io/lakefs/clients/api/model/ExternalPrincipalCreationTest.java create mode 100644 clients/java-legacy/src/test/java/io/lakefs/clients/api/model/ExternalPrincipalListTest.java create mode 100644 clients/java-legacy/src/test/java/io/lakefs/clients/api/model/ExternalPrincipalTest.java create mode 100644 clients/java/docs/ExternalApi.md create mode 100644 clients/java/docs/ExternalPrincipal.md create mode 100644 clients/java/docs/ExternalPrincipalCreation.md create mode 100644 clients/java/docs/ExternalPrincipalList.md create mode 100644 clients/java/src/main/java/io/lakefs/clients/sdk/ExternalApi.java create mode 100644 clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipal.java create mode 100644 clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipalCreation.java create mode 100644 clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipalList.java create mode 100644 clients/java/src/test/java/io/lakefs/clients/sdk/ExternalApiTest.java create mode 100644 clients/java/src/test/java/io/lakefs/clients/sdk/model/ExternalPrincipalCreationTest.java create mode 100644 clients/java/src/test/java/io/lakefs/clients/sdk/model/ExternalPrincipalListTest.java create mode 100644 clients/java/src/test/java/io/lakefs/clients/sdk/model/ExternalPrincipalTest.java create mode 100644 clients/python-legacy/docs/ExternalApi.md create mode 100644 clients/python-legacy/docs/ExternalPrincipal.md create mode 100644 clients/python-legacy/docs/ExternalPrincipalCreation.md create mode 100644 clients/python-legacy/docs/ExternalPrincipalList.md create mode 100644 clients/python-legacy/docs/ExternalPrincipalSettings.md create mode 100644 clients/python-legacy/lakefs_client/api/external_api.py create mode 100644 clients/python-legacy/lakefs_client/model/external_principal.py create mode 100644 clients/python-legacy/lakefs_client/model/external_principal_creation.py create mode 100644 clients/python-legacy/lakefs_client/model/external_principal_list.py create mode 100644 clients/python-legacy/lakefs_client/model/external_principal_settings.py create mode 100644 clients/python-legacy/test/test_external_api.py create mode 100644 clients/python-legacy/test/test_external_principal.py create mode 100644 clients/python-legacy/test/test_external_principal_creation.py create mode 100644 clients/python-legacy/test/test_external_principal_list.py create mode 100644 clients/python-legacy/test/test_external_principal_settings.py create mode 100644 clients/python/docs/ExternalApi.md create mode 100644 clients/python/docs/ExternalPrincipal.md create mode 100644 clients/python/docs/ExternalPrincipalCreation.md create mode 100644 clients/python/docs/ExternalPrincipalList.md create mode 100644 clients/python/lakefs_sdk/api/external_api.py create mode 100644 clients/python/lakefs_sdk/models/external_principal.py create mode 100644 clients/python/lakefs_sdk/models/external_principal_creation.py create mode 100644 clients/python/lakefs_sdk/models/external_principal_list.py create mode 100644 clients/python/test/test_external_api.py create mode 100644 clients/python/test/test_external_principal.py create mode 100644 clients/python/test/test_external_principal_creation.py create mode 100644 clients/python/test/test_external_principal_list.py diff --git a/api/authorization.yml b/api/authorization.yml index e7a78bcd3a7..849bd4f4a9e 100644 --- a/api/authorization.yml +++ b/api/authorization.yml @@ -350,7 +350,6 @@ components: type: string id: type: string - ExternalPrincipalList: type: object required: @@ -362,7 +361,7 @@ components: results: type: array items: - type: string + $ref: "#/components/schemas/ExternalPrincipal" paths: /auth/users: @@ -1007,37 +1006,6 @@ paths: default: $ref: "#/components/responses/ServerError" - /auth/users/{userId}/external/principals: - parameters: - - in: path - name: userId - required: true - schema: - type: string - get: - tags: - - auth - - experimental - parameters: - - $ref: "#/components/parameters/PaginationPrefix" - - $ref: "#/components/parameters/PaginationAfter" - - $ref: "#/components/parameters/PaginationAmount" - operationId: listUserExternalPrincipals - summary: list external principals for user - responses: - 200: - description: external principals - content: - application/json: - schema: - $ref: "#/components/schemas/ExternalPrincipalList" - 401: - $ref: "#/components/responses/Unauthorized" - 404: - $ref: "#/components/responses/NotFound" - default: - $ref: "#/components/responses/ServerError" - /auth/groups/{groupId}/policies: parameters: - in: path @@ -1134,42 +1102,55 @@ paths: $ref: "#/components/responses/Unauthorized" default: $ref: "#/components/responses/ServerError" - - /auth/external/principals: - get: - tags: - - auth - - experimental - operationId: listExternalPrincipals - summary: list external principals + /auth/users/{userId}/external/principals: parameters: - - $ref: "#/components/parameters/PaginationPrefix" - - $ref: "#/components/parameters/PaginationAfter" - - $ref: "#/components/parameters/PaginationAmount" - responses: - 200: - description: external principal list - content: - application/json: - schema: - $ref: "#/components/schemas/ExternalPrincipalList" - 401: - $ref: "#/components/responses/Unauthorized" - 420: - description: too many requests - default: - $ref: "#/components/responses/ServerError" + - in: path + name: userId + required: true + schema: + type: string + get: + tags: + - auth + - experimental + parameters: + - $ref: "#/components/parameters/PaginationPrefix" + - $ref: "#/components/parameters/PaginationAfter" + - $ref: "#/components/parameters/PaginationAmount" + operationId: listUserExternalPrincipals + summary: list external principals for user + responses: + 200: + description: external principals + content: + application/json: + schema: + $ref: "#/components/schemas/ExternalPrincipalList" + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + default: + $ref: "#/components/responses/ServerError" + + /auth/users/{userId}/external/principals/{principalId}: + parameters: + - in: path + name: userId + required: true + schema: + type: string + - in: path + name: principalId + required: true + schema: + type: string post: tags: - auth - operationId: createExternalPrincipal + - experimental + operationId: createUserExternalPrincipal summary: Create principal as external identity connected to lakeFS user - requestBody: - required: true - content: - application/json: - schema: - $ref: "#/components/schemas/ExternalPrincipal" responses: 201: description: external principal created successfully @@ -1181,19 +1162,26 @@ paths: description: too many requests default: $ref: "#/components/responses/ServerError" - - /auth/external/principals/{principalId}: - parameters: - - in: path - name: principalId - required: true - schema: - type: string + delete: + tags: + - auth + - experimental + operationId: deleteUserExternalPrincipal + summary: delete external principal from user's external principal list + responses: + 204: + description: external principal deleted + 401: + $ref: "#/components/responses/Unauthorized" + 404: + $ref: "#/components/responses/NotFound" + default: + $ref: "#/components/responses/ServerError" get: tags: - auth - experimental - operationId: getExternalPrincipal + operationId: getUserExternalPrincipal summary: get external principal responses: 200: @@ -1208,22 +1196,7 @@ paths: $ref: "#/components/responses/NotFound" default: $ref: "#/components/responses/ServerError" - delete: - tags: - - auth - - experimental - operationId: deleteExternalPrincipalFromUser - summary: delete external principal from user's external principal list - responses: - 204: - description: external principal deleted - 401: - $ref: "#/components/responses/Unauthorized" - 404: - $ref: "#/components/responses/NotFound" - default: - $ref: "#/components/responses/ServerError" - + /healthcheck: get: operationId: healthCheck diff --git a/clients/java-legacy/.openapi-generator/FILES b/clients/java-legacy/.openapi-generator/FILES index 901152a3b23..2daced71191 100644 --- a/clients/java-legacy/.openapi-generator/FILES +++ b/clients/java-legacy/.openapi-generator/FILES @@ -36,6 +36,10 @@ docs/DiffList.md docs/Error.md docs/ErrorNoACL.md docs/ExperimentalApi.md +docs/ExternalApi.md +docs/ExternalPrincipal.md +docs/ExternalPrincipalCreation.md +docs/ExternalPrincipalList.md docs/FindMergeBaseResult.md docs/GarbageCollectionConfig.md docs/GarbageCollectionPrepareResponse.md @@ -134,6 +138,7 @@ src/main/java/io/lakefs/clients/api/CommitsApi.java src/main/java/io/lakefs/clients/api/ConfigApi.java src/main/java/io/lakefs/clients/api/Configuration.java src/main/java/io/lakefs/clients/api/ExperimentalApi.java +src/main/java/io/lakefs/clients/api/ExternalApi.java src/main/java/io/lakefs/clients/api/GzipRequestInterceptor.java src/main/java/io/lakefs/clients/api/HealthCheckApi.java src/main/java/io/lakefs/clients/api/ImportApi.java @@ -180,6 +185,9 @@ src/main/java/io/lakefs/clients/api/model/Diff.java src/main/java/io/lakefs/clients/api/model/DiffList.java src/main/java/io/lakefs/clients/api/model/Error.java src/main/java/io/lakefs/clients/api/model/ErrorNoACL.java +src/main/java/io/lakefs/clients/api/model/ExternalPrincipal.java +src/main/java/io/lakefs/clients/api/model/ExternalPrincipalCreation.java +src/main/java/io/lakefs/clients/api/model/ExternalPrincipalList.java src/main/java/io/lakefs/clients/api/model/FindMergeBaseResult.java src/main/java/io/lakefs/clients/api/model/GarbageCollectionConfig.java src/main/java/io/lakefs/clients/api/model/GarbageCollectionPrepareResponse.java @@ -255,6 +263,7 @@ src/test/java/io/lakefs/clients/api/BranchesApiTest.java src/test/java/io/lakefs/clients/api/CommitsApiTest.java src/test/java/io/lakefs/clients/api/ConfigApiTest.java src/test/java/io/lakefs/clients/api/ExperimentalApiTest.java +src/test/java/io/lakefs/clients/api/ExternalApiTest.java src/test/java/io/lakefs/clients/api/HealthCheckApiTest.java src/test/java/io/lakefs/clients/api/ImportApiTest.java src/test/java/io/lakefs/clients/api/InternalApiTest.java @@ -289,6 +298,9 @@ src/test/java/io/lakefs/clients/api/model/DiffListTest.java src/test/java/io/lakefs/clients/api/model/DiffTest.java src/test/java/io/lakefs/clients/api/model/ErrorNoACLTest.java src/test/java/io/lakefs/clients/api/model/ErrorTest.java +src/test/java/io/lakefs/clients/api/model/ExternalPrincipalCreationTest.java +src/test/java/io/lakefs/clients/api/model/ExternalPrincipalListTest.java +src/test/java/io/lakefs/clients/api/model/ExternalPrincipalTest.java src/test/java/io/lakefs/clients/api/model/FindMergeBaseResultTest.java src/test/java/io/lakefs/clients/api/model/GarbageCollectionConfigTest.java src/test/java/io/lakefs/clients/api/model/GarbageCollectionPrepareResponseTest.java diff --git a/clients/java-legacy/README.md b/clients/java-legacy/README.md index e6cde5c1aef..f5a0539fc86 100644 --- a/clients/java-legacy/README.md +++ b/clients/java-legacy/README.md @@ -146,11 +146,13 @@ Class | Method | HTTP request | Description *AuthApi* | [**createGroup**](docs/AuthApi.md#createGroup) | **POST** /auth/groups | create group *AuthApi* | [**createPolicy**](docs/AuthApi.md#createPolicy) | **POST** /auth/policies | create policy *AuthApi* | [**createUser**](docs/AuthApi.md#createUser) | **POST** /auth/users | create user +*AuthApi* | [**createUserExternalPrincipal**](docs/AuthApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user *AuthApi* | [**deleteCredentials**](docs/AuthApi.md#deleteCredentials) | **DELETE** /auth/users/{userId}/credentials/{accessKeyId} | delete credentials *AuthApi* | [**deleteGroup**](docs/AuthApi.md#deleteGroup) | **DELETE** /auth/groups/{groupId} | delete group *AuthApi* | [**deleteGroupMembership**](docs/AuthApi.md#deleteGroupMembership) | **DELETE** /auth/groups/{groupId}/members/{userId} | delete group membership *AuthApi* | [**deletePolicy**](docs/AuthApi.md#deletePolicy) | **DELETE** /auth/policies/{policyId} | delete policy *AuthApi* | [**deleteUser**](docs/AuthApi.md#deleteUser) | **DELETE** /auth/users/{userId} | delete user +*AuthApi* | [**deleteUserExternalPrincipal**](docs/AuthApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user *AuthApi* | [**detachPolicyFromGroup**](docs/AuthApi.md#detachPolicyFromGroup) | **DELETE** /auth/groups/{groupId}/policies/{policyId} | detach policy from group *AuthApi* | [**detachPolicyFromUser**](docs/AuthApi.md#detachPolicyFromUser) | **DELETE** /auth/users/{userId}/policies/{policyId} | detach policy from user *AuthApi* | [**getCredentials**](docs/AuthApi.md#getCredentials) | **GET** /auth/users/{userId}/credentials/{accessKeyId} | get credentials @@ -159,11 +161,13 @@ Class | Method | HTTP request | Description *AuthApi* | [**getGroupACL**](docs/AuthApi.md#getGroupACL) | **GET** /auth/groups/{groupId}/acl | get ACL of group *AuthApi* | [**getPolicy**](docs/AuthApi.md#getPolicy) | **GET** /auth/policies/{policyId} | get policy *AuthApi* | [**getUser**](docs/AuthApi.md#getUser) | **GET** /auth/users/{userId} | get user +*AuthApi* | [**getUserExternalPrincipal**](docs/AuthApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user *AuthApi* | [**listGroupMembers**](docs/AuthApi.md#listGroupMembers) | **GET** /auth/groups/{groupId}/members | list group members *AuthApi* | [**listGroupPolicies**](docs/AuthApi.md#listGroupPolicies) | **GET** /auth/groups/{groupId}/policies | list group policies *AuthApi* | [**listGroups**](docs/AuthApi.md#listGroups) | **GET** /auth/groups | list groups *AuthApi* | [**listPolicies**](docs/AuthApi.md#listPolicies) | **GET** /auth/policies | list policies *AuthApi* | [**listUserCredentials**](docs/AuthApi.md#listUserCredentials) | **GET** /auth/users/{userId}/credentials | list user credentials +*AuthApi* | [**listUserExternalPrincipals**](docs/AuthApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies *AuthApi* | [**listUserGroups**](docs/AuthApi.md#listUserGroups) | **GET** /auth/users/{userId}/groups | list user groups *AuthApi* | [**listUserPolicies**](docs/AuthApi.md#listUserPolicies) | **GET** /auth/users/{userId}/policies | list user policies *AuthApi* | [**listUsers**](docs/AuthApi.md#listUsers) | **GET** /auth/users | list users @@ -184,7 +188,15 @@ Class | Method | HTTP request | Description *ExperimentalApi* | [**abortPresignMultipartUpload**](docs/ExperimentalApi.md#abortPresignMultipartUpload) | **DELETE** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Abort a presign multipart upload *ExperimentalApi* | [**completePresignMultipartUpload**](docs/ExperimentalApi.md#completePresignMultipartUpload) | **PUT** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Complete a presign multipart upload request *ExperimentalApi* | [**createPresignMultipartUpload**](docs/ExperimentalApi.md#createPresignMultipartUpload) | **POST** /repositories/{repository}/branches/{branch}/staging/pmpu | Initiate a multipart upload +*ExperimentalApi* | [**createUserExternalPrincipal**](docs/ExperimentalApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user +*ExperimentalApi* | [**deleteUserExternalPrincipal**](docs/ExperimentalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user +*ExperimentalApi* | [**getUserExternalPrincipal**](docs/ExperimentalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user *ExperimentalApi* | [**hardResetBranch**](docs/ExperimentalApi.md#hardResetBranch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch +*ExperimentalApi* | [**listUserExternalPrincipals**](docs/ExperimentalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*ExternalApi* | [**createUserExternalPrincipal**](docs/ExternalApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user +*ExternalApi* | [**deleteUserExternalPrincipal**](docs/ExternalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user +*ExternalApi* | [**getUserExternalPrincipal**](docs/ExternalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user +*ExternalApi* | [**listUserExternalPrincipals**](docs/ExternalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies *HealthCheckApi* | [**healthCheck**](docs/HealthCheckApi.md#healthCheck) | **GET** /healthcheck | *ImportApi* | [**importCancel**](docs/ImportApi.md#importCancel) | **DELETE** /repositories/{repository}/branches/{branch}/import | cancel ongoing import *ImportApi* | [**importStart**](docs/ImportApi.md#importStart) | **POST** /repositories/{repository}/branches/{branch}/import | import data from object store @@ -280,6 +292,9 @@ Class | Method | HTTP request | Description - [DiffList](docs/DiffList.md) - [Error](docs/Error.md) - [ErrorNoACL](docs/ErrorNoACL.md) + - [ExternalPrincipal](docs/ExternalPrincipal.md) + - [ExternalPrincipalCreation](docs/ExternalPrincipalCreation.md) + - [ExternalPrincipalList](docs/ExternalPrincipalList.md) - [FindMergeBaseResult](docs/FindMergeBaseResult.md) - [GarbageCollectionConfig](docs/GarbageCollectionConfig.md) - [GarbageCollectionPrepareResponse](docs/GarbageCollectionPrepareResponse.md) diff --git a/clients/java-legacy/api/openapi.yaml b/clients/java-legacy/api/openapi.yaml index 3b9711a9c90..85441b0e3e0 100644 --- a/clients/java-legacy/api/openapi.yaml +++ b/clients/java-legacy/api/openapi.yaml @@ -1378,6 +1378,227 @@ paths: tags: - auth x-accepts: application/json + /auth/users/{userId}/external/principal/{principalId}: + delete: + operationId: deleteUserExternalPrincipal + parameters: + - explode: false + in: path + name: userId + required: true + schema: + type: string + style: simple + - explode: false + in: path + name: principalId + required: true + schema: + type: string + style: simple + responses: + "204": + description: external principal detached successfully + "401": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Unauthorized + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Resource Not Found + "420": + description: too many requests + default: + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Internal Server Error + summary: delete external principal from user + tags: + - auth + - external + - experimental + x-accepts: application/json + get: + operationId: getUserExternalPrincipal + parameters: + - explode: false + in: path + name: userId + required: true + schema: + type: string + style: simple + - explode: false + in: path + name: principalId + required: true + schema: + type: string + style: simple + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ExternalPrincipal' + description: external principal + "401": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Unauthorized + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Resource Not Found + "420": + description: too many requests + default: + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Internal Server Error + summary: get external principal of a user + tags: + - auth + - external + - experimental + x-accepts: application/json + post: + operationId: createUserExternalPrincipal + parameters: + - explode: false + in: path + name: userId + required: true + schema: + type: string + style: simple + - explode: false + in: path + name: principalId + required: true + schema: + type: string + style: simple + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ExternalPrincipalCreation' + required: true + responses: + "201": + description: external principal attached successfully + "401": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Unauthorized + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Resource Not Found + "420": + description: too many requests + default: + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Internal Server Error + summary: attach external principal to user + tags: + - auth + - external + - experimental + x-contentType: application/json + x-accepts: application/json + /auth/users/{userId}/external/principals: + get: + operationId: listUserExternalPrincipals + parameters: + - explode: false + in: path + name: userId + required: true + schema: + type: string + style: simple + - description: return items prefixed with this value + explode: true + in: query + name: prefix + required: false + schema: + type: string + style: form + - description: return items after this value + explode: true + in: query + name: after + required: false + schema: + type: string + style: form + - description: how many items to return + explode: true + in: query + name: amount + required: false + schema: + default: 100 + maximum: 1000 + minimum: -1 + type: integer + style: form + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ExternalPrincipalList' + description: external principals list + "401": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Unauthorized + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Resource Not Found + "420": + description: too many requests + default: + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Internal Server Error + summary: list user external policies + tags: + - auth + - external + - experimental + x-accepts: application/json /auth/groups/{groupId}/policies: get: operationId: listGroupPolicies @@ -8736,6 +8957,74 @@ components: - installation_id - reports type: object + ExternalPrincipalList: + example: + pagination: + max_per_page: 0 + has_more: true + next_offset: next_offset + results: 0 + results: + - settings: + - null + - null + user_id: user_id + id: id + - settings: + - null + - null + user_id: user_id + id: id + properties: + pagination: + $ref: '#/components/schemas/Pagination' + results: + items: + $ref: '#/components/schemas/ExternalPrincipal' + type: array + required: + - pagination + - results + type: object + ExternalPrincipalSettings: + additionalProperties: + type: string + description: Additional settings to be consumed by the remote authenticator + type: object + ExternalPrincipalCreation: + example: + settings: + - null + - null + properties: + settings: + items: + $ref: '#/components/schemas/ExternalPrincipalSettings' + type: array + type: object + ExternalPrincipal: + example: + settings: + - null + - null + user_id: user_id + id: id + properties: + id: + description: A unique identifier for the external principal + type: string + user_id: + description: | + lakeFS user ID to associate with an external principal. + type: string + settings: + items: + $ref: '#/components/schemas/ExternalPrincipalSettings' + type: array + required: + - id + - user_id + type: object inline_object: properties: content: diff --git a/clients/java-legacy/docs/AuthApi.md b/clients/java-legacy/docs/AuthApi.md index 25fddc385c9..0a41ad46c37 100644 --- a/clients/java-legacy/docs/AuthApi.md +++ b/clients/java-legacy/docs/AuthApi.md @@ -11,11 +11,13 @@ Method | HTTP request | Description [**createGroup**](AuthApi.md#createGroup) | **POST** /auth/groups | create group [**createPolicy**](AuthApi.md#createPolicy) | **POST** /auth/policies | create policy [**createUser**](AuthApi.md#createUser) | **POST** /auth/users | create user +[**createUserExternalPrincipal**](AuthApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user [**deleteCredentials**](AuthApi.md#deleteCredentials) | **DELETE** /auth/users/{userId}/credentials/{accessKeyId} | delete credentials [**deleteGroup**](AuthApi.md#deleteGroup) | **DELETE** /auth/groups/{groupId} | delete group [**deleteGroupMembership**](AuthApi.md#deleteGroupMembership) | **DELETE** /auth/groups/{groupId}/members/{userId} | delete group membership [**deletePolicy**](AuthApi.md#deletePolicy) | **DELETE** /auth/policies/{policyId} | delete policy [**deleteUser**](AuthApi.md#deleteUser) | **DELETE** /auth/users/{userId} | delete user +[**deleteUserExternalPrincipal**](AuthApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user [**detachPolicyFromGroup**](AuthApi.md#detachPolicyFromGroup) | **DELETE** /auth/groups/{groupId}/policies/{policyId} | detach policy from group [**detachPolicyFromUser**](AuthApi.md#detachPolicyFromUser) | **DELETE** /auth/users/{userId}/policies/{policyId} | detach policy from user [**getCredentials**](AuthApi.md#getCredentials) | **GET** /auth/users/{userId}/credentials/{accessKeyId} | get credentials @@ -24,11 +26,13 @@ Method | HTTP request | Description [**getGroupACL**](AuthApi.md#getGroupACL) | **GET** /auth/groups/{groupId}/acl | get ACL of group [**getPolicy**](AuthApi.md#getPolicy) | **GET** /auth/policies/{policyId} | get policy [**getUser**](AuthApi.md#getUser) | **GET** /auth/users/{userId} | get user +[**getUserExternalPrincipal**](AuthApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user [**listGroupMembers**](AuthApi.md#listGroupMembers) | **GET** /auth/groups/{groupId}/members | list group members [**listGroupPolicies**](AuthApi.md#listGroupPolicies) | **GET** /auth/groups/{groupId}/policies | list group policies [**listGroups**](AuthApi.md#listGroups) | **GET** /auth/groups | list groups [**listPolicies**](AuthApi.md#listPolicies) | **GET** /auth/policies | list policies [**listUserCredentials**](AuthApi.md#listUserCredentials) | **GET** /auth/users/{userId}/credentials | list user credentials +[**listUserExternalPrincipals**](AuthApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies [**listUserGroups**](AuthApi.md#listUserGroups) | **GET** /auth/users/{userId}/groups | list user groups [**listUserPolicies**](AuthApi.md#listUserPolicies) | **GET** /auth/users/{userId}/policies | list user policies [**listUsers**](AuthApi.md#listUsers) | **GET** /auth/users | list users @@ -686,6 +690,101 @@ Name | Type | Description | Notes **420** | too many requests | - | **0** | Internal Server Error | - | + +# **createUserExternalPrincipal** +> createUserExternalPrincipal(userId, principalId, externalPrincipalCreation) + +attach external principal to user + +### Example +```java +// Import classes: +import io.lakefs.clients.api.ApiClient; +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.Configuration; +import io.lakefs.clients.api.auth.*; +import io.lakefs.clients.api.models.*; +import io.lakefs.clients.api.AuthApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("http://localhost/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + AuthApi apiInstance = new AuthApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + ExternalPrincipalCreation externalPrincipalCreation = new ExternalPrincipalCreation(); // ExternalPrincipalCreation | + try { + apiInstance.createUserExternalPrincipal(userId, principalId, externalPrincipalCreation); + } catch (ApiException e) { + System.err.println("Exception when calling AuthApi#createUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **userId** | **String**| | + **principalId** | **String**| | + **externalPrincipalCreation** | [**ExternalPrincipalCreation**](ExternalPrincipalCreation.md)| | + +### Return type + +null (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**201** | external principal attached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + # **deleteCredentials** > deleteCredentials(userId, accessKeyId) @@ -1145,6 +1244,99 @@ null (empty response body) **420** | too many requests | - | **0** | Internal Server Error | - | + +# **deleteUserExternalPrincipal** +> deleteUserExternalPrincipal(userId, principalId) + +delete external principal from user + +### Example +```java +// Import classes: +import io.lakefs.clients.api.ApiClient; +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.Configuration; +import io.lakefs.clients.api.auth.*; +import io.lakefs.clients.api.models.*; +import io.lakefs.clients.api.AuthApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("http://localhost/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + AuthApi apiInstance = new AuthApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + try { + apiInstance.deleteUserExternalPrincipal(userId, principalId); + } catch (ApiException e) { + System.err.println("Exception when calling AuthApi#deleteUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **userId** | **String**| | + **principalId** | **String**| | + +### Return type + +null (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**204** | external principal detached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + # **detachPolicyFromGroup** > detachPolicyFromGroup(groupId, policyId) @@ -1877,6 +2069,100 @@ Name | Type | Description | Notes **420** | too many requests | - | **0** | Internal Server Error | - | + +# **getUserExternalPrincipal** +> ExternalPrincipal getUserExternalPrincipal(userId, principalId) + +get external principal of a user + +### Example +```java +// Import classes: +import io.lakefs.clients.api.ApiClient; +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.Configuration; +import io.lakefs.clients.api.auth.*; +import io.lakefs.clients.api.models.*; +import io.lakefs.clients.api.AuthApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("http://localhost/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + AuthApi apiInstance = new AuthApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + try { + ExternalPrincipal result = apiInstance.getUserExternalPrincipal(userId, principalId); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling AuthApi#getUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **userId** | **String**| | + **principalId** | **String**| | + +### Return type + +[**ExternalPrincipal**](ExternalPrincipal.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principal | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + # **listGroupMembers** > UserList listGroupMembers(groupId, prefix, after, amount) @@ -2360,6 +2646,104 @@ Name | Type | Description | Notes **420** | too many requests | - | **0** | Internal Server Error | - | + +# **listUserExternalPrincipals** +> ExternalPrincipalList listUserExternalPrincipals(userId, prefix, after, amount) + +list user external policies + +### Example +```java +// Import classes: +import io.lakefs.clients.api.ApiClient; +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.Configuration; +import io.lakefs.clients.api.auth.*; +import io.lakefs.clients.api.models.*; +import io.lakefs.clients.api.AuthApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("http://localhost/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + AuthApi apiInstance = new AuthApi(defaultClient); + String userId = "userId_example"; // String | + String prefix = "prefix_example"; // String | return items prefixed with this value + String after = "after_example"; // String | return items after this value + Integer amount = 100; // Integer | how many items to return + try { + ExternalPrincipalList result = apiInstance.listUserExternalPrincipals(userId, prefix, after, amount); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling AuthApi#listUserExternalPrincipals"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **userId** | **String**| | + **prefix** | **String**| return items prefixed with this value | [optional] + **after** | **String**| return items after this value | [optional] + **amount** | **Integer**| how many items to return | [optional] [default to 100] + +### Return type + +[**ExternalPrincipalList**](ExternalPrincipalList.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principals list | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + # **listUserGroups** > GroupList listUserGroups(userId, prefix, after, amount) diff --git a/clients/java-legacy/docs/ExperimentalApi.md b/clients/java-legacy/docs/ExperimentalApi.md index 96bbe055171..b28d54c2d8a 100644 --- a/clients/java-legacy/docs/ExperimentalApi.md +++ b/clients/java-legacy/docs/ExperimentalApi.md @@ -7,7 +7,11 @@ Method | HTTP request | Description [**abortPresignMultipartUpload**](ExperimentalApi.md#abortPresignMultipartUpload) | **DELETE** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Abort a presign multipart upload [**completePresignMultipartUpload**](ExperimentalApi.md#completePresignMultipartUpload) | **PUT** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Complete a presign multipart upload request [**createPresignMultipartUpload**](ExperimentalApi.md#createPresignMultipartUpload) | **POST** /repositories/{repository}/branches/{branch}/staging/pmpu | Initiate a multipart upload +[**createUserExternalPrincipal**](ExperimentalApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user +[**deleteUserExternalPrincipal**](ExperimentalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user +[**getUserExternalPrincipal**](ExperimentalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user [**hardResetBranch**](ExperimentalApi.md#hardResetBranch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch +[**listUserExternalPrincipals**](ExperimentalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies @@ -317,6 +321,288 @@ Name | Type | Description | Notes **420** | too many requests | - | **0** | Internal Server Error | - | + +# **createUserExternalPrincipal** +> createUserExternalPrincipal(userId, principalId, externalPrincipalCreation) + +attach external principal to user + +### Example +```java +// Import classes: +import io.lakefs.clients.api.ApiClient; +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.Configuration; +import io.lakefs.clients.api.auth.*; +import io.lakefs.clients.api.models.*; +import io.lakefs.clients.api.ExperimentalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("http://localhost/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + ExperimentalApi apiInstance = new ExperimentalApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + ExternalPrincipalCreation externalPrincipalCreation = new ExternalPrincipalCreation(); // ExternalPrincipalCreation | + try { + apiInstance.createUserExternalPrincipal(userId, principalId, externalPrincipalCreation); + } catch (ApiException e) { + System.err.println("Exception when calling ExperimentalApi#createUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **userId** | **String**| | + **principalId** | **String**| | + **externalPrincipalCreation** | [**ExternalPrincipalCreation**](ExternalPrincipalCreation.md)| | + +### Return type + +null (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**201** | external principal attached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + + +# **deleteUserExternalPrincipal** +> deleteUserExternalPrincipal(userId, principalId) + +delete external principal from user + +### Example +```java +// Import classes: +import io.lakefs.clients.api.ApiClient; +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.Configuration; +import io.lakefs.clients.api.auth.*; +import io.lakefs.clients.api.models.*; +import io.lakefs.clients.api.ExperimentalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("http://localhost/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + ExperimentalApi apiInstance = new ExperimentalApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + try { + apiInstance.deleteUserExternalPrincipal(userId, principalId); + } catch (ApiException e) { + System.err.println("Exception when calling ExperimentalApi#deleteUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **userId** | **String**| | + **principalId** | **String**| | + +### Return type + +null (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**204** | external principal detached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + + +# **getUserExternalPrincipal** +> ExternalPrincipal getUserExternalPrincipal(userId, principalId) + +get external principal of a user + +### Example +```java +// Import classes: +import io.lakefs.clients.api.ApiClient; +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.Configuration; +import io.lakefs.clients.api.auth.*; +import io.lakefs.clients.api.models.*; +import io.lakefs.clients.api.ExperimentalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("http://localhost/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + ExperimentalApi apiInstance = new ExperimentalApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + try { + ExternalPrincipal result = apiInstance.getUserExternalPrincipal(userId, principalId); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling ExperimentalApi#getUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **userId** | **String**| | + **principalId** | **String**| | + +### Return type + +[**ExternalPrincipal**](ExternalPrincipal.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principal | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + # **hardResetBranch** > hardResetBranch(repository, branch, ref, force) @@ -418,3 +704,101 @@ null (empty response body) **420** | too many requests | - | **0** | Internal Server Error | - | + +# **listUserExternalPrincipals** +> ExternalPrincipalList listUserExternalPrincipals(userId, prefix, after, amount) + +list user external policies + +### Example +```java +// Import classes: +import io.lakefs.clients.api.ApiClient; +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.Configuration; +import io.lakefs.clients.api.auth.*; +import io.lakefs.clients.api.models.*; +import io.lakefs.clients.api.ExperimentalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("http://localhost/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + ExperimentalApi apiInstance = new ExperimentalApi(defaultClient); + String userId = "userId_example"; // String | + String prefix = "prefix_example"; // String | return items prefixed with this value + String after = "after_example"; // String | return items after this value + Integer amount = 100; // Integer | how many items to return + try { + ExternalPrincipalList result = apiInstance.listUserExternalPrincipals(userId, prefix, after, amount); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling ExperimentalApi#listUserExternalPrincipals"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **userId** | **String**| | + **prefix** | **String**| return items prefixed with this value | [optional] + **after** | **String**| return items after this value | [optional] + **amount** | **Integer**| how many items to return | [optional] [default to 100] + +### Return type + +[**ExternalPrincipalList**](ExternalPrincipalList.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principals list | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + diff --git a/clients/java-legacy/docs/ExternalApi.md b/clients/java-legacy/docs/ExternalApi.md new file mode 100644 index 00000000000..89643e7af12 --- /dev/null +++ b/clients/java-legacy/docs/ExternalApi.md @@ -0,0 +1,392 @@ +# ExternalApi + +All URIs are relative to *http://localhost/api/v1* + +Method | HTTP request | Description +------------- | ------------- | ------------- +[**createUserExternalPrincipal**](ExternalApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user +[**deleteUserExternalPrincipal**](ExternalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user +[**getUserExternalPrincipal**](ExternalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user +[**listUserExternalPrincipals**](ExternalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies + + + +# **createUserExternalPrincipal** +> createUserExternalPrincipal(userId, principalId, externalPrincipalCreation) + +attach external principal to user + +### Example +```java +// Import classes: +import io.lakefs.clients.api.ApiClient; +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.Configuration; +import io.lakefs.clients.api.auth.*; +import io.lakefs.clients.api.models.*; +import io.lakefs.clients.api.ExternalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("http://localhost/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + ExternalApi apiInstance = new ExternalApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + ExternalPrincipalCreation externalPrincipalCreation = new ExternalPrincipalCreation(); // ExternalPrincipalCreation | + try { + apiInstance.createUserExternalPrincipal(userId, principalId, externalPrincipalCreation); + } catch (ApiException e) { + System.err.println("Exception when calling ExternalApi#createUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **userId** | **String**| | + **principalId** | **String**| | + **externalPrincipalCreation** | [**ExternalPrincipalCreation**](ExternalPrincipalCreation.md)| | + +### Return type + +null (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**201** | external principal attached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + + +# **deleteUserExternalPrincipal** +> deleteUserExternalPrincipal(userId, principalId) + +delete external principal from user + +### Example +```java +// Import classes: +import io.lakefs.clients.api.ApiClient; +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.Configuration; +import io.lakefs.clients.api.auth.*; +import io.lakefs.clients.api.models.*; +import io.lakefs.clients.api.ExternalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("http://localhost/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + ExternalApi apiInstance = new ExternalApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + try { + apiInstance.deleteUserExternalPrincipal(userId, principalId); + } catch (ApiException e) { + System.err.println("Exception when calling ExternalApi#deleteUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **userId** | **String**| | + **principalId** | **String**| | + +### Return type + +null (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**204** | external principal detached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + + +# **getUserExternalPrincipal** +> ExternalPrincipal getUserExternalPrincipal(userId, principalId) + +get external principal of a user + +### Example +```java +// Import classes: +import io.lakefs.clients.api.ApiClient; +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.Configuration; +import io.lakefs.clients.api.auth.*; +import io.lakefs.clients.api.models.*; +import io.lakefs.clients.api.ExternalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("http://localhost/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + ExternalApi apiInstance = new ExternalApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + try { + ExternalPrincipal result = apiInstance.getUserExternalPrincipal(userId, principalId); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling ExternalApi#getUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **userId** | **String**| | + **principalId** | **String**| | + +### Return type + +[**ExternalPrincipal**](ExternalPrincipal.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principal | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + + +# **listUserExternalPrincipals** +> ExternalPrincipalList listUserExternalPrincipals(userId, prefix, after, amount) + +list user external policies + +### Example +```java +// Import classes: +import io.lakefs.clients.api.ApiClient; +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.Configuration; +import io.lakefs.clients.api.auth.*; +import io.lakefs.clients.api.models.*; +import io.lakefs.clients.api.ExternalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("http://localhost/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + ExternalApi apiInstance = new ExternalApi(defaultClient); + String userId = "userId_example"; // String | + String prefix = "prefix_example"; // String | return items prefixed with this value + String after = "after_example"; // String | return items after this value + Integer amount = 100; // Integer | how many items to return + try { + ExternalPrincipalList result = apiInstance.listUserExternalPrincipals(userId, prefix, after, amount); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling ExternalApi#listUserExternalPrincipals"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **userId** | **String**| | + **prefix** | **String**| return items prefixed with this value | [optional] + **after** | **String**| return items after this value | [optional] + **amount** | **Integer**| how many items to return | [optional] [default to 100] + +### Return type + +[**ExternalPrincipalList**](ExternalPrincipalList.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principals list | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + diff --git a/clients/java-legacy/docs/ExternalPrincipal.md b/clients/java-legacy/docs/ExternalPrincipal.md new file mode 100644 index 00000000000..b5966b42646 --- /dev/null +++ b/clients/java-legacy/docs/ExternalPrincipal.md @@ -0,0 +1,15 @@ + + +# ExternalPrincipal + + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**id** | **String** | A unique identifier for the external principal | +**userId** | **String** | lakeFS user ID to associate with an external principal. | +**settings** | **List<Map<String, String>>** | | [optional] + + + diff --git a/clients/java-legacy/docs/ExternalPrincipalCreation.md b/clients/java-legacy/docs/ExternalPrincipalCreation.md new file mode 100644 index 00000000000..b0b723143af --- /dev/null +++ b/clients/java-legacy/docs/ExternalPrincipalCreation.md @@ -0,0 +1,13 @@ + + +# ExternalPrincipalCreation + + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**settings** | **List<Map<String, String>>** | | [optional] + + + diff --git a/clients/java-legacy/docs/ExternalPrincipalList.md b/clients/java-legacy/docs/ExternalPrincipalList.md new file mode 100644 index 00000000000..ca12d513045 --- /dev/null +++ b/clients/java-legacy/docs/ExternalPrincipalList.md @@ -0,0 +1,14 @@ + + +# ExternalPrincipalList + + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**pagination** | [**Pagination**](Pagination.md) | | +**results** | [**List<ExternalPrincipal>**](ExternalPrincipal.md) | | + + + diff --git a/clients/java-legacy/src/main/java/io/lakefs/clients/api/AuthApi.java b/clients/java-legacy/src/main/java/io/lakefs/clients/api/AuthApi.java index cb477ecfc87..29d9e41d93d 100644 --- a/clients/java-legacy/src/main/java/io/lakefs/clients/api/AuthApi.java +++ b/clients/java-legacy/src/main/java/io/lakefs/clients/api/AuthApi.java @@ -35,6 +35,9 @@ import io.lakefs.clients.api.model.CurrentUser; import io.lakefs.clients.api.model.Error; import io.lakefs.clients.api.model.ErrorNoACL; +import io.lakefs.clients.api.model.ExternalPrincipal; +import io.lakefs.clients.api.model.ExternalPrincipalCreation; +import io.lakefs.clients.api.model.ExternalPrincipalList; import io.lakefs.clients.api.model.Group; import io.lakefs.clients.api.model.GroupCreation; import io.lakefs.clients.api.model.GroupList; @@ -979,6 +982,149 @@ public okhttp3.Call createUserAsync(UserCreation userCreation, final ApiCallback localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); return localVarCall; } + /** + * Build call for createUserExternalPrincipal + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @param _callback Callback for upload/download progress + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call createUserExternalPrincipalCall(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + Object localVarPostBody = externalPrincipalCreation; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replaceAll("\\{" + "userId" + "\\}", localVarApiClient.escapeString(userId.toString())) + .replaceAll("\\{" + "principalId" + "\\}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + "application/json" + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + localVarHeaderParams.put("Content-Type", localVarContentType); + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth", "saml_auth" }; + return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call createUserExternalPrincipalValidateBeforeCall(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling createUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling createUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'externalPrincipalCreation' is set + if (externalPrincipalCreation == null) { + throw new ApiException("Missing the required parameter 'externalPrincipalCreation' when calling createUserExternalPrincipal(Async)"); + } + + + okhttp3.Call localVarCall = createUserExternalPrincipalCall(userId, principalId, externalPrincipalCreation, _callback); + return localVarCall; + + } + + /** + * attach external principal to user + * + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public void createUserExternalPrincipal(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) throws ApiException { + createUserExternalPrincipalWithHttpInfo(userId, principalId, externalPrincipalCreation); + } + + /** + * attach external principal to user + * + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @return ApiResponse<Void> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse createUserExternalPrincipalWithHttpInfo(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) throws ApiException { + okhttp3.Call localVarCall = createUserExternalPrincipalValidateBeforeCall(userId, principalId, externalPrincipalCreation, null); + return localVarApiClient.execute(localVarCall); + } + + /** + * attach external principal to user (asynchronously) + * + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call createUserExternalPrincipalAsync(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = createUserExternalPrincipalValidateBeforeCall(userId, principalId, externalPrincipalCreation, _callback); + localVarApiClient.executeAsync(localVarCall, _callback); + return localVarCall; + } /** * Build call for deleteCredentials * @param userId (required) @@ -1619,6 +1765,140 @@ public okhttp3.Call deleteUserAsync(String userId, final ApiCallback _call localVarApiClient.executeAsync(localVarCall, _callback); return localVarCall; } + /** + * Build call for deleteUserExternalPrincipal + * @param userId (required) + * @param principalId (required) + * @param _callback Callback for upload/download progress + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call deleteUserExternalPrincipalCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replaceAll("\\{" + "userId" + "\\}", localVarApiClient.escapeString(userId.toString())) + .replaceAll("\\{" + "principalId" + "\\}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + localVarHeaderParams.put("Content-Type", localVarContentType); + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth", "saml_auth" }; + return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call deleteUserExternalPrincipalValidateBeforeCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling deleteUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling deleteUserExternalPrincipal(Async)"); + } + + + okhttp3.Call localVarCall = deleteUserExternalPrincipalCall(userId, principalId, _callback); + return localVarCall; + + } + + /** + * delete external principal from user + * + * @param userId (required) + * @param principalId (required) + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public void deleteUserExternalPrincipal(String userId, String principalId) throws ApiException { + deleteUserExternalPrincipalWithHttpInfo(userId, principalId); + } + + /** + * delete external principal from user + * + * @param userId (required) + * @param principalId (required) + * @return ApiResponse<Void> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse deleteUserExternalPrincipalWithHttpInfo(String userId, String principalId) throws ApiException { + okhttp3.Call localVarCall = deleteUserExternalPrincipalValidateBeforeCall(userId, principalId, null); + return localVarApiClient.execute(localVarCall); + } + + /** + * delete external principal from user (asynchronously) + * + * @param userId (required) + * @param principalId (required) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call deleteUserExternalPrincipalAsync(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = deleteUserExternalPrincipalValidateBeforeCall(userId, principalId, _callback); + localVarApiClient.executeAsync(localVarCall, _callback); + return localVarCall; + } /** * Build call for detachPolicyFromGroup * @param groupId (required) @@ -2639,6 +2919,144 @@ public okhttp3.Call getUserAsync(String userId, final ApiCallback _callbac localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); return localVarCall; } + /** + * Build call for getUserExternalPrincipal + * @param userId (required) + * @param principalId (required) + * @param _callback Callback for upload/download progress + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call getUserExternalPrincipalCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replaceAll("\\{" + "userId" + "\\}", localVarApiClient.escapeString(userId.toString())) + .replaceAll("\\{" + "principalId" + "\\}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + localVarHeaderParams.put("Content-Type", localVarContentType); + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth", "saml_auth" }; + return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call getUserExternalPrincipalValidateBeforeCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling getUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling getUserExternalPrincipal(Async)"); + } + + + okhttp3.Call localVarCall = getUserExternalPrincipalCall(userId, principalId, _callback); + return localVarCall; + + } + + /** + * get external principal of a user + * + * @param userId (required) + * @param principalId (required) + * @return ExternalPrincipal + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ExternalPrincipal getUserExternalPrincipal(String userId, String principalId) throws ApiException { + ApiResponse localVarResp = getUserExternalPrincipalWithHttpInfo(userId, principalId); + return localVarResp.getData(); + } + + /** + * get external principal of a user + * + * @param userId (required) + * @param principalId (required) + * @return ApiResponse<ExternalPrincipal> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse getUserExternalPrincipalWithHttpInfo(String userId, String principalId) throws ApiException { + okhttp3.Call localVarCall = getUserExternalPrincipalValidateBeforeCall(userId, principalId, null); + Type localVarReturnType = new TypeToken(){}.getType(); + return localVarApiClient.execute(localVarCall, localVarReturnType); + } + + /** + * get external principal of a user (asynchronously) + * + * @param userId (required) + * @param principalId (required) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call getUserExternalPrincipalAsync(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = getUserExternalPrincipalValidateBeforeCall(userId, principalId, _callback); + Type localVarReturnType = new TypeToken(){}.getType(); + localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); + return localVarCall; + } /** * Build call for listGroupMembers * @param groupId (required) @@ -3367,6 +3785,158 @@ public okhttp3.Call listUserCredentialsAsync(String userId, String prefix, Strin localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); return localVarCall; } + /** + * Build call for listUserExternalPrincipals + * @param userId (required) + * @param prefix return items prefixed with this value (optional) + * @param after return items after this value (optional) + * @param amount how many items to return (optional, default to 100) + * @param _callback Callback for upload/download progress + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call listUserExternalPrincipalsCall(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principals" + .replaceAll("\\{" + "userId" + "\\}", localVarApiClient.escapeString(userId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + if (prefix != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("prefix", prefix)); + } + + if (after != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("after", after)); + } + + if (amount != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("amount", amount)); + } + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + localVarHeaderParams.put("Content-Type", localVarContentType); + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth", "saml_auth" }; + return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call listUserExternalPrincipalsValidateBeforeCall(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling listUserExternalPrincipals(Async)"); + } + + + okhttp3.Call localVarCall = listUserExternalPrincipalsCall(userId, prefix, after, amount, _callback); + return localVarCall; + + } + + /** + * list user external policies + * + * @param userId (required) + * @param prefix return items prefixed with this value (optional) + * @param after return items after this value (optional) + * @param amount how many items to return (optional, default to 100) + * @return ExternalPrincipalList + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ExternalPrincipalList listUserExternalPrincipals(String userId, String prefix, String after, Integer amount) throws ApiException { + ApiResponse localVarResp = listUserExternalPrincipalsWithHttpInfo(userId, prefix, after, amount); + return localVarResp.getData(); + } + + /** + * list user external policies + * + * @param userId (required) + * @param prefix return items prefixed with this value (optional) + * @param after return items after this value (optional) + * @param amount how many items to return (optional, default to 100) + * @return ApiResponse<ExternalPrincipalList> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse listUserExternalPrincipalsWithHttpInfo(String userId, String prefix, String after, Integer amount) throws ApiException { + okhttp3.Call localVarCall = listUserExternalPrincipalsValidateBeforeCall(userId, prefix, after, amount, null); + Type localVarReturnType = new TypeToken(){}.getType(); + return localVarApiClient.execute(localVarCall, localVarReturnType); + } + + /** + * list user external policies (asynchronously) + * + * @param userId (required) + * @param prefix return items prefixed with this value (optional) + * @param after return items after this value (optional) + * @param amount how many items to return (optional, default to 100) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call listUserExternalPrincipalsAsync(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = listUserExternalPrincipalsValidateBeforeCall(userId, prefix, after, amount, _callback); + Type localVarReturnType = new TypeToken(){}.getType(); + localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); + return localVarCall; + } /** * Build call for listUserGroups * @param userId (required) diff --git a/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExperimentalApi.java b/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExperimentalApi.java index 428be7ae3da..a8028bdd48e 100644 --- a/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExperimentalApi.java +++ b/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExperimentalApi.java @@ -30,6 +30,9 @@ import io.lakefs.clients.api.model.AbortPresignMultipartUpload; import io.lakefs.clients.api.model.CompletePresignMultipartUpload; import io.lakefs.clients.api.model.Error; +import io.lakefs.clients.api.model.ExternalPrincipal; +import io.lakefs.clients.api.model.ExternalPrincipalCreation; +import io.lakefs.clients.api.model.ExternalPrincipalList; import io.lakefs.clients.api.model.ObjectStats; import io.lakefs.clients.api.model.PresignMultipartUpload; import io.lakefs.clients.api.model.StagingLocation; @@ -560,6 +563,421 @@ public okhttp3.Call createPresignMultipartUploadAsync(String repository, String localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); return localVarCall; } + /** + * Build call for createUserExternalPrincipal + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @param _callback Callback for upload/download progress + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call createUserExternalPrincipalCall(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + Object localVarPostBody = externalPrincipalCreation; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replaceAll("\\{" + "userId" + "\\}", localVarApiClient.escapeString(userId.toString())) + .replaceAll("\\{" + "principalId" + "\\}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + "application/json" + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + localVarHeaderParams.put("Content-Type", localVarContentType); + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth", "saml_auth" }; + return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call createUserExternalPrincipalValidateBeforeCall(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling createUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling createUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'externalPrincipalCreation' is set + if (externalPrincipalCreation == null) { + throw new ApiException("Missing the required parameter 'externalPrincipalCreation' when calling createUserExternalPrincipal(Async)"); + } + + + okhttp3.Call localVarCall = createUserExternalPrincipalCall(userId, principalId, externalPrincipalCreation, _callback); + return localVarCall; + + } + + /** + * attach external principal to user + * + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public void createUserExternalPrincipal(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) throws ApiException { + createUserExternalPrincipalWithHttpInfo(userId, principalId, externalPrincipalCreation); + } + + /** + * attach external principal to user + * + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @return ApiResponse<Void> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse createUserExternalPrincipalWithHttpInfo(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) throws ApiException { + okhttp3.Call localVarCall = createUserExternalPrincipalValidateBeforeCall(userId, principalId, externalPrincipalCreation, null); + return localVarApiClient.execute(localVarCall); + } + + /** + * attach external principal to user (asynchronously) + * + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call createUserExternalPrincipalAsync(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = createUserExternalPrincipalValidateBeforeCall(userId, principalId, externalPrincipalCreation, _callback); + localVarApiClient.executeAsync(localVarCall, _callback); + return localVarCall; + } + /** + * Build call for deleteUserExternalPrincipal + * @param userId (required) + * @param principalId (required) + * @param _callback Callback for upload/download progress + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call deleteUserExternalPrincipalCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replaceAll("\\{" + "userId" + "\\}", localVarApiClient.escapeString(userId.toString())) + .replaceAll("\\{" + "principalId" + "\\}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + localVarHeaderParams.put("Content-Type", localVarContentType); + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth", "saml_auth" }; + return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call deleteUserExternalPrincipalValidateBeforeCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling deleteUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling deleteUserExternalPrincipal(Async)"); + } + + + okhttp3.Call localVarCall = deleteUserExternalPrincipalCall(userId, principalId, _callback); + return localVarCall; + + } + + /** + * delete external principal from user + * + * @param userId (required) + * @param principalId (required) + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public void deleteUserExternalPrincipal(String userId, String principalId) throws ApiException { + deleteUserExternalPrincipalWithHttpInfo(userId, principalId); + } + + /** + * delete external principal from user + * + * @param userId (required) + * @param principalId (required) + * @return ApiResponse<Void> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse deleteUserExternalPrincipalWithHttpInfo(String userId, String principalId) throws ApiException { + okhttp3.Call localVarCall = deleteUserExternalPrincipalValidateBeforeCall(userId, principalId, null); + return localVarApiClient.execute(localVarCall); + } + + /** + * delete external principal from user (asynchronously) + * + * @param userId (required) + * @param principalId (required) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call deleteUserExternalPrincipalAsync(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = deleteUserExternalPrincipalValidateBeforeCall(userId, principalId, _callback); + localVarApiClient.executeAsync(localVarCall, _callback); + return localVarCall; + } + /** + * Build call for getUserExternalPrincipal + * @param userId (required) + * @param principalId (required) + * @param _callback Callback for upload/download progress + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call getUserExternalPrincipalCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replaceAll("\\{" + "userId" + "\\}", localVarApiClient.escapeString(userId.toString())) + .replaceAll("\\{" + "principalId" + "\\}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + localVarHeaderParams.put("Content-Type", localVarContentType); + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth", "saml_auth" }; + return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call getUserExternalPrincipalValidateBeforeCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling getUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling getUserExternalPrincipal(Async)"); + } + + + okhttp3.Call localVarCall = getUserExternalPrincipalCall(userId, principalId, _callback); + return localVarCall; + + } + + /** + * get external principal of a user + * + * @param userId (required) + * @param principalId (required) + * @return ExternalPrincipal + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ExternalPrincipal getUserExternalPrincipal(String userId, String principalId) throws ApiException { + ApiResponse localVarResp = getUserExternalPrincipalWithHttpInfo(userId, principalId); + return localVarResp.getData(); + } + + /** + * get external principal of a user + * + * @param userId (required) + * @param principalId (required) + * @return ApiResponse<ExternalPrincipal> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse getUserExternalPrincipalWithHttpInfo(String userId, String principalId) throws ApiException { + okhttp3.Call localVarCall = getUserExternalPrincipalValidateBeforeCall(userId, principalId, null); + Type localVarReturnType = new TypeToken(){}.getType(); + return localVarApiClient.execute(localVarCall, localVarReturnType); + } + + /** + * get external principal of a user (asynchronously) + * + * @param userId (required) + * @param principalId (required) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call getUserExternalPrincipalAsync(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = getUserExternalPrincipalValidateBeforeCall(userId, principalId, _callback); + Type localVarReturnType = new TypeToken(){}.getType(); + localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); + return localVarCall; + } /** * Build call for hardResetBranch * @param repository (required) @@ -723,4 +1141,156 @@ public okhttp3.Call hardResetBranchAsync(String repository, String branch, Strin localVarApiClient.executeAsync(localVarCall, _callback); return localVarCall; } + /** + * Build call for listUserExternalPrincipals + * @param userId (required) + * @param prefix return items prefixed with this value (optional) + * @param after return items after this value (optional) + * @param amount how many items to return (optional, default to 100) + * @param _callback Callback for upload/download progress + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call listUserExternalPrincipalsCall(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principals" + .replaceAll("\\{" + "userId" + "\\}", localVarApiClient.escapeString(userId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + if (prefix != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("prefix", prefix)); + } + + if (after != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("after", after)); + } + + if (amount != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("amount", amount)); + } + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + localVarHeaderParams.put("Content-Type", localVarContentType); + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth", "saml_auth" }; + return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call listUserExternalPrincipalsValidateBeforeCall(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling listUserExternalPrincipals(Async)"); + } + + + okhttp3.Call localVarCall = listUserExternalPrincipalsCall(userId, prefix, after, amount, _callback); + return localVarCall; + + } + + /** + * list user external policies + * + * @param userId (required) + * @param prefix return items prefixed with this value (optional) + * @param after return items after this value (optional) + * @param amount how many items to return (optional, default to 100) + * @return ExternalPrincipalList + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ExternalPrincipalList listUserExternalPrincipals(String userId, String prefix, String after, Integer amount) throws ApiException { + ApiResponse localVarResp = listUserExternalPrincipalsWithHttpInfo(userId, prefix, after, amount); + return localVarResp.getData(); + } + + /** + * list user external policies + * + * @param userId (required) + * @param prefix return items prefixed with this value (optional) + * @param after return items after this value (optional) + * @param amount how many items to return (optional, default to 100) + * @return ApiResponse<ExternalPrincipalList> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse listUserExternalPrincipalsWithHttpInfo(String userId, String prefix, String after, Integer amount) throws ApiException { + okhttp3.Call localVarCall = listUserExternalPrincipalsValidateBeforeCall(userId, prefix, after, amount, null); + Type localVarReturnType = new TypeToken(){}.getType(); + return localVarApiClient.execute(localVarCall, localVarReturnType); + } + + /** + * list user external policies (asynchronously) + * + * @param userId (required) + * @param prefix return items prefixed with this value (optional) + * @param after return items after this value (optional) + * @param amount how many items to return (optional, default to 100) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call listUserExternalPrincipalsAsync(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = listUserExternalPrincipalsValidateBeforeCall(userId, prefix, after, amount, _callback); + Type localVarReturnType = new TypeToken(){}.getType(); + localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); + return localVarCall; + } } diff --git a/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExternalApi.java b/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExternalApi.java new file mode 100644 index 00000000000..0213d9c8a41 --- /dev/null +++ b/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExternalApi.java @@ -0,0 +1,627 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.api; + +import io.lakefs.clients.api.ApiCallback; +import io.lakefs.clients.api.ApiClient; +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.ApiResponse; +import io.lakefs.clients.api.Configuration; +import io.lakefs.clients.api.Pair; +import io.lakefs.clients.api.ProgressRequestBody; +import io.lakefs.clients.api.ProgressResponseBody; + +import com.google.gson.reflect.TypeToken; + +import java.io.IOException; + + +import io.lakefs.clients.api.model.Error; +import io.lakefs.clients.api.model.ExternalPrincipal; +import io.lakefs.clients.api.model.ExternalPrincipalCreation; +import io.lakefs.clients.api.model.ExternalPrincipalList; + +import java.lang.reflect.Type; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +public class ExternalApi { + private ApiClient localVarApiClient; + + public ExternalApi() { + this(Configuration.getDefaultApiClient()); + } + + public ExternalApi(ApiClient apiClient) { + this.localVarApiClient = apiClient; + } + + public ApiClient getApiClient() { + return localVarApiClient; + } + + public void setApiClient(ApiClient apiClient) { + this.localVarApiClient = apiClient; + } + + /** + * Build call for createUserExternalPrincipal + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @param _callback Callback for upload/download progress + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call createUserExternalPrincipalCall(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + Object localVarPostBody = externalPrincipalCreation; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replaceAll("\\{" + "userId" + "\\}", localVarApiClient.escapeString(userId.toString())) + .replaceAll("\\{" + "principalId" + "\\}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + "application/json" + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + localVarHeaderParams.put("Content-Type", localVarContentType); + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth", "saml_auth" }; + return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call createUserExternalPrincipalValidateBeforeCall(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling createUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling createUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'externalPrincipalCreation' is set + if (externalPrincipalCreation == null) { + throw new ApiException("Missing the required parameter 'externalPrincipalCreation' when calling createUserExternalPrincipal(Async)"); + } + + + okhttp3.Call localVarCall = createUserExternalPrincipalCall(userId, principalId, externalPrincipalCreation, _callback); + return localVarCall; + + } + + /** + * attach external principal to user + * + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public void createUserExternalPrincipal(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) throws ApiException { + createUserExternalPrincipalWithHttpInfo(userId, principalId, externalPrincipalCreation); + } + + /** + * attach external principal to user + * + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @return ApiResponse<Void> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse createUserExternalPrincipalWithHttpInfo(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) throws ApiException { + okhttp3.Call localVarCall = createUserExternalPrincipalValidateBeforeCall(userId, principalId, externalPrincipalCreation, null); + return localVarApiClient.execute(localVarCall); + } + + /** + * attach external principal to user (asynchronously) + * + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call createUserExternalPrincipalAsync(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = createUserExternalPrincipalValidateBeforeCall(userId, principalId, externalPrincipalCreation, _callback); + localVarApiClient.executeAsync(localVarCall, _callback); + return localVarCall; + } + /** + * Build call for deleteUserExternalPrincipal + * @param userId (required) + * @param principalId (required) + * @param _callback Callback for upload/download progress + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call deleteUserExternalPrincipalCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replaceAll("\\{" + "userId" + "\\}", localVarApiClient.escapeString(userId.toString())) + .replaceAll("\\{" + "principalId" + "\\}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + localVarHeaderParams.put("Content-Type", localVarContentType); + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth", "saml_auth" }; + return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call deleteUserExternalPrincipalValidateBeforeCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling deleteUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling deleteUserExternalPrincipal(Async)"); + } + + + okhttp3.Call localVarCall = deleteUserExternalPrincipalCall(userId, principalId, _callback); + return localVarCall; + + } + + /** + * delete external principal from user + * + * @param userId (required) + * @param principalId (required) + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public void deleteUserExternalPrincipal(String userId, String principalId) throws ApiException { + deleteUserExternalPrincipalWithHttpInfo(userId, principalId); + } + + /** + * delete external principal from user + * + * @param userId (required) + * @param principalId (required) + * @return ApiResponse<Void> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse deleteUserExternalPrincipalWithHttpInfo(String userId, String principalId) throws ApiException { + okhttp3.Call localVarCall = deleteUserExternalPrincipalValidateBeforeCall(userId, principalId, null); + return localVarApiClient.execute(localVarCall); + } + + /** + * delete external principal from user (asynchronously) + * + * @param userId (required) + * @param principalId (required) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call deleteUserExternalPrincipalAsync(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = deleteUserExternalPrincipalValidateBeforeCall(userId, principalId, _callback); + localVarApiClient.executeAsync(localVarCall, _callback); + return localVarCall; + } + /** + * Build call for getUserExternalPrincipal + * @param userId (required) + * @param principalId (required) + * @param _callback Callback for upload/download progress + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call getUserExternalPrincipalCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replaceAll("\\{" + "userId" + "\\}", localVarApiClient.escapeString(userId.toString())) + .replaceAll("\\{" + "principalId" + "\\}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + localVarHeaderParams.put("Content-Type", localVarContentType); + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth", "saml_auth" }; + return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call getUserExternalPrincipalValidateBeforeCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling getUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling getUserExternalPrincipal(Async)"); + } + + + okhttp3.Call localVarCall = getUserExternalPrincipalCall(userId, principalId, _callback); + return localVarCall; + + } + + /** + * get external principal of a user + * + * @param userId (required) + * @param principalId (required) + * @return ExternalPrincipal + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ExternalPrincipal getUserExternalPrincipal(String userId, String principalId) throws ApiException { + ApiResponse localVarResp = getUserExternalPrincipalWithHttpInfo(userId, principalId); + return localVarResp.getData(); + } + + /** + * get external principal of a user + * + * @param userId (required) + * @param principalId (required) + * @return ApiResponse<ExternalPrincipal> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse getUserExternalPrincipalWithHttpInfo(String userId, String principalId) throws ApiException { + okhttp3.Call localVarCall = getUserExternalPrincipalValidateBeforeCall(userId, principalId, null); + Type localVarReturnType = new TypeToken(){}.getType(); + return localVarApiClient.execute(localVarCall, localVarReturnType); + } + + /** + * get external principal of a user (asynchronously) + * + * @param userId (required) + * @param principalId (required) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call getUserExternalPrincipalAsync(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = getUserExternalPrincipalValidateBeforeCall(userId, principalId, _callback); + Type localVarReturnType = new TypeToken(){}.getType(); + localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); + return localVarCall; + } + /** + * Build call for listUserExternalPrincipals + * @param userId (required) + * @param prefix return items prefixed with this value (optional) + * @param after return items after this value (optional) + * @param amount how many items to return (optional, default to 100) + * @param _callback Callback for upload/download progress + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call listUserExternalPrincipalsCall(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principals" + .replaceAll("\\{" + "userId" + "\\}", localVarApiClient.escapeString(userId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + if (prefix != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("prefix", prefix)); + } + + if (after != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("after", after)); + } + + if (amount != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("amount", amount)); + } + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + localVarHeaderParams.put("Content-Type", localVarContentType); + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "jwt_token", "oidc_auth", "saml_auth" }; + return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call listUserExternalPrincipalsValidateBeforeCall(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling listUserExternalPrincipals(Async)"); + } + + + okhttp3.Call localVarCall = listUserExternalPrincipalsCall(userId, prefix, after, amount, _callback); + return localVarCall; + + } + + /** + * list user external policies + * + * @param userId (required) + * @param prefix return items prefixed with this value (optional) + * @param after return items after this value (optional) + * @param amount how many items to return (optional, default to 100) + * @return ExternalPrincipalList + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ExternalPrincipalList listUserExternalPrincipals(String userId, String prefix, String after, Integer amount) throws ApiException { + ApiResponse localVarResp = listUserExternalPrincipalsWithHttpInfo(userId, prefix, after, amount); + return localVarResp.getData(); + } + + /** + * list user external policies + * + * @param userId (required) + * @param prefix return items prefixed with this value (optional) + * @param after return items after this value (optional) + * @param amount how many items to return (optional, default to 100) + * @return ApiResponse<ExternalPrincipalList> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse listUserExternalPrincipalsWithHttpInfo(String userId, String prefix, String after, Integer amount) throws ApiException { + okhttp3.Call localVarCall = listUserExternalPrincipalsValidateBeforeCall(userId, prefix, after, amount, null); + Type localVarReturnType = new TypeToken(){}.getType(); + return localVarApiClient.execute(localVarCall, localVarReturnType); + } + + /** + * list user external policies (asynchronously) + * + * @param userId (required) + * @param prefix return items prefixed with this value (optional) + * @param after return items after this value (optional) + * @param amount how many items to return (optional, default to 100) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call listUserExternalPrincipalsAsync(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = listUserExternalPrincipalsValidateBeforeCall(userId, prefix, after, amount, _callback); + Type localVarReturnType = new TypeToken(){}.getType(); + localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); + return localVarCall; + } +} diff --git a/clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipal.java b/clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipal.java new file mode 100644 index 00000000000..176691165b8 --- /dev/null +++ b/clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipal.java @@ -0,0 +1,167 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.api.model; + +import java.util.Objects; +import java.util.Arrays; +import com.google.gson.TypeAdapter; +import com.google.gson.annotations.JsonAdapter; +import com.google.gson.annotations.SerializedName; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +/** + * ExternalPrincipal + */ +@javax.annotation.Generated(value = "org.openapitools.codegen.languages.JavaClientCodegen") +public class ExternalPrincipal { + public static final String SERIALIZED_NAME_ID = "id"; + @SerializedName(SERIALIZED_NAME_ID) + private String id; + + public static final String SERIALIZED_NAME_USER_ID = "user_id"; + @SerializedName(SERIALIZED_NAME_USER_ID) + private String userId; + + public static final String SERIALIZED_NAME_SETTINGS = "settings"; + @SerializedName(SERIALIZED_NAME_SETTINGS) + private List> settings = null; + + + public ExternalPrincipal id(String id) { + + this.id = id; + return this; + } + + /** + * A unique identifier for the external principal + * @return id + **/ + @javax.annotation.Nonnull + @ApiModelProperty(required = true, value = "A unique identifier for the external principal") + + public String getId() { + return id; + } + + + public void setId(String id) { + this.id = id; + } + + + public ExternalPrincipal userId(String userId) { + + this.userId = userId; + return this; + } + + /** + * lakeFS user ID to associate with an external principal. + * @return userId + **/ + @javax.annotation.Nonnull + @ApiModelProperty(required = true, value = "lakeFS user ID to associate with an external principal. ") + + public String getUserId() { + return userId; + } + + + public void setUserId(String userId) { + this.userId = userId; + } + + + public ExternalPrincipal settings(List> settings) { + + this.settings = settings; + return this; + } + + public ExternalPrincipal addSettingsItem(Map settingsItem) { + if (this.settings == null) { + this.settings = new ArrayList>(); + } + this.settings.add(settingsItem); + return this; + } + + /** + * Get settings + * @return settings + **/ + @javax.annotation.Nullable + @ApiModelProperty(value = "") + + public List> getSettings() { + return settings; + } + + + public void setSettings(List> settings) { + this.settings = settings; + } + + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + ExternalPrincipal externalPrincipal = (ExternalPrincipal) o; + return Objects.equals(this.id, externalPrincipal.id) && + Objects.equals(this.userId, externalPrincipal.userId) && + Objects.equals(this.settings, externalPrincipal.settings); + } + + @Override + public int hashCode() { + return Objects.hash(id, userId, settings); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class ExternalPrincipal {\n"); + sb.append(" id: ").append(toIndentedString(id)).append("\n"); + sb.append(" userId: ").append(toIndentedString(userId)).append("\n"); + sb.append(" settings: ").append(toIndentedString(settings)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } + +} + diff --git a/clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipalCreation.java b/clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipalCreation.java new file mode 100644 index 00000000000..d1348ce3ecb --- /dev/null +++ b/clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipalCreation.java @@ -0,0 +1,109 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.api.model; + +import java.util.Objects; +import java.util.Arrays; +import com.google.gson.TypeAdapter; +import com.google.gson.annotations.JsonAdapter; +import com.google.gson.annotations.SerializedName; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +/** + * ExternalPrincipalCreation + */ +@javax.annotation.Generated(value = "org.openapitools.codegen.languages.JavaClientCodegen") +public class ExternalPrincipalCreation { + public static final String SERIALIZED_NAME_SETTINGS = "settings"; + @SerializedName(SERIALIZED_NAME_SETTINGS) + private List> settings = null; + + + public ExternalPrincipalCreation settings(List> settings) { + + this.settings = settings; + return this; + } + + public ExternalPrincipalCreation addSettingsItem(Map settingsItem) { + if (this.settings == null) { + this.settings = new ArrayList>(); + } + this.settings.add(settingsItem); + return this; + } + + /** + * Get settings + * @return settings + **/ + @javax.annotation.Nullable + @ApiModelProperty(value = "") + + public List> getSettings() { + return settings; + } + + + public void setSettings(List> settings) { + this.settings = settings; + } + + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + ExternalPrincipalCreation externalPrincipalCreation = (ExternalPrincipalCreation) o; + return Objects.equals(this.settings, externalPrincipalCreation.settings); + } + + @Override + public int hashCode() { + return Objects.hash(settings); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class ExternalPrincipalCreation {\n"); + sb.append(" settings: ").append(toIndentedString(settings)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } + +} + diff --git a/clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipalList.java b/clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipalList.java new file mode 100644 index 00000000000..c3b5f8de005 --- /dev/null +++ b/clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipalList.java @@ -0,0 +1,136 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.api.model; + +import java.util.Objects; +import java.util.Arrays; +import com.google.gson.TypeAdapter; +import com.google.gson.annotations.JsonAdapter; +import com.google.gson.annotations.SerializedName; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import io.lakefs.clients.api.model.ExternalPrincipal; +import io.lakefs.clients.api.model.Pagination; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +/** + * ExternalPrincipalList + */ +@javax.annotation.Generated(value = "org.openapitools.codegen.languages.JavaClientCodegen") +public class ExternalPrincipalList { + public static final String SERIALIZED_NAME_PAGINATION = "pagination"; + @SerializedName(SERIALIZED_NAME_PAGINATION) + private Pagination pagination; + + public static final String SERIALIZED_NAME_RESULTS = "results"; + @SerializedName(SERIALIZED_NAME_RESULTS) + private List results = new ArrayList(); + + + public ExternalPrincipalList pagination(Pagination pagination) { + + this.pagination = pagination; + return this; + } + + /** + * Get pagination + * @return pagination + **/ + @javax.annotation.Nonnull + @ApiModelProperty(required = true, value = "") + + public Pagination getPagination() { + return pagination; + } + + + public void setPagination(Pagination pagination) { + this.pagination = pagination; + } + + + public ExternalPrincipalList results(List results) { + + this.results = results; + return this; + } + + public ExternalPrincipalList addResultsItem(ExternalPrincipal resultsItem) { + this.results.add(resultsItem); + return this; + } + + /** + * Get results + * @return results + **/ + @javax.annotation.Nonnull + @ApiModelProperty(required = true, value = "") + + public List getResults() { + return results; + } + + + public void setResults(List results) { + this.results = results; + } + + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + ExternalPrincipalList externalPrincipalList = (ExternalPrincipalList) o; + return Objects.equals(this.pagination, externalPrincipalList.pagination) && + Objects.equals(this.results, externalPrincipalList.results); + } + + @Override + public int hashCode() { + return Objects.hash(pagination, results); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class ExternalPrincipalList {\n"); + sb.append(" pagination: ").append(toIndentedString(pagination)).append("\n"); + sb.append(" results: ").append(toIndentedString(results)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } + +} + diff --git a/clients/java-legacy/src/test/java/io/lakefs/clients/api/AuthApiTest.java b/clients/java-legacy/src/test/java/io/lakefs/clients/api/AuthApiTest.java index 7f83e842c2d..43b7ba5edca 100644 --- a/clients/java-legacy/src/test/java/io/lakefs/clients/api/AuthApiTest.java +++ b/clients/java-legacy/src/test/java/io/lakefs/clients/api/AuthApiTest.java @@ -22,6 +22,9 @@ import io.lakefs.clients.api.model.CurrentUser; import io.lakefs.clients.api.model.Error; import io.lakefs.clients.api.model.ErrorNoACL; +import io.lakefs.clients.api.model.ExternalPrincipal; +import io.lakefs.clients.api.model.ExternalPrincipalCreation; +import io.lakefs.clients.api.model.ExternalPrincipalList; import io.lakefs.clients.api.model.Group; import io.lakefs.clients.api.model.GroupCreation; import io.lakefs.clients.api.model.GroupList; @@ -156,6 +159,23 @@ public void createUserTest() throws ApiException { // TODO: test validations } + /** + * attach external principal to user + * + * + * + * @throws ApiException + * if the Api call fails + */ + @Test + public void createUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + ExternalPrincipalCreation externalPrincipalCreation = null; + api.createUserExternalPrincipal(userId, principalId, externalPrincipalCreation); + // TODO: test validations + } + /** * delete credentials * @@ -233,6 +253,22 @@ public void deleteUserTest() throws ApiException { // TODO: test validations } + /** + * delete external principal from user + * + * + * + * @throws ApiException + * if the Api call fails + */ + @Test + public void deleteUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + api.deleteUserExternalPrincipal(userId, principalId); + // TODO: test validations + } + /** * detach policy from group * @@ -355,6 +391,22 @@ public void getUserTest() throws ApiException { // TODO: test validations } + /** + * get external principal of a user + * + * + * + * @throws ApiException + * if the Api call fails + */ + @Test + public void getUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + ExternalPrincipal response = api.getUserExternalPrincipal(userId, principalId); + // TODO: test validations + } + /** * list group members * @@ -443,6 +495,24 @@ public void listUserCredentialsTest() throws ApiException { // TODO: test validations } + /** + * list user external policies + * + * + * + * @throws ApiException + * if the Api call fails + */ + @Test + public void listUserExternalPrincipalsTest() throws ApiException { + String userId = null; + String prefix = null; + String after = null; + Integer amount = null; + ExternalPrincipalList response = api.listUserExternalPrincipals(userId, prefix, after, amount); + // TODO: test validations + } + /** * list user groups * diff --git a/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExperimentalApiTest.java b/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExperimentalApiTest.java index d3c8fb7a82e..3a7b303b760 100644 --- a/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExperimentalApiTest.java +++ b/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExperimentalApiTest.java @@ -17,6 +17,9 @@ import io.lakefs.clients.api.model.AbortPresignMultipartUpload; import io.lakefs.clients.api.model.CompletePresignMultipartUpload; import io.lakefs.clients.api.model.Error; +import io.lakefs.clients.api.model.ExternalPrincipal; +import io.lakefs.clients.api.model.ExternalPrincipalCreation; +import io.lakefs.clients.api.model.ExternalPrincipalList; import io.lakefs.clients.api.model.ObjectStats; import io.lakefs.clients.api.model.PresignMultipartUpload; import io.lakefs.clients.api.model.StagingLocation; @@ -93,6 +96,55 @@ public void createPresignMultipartUploadTest() throws ApiException { // TODO: test validations } + /** + * attach external principal to user + * + * + * + * @throws ApiException + * if the Api call fails + */ + @Test + public void createUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + ExternalPrincipalCreation externalPrincipalCreation = null; + api.createUserExternalPrincipal(userId, principalId, externalPrincipalCreation); + // TODO: test validations + } + + /** + * delete external principal from user + * + * + * + * @throws ApiException + * if the Api call fails + */ + @Test + public void deleteUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + api.deleteUserExternalPrincipal(userId, principalId); + // TODO: test validations + } + + /** + * get external principal of a user + * + * + * + * @throws ApiException + * if the Api call fails + */ + @Test + public void getUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + ExternalPrincipal response = api.getUserExternalPrincipal(userId, principalId); + // TODO: test validations + } + /** * hard reset branch * @@ -111,4 +163,22 @@ public void hardResetBranchTest() throws ApiException { // TODO: test validations } + /** + * list user external policies + * + * + * + * @throws ApiException + * if the Api call fails + */ + @Test + public void listUserExternalPrincipalsTest() throws ApiException { + String userId = null; + String prefix = null; + String after = null; + Integer amount = null; + ExternalPrincipalList response = api.listUserExternalPrincipals(userId, prefix, after, amount); + // TODO: test validations + } + } diff --git a/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExternalApiTest.java b/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExternalApiTest.java new file mode 100644 index 00000000000..494b8d8ffc1 --- /dev/null +++ b/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExternalApiTest.java @@ -0,0 +1,105 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.api; + +import io.lakefs.clients.api.ApiException; +import io.lakefs.clients.api.model.Error; +import io.lakefs.clients.api.model.ExternalPrincipal; +import io.lakefs.clients.api.model.ExternalPrincipalCreation; +import io.lakefs.clients.api.model.ExternalPrincipalList; +import org.junit.Test; +import org.junit.Ignore; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * API tests for ExternalApi + */ +@Ignore +public class ExternalApiTest { + + private final ExternalApi api = new ExternalApi(); + + + /** + * attach external principal to user + * + * + * + * @throws ApiException + * if the Api call fails + */ + @Test + public void createUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + ExternalPrincipalCreation externalPrincipalCreation = null; + api.createUserExternalPrincipal(userId, principalId, externalPrincipalCreation); + // TODO: test validations + } + + /** + * delete external principal from user + * + * + * + * @throws ApiException + * if the Api call fails + */ + @Test + public void deleteUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + api.deleteUserExternalPrincipal(userId, principalId); + // TODO: test validations + } + + /** + * get external principal of a user + * + * + * + * @throws ApiException + * if the Api call fails + */ + @Test + public void getUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + ExternalPrincipal response = api.getUserExternalPrincipal(userId, principalId); + // TODO: test validations + } + + /** + * list user external policies + * + * + * + * @throws ApiException + * if the Api call fails + */ + @Test + public void listUserExternalPrincipalsTest() throws ApiException { + String userId = null; + String prefix = null; + String after = null; + Integer amount = null; + ExternalPrincipalList response = api.listUserExternalPrincipals(userId, prefix, after, amount); + // TODO: test validations + } + +} diff --git a/clients/java-legacy/src/test/java/io/lakefs/clients/api/model/ExternalPrincipalCreationTest.java b/clients/java-legacy/src/test/java/io/lakefs/clients/api/model/ExternalPrincipalCreationTest.java new file mode 100644 index 00000000000..807c66ac6c2 --- /dev/null +++ b/clients/java-legacy/src/test/java/io/lakefs/clients/api/model/ExternalPrincipalCreationTest.java @@ -0,0 +1,54 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.api.model; + +import com.google.gson.TypeAdapter; +import com.google.gson.annotations.JsonAdapter; +import com.google.gson.annotations.SerializedName; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import org.junit.Assert; +import org.junit.Ignore; +import org.junit.Test; + + +/** + * Model tests for ExternalPrincipalCreation + */ +public class ExternalPrincipalCreationTest { + private final ExternalPrincipalCreation model = new ExternalPrincipalCreation(); + + /** + * Model tests for ExternalPrincipalCreation + */ + @Test + public void testExternalPrincipalCreation() { + // TODO: test ExternalPrincipalCreation + } + + /** + * Test the property 'settings' + */ + @Test + public void settingsTest() { + // TODO: test settings + } + +} diff --git a/clients/java-legacy/src/test/java/io/lakefs/clients/api/model/ExternalPrincipalListTest.java b/clients/java-legacy/src/test/java/io/lakefs/clients/api/model/ExternalPrincipalListTest.java new file mode 100644 index 00000000000..f2715b63793 --- /dev/null +++ b/clients/java-legacy/src/test/java/io/lakefs/clients/api/model/ExternalPrincipalListTest.java @@ -0,0 +1,63 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.api.model; + +import com.google.gson.TypeAdapter; +import com.google.gson.annotations.JsonAdapter; +import com.google.gson.annotations.SerializedName; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import io.lakefs.clients.api.model.ExternalPrincipal; +import io.lakefs.clients.api.model.Pagination; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import org.junit.Assert; +import org.junit.Ignore; +import org.junit.Test; + + +/** + * Model tests for ExternalPrincipalList + */ +public class ExternalPrincipalListTest { + private final ExternalPrincipalList model = new ExternalPrincipalList(); + + /** + * Model tests for ExternalPrincipalList + */ + @Test + public void testExternalPrincipalList() { + // TODO: test ExternalPrincipalList + } + + /** + * Test the property 'pagination' + */ + @Test + public void paginationTest() { + // TODO: test pagination + } + + /** + * Test the property 'results' + */ + @Test + public void resultsTest() { + // TODO: test results + } + +} diff --git a/clients/java-legacy/src/test/java/io/lakefs/clients/api/model/ExternalPrincipalTest.java b/clients/java-legacy/src/test/java/io/lakefs/clients/api/model/ExternalPrincipalTest.java new file mode 100644 index 00000000000..b3325b9aaac --- /dev/null +++ b/clients/java-legacy/src/test/java/io/lakefs/clients/api/model/ExternalPrincipalTest.java @@ -0,0 +1,70 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.api.model; + +import com.google.gson.TypeAdapter; +import com.google.gson.annotations.JsonAdapter; +import com.google.gson.annotations.SerializedName; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import org.junit.Assert; +import org.junit.Ignore; +import org.junit.Test; + + +/** + * Model tests for ExternalPrincipal + */ +public class ExternalPrincipalTest { + private final ExternalPrincipal model = new ExternalPrincipal(); + + /** + * Model tests for ExternalPrincipal + */ + @Test + public void testExternalPrincipal() { + // TODO: test ExternalPrincipal + } + + /** + * Test the property 'id' + */ + @Test + public void idTest() { + // TODO: test id + } + + /** + * Test the property 'userId' + */ + @Test + public void userIdTest() { + // TODO: test userId + } + + /** + * Test the property 'settings' + */ + @Test + public void settingsTest() { + // TODO: test settings + } + +} diff --git a/clients/java/README.md b/clients/java/README.md index d9777df53e8..38b0e50eeed 100644 --- a/clients/java/README.md +++ b/clients/java/README.md @@ -154,11 +154,13 @@ Class | Method | HTTP request | Description *AuthApi* | [**createGroup**](docs/AuthApi.md#createGroup) | **POST** /auth/groups | create group *AuthApi* | [**createPolicy**](docs/AuthApi.md#createPolicy) | **POST** /auth/policies | create policy *AuthApi* | [**createUser**](docs/AuthApi.md#createUser) | **POST** /auth/users | create user +*AuthApi* | [**createUserExternalPrincipal**](docs/AuthApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user *AuthApi* | [**deleteCredentials**](docs/AuthApi.md#deleteCredentials) | **DELETE** /auth/users/{userId}/credentials/{accessKeyId} | delete credentials *AuthApi* | [**deleteGroup**](docs/AuthApi.md#deleteGroup) | **DELETE** /auth/groups/{groupId} | delete group *AuthApi* | [**deleteGroupMembership**](docs/AuthApi.md#deleteGroupMembership) | **DELETE** /auth/groups/{groupId}/members/{userId} | delete group membership *AuthApi* | [**deletePolicy**](docs/AuthApi.md#deletePolicy) | **DELETE** /auth/policies/{policyId} | delete policy *AuthApi* | [**deleteUser**](docs/AuthApi.md#deleteUser) | **DELETE** /auth/users/{userId} | delete user +*AuthApi* | [**deleteUserExternalPrincipal**](docs/AuthApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user *AuthApi* | [**detachPolicyFromGroup**](docs/AuthApi.md#detachPolicyFromGroup) | **DELETE** /auth/groups/{groupId}/policies/{policyId} | detach policy from group *AuthApi* | [**detachPolicyFromUser**](docs/AuthApi.md#detachPolicyFromUser) | **DELETE** /auth/users/{userId}/policies/{policyId} | detach policy from user *AuthApi* | [**getCredentials**](docs/AuthApi.md#getCredentials) | **GET** /auth/users/{userId}/credentials/{accessKeyId} | get credentials @@ -167,11 +169,13 @@ Class | Method | HTTP request | Description *AuthApi* | [**getGroupACL**](docs/AuthApi.md#getGroupACL) | **GET** /auth/groups/{groupId}/acl | get ACL of group *AuthApi* | [**getPolicy**](docs/AuthApi.md#getPolicy) | **GET** /auth/policies/{policyId} | get policy *AuthApi* | [**getUser**](docs/AuthApi.md#getUser) | **GET** /auth/users/{userId} | get user +*AuthApi* | [**getUserExternalPrincipal**](docs/AuthApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user *AuthApi* | [**listGroupMembers**](docs/AuthApi.md#listGroupMembers) | **GET** /auth/groups/{groupId}/members | list group members *AuthApi* | [**listGroupPolicies**](docs/AuthApi.md#listGroupPolicies) | **GET** /auth/groups/{groupId}/policies | list group policies *AuthApi* | [**listGroups**](docs/AuthApi.md#listGroups) | **GET** /auth/groups | list groups *AuthApi* | [**listPolicies**](docs/AuthApi.md#listPolicies) | **GET** /auth/policies | list policies *AuthApi* | [**listUserCredentials**](docs/AuthApi.md#listUserCredentials) | **GET** /auth/users/{userId}/credentials | list user credentials +*AuthApi* | [**listUserExternalPrincipals**](docs/AuthApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies *AuthApi* | [**listUserGroups**](docs/AuthApi.md#listUserGroups) | **GET** /auth/users/{userId}/groups | list user groups *AuthApi* | [**listUserPolicies**](docs/AuthApi.md#listUserPolicies) | **GET** /auth/users/{userId}/policies | list user policies *AuthApi* | [**listUsers**](docs/AuthApi.md#listUsers) | **GET** /auth/users | list users @@ -192,7 +196,15 @@ Class | Method | HTTP request | Description *ExperimentalApi* | [**abortPresignMultipartUpload**](docs/ExperimentalApi.md#abortPresignMultipartUpload) | **DELETE** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Abort a presign multipart upload *ExperimentalApi* | [**completePresignMultipartUpload**](docs/ExperimentalApi.md#completePresignMultipartUpload) | **PUT** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Complete a presign multipart upload request *ExperimentalApi* | [**createPresignMultipartUpload**](docs/ExperimentalApi.md#createPresignMultipartUpload) | **POST** /repositories/{repository}/branches/{branch}/staging/pmpu | Initiate a multipart upload +*ExperimentalApi* | [**createUserExternalPrincipal**](docs/ExperimentalApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user +*ExperimentalApi* | [**deleteUserExternalPrincipal**](docs/ExperimentalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user +*ExperimentalApi* | [**getUserExternalPrincipal**](docs/ExperimentalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user *ExperimentalApi* | [**hardResetBranch**](docs/ExperimentalApi.md#hardResetBranch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch +*ExperimentalApi* | [**listUserExternalPrincipals**](docs/ExperimentalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*ExternalApi* | [**createUserExternalPrincipal**](docs/ExternalApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user +*ExternalApi* | [**deleteUserExternalPrincipal**](docs/ExternalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user +*ExternalApi* | [**getUserExternalPrincipal**](docs/ExternalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user +*ExternalApi* | [**listUserExternalPrincipals**](docs/ExternalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies *HealthCheckApi* | [**healthCheck**](docs/HealthCheckApi.md#healthCheck) | **GET** /healthcheck | *ImportApi* | [**importCancel**](docs/ImportApi.md#importCancel) | **DELETE** /repositories/{repository}/branches/{branch}/import | cancel ongoing import *ImportApi* | [**importStart**](docs/ImportApi.md#importStart) | **POST** /repositories/{repository}/branches/{branch}/import | import data from object store @@ -288,6 +300,9 @@ Class | Method | HTTP request | Description - [DiffList](docs/DiffList.md) - [Error](docs/Error.md) - [ErrorNoACL](docs/ErrorNoACL.md) + - [ExternalPrincipal](docs/ExternalPrincipal.md) + - [ExternalPrincipalCreation](docs/ExternalPrincipalCreation.md) + - [ExternalPrincipalList](docs/ExternalPrincipalList.md) - [FindMergeBaseResult](docs/FindMergeBaseResult.md) - [GarbageCollectionConfig](docs/GarbageCollectionConfig.md) - [GarbageCollectionPrepareResponse](docs/GarbageCollectionPrepareResponse.md) diff --git a/clients/java/api/openapi.yaml b/clients/java/api/openapi.yaml index d04c45908fb..90ac8e13a34 100644 --- a/clients/java/api/openapi.yaml +++ b/clients/java/api/openapi.yaml @@ -1378,6 +1378,227 @@ paths: tags: - auth x-accepts: application/json + /auth/users/{userId}/external/principal/{principalId}: + delete: + operationId: deleteUserExternalPrincipal + parameters: + - explode: false + in: path + name: userId + required: true + schema: + type: string + style: simple + - explode: false + in: path + name: principalId + required: true + schema: + type: string + style: simple + responses: + "204": + description: external principal detached successfully + "401": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Unauthorized + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Resource Not Found + "420": + description: too many requests + default: + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Internal Server Error + summary: delete external principal from user + tags: + - auth + - external + - experimental + x-accepts: application/json + get: + operationId: getUserExternalPrincipal + parameters: + - explode: false + in: path + name: userId + required: true + schema: + type: string + style: simple + - explode: false + in: path + name: principalId + required: true + schema: + type: string + style: simple + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ExternalPrincipal' + description: external principal + "401": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Unauthorized + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Resource Not Found + "420": + description: too many requests + default: + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Internal Server Error + summary: get external principal of a user + tags: + - auth + - external + - experimental + x-accepts: application/json + post: + operationId: createUserExternalPrincipal + parameters: + - explode: false + in: path + name: userId + required: true + schema: + type: string + style: simple + - explode: false + in: path + name: principalId + required: true + schema: + type: string + style: simple + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/ExternalPrincipalCreation' + required: true + responses: + "201": + description: external principal attached successfully + "401": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Unauthorized + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Resource Not Found + "420": + description: too many requests + default: + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Internal Server Error + summary: attach external principal to user + tags: + - auth + - external + - experimental + x-content-type: application/json + x-accepts: application/json + /auth/users/{userId}/external/principals: + get: + operationId: listUserExternalPrincipals + parameters: + - explode: false + in: path + name: userId + required: true + schema: + type: string + style: simple + - description: return items prefixed with this value + explode: true + in: query + name: prefix + required: false + schema: + type: string + style: form + - description: return items after this value + explode: true + in: query + name: after + required: false + schema: + type: string + style: form + - description: how many items to return + explode: true + in: query + name: amount + required: false + schema: + default: 100 + maximum: 1000 + minimum: -1 + type: integer + style: form + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/ExternalPrincipalList' + description: external principals list + "401": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Unauthorized + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Resource Not Found + "420": + description: too many requests + default: + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Internal Server Error + summary: list user external policies + tags: + - auth + - external + - experimental + x-accepts: application/json /auth/groups/{groupId}/policies: get: operationId: listGroupPolicies @@ -8711,6 +8932,74 @@ components: - installation_id - reports type: object + ExternalPrincipalList: + example: + pagination: + max_per_page: 0 + has_more: true + next_offset: next_offset + results: 0 + results: + - settings: + - null + - null + user_id: user_id + id: id + - settings: + - null + - null + user_id: user_id + id: id + properties: + pagination: + $ref: '#/components/schemas/Pagination' + results: + items: + $ref: '#/components/schemas/ExternalPrincipal' + type: array + required: + - pagination + - results + type: object + ExternalPrincipalSettings: + additionalProperties: + type: string + description: Additional settings to be consumed by the remote authenticator + type: object + ExternalPrincipalCreation: + example: + settings: + - null + - null + properties: + settings: + items: + $ref: '#/components/schemas/ExternalPrincipalSettings' + type: array + type: object + ExternalPrincipal: + example: + settings: + - null + - null + user_id: user_id + id: id + properties: + id: + description: A unique identifier for the external principal + type: string + user_id: + description: | + lakeFS user ID to associate with an external principal. + type: string + settings: + items: + $ref: '#/components/schemas/ExternalPrincipalSettings' + type: array + required: + - id + - user_id + type: object uploadObject_request: properties: content: diff --git a/clients/java/docs/AuthApi.md b/clients/java/docs/AuthApi.md index 725123cdc50..fea8756359b 100644 --- a/clients/java/docs/AuthApi.md +++ b/clients/java/docs/AuthApi.md @@ -11,11 +11,13 @@ All URIs are relative to */api/v1* | [**createGroup**](AuthApi.md#createGroup) | **POST** /auth/groups | create group | | [**createPolicy**](AuthApi.md#createPolicy) | **POST** /auth/policies | create policy | | [**createUser**](AuthApi.md#createUser) | **POST** /auth/users | create user | +| [**createUserExternalPrincipal**](AuthApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user | | [**deleteCredentials**](AuthApi.md#deleteCredentials) | **DELETE** /auth/users/{userId}/credentials/{accessKeyId} | delete credentials | | [**deleteGroup**](AuthApi.md#deleteGroup) | **DELETE** /auth/groups/{groupId} | delete group | | [**deleteGroupMembership**](AuthApi.md#deleteGroupMembership) | **DELETE** /auth/groups/{groupId}/members/{userId} | delete group membership | | [**deletePolicy**](AuthApi.md#deletePolicy) | **DELETE** /auth/policies/{policyId} | delete policy | | [**deleteUser**](AuthApi.md#deleteUser) | **DELETE** /auth/users/{userId} | delete user | +| [**deleteUserExternalPrincipal**](AuthApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user | | [**detachPolicyFromGroup**](AuthApi.md#detachPolicyFromGroup) | **DELETE** /auth/groups/{groupId}/policies/{policyId} | detach policy from group | | [**detachPolicyFromUser**](AuthApi.md#detachPolicyFromUser) | **DELETE** /auth/users/{userId}/policies/{policyId} | detach policy from user | | [**getCredentials**](AuthApi.md#getCredentials) | **GET** /auth/users/{userId}/credentials/{accessKeyId} | get credentials | @@ -24,11 +26,13 @@ All URIs are relative to */api/v1* | [**getGroupACL**](AuthApi.md#getGroupACL) | **GET** /auth/groups/{groupId}/acl | get ACL of group | | [**getPolicy**](AuthApi.md#getPolicy) | **GET** /auth/policies/{policyId} | get policy | | [**getUser**](AuthApi.md#getUser) | **GET** /auth/users/{userId} | get user | +| [**getUserExternalPrincipal**](AuthApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user | | [**listGroupMembers**](AuthApi.md#listGroupMembers) | **GET** /auth/groups/{groupId}/members | list group members | | [**listGroupPolicies**](AuthApi.md#listGroupPolicies) | **GET** /auth/groups/{groupId}/policies | list group policies | | [**listGroups**](AuthApi.md#listGroups) | **GET** /auth/groups | list groups | | [**listPolicies**](AuthApi.md#listPolicies) | **GET** /auth/policies | list policies | | [**listUserCredentials**](AuthApi.md#listUserCredentials) | **GET** /auth/users/{userId}/credentials | list user credentials | +| [**listUserExternalPrincipals**](AuthApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies | | [**listUserGroups**](AuthApi.md#listUserGroups) | **GET** /auth/users/{userId}/groups | list user groups | | [**listUserPolicies**](AuthApi.md#listUserPolicies) | **GET** /auth/users/{userId}/policies | list user policies | | [**listUsers**](AuthApi.md#listUsers) | **GET** /auth/users | list users | @@ -695,6 +699,102 @@ public class Example { | **420** | too many requests | - | | **0** | Internal Server Error | - | + +# **createUserExternalPrincipal** +> createUserExternalPrincipal(userId, principalId, externalPrincipalCreation).execute(); + +attach external principal to user + +### Example +```java +// Import classes: +import io.lakefs.clients.sdk.ApiClient; +import io.lakefs.clients.sdk.ApiException; +import io.lakefs.clients.sdk.Configuration; +import io.lakefs.clients.sdk.auth.*; +import io.lakefs.clients.sdk.models.*; +import io.lakefs.clients.sdk.AuthApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + AuthApi apiInstance = new AuthApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + ExternalPrincipalCreation externalPrincipalCreation = new ExternalPrincipalCreation(); // ExternalPrincipalCreation | + try { + apiInstance.createUserExternalPrincipal(userId, principalId, externalPrincipalCreation) + .execute(); + } catch (ApiException e) { + System.err.println("Exception when calling AuthApi#createUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +| Name | Type | Description | Notes | +|------------- | ------------- | ------------- | -------------| +| **userId** | **String**| | | +| **principalId** | **String**| | | +| **externalPrincipalCreation** | [**ExternalPrincipalCreation**](ExternalPrincipalCreation.md)| | | + +### Return type + +null (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +| **201** | external principal attached successfully | - | +| **401** | Unauthorized | - | +| **404** | Resource Not Found | - | +| **420** | too many requests | - | +| **0** | Internal Server Error | - | + # **deleteCredentials** > deleteCredentials(userId, accessKeyId).execute(); @@ -1159,6 +1259,100 @@ null (empty response body) | **420** | too many requests | - | | **0** | Internal Server Error | - | + +# **deleteUserExternalPrincipal** +> deleteUserExternalPrincipal(userId, principalId).execute(); + +delete external principal from user + +### Example +```java +// Import classes: +import io.lakefs.clients.sdk.ApiClient; +import io.lakefs.clients.sdk.ApiException; +import io.lakefs.clients.sdk.Configuration; +import io.lakefs.clients.sdk.auth.*; +import io.lakefs.clients.sdk.models.*; +import io.lakefs.clients.sdk.AuthApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + AuthApi apiInstance = new AuthApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + try { + apiInstance.deleteUserExternalPrincipal(userId, principalId) + .execute(); + } catch (ApiException e) { + System.err.println("Exception when calling AuthApi#deleteUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +| Name | Type | Description | Notes | +|------------- | ------------- | ------------- | -------------| +| **userId** | **String**| | | +| **principalId** | **String**| | | + +### Return type + +null (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +| **204** | external principal detached successfully | - | +| **401** | Unauthorized | - | +| **404** | Resource Not Found | - | +| **420** | too many requests | - | +| **0** | Internal Server Error | - | + # **detachPolicyFromGroup** > detachPolicyFromGroup(groupId, policyId).execute(); @@ -1899,6 +2093,101 @@ public class Example { | **420** | too many requests | - | | **0** | Internal Server Error | - | + +# **getUserExternalPrincipal** +> ExternalPrincipal getUserExternalPrincipal(userId, principalId).execute(); + +get external principal of a user + +### Example +```java +// Import classes: +import io.lakefs.clients.sdk.ApiClient; +import io.lakefs.clients.sdk.ApiException; +import io.lakefs.clients.sdk.Configuration; +import io.lakefs.clients.sdk.auth.*; +import io.lakefs.clients.sdk.models.*; +import io.lakefs.clients.sdk.AuthApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + AuthApi apiInstance = new AuthApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + try { + ExternalPrincipal result = apiInstance.getUserExternalPrincipal(userId, principalId) + .execute(); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling AuthApi#getUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +| Name | Type | Description | Notes | +|------------- | ------------- | ------------- | -------------| +| **userId** | **String**| | | +| **principalId** | **String**| | | + +### Return type + +[**ExternalPrincipal**](ExternalPrincipal.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +| **200** | external principal | - | +| **401** | Unauthorized | - | +| **404** | Resource Not Found | - | +| **420** | too many requests | - | +| **0** | Internal Server Error | - | + # **listGroupMembers** > UserList listGroupMembers(groupId).prefix(prefix).after(after).amount(amount).execute(); @@ -2402,6 +2691,108 @@ public class Example { | **420** | too many requests | - | | **0** | Internal Server Error | - | + +# **listUserExternalPrincipals** +> ExternalPrincipalList listUserExternalPrincipals(userId).prefix(prefix).after(after).amount(amount).execute(); + +list user external policies + +### Example +```java +// Import classes: +import io.lakefs.clients.sdk.ApiClient; +import io.lakefs.clients.sdk.ApiException; +import io.lakefs.clients.sdk.Configuration; +import io.lakefs.clients.sdk.auth.*; +import io.lakefs.clients.sdk.models.*; +import io.lakefs.clients.sdk.AuthApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + AuthApi apiInstance = new AuthApi(defaultClient); + String userId = "userId_example"; // String | + String prefix = "prefix_example"; // String | return items prefixed with this value + String after = "after_example"; // String | return items after this value + Integer amount = 100; // Integer | how many items to return + try { + ExternalPrincipalList result = apiInstance.listUserExternalPrincipals(userId) + .prefix(prefix) + .after(after) + .amount(amount) + .execute(); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling AuthApi#listUserExternalPrincipals"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +| Name | Type | Description | Notes | +|------------- | ------------- | ------------- | -------------| +| **userId** | **String**| | | +| **prefix** | **String**| return items prefixed with this value | [optional] | +| **after** | **String**| return items after this value | [optional] | +| **amount** | **Integer**| how many items to return | [optional] [default to 100] | + +### Return type + +[**ExternalPrincipalList**](ExternalPrincipalList.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +| **200** | external principals list | - | +| **401** | Unauthorized | - | +| **404** | Resource Not Found | - | +| **420** | too many requests | - | +| **0** | Internal Server Error | - | + # **listUserGroups** > GroupList listUserGroups(userId).prefix(prefix).after(after).amount(amount).execute(); diff --git a/clients/java/docs/ExperimentalApi.md b/clients/java/docs/ExperimentalApi.md index 8f4aaa61f07..99f1d9920c0 100644 --- a/clients/java/docs/ExperimentalApi.md +++ b/clients/java/docs/ExperimentalApi.md @@ -7,7 +7,11 @@ All URIs are relative to */api/v1* | [**abortPresignMultipartUpload**](ExperimentalApi.md#abortPresignMultipartUpload) | **DELETE** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Abort a presign multipart upload | | [**completePresignMultipartUpload**](ExperimentalApi.md#completePresignMultipartUpload) | **PUT** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Complete a presign multipart upload request | | [**createPresignMultipartUpload**](ExperimentalApi.md#createPresignMultipartUpload) | **POST** /repositories/{repository}/branches/{branch}/staging/pmpu | Initiate a multipart upload | +| [**createUserExternalPrincipal**](ExperimentalApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user | +| [**deleteUserExternalPrincipal**](ExperimentalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user | +| [**getUserExternalPrincipal**](ExperimentalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user | | [**hardResetBranch**](ExperimentalApi.md#hardResetBranch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch | +| [**listUserExternalPrincipals**](ExperimentalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies | @@ -323,6 +327,291 @@ public class Example { | **420** | too many requests | - | | **0** | Internal Server Error | - | + +# **createUserExternalPrincipal** +> createUserExternalPrincipal(userId, principalId, externalPrincipalCreation).execute(); + +attach external principal to user + +### Example +```java +// Import classes: +import io.lakefs.clients.sdk.ApiClient; +import io.lakefs.clients.sdk.ApiException; +import io.lakefs.clients.sdk.Configuration; +import io.lakefs.clients.sdk.auth.*; +import io.lakefs.clients.sdk.models.*; +import io.lakefs.clients.sdk.ExperimentalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + ExperimentalApi apiInstance = new ExperimentalApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + ExternalPrincipalCreation externalPrincipalCreation = new ExternalPrincipalCreation(); // ExternalPrincipalCreation | + try { + apiInstance.createUserExternalPrincipal(userId, principalId, externalPrincipalCreation) + .execute(); + } catch (ApiException e) { + System.err.println("Exception when calling ExperimentalApi#createUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +| Name | Type | Description | Notes | +|------------- | ------------- | ------------- | -------------| +| **userId** | **String**| | | +| **principalId** | **String**| | | +| **externalPrincipalCreation** | [**ExternalPrincipalCreation**](ExternalPrincipalCreation.md)| | | + +### Return type + +null (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +| **201** | external principal attached successfully | - | +| **401** | Unauthorized | - | +| **404** | Resource Not Found | - | +| **420** | too many requests | - | +| **0** | Internal Server Error | - | + + +# **deleteUserExternalPrincipal** +> deleteUserExternalPrincipal(userId, principalId).execute(); + +delete external principal from user + +### Example +```java +// Import classes: +import io.lakefs.clients.sdk.ApiClient; +import io.lakefs.clients.sdk.ApiException; +import io.lakefs.clients.sdk.Configuration; +import io.lakefs.clients.sdk.auth.*; +import io.lakefs.clients.sdk.models.*; +import io.lakefs.clients.sdk.ExperimentalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + ExperimentalApi apiInstance = new ExperimentalApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + try { + apiInstance.deleteUserExternalPrincipal(userId, principalId) + .execute(); + } catch (ApiException e) { + System.err.println("Exception when calling ExperimentalApi#deleteUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +| Name | Type | Description | Notes | +|------------- | ------------- | ------------- | -------------| +| **userId** | **String**| | | +| **principalId** | **String**| | | + +### Return type + +null (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +| **204** | external principal detached successfully | - | +| **401** | Unauthorized | - | +| **404** | Resource Not Found | - | +| **420** | too many requests | - | +| **0** | Internal Server Error | - | + + +# **getUserExternalPrincipal** +> ExternalPrincipal getUserExternalPrincipal(userId, principalId).execute(); + +get external principal of a user + +### Example +```java +// Import classes: +import io.lakefs.clients.sdk.ApiClient; +import io.lakefs.clients.sdk.ApiException; +import io.lakefs.clients.sdk.Configuration; +import io.lakefs.clients.sdk.auth.*; +import io.lakefs.clients.sdk.models.*; +import io.lakefs.clients.sdk.ExperimentalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + ExperimentalApi apiInstance = new ExperimentalApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + try { + ExternalPrincipal result = apiInstance.getUserExternalPrincipal(userId, principalId) + .execute(); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling ExperimentalApi#getUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +| Name | Type | Description | Notes | +|------------- | ------------- | ------------- | -------------| +| **userId** | **String**| | | +| **principalId** | **String**| | | + +### Return type + +[**ExternalPrincipal**](ExternalPrincipal.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +| **200** | external principal | - | +| **401** | Unauthorized | - | +| **404** | Resource Not Found | - | +| **420** | too many requests | - | +| **0** | Internal Server Error | - | + # **hardResetBranch** > hardResetBranch(repository, branch, ref).force(force).execute(); @@ -426,3 +715,105 @@ null (empty response body) | **420** | too many requests | - | | **0** | Internal Server Error | - | + +# **listUserExternalPrincipals** +> ExternalPrincipalList listUserExternalPrincipals(userId).prefix(prefix).after(after).amount(amount).execute(); + +list user external policies + +### Example +```java +// Import classes: +import io.lakefs.clients.sdk.ApiClient; +import io.lakefs.clients.sdk.ApiException; +import io.lakefs.clients.sdk.Configuration; +import io.lakefs.clients.sdk.auth.*; +import io.lakefs.clients.sdk.models.*; +import io.lakefs.clients.sdk.ExperimentalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + ExperimentalApi apiInstance = new ExperimentalApi(defaultClient); + String userId = "userId_example"; // String | + String prefix = "prefix_example"; // String | return items prefixed with this value + String after = "after_example"; // String | return items after this value + Integer amount = 100; // Integer | how many items to return + try { + ExternalPrincipalList result = apiInstance.listUserExternalPrincipals(userId) + .prefix(prefix) + .after(after) + .amount(amount) + .execute(); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling ExperimentalApi#listUserExternalPrincipals"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +| Name | Type | Description | Notes | +|------------- | ------------- | ------------- | -------------| +| **userId** | **String**| | | +| **prefix** | **String**| return items prefixed with this value | [optional] | +| **after** | **String**| return items after this value | [optional] | +| **amount** | **Integer**| how many items to return | [optional] [default to 100] | + +### Return type + +[**ExternalPrincipalList**](ExternalPrincipalList.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +| **200** | external principals list | - | +| **401** | Unauthorized | - | +| **404** | Resource Not Found | - | +| **420** | too many requests | - | +| **0** | Internal Server Error | - | + diff --git a/clients/java/docs/ExternalApi.md b/clients/java/docs/ExternalApi.md new file mode 100644 index 00000000000..3a669e736a3 --- /dev/null +++ b/clients/java/docs/ExternalApi.md @@ -0,0 +1,399 @@ +# ExternalApi + +All URIs are relative to */api/v1* + +| Method | HTTP request | Description | +|------------- | ------------- | -------------| +| [**createUserExternalPrincipal**](ExternalApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user | +| [**deleteUserExternalPrincipal**](ExternalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user | +| [**getUserExternalPrincipal**](ExternalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user | +| [**listUserExternalPrincipals**](ExternalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies | + + + +# **createUserExternalPrincipal** +> createUserExternalPrincipal(userId, principalId, externalPrincipalCreation).execute(); + +attach external principal to user + +### Example +```java +// Import classes: +import io.lakefs.clients.sdk.ApiClient; +import io.lakefs.clients.sdk.ApiException; +import io.lakefs.clients.sdk.Configuration; +import io.lakefs.clients.sdk.auth.*; +import io.lakefs.clients.sdk.models.*; +import io.lakefs.clients.sdk.ExternalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + ExternalApi apiInstance = new ExternalApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + ExternalPrincipalCreation externalPrincipalCreation = new ExternalPrincipalCreation(); // ExternalPrincipalCreation | + try { + apiInstance.createUserExternalPrincipal(userId, principalId, externalPrincipalCreation) + .execute(); + } catch (ApiException e) { + System.err.println("Exception when calling ExternalApi#createUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +| Name | Type | Description | Notes | +|------------- | ------------- | ------------- | -------------| +| **userId** | **String**| | | +| **principalId** | **String**| | | +| **externalPrincipalCreation** | [**ExternalPrincipalCreation**](ExternalPrincipalCreation.md)| | | + +### Return type + +null (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +| **201** | external principal attached successfully | - | +| **401** | Unauthorized | - | +| **404** | Resource Not Found | - | +| **420** | too many requests | - | +| **0** | Internal Server Error | - | + + +# **deleteUserExternalPrincipal** +> deleteUserExternalPrincipal(userId, principalId).execute(); + +delete external principal from user + +### Example +```java +// Import classes: +import io.lakefs.clients.sdk.ApiClient; +import io.lakefs.clients.sdk.ApiException; +import io.lakefs.clients.sdk.Configuration; +import io.lakefs.clients.sdk.auth.*; +import io.lakefs.clients.sdk.models.*; +import io.lakefs.clients.sdk.ExternalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + ExternalApi apiInstance = new ExternalApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + try { + apiInstance.deleteUserExternalPrincipal(userId, principalId) + .execute(); + } catch (ApiException e) { + System.err.println("Exception when calling ExternalApi#deleteUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +| Name | Type | Description | Notes | +|------------- | ------------- | ------------- | -------------| +| **userId** | **String**| | | +| **principalId** | **String**| | | + +### Return type + +null (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +| **204** | external principal detached successfully | - | +| **401** | Unauthorized | - | +| **404** | Resource Not Found | - | +| **420** | too many requests | - | +| **0** | Internal Server Error | - | + + +# **getUserExternalPrincipal** +> ExternalPrincipal getUserExternalPrincipal(userId, principalId).execute(); + +get external principal of a user + +### Example +```java +// Import classes: +import io.lakefs.clients.sdk.ApiClient; +import io.lakefs.clients.sdk.ApiException; +import io.lakefs.clients.sdk.Configuration; +import io.lakefs.clients.sdk.auth.*; +import io.lakefs.clients.sdk.models.*; +import io.lakefs.clients.sdk.ExternalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + ExternalApi apiInstance = new ExternalApi(defaultClient); + String userId = "userId_example"; // String | + String principalId = "principalId_example"; // String | + try { + ExternalPrincipal result = apiInstance.getUserExternalPrincipal(userId, principalId) + .execute(); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling ExternalApi#getUserExternalPrincipal"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +| Name | Type | Description | Notes | +|------------- | ------------- | ------------- | -------------| +| **userId** | **String**| | | +| **principalId** | **String**| | | + +### Return type + +[**ExternalPrincipal**](ExternalPrincipal.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +| **200** | external principal | - | +| **401** | Unauthorized | - | +| **404** | Resource Not Found | - | +| **420** | too many requests | - | +| **0** | Internal Server Error | - | + + +# **listUserExternalPrincipals** +> ExternalPrincipalList listUserExternalPrincipals(userId).prefix(prefix).after(after).amount(amount).execute(); + +list user external policies + +### Example +```java +// Import classes: +import io.lakefs.clients.sdk.ApiClient; +import io.lakefs.clients.sdk.ApiException; +import io.lakefs.clients.sdk.Configuration; +import io.lakefs.clients.sdk.auth.*; +import io.lakefs.clients.sdk.models.*; +import io.lakefs.clients.sdk.ExternalApi; + +public class Example { + public static void main(String[] args) { + ApiClient defaultClient = Configuration.getDefaultApiClient(); + defaultClient.setBasePath("/api/v1"); + + // Configure HTTP basic authorization: basic_auth + HttpBasicAuth basic_auth = (HttpBasicAuth) defaultClient.getAuthentication("basic_auth"); + basic_auth.setUsername("YOUR USERNAME"); + basic_auth.setPassword("YOUR PASSWORD"); + + // Configure API key authorization: cookie_auth + ApiKeyAuth cookie_auth = (ApiKeyAuth) defaultClient.getAuthentication("cookie_auth"); + cookie_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //cookie_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: oidc_auth + ApiKeyAuth oidc_auth = (ApiKeyAuth) defaultClient.getAuthentication("oidc_auth"); + oidc_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //oidc_auth.setApiKeyPrefix("Token"); + + // Configure API key authorization: saml_auth + ApiKeyAuth saml_auth = (ApiKeyAuth) defaultClient.getAuthentication("saml_auth"); + saml_auth.setApiKey("YOUR API KEY"); + // Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null) + //saml_auth.setApiKeyPrefix("Token"); + + // Configure HTTP bearer authorization: jwt_token + HttpBearerAuth jwt_token = (HttpBearerAuth) defaultClient.getAuthentication("jwt_token"); + jwt_token.setBearerToken("BEARER TOKEN"); + + ExternalApi apiInstance = new ExternalApi(defaultClient); + String userId = "userId_example"; // String | + String prefix = "prefix_example"; // String | return items prefixed with this value + String after = "after_example"; // String | return items after this value + Integer amount = 100; // Integer | how many items to return + try { + ExternalPrincipalList result = apiInstance.listUserExternalPrincipals(userId) + .prefix(prefix) + .after(after) + .amount(amount) + .execute(); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling ExternalApi#listUserExternalPrincipals"); + System.err.println("Status code: " + e.getCode()); + System.err.println("Reason: " + e.getResponseBody()); + System.err.println("Response headers: " + e.getResponseHeaders()); + e.printStackTrace(); + } + } +} +``` + +### Parameters + +| Name | Type | Description | Notes | +|------------- | ------------- | ------------- | -------------| +| **userId** | **String**| | | +| **prefix** | **String**| return items prefixed with this value | [optional] | +| **after** | **String**| return items after this value | [optional] | +| **amount** | **Integer**| how many items to return | [optional] [default to 100] | + +### Return type + +[**ExternalPrincipalList**](ExternalPrincipalList.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details +| Status code | Description | Response headers | +|-------------|-------------|------------------| +| **200** | external principals list | - | +| **401** | Unauthorized | - | +| **404** | Resource Not Found | - | +| **420** | too many requests | - | +| **0** | Internal Server Error | - | + diff --git a/clients/java/docs/ExternalPrincipal.md b/clients/java/docs/ExternalPrincipal.md new file mode 100644 index 00000000000..961b2b990fc --- /dev/null +++ b/clients/java/docs/ExternalPrincipal.md @@ -0,0 +1,15 @@ + + +# ExternalPrincipal + + +## Properties + +| Name | Type | Description | Notes | +|------------ | ------------- | ------------- | -------------| +|**id** | **String** | A unique identifier for the external principal | | +|**userId** | **String** | lakeFS user ID to associate with an external principal. | | +|**settings** | **List<Map<String, String>>** | | [optional] | + + + diff --git a/clients/java/docs/ExternalPrincipalCreation.md b/clients/java/docs/ExternalPrincipalCreation.md new file mode 100644 index 00000000000..51970cfad4f --- /dev/null +++ b/clients/java/docs/ExternalPrincipalCreation.md @@ -0,0 +1,13 @@ + + +# ExternalPrincipalCreation + + +## Properties + +| Name | Type | Description | Notes | +|------------ | ------------- | ------------- | -------------| +|**settings** | **List<Map<String, String>>** | | [optional] | + + + diff --git a/clients/java/docs/ExternalPrincipalList.md b/clients/java/docs/ExternalPrincipalList.md new file mode 100644 index 00000000000..0d4df329925 --- /dev/null +++ b/clients/java/docs/ExternalPrincipalList.md @@ -0,0 +1,14 @@ + + +# ExternalPrincipalList + + +## Properties + +| Name | Type | Description | Notes | +|------------ | ------------- | ------------- | -------------| +|**pagination** | [**Pagination**](Pagination.md) | | | +|**results** | [**List<ExternalPrincipal>**](ExternalPrincipal.md) | | | + + + diff --git a/clients/java/src/main/java/io/lakefs/clients/sdk/AuthApi.java b/clients/java/src/main/java/io/lakefs/clients/sdk/AuthApi.java index 7253da185df..ceeeab23ad4 100644 --- a/clients/java/src/main/java/io/lakefs/clients/sdk/AuthApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/sdk/AuthApi.java @@ -35,6 +35,9 @@ import io.lakefs.clients.sdk.model.CurrentUser; import io.lakefs.clients.sdk.model.Error; import io.lakefs.clients.sdk.model.ErrorNoACL; +import io.lakefs.clients.sdk.model.ExternalPrincipal; +import io.lakefs.clients.sdk.model.ExternalPrincipalCreation; +import io.lakefs.clients.sdk.model.ExternalPrincipalList; import io.lakefs.clients.sdk.model.Group; import io.lakefs.clients.sdk.model.GroupCreation; import io.lakefs.clients.sdk.model.GroupList; @@ -1323,6 +1326,192 @@ public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiEx public APIcreateUserRequest createUser() { return new APIcreateUserRequest(); } + private okhttp3.Call createUserExternalPrincipalCall(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + String basePath = null; + // Operation Servers + String[] localBasePaths = new String[] { }; + + // Determine Base Path to Use + if (localCustomBaseUrl != null){ + basePath = localCustomBaseUrl; + } else if ( localBasePaths.length > 0 ) { + basePath = localBasePaths[localHostIndex]; + } else { + basePath = null; + } + + Object localVarPostBody = externalPrincipalCreation; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replace("{" + "userId" + "}", localVarApiClient.escapeString(userId.toString())) + .replace("{" + "principalId" + "}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + "application/json" + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + if (localVarContentType != null) { + localVarHeaderParams.put("Content-Type", localVarContentType); + } + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "oidc_auth", "saml_auth", "jwt_token" }; + return localVarApiClient.buildCall(basePath, localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call createUserExternalPrincipalValidateBeforeCall(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling createUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling createUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'externalPrincipalCreation' is set + if (externalPrincipalCreation == null) { + throw new ApiException("Missing the required parameter 'externalPrincipalCreation' when calling createUserExternalPrincipal(Async)"); + } + + return createUserExternalPrincipalCall(userId, principalId, externalPrincipalCreation, _callback); + + } + + + private ApiResponse createUserExternalPrincipalWithHttpInfo(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) throws ApiException { + okhttp3.Call localVarCall = createUserExternalPrincipalValidateBeforeCall(userId, principalId, externalPrincipalCreation, null); + return localVarApiClient.execute(localVarCall); + } + + private okhttp3.Call createUserExternalPrincipalAsync(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = createUserExternalPrincipalValidateBeforeCall(userId, principalId, externalPrincipalCreation, _callback); + localVarApiClient.executeAsync(localVarCall, _callback); + return localVarCall; + } + + public class APIcreateUserExternalPrincipalRequest { + private final String userId; + private final String principalId; + private final ExternalPrincipalCreation externalPrincipalCreation; + + private APIcreateUserExternalPrincipalRequest(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) { + this.userId = userId; + this.principalId = principalId; + this.externalPrincipalCreation = externalPrincipalCreation; + } + + /** + * Build call for createUserExternalPrincipal + * @param _callback ApiCallback API callback + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { + return createUserExternalPrincipalCall(userId, principalId, externalPrincipalCreation, _callback); + } + + /** + * Execute createUserExternalPrincipal request + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public void execute() throws ApiException { + createUserExternalPrincipalWithHttpInfo(userId, principalId, externalPrincipalCreation); + } + + /** + * Execute createUserExternalPrincipal request with HTTP info returned + * @return ApiResponse<Void> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse executeWithHttpInfo() throws ApiException { + return createUserExternalPrincipalWithHttpInfo(userId, principalId, externalPrincipalCreation); + } + + /** + * Execute createUserExternalPrincipal request (asynchronously) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { + return createUserExternalPrincipalAsync(userId, principalId, externalPrincipalCreation, _callback); + } + } + + /** + * attach external principal to user + * + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @return APIcreateUserExternalPrincipalRequest + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public APIcreateUserExternalPrincipalRequest createUserExternalPrincipal(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) { + return new APIcreateUserExternalPrincipalRequest(userId, principalId, externalPrincipalCreation); + } private okhttp3.Call deleteCredentialsCall(String userId, String accessKeyId, final ApiCallback _callback) throws ApiException { String basePath = null; // Operation Servers @@ -2181,6 +2370,183 @@ public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiEx public APIdeleteUserRequest deleteUser(String userId) { return new APIdeleteUserRequest(userId); } + private okhttp3.Call deleteUserExternalPrincipalCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + String basePath = null; + // Operation Servers + String[] localBasePaths = new String[] { }; + + // Determine Base Path to Use + if (localCustomBaseUrl != null){ + basePath = localCustomBaseUrl; + } else if ( localBasePaths.length > 0 ) { + basePath = localBasePaths[localHostIndex]; + } else { + basePath = null; + } + + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replace("{" + "userId" + "}", localVarApiClient.escapeString(userId.toString())) + .replace("{" + "principalId" + "}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + if (localVarContentType != null) { + localVarHeaderParams.put("Content-Type", localVarContentType); + } + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "oidc_auth", "saml_auth", "jwt_token" }; + return localVarApiClient.buildCall(basePath, localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call deleteUserExternalPrincipalValidateBeforeCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling deleteUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling deleteUserExternalPrincipal(Async)"); + } + + return deleteUserExternalPrincipalCall(userId, principalId, _callback); + + } + + + private ApiResponse deleteUserExternalPrincipalWithHttpInfo(String userId, String principalId) throws ApiException { + okhttp3.Call localVarCall = deleteUserExternalPrincipalValidateBeforeCall(userId, principalId, null); + return localVarApiClient.execute(localVarCall); + } + + private okhttp3.Call deleteUserExternalPrincipalAsync(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = deleteUserExternalPrincipalValidateBeforeCall(userId, principalId, _callback); + localVarApiClient.executeAsync(localVarCall, _callback); + return localVarCall; + } + + public class APIdeleteUserExternalPrincipalRequest { + private final String userId; + private final String principalId; + + private APIdeleteUserExternalPrincipalRequest(String userId, String principalId) { + this.userId = userId; + this.principalId = principalId; + } + + /** + * Build call for deleteUserExternalPrincipal + * @param _callback ApiCallback API callback + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { + return deleteUserExternalPrincipalCall(userId, principalId, _callback); + } + + /** + * Execute deleteUserExternalPrincipal request + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public void execute() throws ApiException { + deleteUserExternalPrincipalWithHttpInfo(userId, principalId); + } + + /** + * Execute deleteUserExternalPrincipal request with HTTP info returned + * @return ApiResponse<Void> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse executeWithHttpInfo() throws ApiException { + return deleteUserExternalPrincipalWithHttpInfo(userId, principalId); + } + + /** + * Execute deleteUserExternalPrincipal request (asynchronously) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { + return deleteUserExternalPrincipalAsync(userId, principalId, _callback); + } + } + + /** + * delete external principal from user + * + * @param userId (required) + * @param principalId (required) + * @return APIdeleteUserExternalPrincipalRequest + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public APIdeleteUserExternalPrincipalRequest deleteUserExternalPrincipal(String userId, String principalId) { + return new APIdeleteUserExternalPrincipalRequest(userId, principalId); + } private okhttp3.Call detachPolicyFromGroupCall(String groupId, String policyId, final ApiCallback _callback) throws ApiException { String basePath = null; // Operation Servers @@ -3301,81 +3667,253 @@ public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { } /** - * Execute getPolicy request - * @return Policy + * Execute getPolicy request + * @return Policy + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 policy -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public Policy execute() throws ApiException { + ApiResponse localVarResp = getPolicyWithHttpInfo(policyId); + return localVarResp.getData(); + } + + /** + * Execute getPolicy request with HTTP info returned + * @return ApiResponse<Policy> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 policy -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse executeWithHttpInfo() throws ApiException { + return getPolicyWithHttpInfo(policyId); + } + + /** + * Execute getPolicy request (asynchronously) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 policy -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { + return getPolicyAsync(policyId, _callback); + } + } + + /** + * get policy + * + * @param policyId (required) + * @return APIgetPolicyRequest + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 policy -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public APIgetPolicyRequest getPolicy(String policyId) { + return new APIgetPolicyRequest(policyId); + } + private okhttp3.Call getUserCall(String userId, final ApiCallback _callback) throws ApiException { + String basePath = null; + // Operation Servers + String[] localBasePaths = new String[] { }; + + // Determine Base Path to Use + if (localCustomBaseUrl != null){ + basePath = localCustomBaseUrl; + } else if ( localBasePaths.length > 0 ) { + basePath = localBasePaths[localHostIndex]; + } else { + basePath = null; + } + + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}" + .replace("{" + "userId" + "}", localVarApiClient.escapeString(userId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + if (localVarContentType != null) { + localVarHeaderParams.put("Content-Type", localVarContentType); + } + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "oidc_auth", "saml_auth", "jwt_token" }; + return localVarApiClient.buildCall(basePath, localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call getUserValidateBeforeCall(String userId, final ApiCallback _callback) throws ApiException { + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling getUser(Async)"); + } + + return getUserCall(userId, _callback); + + } + + + private ApiResponse getUserWithHttpInfo(String userId) throws ApiException { + okhttp3.Call localVarCall = getUserValidateBeforeCall(userId, null); + Type localVarReturnType = new TypeToken(){}.getType(); + return localVarApiClient.execute(localVarCall, localVarReturnType); + } + + private okhttp3.Call getUserAsync(String userId, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = getUserValidateBeforeCall(userId, _callback); + Type localVarReturnType = new TypeToken(){}.getType(); + localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); + return localVarCall; + } + + public class APIgetUserRequest { + private final String userId; + + private APIgetUserRequest(String userId) { + this.userId = userId; + } + + /** + * Build call for getUser + * @param _callback ApiCallback API callback + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 user -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { + return getUserCall(userId, _callback); + } + + /** + * Execute getUser request + * @return User * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body * @http.response.details - +
Status Code Description Response Headers
200 policy -
200 user -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
*/ - public Policy execute() throws ApiException { - ApiResponse localVarResp = getPolicyWithHttpInfo(policyId); + public User execute() throws ApiException { + ApiResponse localVarResp = getUserWithHttpInfo(userId); return localVarResp.getData(); } /** - * Execute getPolicy request with HTTP info returned - * @return ApiResponse<Policy> + * Execute getUser request with HTTP info returned + * @return ApiResponse<User> * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body * @http.response.details - +
Status Code Description Response Headers
200 policy -
200 user -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
*/ - public ApiResponse executeWithHttpInfo() throws ApiException { - return getPolicyWithHttpInfo(policyId); + public ApiResponse executeWithHttpInfo() throws ApiException { + return getUserWithHttpInfo(userId); } /** - * Execute getPolicy request (asynchronously) + * Execute getUser request (asynchronously) * @param _callback The callback to be executed when the API call finishes * @return The request call * @throws ApiException If fail to process the API call, e.g. serializing the request body object * @http.response.details - +
Status Code Description Response Headers
200 policy -
200 user -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
*/ - public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { - return getPolicyAsync(policyId, _callback); + public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { + return getUserAsync(userId, _callback); } } /** - * get policy + * get user * - * @param policyId (required) - * @return APIgetPolicyRequest + * @param userId (required) + * @return APIgetUserRequest * @http.response.details - +
Status Code Description Response Headers
200 policy -
200 user -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
*/ - public APIgetPolicyRequest getPolicy(String policyId) { - return new APIgetPolicyRequest(policyId); + public APIgetUserRequest getUser(String userId) { + return new APIgetUserRequest(userId); } - private okhttp3.Call getUserCall(String userId, final ApiCallback _callback) throws ApiException { + private okhttp3.Call getUserExternalPrincipalCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { String basePath = null; // Operation Servers String[] localBasePaths = new String[] { }; @@ -3392,8 +3930,9 @@ private okhttp3.Call getUserCall(String userId, final ApiCallback _callback) thr Object localVarPostBody = null; // create path and map variables - String localVarPath = "/auth/users/{userId}" - .replace("{" + "userId" + "}", localVarApiClient.escapeString(userId.toString())); + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replace("{" + "userId" + "}", localVarApiClient.escapeString(userId.toString())) + .replace("{" + "principalId" + "}", localVarApiClient.escapeString(principalId.toString())); List localVarQueryParams = new ArrayList(); List localVarCollectionQueryParams = new ArrayList(); @@ -3421,47 +3960,54 @@ private okhttp3.Call getUserCall(String userId, final ApiCallback _callback) thr } @SuppressWarnings("rawtypes") - private okhttp3.Call getUserValidateBeforeCall(String userId, final ApiCallback _callback) throws ApiException { + private okhttp3.Call getUserExternalPrincipalValidateBeforeCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { // verify the required parameter 'userId' is set if (userId == null) { - throw new ApiException("Missing the required parameter 'userId' when calling getUser(Async)"); + throw new ApiException("Missing the required parameter 'userId' when calling getUserExternalPrincipal(Async)"); } - return getUserCall(userId, _callback); + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling getUserExternalPrincipal(Async)"); + } + + return getUserExternalPrincipalCall(userId, principalId, _callback); } - private ApiResponse getUserWithHttpInfo(String userId) throws ApiException { - okhttp3.Call localVarCall = getUserValidateBeforeCall(userId, null); - Type localVarReturnType = new TypeToken(){}.getType(); + private ApiResponse getUserExternalPrincipalWithHttpInfo(String userId, String principalId) throws ApiException { + okhttp3.Call localVarCall = getUserExternalPrincipalValidateBeforeCall(userId, principalId, null); + Type localVarReturnType = new TypeToken(){}.getType(); return localVarApiClient.execute(localVarCall, localVarReturnType); } - private okhttp3.Call getUserAsync(String userId, final ApiCallback _callback) throws ApiException { + private okhttp3.Call getUserExternalPrincipalAsync(String userId, String principalId, final ApiCallback _callback) throws ApiException { - okhttp3.Call localVarCall = getUserValidateBeforeCall(userId, _callback); - Type localVarReturnType = new TypeToken(){}.getType(); + okhttp3.Call localVarCall = getUserExternalPrincipalValidateBeforeCall(userId, principalId, _callback); + Type localVarReturnType = new TypeToken(){}.getType(); localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); return localVarCall; } - public class APIgetUserRequest { + public class APIgetUserExternalPrincipalRequest { private final String userId; + private final String principalId; - private APIgetUserRequest(String userId) { + private APIgetUserExternalPrincipalRequest(String userId, String principalId) { this.userId = userId; + this.principalId = principalId; } /** - * Build call for getUser + * Build call for getUserExternalPrincipal * @param _callback ApiCallback API callback * @return Call to execute * @throws ApiException If fail to serialize the request body object * @http.response.details - + @@ -3469,83 +4015,84 @@ private APIgetUserRequest(String userId) {
Status Code Description Response Headers
200 user -
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
*/ public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { - return getUserCall(userId, _callback); + return getUserExternalPrincipalCall(userId, principalId, _callback); } /** - * Execute getUser request - * @return User + * Execute getUserExternalPrincipal request + * @return ExternalPrincipal * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body * @http.response.details - +
Status Code Description Response Headers
200 user -
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
*/ - public User execute() throws ApiException { - ApiResponse localVarResp = getUserWithHttpInfo(userId); + public ExternalPrincipal execute() throws ApiException { + ApiResponse localVarResp = getUserExternalPrincipalWithHttpInfo(userId, principalId); return localVarResp.getData(); } /** - * Execute getUser request with HTTP info returned - * @return ApiResponse<User> + * Execute getUserExternalPrincipal request with HTTP info returned + * @return ApiResponse<ExternalPrincipal> * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body * @http.response.details - +
Status Code Description Response Headers
200 user -
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
*/ - public ApiResponse executeWithHttpInfo() throws ApiException { - return getUserWithHttpInfo(userId); + public ApiResponse executeWithHttpInfo() throws ApiException { + return getUserExternalPrincipalWithHttpInfo(userId, principalId); } /** - * Execute getUser request (asynchronously) + * Execute getUserExternalPrincipal request (asynchronously) * @param _callback The callback to be executed when the API call finishes * @return The request call * @throws ApiException If fail to process the API call, e.g. serializing the request body object * @http.response.details - +
Status Code Description Response Headers
200 user -
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
*/ - public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { - return getUserAsync(userId, _callback); + public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { + return getUserExternalPrincipalAsync(userId, principalId, _callback); } } /** - * get user + * get external principal of a user * * @param userId (required) - * @return APIgetUserRequest + * @param principalId (required) + * @return APIgetUserExternalPrincipalRequest * @http.response.details - +
Status Code Description Response Headers
200 user -
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
*/ - public APIgetUserRequest getUser(String userId) { - return new APIgetUserRequest(userId); + public APIgetUserExternalPrincipalRequest getUserExternalPrincipal(String userId, String principalId) { + return new APIgetUserExternalPrincipalRequest(userId, principalId); } private okhttp3.Call listGroupMembersCall(String groupId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { String basePath = null; @@ -4599,6 +5146,223 @@ public okhttp3.Call executeAsync(final ApiCallback _callback) t public APIlistUserCredentialsRequest listUserCredentials(String userId) { return new APIlistUserCredentialsRequest(userId); } + private okhttp3.Call listUserExternalPrincipalsCall(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + String basePath = null; + // Operation Servers + String[] localBasePaths = new String[] { }; + + // Determine Base Path to Use + if (localCustomBaseUrl != null){ + basePath = localCustomBaseUrl; + } else if ( localBasePaths.length > 0 ) { + basePath = localBasePaths[localHostIndex]; + } else { + basePath = null; + } + + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principals" + .replace("{" + "userId" + "}", localVarApiClient.escapeString(userId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + if (prefix != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("prefix", prefix)); + } + + if (after != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("after", after)); + } + + if (amount != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("amount", amount)); + } + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + if (localVarContentType != null) { + localVarHeaderParams.put("Content-Type", localVarContentType); + } + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "oidc_auth", "saml_auth", "jwt_token" }; + return localVarApiClient.buildCall(basePath, localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call listUserExternalPrincipalsValidateBeforeCall(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling listUserExternalPrincipals(Async)"); + } + + return listUserExternalPrincipalsCall(userId, prefix, after, amount, _callback); + + } + + + private ApiResponse listUserExternalPrincipalsWithHttpInfo(String userId, String prefix, String after, Integer amount) throws ApiException { + okhttp3.Call localVarCall = listUserExternalPrincipalsValidateBeforeCall(userId, prefix, after, amount, null); + Type localVarReturnType = new TypeToken(){}.getType(); + return localVarApiClient.execute(localVarCall, localVarReturnType); + } + + private okhttp3.Call listUserExternalPrincipalsAsync(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = listUserExternalPrincipalsValidateBeforeCall(userId, prefix, after, amount, _callback); + Type localVarReturnType = new TypeToken(){}.getType(); + localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); + return localVarCall; + } + + public class APIlistUserExternalPrincipalsRequest { + private final String userId; + private String prefix; + private String after; + private Integer amount; + + private APIlistUserExternalPrincipalsRequest(String userId) { + this.userId = userId; + } + + /** + * Set prefix + * @param prefix return items prefixed with this value (optional) + * @return APIlistUserExternalPrincipalsRequest + */ + public APIlistUserExternalPrincipalsRequest prefix(String prefix) { + this.prefix = prefix; + return this; + } + + /** + * Set after + * @param after return items after this value (optional) + * @return APIlistUserExternalPrincipalsRequest + */ + public APIlistUserExternalPrincipalsRequest after(String after) { + this.after = after; + return this; + } + + /** + * Set amount + * @param amount how many items to return (optional, default to 100) + * @return APIlistUserExternalPrincipalsRequest + */ + public APIlistUserExternalPrincipalsRequest amount(Integer amount) { + this.amount = amount; + return this; + } + + /** + * Build call for listUserExternalPrincipals + * @param _callback ApiCallback API callback + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { + return listUserExternalPrincipalsCall(userId, prefix, after, amount, _callback); + } + + /** + * Execute listUserExternalPrincipals request + * @return ExternalPrincipalList + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ExternalPrincipalList execute() throws ApiException { + ApiResponse localVarResp = listUserExternalPrincipalsWithHttpInfo(userId, prefix, after, amount); + return localVarResp.getData(); + } + + /** + * Execute listUserExternalPrincipals request with HTTP info returned + * @return ApiResponse<ExternalPrincipalList> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse executeWithHttpInfo() throws ApiException { + return listUserExternalPrincipalsWithHttpInfo(userId, prefix, after, amount); + } + + /** + * Execute listUserExternalPrincipals request (asynchronously) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { + return listUserExternalPrincipalsAsync(userId, prefix, after, amount, _callback); + } + } + + /** + * list user external policies + * + * @param userId (required) + * @return APIlistUserExternalPrincipalsRequest + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public APIlistUserExternalPrincipalsRequest listUserExternalPrincipals(String userId) { + return new APIlistUserExternalPrincipalsRequest(userId); + } private okhttp3.Call listUserGroupsCall(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { String basePath = null; // Operation Servers diff --git a/clients/java/src/main/java/io/lakefs/clients/sdk/ExperimentalApi.java b/clients/java/src/main/java/io/lakefs/clients/sdk/ExperimentalApi.java index 7c27c114bc7..d80d5af6567 100644 --- a/clients/java/src/main/java/io/lakefs/clients/sdk/ExperimentalApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/sdk/ExperimentalApi.java @@ -30,6 +30,9 @@ import io.lakefs.clients.sdk.model.AbortPresignMultipartUpload; import io.lakefs.clients.sdk.model.CompletePresignMultipartUpload; import io.lakefs.clients.sdk.model.Error; +import io.lakefs.clients.sdk.model.ExternalPrincipal; +import io.lakefs.clients.sdk.model.ExternalPrincipalCreation; +import io.lakefs.clients.sdk.model.ExternalPrincipalList; import io.lakefs.clients.sdk.model.ObjectStats; import io.lakefs.clients.sdk.model.PresignMultipartUpload; import io.lakefs.clients.sdk.model.StagingLocation; @@ -729,6 +732,550 @@ public okhttp3.Call executeAsync(final ApiCallback _call public APIcreatePresignMultipartUploadRequest createPresignMultipartUpload(String repository, String branch, String path) { return new APIcreatePresignMultipartUploadRequest(repository, branch, path); } + private okhttp3.Call createUserExternalPrincipalCall(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + String basePath = null; + // Operation Servers + String[] localBasePaths = new String[] { }; + + // Determine Base Path to Use + if (localCustomBaseUrl != null){ + basePath = localCustomBaseUrl; + } else if ( localBasePaths.length > 0 ) { + basePath = localBasePaths[localHostIndex]; + } else { + basePath = null; + } + + Object localVarPostBody = externalPrincipalCreation; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replace("{" + "userId" + "}", localVarApiClient.escapeString(userId.toString())) + .replace("{" + "principalId" + "}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + "application/json" + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + if (localVarContentType != null) { + localVarHeaderParams.put("Content-Type", localVarContentType); + } + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "oidc_auth", "saml_auth", "jwt_token" }; + return localVarApiClient.buildCall(basePath, localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call createUserExternalPrincipalValidateBeforeCall(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling createUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling createUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'externalPrincipalCreation' is set + if (externalPrincipalCreation == null) { + throw new ApiException("Missing the required parameter 'externalPrincipalCreation' when calling createUserExternalPrincipal(Async)"); + } + + return createUserExternalPrincipalCall(userId, principalId, externalPrincipalCreation, _callback); + + } + + + private ApiResponse createUserExternalPrincipalWithHttpInfo(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) throws ApiException { + okhttp3.Call localVarCall = createUserExternalPrincipalValidateBeforeCall(userId, principalId, externalPrincipalCreation, null); + return localVarApiClient.execute(localVarCall); + } + + private okhttp3.Call createUserExternalPrincipalAsync(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = createUserExternalPrincipalValidateBeforeCall(userId, principalId, externalPrincipalCreation, _callback); + localVarApiClient.executeAsync(localVarCall, _callback); + return localVarCall; + } + + public class APIcreateUserExternalPrincipalRequest { + private final String userId; + private final String principalId; + private final ExternalPrincipalCreation externalPrincipalCreation; + + private APIcreateUserExternalPrincipalRequest(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) { + this.userId = userId; + this.principalId = principalId; + this.externalPrincipalCreation = externalPrincipalCreation; + } + + /** + * Build call for createUserExternalPrincipal + * @param _callback ApiCallback API callback + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { + return createUserExternalPrincipalCall(userId, principalId, externalPrincipalCreation, _callback); + } + + /** + * Execute createUserExternalPrincipal request + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public void execute() throws ApiException { + createUserExternalPrincipalWithHttpInfo(userId, principalId, externalPrincipalCreation); + } + + /** + * Execute createUserExternalPrincipal request with HTTP info returned + * @return ApiResponse<Void> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse executeWithHttpInfo() throws ApiException { + return createUserExternalPrincipalWithHttpInfo(userId, principalId, externalPrincipalCreation); + } + + /** + * Execute createUserExternalPrincipal request (asynchronously) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { + return createUserExternalPrincipalAsync(userId, principalId, externalPrincipalCreation, _callback); + } + } + + /** + * attach external principal to user + * + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @return APIcreateUserExternalPrincipalRequest + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public APIcreateUserExternalPrincipalRequest createUserExternalPrincipal(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) { + return new APIcreateUserExternalPrincipalRequest(userId, principalId, externalPrincipalCreation); + } + private okhttp3.Call deleteUserExternalPrincipalCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + String basePath = null; + // Operation Servers + String[] localBasePaths = new String[] { }; + + // Determine Base Path to Use + if (localCustomBaseUrl != null){ + basePath = localCustomBaseUrl; + } else if ( localBasePaths.length > 0 ) { + basePath = localBasePaths[localHostIndex]; + } else { + basePath = null; + } + + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replace("{" + "userId" + "}", localVarApiClient.escapeString(userId.toString())) + .replace("{" + "principalId" + "}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + if (localVarContentType != null) { + localVarHeaderParams.put("Content-Type", localVarContentType); + } + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "oidc_auth", "saml_auth", "jwt_token" }; + return localVarApiClient.buildCall(basePath, localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call deleteUserExternalPrincipalValidateBeforeCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling deleteUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling deleteUserExternalPrincipal(Async)"); + } + + return deleteUserExternalPrincipalCall(userId, principalId, _callback); + + } + + + private ApiResponse deleteUserExternalPrincipalWithHttpInfo(String userId, String principalId) throws ApiException { + okhttp3.Call localVarCall = deleteUserExternalPrincipalValidateBeforeCall(userId, principalId, null); + return localVarApiClient.execute(localVarCall); + } + + private okhttp3.Call deleteUserExternalPrincipalAsync(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = deleteUserExternalPrincipalValidateBeforeCall(userId, principalId, _callback); + localVarApiClient.executeAsync(localVarCall, _callback); + return localVarCall; + } + + public class APIdeleteUserExternalPrincipalRequest { + private final String userId; + private final String principalId; + + private APIdeleteUserExternalPrincipalRequest(String userId, String principalId) { + this.userId = userId; + this.principalId = principalId; + } + + /** + * Build call for deleteUserExternalPrincipal + * @param _callback ApiCallback API callback + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { + return deleteUserExternalPrincipalCall(userId, principalId, _callback); + } + + /** + * Execute deleteUserExternalPrincipal request + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public void execute() throws ApiException { + deleteUserExternalPrincipalWithHttpInfo(userId, principalId); + } + + /** + * Execute deleteUserExternalPrincipal request with HTTP info returned + * @return ApiResponse<Void> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse executeWithHttpInfo() throws ApiException { + return deleteUserExternalPrincipalWithHttpInfo(userId, principalId); + } + + /** + * Execute deleteUserExternalPrincipal request (asynchronously) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { + return deleteUserExternalPrincipalAsync(userId, principalId, _callback); + } + } + + /** + * delete external principal from user + * + * @param userId (required) + * @param principalId (required) + * @return APIdeleteUserExternalPrincipalRequest + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public APIdeleteUserExternalPrincipalRequest deleteUserExternalPrincipal(String userId, String principalId) { + return new APIdeleteUserExternalPrincipalRequest(userId, principalId); + } + private okhttp3.Call getUserExternalPrincipalCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + String basePath = null; + // Operation Servers + String[] localBasePaths = new String[] { }; + + // Determine Base Path to Use + if (localCustomBaseUrl != null){ + basePath = localCustomBaseUrl; + } else if ( localBasePaths.length > 0 ) { + basePath = localBasePaths[localHostIndex]; + } else { + basePath = null; + } + + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replace("{" + "userId" + "}", localVarApiClient.escapeString(userId.toString())) + .replace("{" + "principalId" + "}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + if (localVarContentType != null) { + localVarHeaderParams.put("Content-Type", localVarContentType); + } + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "oidc_auth", "saml_auth", "jwt_token" }; + return localVarApiClient.buildCall(basePath, localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call getUserExternalPrincipalValidateBeforeCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling getUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling getUserExternalPrincipal(Async)"); + } + + return getUserExternalPrincipalCall(userId, principalId, _callback); + + } + + + private ApiResponse getUserExternalPrincipalWithHttpInfo(String userId, String principalId) throws ApiException { + okhttp3.Call localVarCall = getUserExternalPrincipalValidateBeforeCall(userId, principalId, null); + Type localVarReturnType = new TypeToken(){}.getType(); + return localVarApiClient.execute(localVarCall, localVarReturnType); + } + + private okhttp3.Call getUserExternalPrincipalAsync(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = getUserExternalPrincipalValidateBeforeCall(userId, principalId, _callback); + Type localVarReturnType = new TypeToken(){}.getType(); + localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); + return localVarCall; + } + + public class APIgetUserExternalPrincipalRequest { + private final String userId; + private final String principalId; + + private APIgetUserExternalPrincipalRequest(String userId, String principalId) { + this.userId = userId; + this.principalId = principalId; + } + + /** + * Build call for getUserExternalPrincipal + * @param _callback ApiCallback API callback + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { + return getUserExternalPrincipalCall(userId, principalId, _callback); + } + + /** + * Execute getUserExternalPrincipal request + * @return ExternalPrincipal + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ExternalPrincipal execute() throws ApiException { + ApiResponse localVarResp = getUserExternalPrincipalWithHttpInfo(userId, principalId); + return localVarResp.getData(); + } + + /** + * Execute getUserExternalPrincipal request with HTTP info returned + * @return ApiResponse<ExternalPrincipal> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse executeWithHttpInfo() throws ApiException { + return getUserExternalPrincipalWithHttpInfo(userId, principalId); + } + + /** + * Execute getUserExternalPrincipal request (asynchronously) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { + return getUserExternalPrincipalAsync(userId, principalId, _callback); + } + } + + /** + * get external principal of a user + * + * @param userId (required) + * @param principalId (required) + * @return APIgetUserExternalPrincipalRequest + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public APIgetUserExternalPrincipalRequest getUserExternalPrincipal(String userId, String principalId) { + return new APIgetUserExternalPrincipalRequest(userId, principalId); + } private okhttp3.Call hardResetBranchCall(String repository, String branch, String ref, Boolean force, final ApiCallback _callback) throws ApiException { String basePath = null; // Operation Servers @@ -943,4 +1490,221 @@ public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiEx public APIhardResetBranchRequest hardResetBranch(String repository, String branch, String ref) { return new APIhardResetBranchRequest(repository, branch, ref); } + private okhttp3.Call listUserExternalPrincipalsCall(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + String basePath = null; + // Operation Servers + String[] localBasePaths = new String[] { }; + + // Determine Base Path to Use + if (localCustomBaseUrl != null){ + basePath = localCustomBaseUrl; + } else if ( localBasePaths.length > 0 ) { + basePath = localBasePaths[localHostIndex]; + } else { + basePath = null; + } + + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principals" + .replace("{" + "userId" + "}", localVarApiClient.escapeString(userId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + if (prefix != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("prefix", prefix)); + } + + if (after != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("after", after)); + } + + if (amount != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("amount", amount)); + } + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + if (localVarContentType != null) { + localVarHeaderParams.put("Content-Type", localVarContentType); + } + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "oidc_auth", "saml_auth", "jwt_token" }; + return localVarApiClient.buildCall(basePath, localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call listUserExternalPrincipalsValidateBeforeCall(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling listUserExternalPrincipals(Async)"); + } + + return listUserExternalPrincipalsCall(userId, prefix, after, amount, _callback); + + } + + + private ApiResponse listUserExternalPrincipalsWithHttpInfo(String userId, String prefix, String after, Integer amount) throws ApiException { + okhttp3.Call localVarCall = listUserExternalPrincipalsValidateBeforeCall(userId, prefix, after, amount, null); + Type localVarReturnType = new TypeToken(){}.getType(); + return localVarApiClient.execute(localVarCall, localVarReturnType); + } + + private okhttp3.Call listUserExternalPrincipalsAsync(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = listUserExternalPrincipalsValidateBeforeCall(userId, prefix, after, amount, _callback); + Type localVarReturnType = new TypeToken(){}.getType(); + localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); + return localVarCall; + } + + public class APIlistUserExternalPrincipalsRequest { + private final String userId; + private String prefix; + private String after; + private Integer amount; + + private APIlistUserExternalPrincipalsRequest(String userId) { + this.userId = userId; + } + + /** + * Set prefix + * @param prefix return items prefixed with this value (optional) + * @return APIlistUserExternalPrincipalsRequest + */ + public APIlistUserExternalPrincipalsRequest prefix(String prefix) { + this.prefix = prefix; + return this; + } + + /** + * Set after + * @param after return items after this value (optional) + * @return APIlistUserExternalPrincipalsRequest + */ + public APIlistUserExternalPrincipalsRequest after(String after) { + this.after = after; + return this; + } + + /** + * Set amount + * @param amount how many items to return (optional, default to 100) + * @return APIlistUserExternalPrincipalsRequest + */ + public APIlistUserExternalPrincipalsRequest amount(Integer amount) { + this.amount = amount; + return this; + } + + /** + * Build call for listUserExternalPrincipals + * @param _callback ApiCallback API callback + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { + return listUserExternalPrincipalsCall(userId, prefix, after, amount, _callback); + } + + /** + * Execute listUserExternalPrincipals request + * @return ExternalPrincipalList + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ExternalPrincipalList execute() throws ApiException { + ApiResponse localVarResp = listUserExternalPrincipalsWithHttpInfo(userId, prefix, after, amount); + return localVarResp.getData(); + } + + /** + * Execute listUserExternalPrincipals request with HTTP info returned + * @return ApiResponse<ExternalPrincipalList> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse executeWithHttpInfo() throws ApiException { + return listUserExternalPrincipalsWithHttpInfo(userId, prefix, after, amount); + } + + /** + * Execute listUserExternalPrincipals request (asynchronously) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { + return listUserExternalPrincipalsAsync(userId, prefix, after, amount, _callback); + } + } + + /** + * list user external policies + * + * @param userId (required) + * @return APIlistUserExternalPrincipalsRequest + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public APIlistUserExternalPrincipalsRequest listUserExternalPrincipals(String userId) { + return new APIlistUserExternalPrincipalsRequest(userId); + } } diff --git a/clients/java/src/main/java/io/lakefs/clients/sdk/ExternalApi.java b/clients/java/src/main/java/io/lakefs/clients/sdk/ExternalApi.java new file mode 100644 index 00000000000..fc7d154c7d8 --- /dev/null +++ b/clients/java/src/main/java/io/lakefs/clients/sdk/ExternalApi.java @@ -0,0 +1,839 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.sdk; + +import io.lakefs.clients.sdk.ApiCallback; +import io.lakefs.clients.sdk.ApiClient; +import io.lakefs.clients.sdk.ApiException; +import io.lakefs.clients.sdk.ApiResponse; +import io.lakefs.clients.sdk.Configuration; +import io.lakefs.clients.sdk.Pair; +import io.lakefs.clients.sdk.ProgressRequestBody; +import io.lakefs.clients.sdk.ProgressResponseBody; + +import com.google.gson.reflect.TypeToken; + +import java.io.IOException; + + +import io.lakefs.clients.sdk.model.Error; +import io.lakefs.clients.sdk.model.ExternalPrincipal; +import io.lakefs.clients.sdk.model.ExternalPrincipalCreation; +import io.lakefs.clients.sdk.model.ExternalPrincipalList; + +import java.lang.reflect.Type; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +public class ExternalApi { + private ApiClient localVarApiClient; + private int localHostIndex; + private String localCustomBaseUrl; + + public ExternalApi() { + this(Configuration.getDefaultApiClient()); + } + + public ExternalApi(ApiClient apiClient) { + this.localVarApiClient = apiClient; + } + + public ApiClient getApiClient() { + return localVarApiClient; + } + + public void setApiClient(ApiClient apiClient) { + this.localVarApiClient = apiClient; + } + + public int getHostIndex() { + return localHostIndex; + } + + public void setHostIndex(int hostIndex) { + this.localHostIndex = hostIndex; + } + + public String getCustomBaseUrl() { + return localCustomBaseUrl; + } + + public void setCustomBaseUrl(String customBaseUrl) { + this.localCustomBaseUrl = customBaseUrl; + } + + private okhttp3.Call createUserExternalPrincipalCall(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + String basePath = null; + // Operation Servers + String[] localBasePaths = new String[] { }; + + // Determine Base Path to Use + if (localCustomBaseUrl != null){ + basePath = localCustomBaseUrl; + } else if ( localBasePaths.length > 0 ) { + basePath = localBasePaths[localHostIndex]; + } else { + basePath = null; + } + + Object localVarPostBody = externalPrincipalCreation; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replace("{" + "userId" + "}", localVarApiClient.escapeString(userId.toString())) + .replace("{" + "principalId" + "}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + "application/json" + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + if (localVarContentType != null) { + localVarHeaderParams.put("Content-Type", localVarContentType); + } + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "oidc_auth", "saml_auth", "jwt_token" }; + return localVarApiClient.buildCall(basePath, localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call createUserExternalPrincipalValidateBeforeCall(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling createUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling createUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'externalPrincipalCreation' is set + if (externalPrincipalCreation == null) { + throw new ApiException("Missing the required parameter 'externalPrincipalCreation' when calling createUserExternalPrincipal(Async)"); + } + + return createUserExternalPrincipalCall(userId, principalId, externalPrincipalCreation, _callback); + + } + + + private ApiResponse createUserExternalPrincipalWithHttpInfo(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) throws ApiException { + okhttp3.Call localVarCall = createUserExternalPrincipalValidateBeforeCall(userId, principalId, externalPrincipalCreation, null); + return localVarApiClient.execute(localVarCall); + } + + private okhttp3.Call createUserExternalPrincipalAsync(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = createUserExternalPrincipalValidateBeforeCall(userId, principalId, externalPrincipalCreation, _callback); + localVarApiClient.executeAsync(localVarCall, _callback); + return localVarCall; + } + + public class APIcreateUserExternalPrincipalRequest { + private final String userId; + private final String principalId; + private final ExternalPrincipalCreation externalPrincipalCreation; + + private APIcreateUserExternalPrincipalRequest(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) { + this.userId = userId; + this.principalId = principalId; + this.externalPrincipalCreation = externalPrincipalCreation; + } + + /** + * Build call for createUserExternalPrincipal + * @param _callback ApiCallback API callback + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { + return createUserExternalPrincipalCall(userId, principalId, externalPrincipalCreation, _callback); + } + + /** + * Execute createUserExternalPrincipal request + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public void execute() throws ApiException { + createUserExternalPrincipalWithHttpInfo(userId, principalId, externalPrincipalCreation); + } + + /** + * Execute createUserExternalPrincipal request with HTTP info returned + * @return ApiResponse<Void> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse executeWithHttpInfo() throws ApiException { + return createUserExternalPrincipalWithHttpInfo(userId, principalId, externalPrincipalCreation); + } + + /** + * Execute createUserExternalPrincipal request (asynchronously) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { + return createUserExternalPrincipalAsync(userId, principalId, externalPrincipalCreation, _callback); + } + } + + /** + * attach external principal to user + * + * @param userId (required) + * @param principalId (required) + * @param externalPrincipalCreation (required) + * @return APIcreateUserExternalPrincipalRequest + * @http.response.details + + + + + + + +
Status Code Description Response Headers
201 external principal attached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public APIcreateUserExternalPrincipalRequest createUserExternalPrincipal(String userId, String principalId, ExternalPrincipalCreation externalPrincipalCreation) { + return new APIcreateUserExternalPrincipalRequest(userId, principalId, externalPrincipalCreation); + } + private okhttp3.Call deleteUserExternalPrincipalCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + String basePath = null; + // Operation Servers + String[] localBasePaths = new String[] { }; + + // Determine Base Path to Use + if (localCustomBaseUrl != null){ + basePath = localCustomBaseUrl; + } else if ( localBasePaths.length > 0 ) { + basePath = localBasePaths[localHostIndex]; + } else { + basePath = null; + } + + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replace("{" + "userId" + "}", localVarApiClient.escapeString(userId.toString())) + .replace("{" + "principalId" + "}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + if (localVarContentType != null) { + localVarHeaderParams.put("Content-Type", localVarContentType); + } + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "oidc_auth", "saml_auth", "jwt_token" }; + return localVarApiClient.buildCall(basePath, localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call deleteUserExternalPrincipalValidateBeforeCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling deleteUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling deleteUserExternalPrincipal(Async)"); + } + + return deleteUserExternalPrincipalCall(userId, principalId, _callback); + + } + + + private ApiResponse deleteUserExternalPrincipalWithHttpInfo(String userId, String principalId) throws ApiException { + okhttp3.Call localVarCall = deleteUserExternalPrincipalValidateBeforeCall(userId, principalId, null); + return localVarApiClient.execute(localVarCall); + } + + private okhttp3.Call deleteUserExternalPrincipalAsync(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = deleteUserExternalPrincipalValidateBeforeCall(userId, principalId, _callback); + localVarApiClient.executeAsync(localVarCall, _callback); + return localVarCall; + } + + public class APIdeleteUserExternalPrincipalRequest { + private final String userId; + private final String principalId; + + private APIdeleteUserExternalPrincipalRequest(String userId, String principalId) { + this.userId = userId; + this.principalId = principalId; + } + + /** + * Build call for deleteUserExternalPrincipal + * @param _callback ApiCallback API callback + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { + return deleteUserExternalPrincipalCall(userId, principalId, _callback); + } + + /** + * Execute deleteUserExternalPrincipal request + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public void execute() throws ApiException { + deleteUserExternalPrincipalWithHttpInfo(userId, principalId); + } + + /** + * Execute deleteUserExternalPrincipal request with HTTP info returned + * @return ApiResponse<Void> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse executeWithHttpInfo() throws ApiException { + return deleteUserExternalPrincipalWithHttpInfo(userId, principalId); + } + + /** + * Execute deleteUserExternalPrincipal request (asynchronously) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { + return deleteUserExternalPrincipalAsync(userId, principalId, _callback); + } + } + + /** + * delete external principal from user + * + * @param userId (required) + * @param principalId (required) + * @return APIdeleteUserExternalPrincipalRequest + * @http.response.details + + + + + + + +
Status Code Description Response Headers
204 external principal detached successfully -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public APIdeleteUserExternalPrincipalRequest deleteUserExternalPrincipal(String userId, String principalId) { + return new APIdeleteUserExternalPrincipalRequest(userId, principalId); + } + private okhttp3.Call getUserExternalPrincipalCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + String basePath = null; + // Operation Servers + String[] localBasePaths = new String[] { }; + + // Determine Base Path to Use + if (localCustomBaseUrl != null){ + basePath = localCustomBaseUrl; + } else if ( localBasePaths.length > 0 ) { + basePath = localBasePaths[localHostIndex]; + } else { + basePath = null; + } + + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principal/{principalId}" + .replace("{" + "userId" + "}", localVarApiClient.escapeString(userId.toString())) + .replace("{" + "principalId" + "}", localVarApiClient.escapeString(principalId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + if (localVarContentType != null) { + localVarHeaderParams.put("Content-Type", localVarContentType); + } + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "oidc_auth", "saml_auth", "jwt_token" }; + return localVarApiClient.buildCall(basePath, localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call getUserExternalPrincipalValidateBeforeCall(String userId, String principalId, final ApiCallback _callback) throws ApiException { + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling getUserExternalPrincipal(Async)"); + } + + // verify the required parameter 'principalId' is set + if (principalId == null) { + throw new ApiException("Missing the required parameter 'principalId' when calling getUserExternalPrincipal(Async)"); + } + + return getUserExternalPrincipalCall(userId, principalId, _callback); + + } + + + private ApiResponse getUserExternalPrincipalWithHttpInfo(String userId, String principalId) throws ApiException { + okhttp3.Call localVarCall = getUserExternalPrincipalValidateBeforeCall(userId, principalId, null); + Type localVarReturnType = new TypeToken(){}.getType(); + return localVarApiClient.execute(localVarCall, localVarReturnType); + } + + private okhttp3.Call getUserExternalPrincipalAsync(String userId, String principalId, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = getUserExternalPrincipalValidateBeforeCall(userId, principalId, _callback); + Type localVarReturnType = new TypeToken(){}.getType(); + localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); + return localVarCall; + } + + public class APIgetUserExternalPrincipalRequest { + private final String userId; + private final String principalId; + + private APIgetUserExternalPrincipalRequest(String userId, String principalId) { + this.userId = userId; + this.principalId = principalId; + } + + /** + * Build call for getUserExternalPrincipal + * @param _callback ApiCallback API callback + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { + return getUserExternalPrincipalCall(userId, principalId, _callback); + } + + /** + * Execute getUserExternalPrincipal request + * @return ExternalPrincipal + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ExternalPrincipal execute() throws ApiException { + ApiResponse localVarResp = getUserExternalPrincipalWithHttpInfo(userId, principalId); + return localVarResp.getData(); + } + + /** + * Execute getUserExternalPrincipal request with HTTP info returned + * @return ApiResponse<ExternalPrincipal> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse executeWithHttpInfo() throws ApiException { + return getUserExternalPrincipalWithHttpInfo(userId, principalId); + } + + /** + * Execute getUserExternalPrincipal request (asynchronously) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { + return getUserExternalPrincipalAsync(userId, principalId, _callback); + } + } + + /** + * get external principal of a user + * + * @param userId (required) + * @param principalId (required) + * @return APIgetUserExternalPrincipalRequest + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principal -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public APIgetUserExternalPrincipalRequest getUserExternalPrincipal(String userId, String principalId) { + return new APIgetUserExternalPrincipalRequest(userId, principalId); + } + private okhttp3.Call listUserExternalPrincipalsCall(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + String basePath = null; + // Operation Servers + String[] localBasePaths = new String[] { }; + + // Determine Base Path to Use + if (localCustomBaseUrl != null){ + basePath = localCustomBaseUrl; + } else if ( localBasePaths.length > 0 ) { + basePath = localBasePaths[localHostIndex]; + } else { + basePath = null; + } + + Object localVarPostBody = null; + + // create path and map variables + String localVarPath = "/auth/users/{userId}/external/principals" + .replace("{" + "userId" + "}", localVarApiClient.escapeString(userId.toString())); + + List localVarQueryParams = new ArrayList(); + List localVarCollectionQueryParams = new ArrayList(); + Map localVarHeaderParams = new HashMap(); + Map localVarCookieParams = new HashMap(); + Map localVarFormParams = new HashMap(); + + if (prefix != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("prefix", prefix)); + } + + if (after != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("after", after)); + } + + if (amount != null) { + localVarQueryParams.addAll(localVarApiClient.parameterToPair("amount", amount)); + } + + final String[] localVarAccepts = { + "application/json" + }; + final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts); + if (localVarAccept != null) { + localVarHeaderParams.put("Accept", localVarAccept); + } + + final String[] localVarContentTypes = { + }; + final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes); + if (localVarContentType != null) { + localVarHeaderParams.put("Content-Type", localVarContentType); + } + + String[] localVarAuthNames = new String[] { "basic_auth", "cookie_auth", "oidc_auth", "saml_auth", "jwt_token" }; + return localVarApiClient.buildCall(basePath, localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback); + } + + @SuppressWarnings("rawtypes") + private okhttp3.Call listUserExternalPrincipalsValidateBeforeCall(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + // verify the required parameter 'userId' is set + if (userId == null) { + throw new ApiException("Missing the required parameter 'userId' when calling listUserExternalPrincipals(Async)"); + } + + return listUserExternalPrincipalsCall(userId, prefix, after, amount, _callback); + + } + + + private ApiResponse listUserExternalPrincipalsWithHttpInfo(String userId, String prefix, String after, Integer amount) throws ApiException { + okhttp3.Call localVarCall = listUserExternalPrincipalsValidateBeforeCall(userId, prefix, after, amount, null); + Type localVarReturnType = new TypeToken(){}.getType(); + return localVarApiClient.execute(localVarCall, localVarReturnType); + } + + private okhttp3.Call listUserExternalPrincipalsAsync(String userId, String prefix, String after, Integer amount, final ApiCallback _callback) throws ApiException { + + okhttp3.Call localVarCall = listUserExternalPrincipalsValidateBeforeCall(userId, prefix, after, amount, _callback); + Type localVarReturnType = new TypeToken(){}.getType(); + localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback); + return localVarCall; + } + + public class APIlistUserExternalPrincipalsRequest { + private final String userId; + private String prefix; + private String after; + private Integer amount; + + private APIlistUserExternalPrincipalsRequest(String userId) { + this.userId = userId; + } + + /** + * Set prefix + * @param prefix return items prefixed with this value (optional) + * @return APIlistUserExternalPrincipalsRequest + */ + public APIlistUserExternalPrincipalsRequest prefix(String prefix) { + this.prefix = prefix; + return this; + } + + /** + * Set after + * @param after return items after this value (optional) + * @return APIlistUserExternalPrincipalsRequest + */ + public APIlistUserExternalPrincipalsRequest after(String after) { + this.after = after; + return this; + } + + /** + * Set amount + * @param amount how many items to return (optional, default to 100) + * @return APIlistUserExternalPrincipalsRequest + */ + public APIlistUserExternalPrincipalsRequest amount(Integer amount) { + this.amount = amount; + return this; + } + + /** + * Build call for listUserExternalPrincipals + * @param _callback ApiCallback API callback + * @return Call to execute + * @throws ApiException If fail to serialize the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { + return listUserExternalPrincipalsCall(userId, prefix, after, amount, _callback); + } + + /** + * Execute listUserExternalPrincipals request + * @return ExternalPrincipalList + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ExternalPrincipalList execute() throws ApiException { + ApiResponse localVarResp = listUserExternalPrincipalsWithHttpInfo(userId, prefix, after, amount); + return localVarResp.getData(); + } + + /** + * Execute listUserExternalPrincipals request with HTTP info returned + * @return ApiResponse<ExternalPrincipalList> + * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public ApiResponse executeWithHttpInfo() throws ApiException { + return listUserExternalPrincipalsWithHttpInfo(userId, prefix, after, amount); + } + + /** + * Execute listUserExternalPrincipals request (asynchronously) + * @param _callback The callback to be executed when the API call finishes + * @return The request call + * @throws ApiException If fail to process the API call, e.g. serializing the request body object + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiException { + return listUserExternalPrincipalsAsync(userId, prefix, after, amount, _callback); + } + } + + /** + * list user external policies + * + * @param userId (required) + * @return APIlistUserExternalPrincipalsRequest + * @http.response.details + + + + + + + +
Status Code Description Response Headers
200 external principals list -
401 Unauthorized -
404 Resource Not Found -
420 too many requests -
0 Internal Server Error -
+ */ + public APIlistUserExternalPrincipalsRequest listUserExternalPrincipals(String userId) { + return new APIlistUserExternalPrincipalsRequest(userId); + } +} diff --git a/clients/java/src/main/java/io/lakefs/clients/sdk/JSON.java b/clients/java/src/main/java/io/lakefs/clients/sdk/JSON.java index 88a83c3d64c..b0b1f6dea02 100644 --- a/clients/java/src/main/java/io/lakefs/clients/sdk/JSON.java +++ b/clients/java/src/main/java/io/lakefs/clients/sdk/JSON.java @@ -118,6 +118,9 @@ private static Class getClassByDiscriminator(Map classByDiscriminatorValue, Stri gsonBuilder.registerTypeAdapterFactory(new io.lakefs.clients.sdk.model.DiffList.CustomTypeAdapterFactory()); gsonBuilder.registerTypeAdapterFactory(new io.lakefs.clients.sdk.model.Error.CustomTypeAdapterFactory()); gsonBuilder.registerTypeAdapterFactory(new io.lakefs.clients.sdk.model.ErrorNoACL.CustomTypeAdapterFactory()); + gsonBuilder.registerTypeAdapterFactory(new io.lakefs.clients.sdk.model.ExternalPrincipal.CustomTypeAdapterFactory()); + gsonBuilder.registerTypeAdapterFactory(new io.lakefs.clients.sdk.model.ExternalPrincipalCreation.CustomTypeAdapterFactory()); + gsonBuilder.registerTypeAdapterFactory(new io.lakefs.clients.sdk.model.ExternalPrincipalList.CustomTypeAdapterFactory()); gsonBuilder.registerTypeAdapterFactory(new io.lakefs.clients.sdk.model.FindMergeBaseResult.CustomTypeAdapterFactory()); gsonBuilder.registerTypeAdapterFactory(new io.lakefs.clients.sdk.model.GarbageCollectionConfig.CustomTypeAdapterFactory()); gsonBuilder.registerTypeAdapterFactory(new io.lakefs.clients.sdk.model.GarbageCollectionPrepareResponse.CustomTypeAdapterFactory()); diff --git a/clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipal.java b/clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipal.java new file mode 100644 index 00000000000..14b7a688ab4 --- /dev/null +++ b/clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipal.java @@ -0,0 +1,368 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.sdk.model; + +import java.util.Objects; +import com.google.gson.TypeAdapter; +import com.google.gson.annotations.JsonAdapter; +import com.google.gson.annotations.SerializedName; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Map; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; +import com.google.gson.JsonArray; +import com.google.gson.JsonDeserializationContext; +import com.google.gson.JsonDeserializer; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParseException; +import com.google.gson.TypeAdapterFactory; +import com.google.gson.reflect.TypeToken; +import com.google.gson.TypeAdapter; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import java.io.IOException; + +import java.lang.reflect.Type; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Set; + +import io.lakefs.clients.sdk.JSON; + +/** + * ExternalPrincipal + */ +@javax.annotation.Generated(value = "org.openapitools.codegen.languages.JavaClientCodegen") +public class ExternalPrincipal { + public static final String SERIALIZED_NAME_ID = "id"; + @SerializedName(SERIALIZED_NAME_ID) + private String id; + + public static final String SERIALIZED_NAME_USER_ID = "user_id"; + @SerializedName(SERIALIZED_NAME_USER_ID) + private String userId; + + public static final String SERIALIZED_NAME_SETTINGS = "settings"; + @SerializedName(SERIALIZED_NAME_SETTINGS) + private List> settings; + + public ExternalPrincipal() { + } + + public ExternalPrincipal id(String id) { + + this.id = id; + return this; + } + + /** + * A unique identifier for the external principal + * @return id + **/ + @javax.annotation.Nonnull + public String getId() { + return id; + } + + + public void setId(String id) { + this.id = id; + } + + + public ExternalPrincipal userId(String userId) { + + this.userId = userId; + return this; + } + + /** + * lakeFS user ID to associate with an external principal. + * @return userId + **/ + @javax.annotation.Nonnull + public String getUserId() { + return userId; + } + + + public void setUserId(String userId) { + this.userId = userId; + } + + + public ExternalPrincipal settings(List> settings) { + + this.settings = settings; + return this; + } + + public ExternalPrincipal addSettingsItem(Map settingsItem) { + if (this.settings == null) { + this.settings = new ArrayList<>(); + } + this.settings.add(settingsItem); + return this; + } + + /** + * Get settings + * @return settings + **/ + @javax.annotation.Nullable + public List> getSettings() { + return settings; + } + + + public void setSettings(List> settings) { + this.settings = settings; + } + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. + * If the property does not already exist, create it otherwise replace it. + * + * @param key name of the property + * @param value value of the property + * @return the ExternalPrincipal instance itself + */ + public ExternalPrincipal putAdditionalProperty(String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return a map of objects + */ + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key name of the property + * @return an object + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + ExternalPrincipal externalPrincipal = (ExternalPrincipal) o; + return Objects.equals(this.id, externalPrincipal.id) && + Objects.equals(this.userId, externalPrincipal.userId) && + Objects.equals(this.settings, externalPrincipal.settings)&& + Objects.equals(this.additionalProperties, externalPrincipal.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(id, userId, settings, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class ExternalPrincipal {\n"); + sb.append(" id: ").append(toIndentedString(id)).append("\n"); + sb.append(" userId: ").append(toIndentedString(userId)).append("\n"); + sb.append(" settings: ").append(toIndentedString(settings)).append("\n"); + sb.append(" additionalProperties: ").append(toIndentedString(additionalProperties)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } + + + public static HashSet openapiFields; + public static HashSet openapiRequiredFields; + + static { + // a set of all properties/fields (JSON key names) + openapiFields = new HashSet(); + openapiFields.add("id"); + openapiFields.add("user_id"); + openapiFields.add("settings"); + + // a set of required properties/fields (JSON key names) + openapiRequiredFields = new HashSet(); + openapiRequiredFields.add("id"); + openapiRequiredFields.add("user_id"); + } + + /** + * Validates the JSON Element and throws an exception if issues found + * + * @param jsonElement JSON Element + * @throws IOException if the JSON Element is invalid with respect to ExternalPrincipal + */ + public static void validateJsonElement(JsonElement jsonElement) throws IOException { + if (jsonElement == null) { + if (!ExternalPrincipal.openapiRequiredFields.isEmpty()) { // has required fields but JSON element is null + throw new IllegalArgumentException(String.format("The required field(s) %s in ExternalPrincipal is not found in the empty JSON string", ExternalPrincipal.openapiRequiredFields.toString())); + } + } + + // check to make sure all required properties/fields are present in the JSON string + for (String requiredField : ExternalPrincipal.openapiRequiredFields) { + if (jsonElement.getAsJsonObject().get(requiredField) == null) { + throw new IllegalArgumentException(String.format("The required field `%s` is not found in the JSON string: %s", requiredField, jsonElement.toString())); + } + } + JsonObject jsonObj = jsonElement.getAsJsonObject(); + if (!jsonObj.get("id").isJsonPrimitive()) { + throw new IllegalArgumentException(String.format("Expected the field `id` to be a primitive type in the JSON string but got `%s`", jsonObj.get("id").toString())); + } + if (!jsonObj.get("user_id").isJsonPrimitive()) { + throw new IllegalArgumentException(String.format("Expected the field `user_id` to be a primitive type in the JSON string but got `%s`", jsonObj.get("user_id").toString())); + } + // ensure the optional json data is an array if present + if (jsonObj.get("settings") != null && !jsonObj.get("settings").isJsonNull() && !jsonObj.get("settings").isJsonArray()) { + throw new IllegalArgumentException(String.format("Expected the field `settings` to be an array in the JSON string but got `%s`", jsonObj.get("settings").toString())); + } + } + + public static class CustomTypeAdapterFactory implements TypeAdapterFactory { + @SuppressWarnings("unchecked") + @Override + public TypeAdapter create(Gson gson, TypeToken type) { + if (!ExternalPrincipal.class.isAssignableFrom(type.getRawType())) { + return null; // this class only serializes 'ExternalPrincipal' and its subtypes + } + final TypeAdapter elementAdapter = gson.getAdapter(JsonElement.class); + final TypeAdapter thisAdapter + = gson.getDelegateAdapter(this, TypeToken.get(ExternalPrincipal.class)); + + return (TypeAdapter) new TypeAdapter() { + @Override + public void write(JsonWriter out, ExternalPrincipal value) throws IOException { + JsonObject obj = thisAdapter.toJsonTree(value).getAsJsonObject(); + obj.remove("additionalProperties"); + // serialize additional properties + if (value.getAdditionalProperties() != null) { + for (Map.Entry entry : value.getAdditionalProperties().entrySet()) { + if (entry.getValue() instanceof String) + obj.addProperty(entry.getKey(), (String) entry.getValue()); + else if (entry.getValue() instanceof Number) + obj.addProperty(entry.getKey(), (Number) entry.getValue()); + else if (entry.getValue() instanceof Boolean) + obj.addProperty(entry.getKey(), (Boolean) entry.getValue()); + else if (entry.getValue() instanceof Character) + obj.addProperty(entry.getKey(), (Character) entry.getValue()); + else { + obj.add(entry.getKey(), gson.toJsonTree(entry.getValue()).getAsJsonObject()); + } + } + } + elementAdapter.write(out, obj); + } + + @Override + public ExternalPrincipal read(JsonReader in) throws IOException { + JsonElement jsonElement = elementAdapter.read(in); + validateJsonElement(jsonElement); + JsonObject jsonObj = jsonElement.getAsJsonObject(); + // store additional fields in the deserialized instance + ExternalPrincipal instance = thisAdapter.fromJsonTree(jsonObj); + for (Map.Entry entry : jsonObj.entrySet()) { + if (!openapiFields.contains(entry.getKey())) { + if (entry.getValue().isJsonPrimitive()) { // primitive type + if (entry.getValue().getAsJsonPrimitive().isString()) + instance.putAdditionalProperty(entry.getKey(), entry.getValue().getAsString()); + else if (entry.getValue().getAsJsonPrimitive().isNumber()) + instance.putAdditionalProperty(entry.getKey(), entry.getValue().getAsNumber()); + else if (entry.getValue().getAsJsonPrimitive().isBoolean()) + instance.putAdditionalProperty(entry.getKey(), entry.getValue().getAsBoolean()); + else + throw new IllegalArgumentException(String.format("The field `%s` has unknown primitive type. Value: %s", entry.getKey(), entry.getValue().toString())); + } else if (entry.getValue().isJsonArray()) { + instance.putAdditionalProperty(entry.getKey(), gson.fromJson(entry.getValue(), List.class)); + } else { // JSON object + instance.putAdditionalProperty(entry.getKey(), gson.fromJson(entry.getValue(), HashMap.class)); + } + } + } + return instance; + } + + }.nullSafe(); + } + } + + /** + * Create an instance of ExternalPrincipal given an JSON string + * + * @param jsonString JSON string + * @return An instance of ExternalPrincipal + * @throws IOException if the JSON string is invalid with respect to ExternalPrincipal + */ + public static ExternalPrincipal fromJson(String jsonString) throws IOException { + return JSON.getGson().fromJson(jsonString, ExternalPrincipal.class); + } + + /** + * Convert an instance of ExternalPrincipal to an JSON string + * + * @return JSON string + */ + public String toJson() { + return JSON.getGson().toJson(this); + } +} + diff --git a/clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipalCreation.java b/clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipalCreation.java new file mode 100644 index 00000000000..b1dd043b8f4 --- /dev/null +++ b/clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipalCreation.java @@ -0,0 +1,297 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.sdk.model; + +import java.util.Objects; +import com.google.gson.TypeAdapter; +import com.google.gson.annotations.JsonAdapter; +import com.google.gson.annotations.SerializedName; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Map; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; +import com.google.gson.JsonArray; +import com.google.gson.JsonDeserializationContext; +import com.google.gson.JsonDeserializer; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParseException; +import com.google.gson.TypeAdapterFactory; +import com.google.gson.reflect.TypeToken; +import com.google.gson.TypeAdapter; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import java.io.IOException; + +import java.lang.reflect.Type; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Set; + +import io.lakefs.clients.sdk.JSON; + +/** + * ExternalPrincipalCreation + */ +@javax.annotation.Generated(value = "org.openapitools.codegen.languages.JavaClientCodegen") +public class ExternalPrincipalCreation { + public static final String SERIALIZED_NAME_SETTINGS = "settings"; + @SerializedName(SERIALIZED_NAME_SETTINGS) + private List> settings; + + public ExternalPrincipalCreation() { + } + + public ExternalPrincipalCreation settings(List> settings) { + + this.settings = settings; + return this; + } + + public ExternalPrincipalCreation addSettingsItem(Map settingsItem) { + if (this.settings == null) { + this.settings = new ArrayList<>(); + } + this.settings.add(settingsItem); + return this; + } + + /** + * Get settings + * @return settings + **/ + @javax.annotation.Nullable + public List> getSettings() { + return settings; + } + + + public void setSettings(List> settings) { + this.settings = settings; + } + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. + * If the property does not already exist, create it otherwise replace it. + * + * @param key name of the property + * @param value value of the property + * @return the ExternalPrincipalCreation instance itself + */ + public ExternalPrincipalCreation putAdditionalProperty(String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return a map of objects + */ + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key name of the property + * @return an object + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + ExternalPrincipalCreation externalPrincipalCreation = (ExternalPrincipalCreation) o; + return Objects.equals(this.settings, externalPrincipalCreation.settings)&& + Objects.equals(this.additionalProperties, externalPrincipalCreation.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(settings, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class ExternalPrincipalCreation {\n"); + sb.append(" settings: ").append(toIndentedString(settings)).append("\n"); + sb.append(" additionalProperties: ").append(toIndentedString(additionalProperties)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } + + + public static HashSet openapiFields; + public static HashSet openapiRequiredFields; + + static { + // a set of all properties/fields (JSON key names) + openapiFields = new HashSet(); + openapiFields.add("settings"); + + // a set of required properties/fields (JSON key names) + openapiRequiredFields = new HashSet(); + } + + /** + * Validates the JSON Element and throws an exception if issues found + * + * @param jsonElement JSON Element + * @throws IOException if the JSON Element is invalid with respect to ExternalPrincipalCreation + */ + public static void validateJsonElement(JsonElement jsonElement) throws IOException { + if (jsonElement == null) { + if (!ExternalPrincipalCreation.openapiRequiredFields.isEmpty()) { // has required fields but JSON element is null + throw new IllegalArgumentException(String.format("The required field(s) %s in ExternalPrincipalCreation is not found in the empty JSON string", ExternalPrincipalCreation.openapiRequiredFields.toString())); + } + } + JsonObject jsonObj = jsonElement.getAsJsonObject(); + // ensure the optional json data is an array if present + if (jsonObj.get("settings") != null && !jsonObj.get("settings").isJsonNull() && !jsonObj.get("settings").isJsonArray()) { + throw new IllegalArgumentException(String.format("Expected the field `settings` to be an array in the JSON string but got `%s`", jsonObj.get("settings").toString())); + } + } + + public static class CustomTypeAdapterFactory implements TypeAdapterFactory { + @SuppressWarnings("unchecked") + @Override + public TypeAdapter create(Gson gson, TypeToken type) { + if (!ExternalPrincipalCreation.class.isAssignableFrom(type.getRawType())) { + return null; // this class only serializes 'ExternalPrincipalCreation' and its subtypes + } + final TypeAdapter elementAdapter = gson.getAdapter(JsonElement.class); + final TypeAdapter thisAdapter + = gson.getDelegateAdapter(this, TypeToken.get(ExternalPrincipalCreation.class)); + + return (TypeAdapter) new TypeAdapter() { + @Override + public void write(JsonWriter out, ExternalPrincipalCreation value) throws IOException { + JsonObject obj = thisAdapter.toJsonTree(value).getAsJsonObject(); + obj.remove("additionalProperties"); + // serialize additional properties + if (value.getAdditionalProperties() != null) { + for (Map.Entry entry : value.getAdditionalProperties().entrySet()) { + if (entry.getValue() instanceof String) + obj.addProperty(entry.getKey(), (String) entry.getValue()); + else if (entry.getValue() instanceof Number) + obj.addProperty(entry.getKey(), (Number) entry.getValue()); + else if (entry.getValue() instanceof Boolean) + obj.addProperty(entry.getKey(), (Boolean) entry.getValue()); + else if (entry.getValue() instanceof Character) + obj.addProperty(entry.getKey(), (Character) entry.getValue()); + else { + obj.add(entry.getKey(), gson.toJsonTree(entry.getValue()).getAsJsonObject()); + } + } + } + elementAdapter.write(out, obj); + } + + @Override + public ExternalPrincipalCreation read(JsonReader in) throws IOException { + JsonElement jsonElement = elementAdapter.read(in); + validateJsonElement(jsonElement); + JsonObject jsonObj = jsonElement.getAsJsonObject(); + // store additional fields in the deserialized instance + ExternalPrincipalCreation instance = thisAdapter.fromJsonTree(jsonObj); + for (Map.Entry entry : jsonObj.entrySet()) { + if (!openapiFields.contains(entry.getKey())) { + if (entry.getValue().isJsonPrimitive()) { // primitive type + if (entry.getValue().getAsJsonPrimitive().isString()) + instance.putAdditionalProperty(entry.getKey(), entry.getValue().getAsString()); + else if (entry.getValue().getAsJsonPrimitive().isNumber()) + instance.putAdditionalProperty(entry.getKey(), entry.getValue().getAsNumber()); + else if (entry.getValue().getAsJsonPrimitive().isBoolean()) + instance.putAdditionalProperty(entry.getKey(), entry.getValue().getAsBoolean()); + else + throw new IllegalArgumentException(String.format("The field `%s` has unknown primitive type. Value: %s", entry.getKey(), entry.getValue().toString())); + } else if (entry.getValue().isJsonArray()) { + instance.putAdditionalProperty(entry.getKey(), gson.fromJson(entry.getValue(), List.class)); + } else { // JSON object + instance.putAdditionalProperty(entry.getKey(), gson.fromJson(entry.getValue(), HashMap.class)); + } + } + } + return instance; + } + + }.nullSafe(); + } + } + + /** + * Create an instance of ExternalPrincipalCreation given an JSON string + * + * @param jsonString JSON string + * @return An instance of ExternalPrincipalCreation + * @throws IOException if the JSON string is invalid with respect to ExternalPrincipalCreation + */ + public static ExternalPrincipalCreation fromJson(String jsonString) throws IOException { + return JSON.getGson().fromJson(jsonString, ExternalPrincipalCreation.class); + } + + /** + * Convert an instance of ExternalPrincipalCreation to an JSON string + * + * @return JSON string + */ + public String toJson() { + return JSON.getGson().toJson(this); + } +} + diff --git a/clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipalList.java b/clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipalList.java new file mode 100644 index 00000000000..83eacb7a4d7 --- /dev/null +++ b/clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipalList.java @@ -0,0 +1,343 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.sdk.model; + +import java.util.Objects; +import com.google.gson.TypeAdapter; +import com.google.gson.annotations.JsonAdapter; +import com.google.gson.annotations.SerializedName; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import io.lakefs.clients.sdk.model.ExternalPrincipal; +import io.lakefs.clients.sdk.model.Pagination; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; +import com.google.gson.JsonArray; +import com.google.gson.JsonDeserializationContext; +import com.google.gson.JsonDeserializer; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParseException; +import com.google.gson.TypeAdapterFactory; +import com.google.gson.reflect.TypeToken; +import com.google.gson.TypeAdapter; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import java.io.IOException; + +import java.lang.reflect.Type; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Set; + +import io.lakefs.clients.sdk.JSON; + +/** + * ExternalPrincipalList + */ +@javax.annotation.Generated(value = "org.openapitools.codegen.languages.JavaClientCodegen") +public class ExternalPrincipalList { + public static final String SERIALIZED_NAME_PAGINATION = "pagination"; + @SerializedName(SERIALIZED_NAME_PAGINATION) + private Pagination pagination; + + public static final String SERIALIZED_NAME_RESULTS = "results"; + @SerializedName(SERIALIZED_NAME_RESULTS) + private List results = new ArrayList<>(); + + public ExternalPrincipalList() { + } + + public ExternalPrincipalList pagination(Pagination pagination) { + + this.pagination = pagination; + return this; + } + + /** + * Get pagination + * @return pagination + **/ + @javax.annotation.Nonnull + public Pagination getPagination() { + return pagination; + } + + + public void setPagination(Pagination pagination) { + this.pagination = pagination; + } + + + public ExternalPrincipalList results(List results) { + + this.results = results; + return this; + } + + public ExternalPrincipalList addResultsItem(ExternalPrincipal resultsItem) { + if (this.results == null) { + this.results = new ArrayList<>(); + } + this.results.add(resultsItem); + return this; + } + + /** + * Get results + * @return results + **/ + @javax.annotation.Nonnull + public List getResults() { + return results; + } + + + public void setResults(List results) { + this.results = results; + } + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + private Map additionalProperties; + + /** + * Set the additional (undeclared) property with the specified name and value. + * If the property does not already exist, create it otherwise replace it. + * + * @param key name of the property + * @param value value of the property + * @return the ExternalPrincipalList instance itself + */ + public ExternalPrincipalList putAdditionalProperty(String key, Object value) { + if (this.additionalProperties == null) { + this.additionalProperties = new HashMap(); + } + this.additionalProperties.put(key, value); + return this; + } + + /** + * Return the additional (undeclared) property. + * + * @return a map of objects + */ + public Map getAdditionalProperties() { + return additionalProperties; + } + + /** + * Return the additional (undeclared) property with the specified name. + * + * @param key name of the property + * @return an object + */ + public Object getAdditionalProperty(String key) { + if (this.additionalProperties == null) { + return null; + } + return this.additionalProperties.get(key); + } + + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + ExternalPrincipalList externalPrincipalList = (ExternalPrincipalList) o; + return Objects.equals(this.pagination, externalPrincipalList.pagination) && + Objects.equals(this.results, externalPrincipalList.results)&& + Objects.equals(this.additionalProperties, externalPrincipalList.additionalProperties); + } + + @Override + public int hashCode() { + return Objects.hash(pagination, results, additionalProperties); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class ExternalPrincipalList {\n"); + sb.append(" pagination: ").append(toIndentedString(pagination)).append("\n"); + sb.append(" results: ").append(toIndentedString(results)).append("\n"); + sb.append(" additionalProperties: ").append(toIndentedString(additionalProperties)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } + + + public static HashSet openapiFields; + public static HashSet openapiRequiredFields; + + static { + // a set of all properties/fields (JSON key names) + openapiFields = new HashSet(); + openapiFields.add("pagination"); + openapiFields.add("results"); + + // a set of required properties/fields (JSON key names) + openapiRequiredFields = new HashSet(); + openapiRequiredFields.add("pagination"); + openapiRequiredFields.add("results"); + } + + /** + * Validates the JSON Element and throws an exception if issues found + * + * @param jsonElement JSON Element + * @throws IOException if the JSON Element is invalid with respect to ExternalPrincipalList + */ + public static void validateJsonElement(JsonElement jsonElement) throws IOException { + if (jsonElement == null) { + if (!ExternalPrincipalList.openapiRequiredFields.isEmpty()) { // has required fields but JSON element is null + throw new IllegalArgumentException(String.format("The required field(s) %s in ExternalPrincipalList is not found in the empty JSON string", ExternalPrincipalList.openapiRequiredFields.toString())); + } + } + + // check to make sure all required properties/fields are present in the JSON string + for (String requiredField : ExternalPrincipalList.openapiRequiredFields) { + if (jsonElement.getAsJsonObject().get(requiredField) == null) { + throw new IllegalArgumentException(String.format("The required field `%s` is not found in the JSON string: %s", requiredField, jsonElement.toString())); + } + } + JsonObject jsonObj = jsonElement.getAsJsonObject(); + // validate the required field `pagination` + Pagination.validateJsonElement(jsonObj.get("pagination")); + // ensure the json data is an array + if (!jsonObj.get("results").isJsonArray()) { + throw new IllegalArgumentException(String.format("Expected the field `results` to be an array in the JSON string but got `%s`", jsonObj.get("results").toString())); + } + + JsonArray jsonArrayresults = jsonObj.getAsJsonArray("results"); + // validate the required field `results` (array) + for (int i = 0; i < jsonArrayresults.size(); i++) { + ExternalPrincipal.validateJsonElement(jsonArrayresults.get(i)); + }; + } + + public static class CustomTypeAdapterFactory implements TypeAdapterFactory { + @SuppressWarnings("unchecked") + @Override + public TypeAdapter create(Gson gson, TypeToken type) { + if (!ExternalPrincipalList.class.isAssignableFrom(type.getRawType())) { + return null; // this class only serializes 'ExternalPrincipalList' and its subtypes + } + final TypeAdapter elementAdapter = gson.getAdapter(JsonElement.class); + final TypeAdapter thisAdapter + = gson.getDelegateAdapter(this, TypeToken.get(ExternalPrincipalList.class)); + + return (TypeAdapter) new TypeAdapter() { + @Override + public void write(JsonWriter out, ExternalPrincipalList value) throws IOException { + JsonObject obj = thisAdapter.toJsonTree(value).getAsJsonObject(); + obj.remove("additionalProperties"); + // serialize additional properties + if (value.getAdditionalProperties() != null) { + for (Map.Entry entry : value.getAdditionalProperties().entrySet()) { + if (entry.getValue() instanceof String) + obj.addProperty(entry.getKey(), (String) entry.getValue()); + else if (entry.getValue() instanceof Number) + obj.addProperty(entry.getKey(), (Number) entry.getValue()); + else if (entry.getValue() instanceof Boolean) + obj.addProperty(entry.getKey(), (Boolean) entry.getValue()); + else if (entry.getValue() instanceof Character) + obj.addProperty(entry.getKey(), (Character) entry.getValue()); + else { + obj.add(entry.getKey(), gson.toJsonTree(entry.getValue()).getAsJsonObject()); + } + } + } + elementAdapter.write(out, obj); + } + + @Override + public ExternalPrincipalList read(JsonReader in) throws IOException { + JsonElement jsonElement = elementAdapter.read(in); + validateJsonElement(jsonElement); + JsonObject jsonObj = jsonElement.getAsJsonObject(); + // store additional fields in the deserialized instance + ExternalPrincipalList instance = thisAdapter.fromJsonTree(jsonObj); + for (Map.Entry entry : jsonObj.entrySet()) { + if (!openapiFields.contains(entry.getKey())) { + if (entry.getValue().isJsonPrimitive()) { // primitive type + if (entry.getValue().getAsJsonPrimitive().isString()) + instance.putAdditionalProperty(entry.getKey(), entry.getValue().getAsString()); + else if (entry.getValue().getAsJsonPrimitive().isNumber()) + instance.putAdditionalProperty(entry.getKey(), entry.getValue().getAsNumber()); + else if (entry.getValue().getAsJsonPrimitive().isBoolean()) + instance.putAdditionalProperty(entry.getKey(), entry.getValue().getAsBoolean()); + else + throw new IllegalArgumentException(String.format("The field `%s` has unknown primitive type. Value: %s", entry.getKey(), entry.getValue().toString())); + } else if (entry.getValue().isJsonArray()) { + instance.putAdditionalProperty(entry.getKey(), gson.fromJson(entry.getValue(), List.class)); + } else { // JSON object + instance.putAdditionalProperty(entry.getKey(), gson.fromJson(entry.getValue(), HashMap.class)); + } + } + } + return instance; + } + + }.nullSafe(); + } + } + + /** + * Create an instance of ExternalPrincipalList given an JSON string + * + * @param jsonString JSON string + * @return An instance of ExternalPrincipalList + * @throws IOException if the JSON string is invalid with respect to ExternalPrincipalList + */ + public static ExternalPrincipalList fromJson(String jsonString) throws IOException { + return JSON.getGson().fromJson(jsonString, ExternalPrincipalList.class); + } + + /** + * Convert an instance of ExternalPrincipalList to an JSON string + * + * @return JSON string + */ + public String toJson() { + return JSON.getGson().toJson(this); + } +} + diff --git a/clients/java/src/test/java/io/lakefs/clients/sdk/AuthApiTest.java b/clients/java/src/test/java/io/lakefs/clients/sdk/AuthApiTest.java index 7df792d4e5c..0a60f07ad87 100644 --- a/clients/java/src/test/java/io/lakefs/clients/sdk/AuthApiTest.java +++ b/clients/java/src/test/java/io/lakefs/clients/sdk/AuthApiTest.java @@ -22,6 +22,9 @@ import io.lakefs.clients.sdk.model.CurrentUser; import io.lakefs.clients.sdk.model.Error; import io.lakefs.clients.sdk.model.ErrorNoACL; +import io.lakefs.clients.sdk.model.ExternalPrincipal; +import io.lakefs.clients.sdk.model.ExternalPrincipalCreation; +import io.lakefs.clients.sdk.model.ExternalPrincipalList; import io.lakefs.clients.sdk.model.Group; import io.lakefs.clients.sdk.model.GroupCreation; import io.lakefs.clients.sdk.model.GroupList; @@ -143,6 +146,21 @@ public void createUserTest() throws ApiException { // TODO: test validations } + /** + * attach external principal to user + * + * @throws ApiException if the Api call fails + */ + @Test + public void createUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + ExternalPrincipalCreation externalPrincipalCreation = null; + api.createUserExternalPrincipal(userId, principalId, externalPrincipalCreation) + .execute(); + // TODO: test validations + } + /** * delete credentials * @@ -210,6 +228,20 @@ public void deleteUserTest() throws ApiException { // TODO: test validations } + /** + * delete external principal from user + * + * @throws ApiException if the Api call fails + */ + @Test + public void deleteUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + api.deleteUserExternalPrincipal(userId, principalId) + .execute(); + // TODO: test validations + } + /** * detach policy from group * @@ -316,6 +348,20 @@ public void getUserTest() throws ApiException { // TODO: test validations } + /** + * get external principal of a user + * + * @throws ApiException if the Api call fails + */ + @Test + public void getUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + ExternalPrincipal response = api.getUserExternalPrincipal(userId, principalId) + .execute(); + // TODO: test validations + } + /** * list group members * @@ -409,6 +455,25 @@ public void listUserCredentialsTest() throws ApiException { // TODO: test validations } + /** + * list user external policies + * + * @throws ApiException if the Api call fails + */ + @Test + public void listUserExternalPrincipalsTest() throws ApiException { + String userId = null; + String prefix = null; + String after = null; + Integer amount = null; + ExternalPrincipalList response = api.listUserExternalPrincipals(userId) + .prefix(prefix) + .after(after) + .amount(amount) + .execute(); + // TODO: test validations + } + /** * list user groups * diff --git a/clients/java/src/test/java/io/lakefs/clients/sdk/ExperimentalApiTest.java b/clients/java/src/test/java/io/lakefs/clients/sdk/ExperimentalApiTest.java index 53e12a35bf4..af4a51fb112 100644 --- a/clients/java/src/test/java/io/lakefs/clients/sdk/ExperimentalApiTest.java +++ b/clients/java/src/test/java/io/lakefs/clients/sdk/ExperimentalApiTest.java @@ -17,6 +17,9 @@ import io.lakefs.clients.sdk.model.AbortPresignMultipartUpload; import io.lakefs.clients.sdk.model.CompletePresignMultipartUpload; import io.lakefs.clients.sdk.model.Error; +import io.lakefs.clients.sdk.model.ExternalPrincipal; +import io.lakefs.clients.sdk.model.ExternalPrincipalCreation; +import io.lakefs.clients.sdk.model.ExternalPrincipalList; import io.lakefs.clients.sdk.model.ObjectStats; import io.lakefs.clients.sdk.model.PresignMultipartUpload; import io.lakefs.clients.sdk.model.StagingLocation; @@ -95,6 +98,49 @@ public void createPresignMultipartUploadTest() throws ApiException { // TODO: test validations } + /** + * attach external principal to user + * + * @throws ApiException if the Api call fails + */ + @Test + public void createUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + ExternalPrincipalCreation externalPrincipalCreation = null; + api.createUserExternalPrincipal(userId, principalId, externalPrincipalCreation) + .execute(); + // TODO: test validations + } + + /** + * delete external principal from user + * + * @throws ApiException if the Api call fails + */ + @Test + public void deleteUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + api.deleteUserExternalPrincipal(userId, principalId) + .execute(); + // TODO: test validations + } + + /** + * get external principal of a user + * + * @throws ApiException if the Api call fails + */ + @Test + public void getUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + ExternalPrincipal response = api.getUserExternalPrincipal(userId, principalId) + .execute(); + // TODO: test validations + } + /** * hard reset branch * @@ -114,4 +160,23 @@ public void hardResetBranchTest() throws ApiException { // TODO: test validations } + /** + * list user external policies + * + * @throws ApiException if the Api call fails + */ + @Test + public void listUserExternalPrincipalsTest() throws ApiException { + String userId = null; + String prefix = null; + String after = null; + Integer amount = null; + ExternalPrincipalList response = api.listUserExternalPrincipals(userId) + .prefix(prefix) + .after(after) + .amount(amount) + .execute(); + // TODO: test validations + } + } diff --git a/clients/java/src/test/java/io/lakefs/clients/sdk/ExternalApiTest.java b/clients/java/src/test/java/io/lakefs/clients/sdk/ExternalApiTest.java new file mode 100644 index 00000000000..8f4fbe92586 --- /dev/null +++ b/clients/java/src/test/java/io/lakefs/clients/sdk/ExternalApiTest.java @@ -0,0 +1,99 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.sdk; + +import io.lakefs.clients.sdk.ApiException; +import io.lakefs.clients.sdk.model.Error; +import io.lakefs.clients.sdk.model.ExternalPrincipal; +import io.lakefs.clients.sdk.model.ExternalPrincipalCreation; +import io.lakefs.clients.sdk.model.ExternalPrincipalList; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.Test; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * API tests for ExternalApi + */ +@Disabled +public class ExternalApiTest { + + private final ExternalApi api = new ExternalApi(); + + /** + * attach external principal to user + * + * @throws ApiException if the Api call fails + */ + @Test + public void createUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + ExternalPrincipalCreation externalPrincipalCreation = null; + api.createUserExternalPrincipal(userId, principalId, externalPrincipalCreation) + .execute(); + // TODO: test validations + } + + /** + * delete external principal from user + * + * @throws ApiException if the Api call fails + */ + @Test + public void deleteUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + api.deleteUserExternalPrincipal(userId, principalId) + .execute(); + // TODO: test validations + } + + /** + * get external principal of a user + * + * @throws ApiException if the Api call fails + */ + @Test + public void getUserExternalPrincipalTest() throws ApiException { + String userId = null; + String principalId = null; + ExternalPrincipal response = api.getUserExternalPrincipal(userId, principalId) + .execute(); + // TODO: test validations + } + + /** + * list user external policies + * + * @throws ApiException if the Api call fails + */ + @Test + public void listUserExternalPrincipalsTest() throws ApiException { + String userId = null; + String prefix = null; + String after = null; + Integer amount = null; + ExternalPrincipalList response = api.listUserExternalPrincipals(userId) + .prefix(prefix) + .after(after) + .amount(amount) + .execute(); + // TODO: test validations + } + +} diff --git a/clients/java/src/test/java/io/lakefs/clients/sdk/model/ExternalPrincipalCreationTest.java b/clients/java/src/test/java/io/lakefs/clients/sdk/model/ExternalPrincipalCreationTest.java new file mode 100644 index 00000000000..9531983883e --- /dev/null +++ b/clients/java/src/test/java/io/lakefs/clients/sdk/model/ExternalPrincipalCreationTest.java @@ -0,0 +1,51 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.sdk.model; + +import com.google.gson.TypeAdapter; +import com.google.gson.annotations.JsonAdapter; +import com.google.gson.annotations.SerializedName; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Map; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.Test; + +/** + * Model tests for ExternalPrincipalCreation + */ +public class ExternalPrincipalCreationTest { + private final ExternalPrincipalCreation model = new ExternalPrincipalCreation(); + + /** + * Model tests for ExternalPrincipalCreation + */ + @Test + public void testExternalPrincipalCreation() { + // TODO: test ExternalPrincipalCreation + } + + /** + * Test the property 'settings' + */ + @Test + public void settingsTest() { + // TODO: test settings + } + +} diff --git a/clients/java/src/test/java/io/lakefs/clients/sdk/model/ExternalPrincipalListTest.java b/clients/java/src/test/java/io/lakefs/clients/sdk/model/ExternalPrincipalListTest.java new file mode 100644 index 00000000000..139b3f916c7 --- /dev/null +++ b/clients/java/src/test/java/io/lakefs/clients/sdk/model/ExternalPrincipalListTest.java @@ -0,0 +1,60 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.sdk.model; + +import com.google.gson.TypeAdapter; +import com.google.gson.annotations.JsonAdapter; +import com.google.gson.annotations.SerializedName; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import io.lakefs.clients.sdk.model.ExternalPrincipal; +import io.lakefs.clients.sdk.model.Pagination; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.Test; + +/** + * Model tests for ExternalPrincipalList + */ +public class ExternalPrincipalListTest { + private final ExternalPrincipalList model = new ExternalPrincipalList(); + + /** + * Model tests for ExternalPrincipalList + */ + @Test + public void testExternalPrincipalList() { + // TODO: test ExternalPrincipalList + } + + /** + * Test the property 'pagination' + */ + @Test + public void paginationTest() { + // TODO: test pagination + } + + /** + * Test the property 'results' + */ + @Test + public void resultsTest() { + // TODO: test results + } + +} diff --git a/clients/java/src/test/java/io/lakefs/clients/sdk/model/ExternalPrincipalTest.java b/clients/java/src/test/java/io/lakefs/clients/sdk/model/ExternalPrincipalTest.java new file mode 100644 index 00000000000..575d079b102 --- /dev/null +++ b/clients/java/src/test/java/io/lakefs/clients/sdk/model/ExternalPrincipalTest.java @@ -0,0 +1,67 @@ +/* + * lakeFS API + * lakeFS HTTP API + * + * The version of the OpenAPI document: 1.0.0 + * + * + * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). + * https://openapi-generator.tech + * Do not edit the class manually. + */ + + +package io.lakefs.clients.sdk.model; + +import com.google.gson.TypeAdapter; +import com.google.gson.annotations.JsonAdapter; +import com.google.gson.annotations.SerializedName; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Map; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.Test; + +/** + * Model tests for ExternalPrincipal + */ +public class ExternalPrincipalTest { + private final ExternalPrincipal model = new ExternalPrincipal(); + + /** + * Model tests for ExternalPrincipal + */ + @Test + public void testExternalPrincipal() { + // TODO: test ExternalPrincipal + } + + /** + * Test the property 'id' + */ + @Test + public void idTest() { + // TODO: test id + } + + /** + * Test the property 'userId' + */ + @Test + public void userIdTest() { + // TODO: test userId + } + + /** + * Test the property 'settings' + */ + @Test + public void settingsTest() { + // TODO: test settings + } + +} diff --git a/clients/python-legacy/.openapi-generator/FILES b/clients/python-legacy/.openapi-generator/FILES index f54d89ca52c..e80cce0a23f 100644 --- a/clients/python-legacy/.openapi-generator/FILES +++ b/clients/python-legacy/.openapi-generator/FILES @@ -33,6 +33,11 @@ docs/DiffList.md docs/Error.md docs/ErrorNoACL.md docs/ExperimentalApi.md +docs/ExternalApi.md +docs/ExternalPrincipal.md +docs/ExternalPrincipalCreation.md +docs/ExternalPrincipalList.md +docs/ExternalPrincipalSettings.md docs/FindMergeBaseResult.md docs/GarbageCollectionConfig.md docs/GarbageCollectionPrepareResponse.md @@ -122,6 +127,7 @@ lakefs_client/api/branches_api.py lakefs_client/api/commits_api.py lakefs_client/api/config_api.py lakefs_client/api/experimental_api.py +lakefs_client/api/external_api.py lakefs_client/api/health_check_api.py lakefs_client/api/import_api.py lakefs_client/api/internal_api.py @@ -162,6 +168,10 @@ lakefs_client/model/diff.py lakefs_client/model/diff_list.py lakefs_client/model/error.py lakefs_client/model/error_no_acl.py +lakefs_client/model/external_principal.py +lakefs_client/model/external_principal_creation.py +lakefs_client/model/external_principal_list.py +lakefs_client/model/external_principal_settings.py lakefs_client/model/find_merge_base_result.py lakefs_client/model/garbage_collection_config.py lakefs_client/model/garbage_collection_prepare_response.py @@ -272,6 +282,11 @@ test/test_diff_list.py test/test_error.py test/test_error_no_acl.py test/test_experimental_api.py +test/test_external_api.py +test/test_external_principal.py +test/test_external_principal_creation.py +test/test_external_principal_list.py +test/test_external_principal_settings.py test/test_find_merge_base_result.py test/test_garbage_collection_config.py test/test_garbage_collection_prepare_response.py diff --git a/clients/python-legacy/README.md b/clients/python-legacy/README.md index cf20417d7e3..6df7c5f8e28 100644 --- a/clients/python-legacy/README.md +++ b/clients/python-legacy/README.md @@ -127,11 +127,13 @@ Class | Method | HTTP request | Description *AuthApi* | [**create_group**](docs/AuthApi.md#create_group) | **POST** /auth/groups | create group *AuthApi* | [**create_policy**](docs/AuthApi.md#create_policy) | **POST** /auth/policies | create policy *AuthApi* | [**create_user**](docs/AuthApi.md#create_user) | **POST** /auth/users | create user +*AuthApi* | [**create_user_external_principal**](docs/AuthApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user *AuthApi* | [**delete_credentials**](docs/AuthApi.md#delete_credentials) | **DELETE** /auth/users/{userId}/credentials/{accessKeyId} | delete credentials *AuthApi* | [**delete_group**](docs/AuthApi.md#delete_group) | **DELETE** /auth/groups/{groupId} | delete group *AuthApi* | [**delete_group_membership**](docs/AuthApi.md#delete_group_membership) | **DELETE** /auth/groups/{groupId}/members/{userId} | delete group membership *AuthApi* | [**delete_policy**](docs/AuthApi.md#delete_policy) | **DELETE** /auth/policies/{policyId} | delete policy *AuthApi* | [**delete_user**](docs/AuthApi.md#delete_user) | **DELETE** /auth/users/{userId} | delete user +*AuthApi* | [**delete_user_external_principal**](docs/AuthApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user *AuthApi* | [**detach_policy_from_group**](docs/AuthApi.md#detach_policy_from_group) | **DELETE** /auth/groups/{groupId}/policies/{policyId} | detach policy from group *AuthApi* | [**detach_policy_from_user**](docs/AuthApi.md#detach_policy_from_user) | **DELETE** /auth/users/{userId}/policies/{policyId} | detach policy from user *AuthApi* | [**get_credentials**](docs/AuthApi.md#get_credentials) | **GET** /auth/users/{userId}/credentials/{accessKeyId} | get credentials @@ -140,11 +142,13 @@ Class | Method | HTTP request | Description *AuthApi* | [**get_group_acl**](docs/AuthApi.md#get_group_acl) | **GET** /auth/groups/{groupId}/acl | get ACL of group *AuthApi* | [**get_policy**](docs/AuthApi.md#get_policy) | **GET** /auth/policies/{policyId} | get policy *AuthApi* | [**get_user**](docs/AuthApi.md#get_user) | **GET** /auth/users/{userId} | get user +*AuthApi* | [**get_user_external_principal**](docs/AuthApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user *AuthApi* | [**list_group_members**](docs/AuthApi.md#list_group_members) | **GET** /auth/groups/{groupId}/members | list group members *AuthApi* | [**list_group_policies**](docs/AuthApi.md#list_group_policies) | **GET** /auth/groups/{groupId}/policies | list group policies *AuthApi* | [**list_groups**](docs/AuthApi.md#list_groups) | **GET** /auth/groups | list groups *AuthApi* | [**list_policies**](docs/AuthApi.md#list_policies) | **GET** /auth/policies | list policies *AuthApi* | [**list_user_credentials**](docs/AuthApi.md#list_user_credentials) | **GET** /auth/users/{userId}/credentials | list user credentials +*AuthApi* | [**list_user_external_principals**](docs/AuthApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies *AuthApi* | [**list_user_groups**](docs/AuthApi.md#list_user_groups) | **GET** /auth/users/{userId}/groups | list user groups *AuthApi* | [**list_user_policies**](docs/AuthApi.md#list_user_policies) | **GET** /auth/users/{userId}/policies | list user policies *AuthApi* | [**list_users**](docs/AuthApi.md#list_users) | **GET** /auth/users | list users @@ -165,7 +169,15 @@ Class | Method | HTTP request | Description *ExperimentalApi* | [**abort_presign_multipart_upload**](docs/ExperimentalApi.md#abort_presign_multipart_upload) | **DELETE** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Abort a presign multipart upload *ExperimentalApi* | [**complete_presign_multipart_upload**](docs/ExperimentalApi.md#complete_presign_multipart_upload) | **PUT** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Complete a presign multipart upload request *ExperimentalApi* | [**create_presign_multipart_upload**](docs/ExperimentalApi.md#create_presign_multipart_upload) | **POST** /repositories/{repository}/branches/{branch}/staging/pmpu | Initiate a multipart upload +*ExperimentalApi* | [**create_user_external_principal**](docs/ExperimentalApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user +*ExperimentalApi* | [**delete_user_external_principal**](docs/ExperimentalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user +*ExperimentalApi* | [**get_user_external_principal**](docs/ExperimentalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user *ExperimentalApi* | [**hard_reset_branch**](docs/ExperimentalApi.md#hard_reset_branch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch +*ExperimentalApi* | [**list_user_external_principals**](docs/ExperimentalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*ExternalApi* | [**create_user_external_principal**](docs/ExternalApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user +*ExternalApi* | [**delete_user_external_principal**](docs/ExternalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user +*ExternalApi* | [**get_user_external_principal**](docs/ExternalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user +*ExternalApi* | [**list_user_external_principals**](docs/ExternalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies *HealthCheckApi* | [**health_check**](docs/HealthCheckApi.md#health_check) | **GET** /healthcheck | *ImportApi* | [**import_cancel**](docs/ImportApi.md#import_cancel) | **DELETE** /repositories/{repository}/branches/{branch}/import | cancel ongoing import *ImportApi* | [**import_start**](docs/ImportApi.md#import_start) | **POST** /repositories/{repository}/branches/{branch}/import | import data from object store @@ -261,6 +273,10 @@ Class | Method | HTTP request | Description - [DiffList](docs/DiffList.md) - [Error](docs/Error.md) - [ErrorNoACL](docs/ErrorNoACL.md) + - [ExternalPrincipal](docs/ExternalPrincipal.md) + - [ExternalPrincipalCreation](docs/ExternalPrincipalCreation.md) + - [ExternalPrincipalList](docs/ExternalPrincipalList.md) + - [ExternalPrincipalSettings](docs/ExternalPrincipalSettings.md) - [FindMergeBaseResult](docs/FindMergeBaseResult.md) - [GarbageCollectionConfig](docs/GarbageCollectionConfig.md) - [GarbageCollectionPrepareResponse](docs/GarbageCollectionPrepareResponse.md) diff --git a/clients/python-legacy/docs/AuthApi.md b/clients/python-legacy/docs/AuthApi.md index c99d4d192f4..d93fbeaa774 100644 --- a/clients/python-legacy/docs/AuthApi.md +++ b/clients/python-legacy/docs/AuthApi.md @@ -11,11 +11,13 @@ Method | HTTP request | Description [**create_group**](AuthApi.md#create_group) | **POST** /auth/groups | create group [**create_policy**](AuthApi.md#create_policy) | **POST** /auth/policies | create policy [**create_user**](AuthApi.md#create_user) | **POST** /auth/users | create user +[**create_user_external_principal**](AuthApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user [**delete_credentials**](AuthApi.md#delete_credentials) | **DELETE** /auth/users/{userId}/credentials/{accessKeyId} | delete credentials [**delete_group**](AuthApi.md#delete_group) | **DELETE** /auth/groups/{groupId} | delete group [**delete_group_membership**](AuthApi.md#delete_group_membership) | **DELETE** /auth/groups/{groupId}/members/{userId} | delete group membership [**delete_policy**](AuthApi.md#delete_policy) | **DELETE** /auth/policies/{policyId} | delete policy [**delete_user**](AuthApi.md#delete_user) | **DELETE** /auth/users/{userId} | delete user +[**delete_user_external_principal**](AuthApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user [**detach_policy_from_group**](AuthApi.md#detach_policy_from_group) | **DELETE** /auth/groups/{groupId}/policies/{policyId} | detach policy from group [**detach_policy_from_user**](AuthApi.md#detach_policy_from_user) | **DELETE** /auth/users/{userId}/policies/{policyId} | detach policy from user [**get_credentials**](AuthApi.md#get_credentials) | **GET** /auth/users/{userId}/credentials/{accessKeyId} | get credentials @@ -24,11 +26,13 @@ Method | HTTP request | Description [**get_group_acl**](AuthApi.md#get_group_acl) | **GET** /auth/groups/{groupId}/acl | get ACL of group [**get_policy**](AuthApi.md#get_policy) | **GET** /auth/policies/{policyId} | get policy [**get_user**](AuthApi.md#get_user) | **GET** /auth/users/{userId} | get user +[**get_user_external_principal**](AuthApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user [**list_group_members**](AuthApi.md#list_group_members) | **GET** /auth/groups/{groupId}/members | list group members [**list_group_policies**](AuthApi.md#list_group_policies) | **GET** /auth/groups/{groupId}/policies | list group policies [**list_groups**](AuthApi.md#list_groups) | **GET** /auth/groups | list groups [**list_policies**](AuthApi.md#list_policies) | **GET** /auth/policies | list policies [**list_user_credentials**](AuthApi.md#list_user_credentials) | **GET** /auth/users/{userId}/credentials | list user credentials +[**list_user_external_principals**](AuthApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies [**list_user_groups**](AuthApi.md#list_user_groups) | **GET** /auth/users/{userId}/groups | list user groups [**list_user_policies**](AuthApi.md#list_user_policies) | **GET** /auth/users/{userId}/policies | list user policies [**list_users**](AuthApi.md#list_users) | **GET** /auth/users | list users @@ -816,6 +820,123 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **create_user_external_principal** +> create_user_external_principal(user_id, principal_id, external_principal_creation) + +attach external principal to user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): + +```python +import time +import lakefs_client +from lakefs_client.api import auth_api +from lakefs_client.model.error import Error +from lakefs_client.model.external_principal_creation import ExternalPrincipalCreation +from pprint import pprint +# Defining the host is optional and defaults to http://localhost/api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_client.Configuration( + host = "http://localhost/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_client.Configuration( + username = 'YOUR_USERNAME', + password = 'YOUR_PASSWORD' +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_client.Configuration( + access_token = 'YOUR_BEARER_TOKEN' +) + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Enter a context with an instance of the API client +with lakefs_client.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = auth_api.AuthApi(api_client) + user_id = "userId_example" # str | + principal_id = "principalId_example" # str | + external_principal_creation = ExternalPrincipalCreation( + settings=[ + ExternalPrincipalSettings( + key="key_example", + ), + ], + ) # ExternalPrincipalCreation | + + # example passing only required values which don't have defaults set + try: + # attach external principal to user + api_instance.create_user_external_principal(user_id, principal_id, external_principal_creation) + except lakefs_client.ApiException as e: + print("Exception when calling AuthApi->create_user_external_principal: %s\n" % e) +``` + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + **external_principal_creation** | [**ExternalPrincipalCreation**](ExternalPrincipalCreation.md)| | + +### Return type + +void (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**201** | external principal attached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **delete_credentials** > delete_credentials(user_id, access_key_id) @@ -1350,6 +1471,114 @@ void (empty response body) [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **delete_user_external_principal** +> delete_user_external_principal(user_id, principal_id) + +delete external principal from user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): + +```python +import time +import lakefs_client +from lakefs_client.api import auth_api +from lakefs_client.model.error import Error +from pprint import pprint +# Defining the host is optional and defaults to http://localhost/api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_client.Configuration( + host = "http://localhost/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_client.Configuration( + username = 'YOUR_USERNAME', + password = 'YOUR_PASSWORD' +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_client.Configuration( + access_token = 'YOUR_BEARER_TOKEN' +) + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Enter a context with an instance of the API client +with lakefs_client.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = auth_api.AuthApi(api_client) + user_id = "userId_example" # str | + principal_id = "principalId_example" # str | + + # example passing only required values which don't have defaults set + try: + # delete external principal from user + api_instance.delete_user_external_principal(user_id, principal_id) + except lakefs_client.ApiException as e: + print("Exception when calling AuthApi->delete_user_external_principal: %s\n" % e) +``` + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + +### Return type + +void (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**204** | external principal detached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **detach_policy_from_group** > detach_policy_from_group(group_id, policy_id) @@ -2208,6 +2437,116 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **get_user_external_principal** +> ExternalPrincipal get_user_external_principal(user_id, principal_id) + +get external principal of a user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): + +```python +import time +import lakefs_client +from lakefs_client.api import auth_api +from lakefs_client.model.external_principal import ExternalPrincipal +from lakefs_client.model.error import Error +from pprint import pprint +# Defining the host is optional and defaults to http://localhost/api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_client.Configuration( + host = "http://localhost/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_client.Configuration( + username = 'YOUR_USERNAME', + password = 'YOUR_PASSWORD' +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_client.Configuration( + access_token = 'YOUR_BEARER_TOKEN' +) + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Enter a context with an instance of the API client +with lakefs_client.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = auth_api.AuthApi(api_client) + user_id = "userId_example" # str | + principal_id = "principalId_example" # str | + + # example passing only required values which don't have defaults set + try: + # get external principal of a user + api_response = api_instance.get_user_external_principal(user_id, principal_id) + pprint(api_response) + except lakefs_client.ApiException as e: + print("Exception when calling AuthApi->get_user_external_principal: %s\n" % e) +``` + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + +### Return type + +[**ExternalPrincipal**](ExternalPrincipal.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principal | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **list_group_members** > UserList list_group_members(group_id) @@ -2800,6 +3139,129 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **list_user_external_principals** +> ExternalPrincipalList list_user_external_principals(user_id) + +list user external policies + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): + +```python +import time +import lakefs_client +from lakefs_client.api import auth_api +from lakefs_client.model.error import Error +from lakefs_client.model.external_principal_list import ExternalPrincipalList +from pprint import pprint +# Defining the host is optional and defaults to http://localhost/api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_client.Configuration( + host = "http://localhost/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_client.Configuration( + username = 'YOUR_USERNAME', + password = 'YOUR_PASSWORD' +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_client.Configuration( + access_token = 'YOUR_BEARER_TOKEN' +) + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Enter a context with an instance of the API client +with lakefs_client.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = auth_api.AuthApi(api_client) + user_id = "userId_example" # str | + prefix = "prefix_example" # str | return items prefixed with this value (optional) + after = "after_example" # str | return items after this value (optional) + amount = 100 # int | how many items to return (optional) if omitted the server will use the default value of 100 + + # example passing only required values which don't have defaults set + try: + # list user external policies + api_response = api_instance.list_user_external_principals(user_id) + pprint(api_response) + except lakefs_client.ApiException as e: + print("Exception when calling AuthApi->list_user_external_principals: %s\n" % e) + + # example passing only required values which don't have defaults set + # and optional values + try: + # list user external policies + api_response = api_instance.list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) + pprint(api_response) + except lakefs_client.ApiException as e: + print("Exception when calling AuthApi->list_user_external_principals: %s\n" % e) +``` + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **prefix** | **str**| return items prefixed with this value | [optional] + **after** | **str**| return items after this value | [optional] + **amount** | **int**| how many items to return | [optional] if omitted the server will use the default value of 100 + +### Return type + +[**ExternalPrincipalList**](ExternalPrincipalList.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principals list | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **list_user_groups** > GroupList list_user_groups(user_id) diff --git a/clients/python-legacy/docs/ExperimentalApi.md b/clients/python-legacy/docs/ExperimentalApi.md index 3e42dd65fa0..7a14223aa48 100644 --- a/clients/python-legacy/docs/ExperimentalApi.md +++ b/clients/python-legacy/docs/ExperimentalApi.md @@ -7,7 +7,11 @@ Method | HTTP request | Description [**abort_presign_multipart_upload**](ExperimentalApi.md#abort_presign_multipart_upload) | **DELETE** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Abort a presign multipart upload [**complete_presign_multipart_upload**](ExperimentalApi.md#complete_presign_multipart_upload) | **PUT** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Complete a presign multipart upload request [**create_presign_multipart_upload**](ExperimentalApi.md#create_presign_multipart_upload) | **POST** /repositories/{repository}/branches/{branch}/staging/pmpu | Initiate a multipart upload +[**create_user_external_principal**](ExperimentalApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user +[**delete_user_external_principal**](ExperimentalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user +[**get_user_external_principal**](ExperimentalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user [**hard_reset_branch**](ExperimentalApi.md#hard_reset_branch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch +[**list_user_external_principals**](ExperimentalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies # **abort_presign_multipart_upload** @@ -407,6 +411,341 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **create_user_external_principal** +> create_user_external_principal(user_id, principal_id, external_principal_creation) + +attach external principal to user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): + +```python +import time +import lakefs_client +from lakefs_client.api import experimental_api +from lakefs_client.model.error import Error +from lakefs_client.model.external_principal_creation import ExternalPrincipalCreation +from pprint import pprint +# Defining the host is optional and defaults to http://localhost/api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_client.Configuration( + host = "http://localhost/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_client.Configuration( + username = 'YOUR_USERNAME', + password = 'YOUR_PASSWORD' +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_client.Configuration( + access_token = 'YOUR_BEARER_TOKEN' +) + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Enter a context with an instance of the API client +with lakefs_client.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = experimental_api.ExperimentalApi(api_client) + user_id = "userId_example" # str | + principal_id = "principalId_example" # str | + external_principal_creation = ExternalPrincipalCreation( + settings=[ + ExternalPrincipalSettings( + key="key_example", + ), + ], + ) # ExternalPrincipalCreation | + + # example passing only required values which don't have defaults set + try: + # attach external principal to user + api_instance.create_user_external_principal(user_id, principal_id, external_principal_creation) + except lakefs_client.ApiException as e: + print("Exception when calling ExperimentalApi->create_user_external_principal: %s\n" % e) +``` + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + **external_principal_creation** | [**ExternalPrincipalCreation**](ExternalPrincipalCreation.md)| | + +### Return type + +void (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**201** | external principal attached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **delete_user_external_principal** +> delete_user_external_principal(user_id, principal_id) + +delete external principal from user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): + +```python +import time +import lakefs_client +from lakefs_client.api import experimental_api +from lakefs_client.model.error import Error +from pprint import pprint +# Defining the host is optional and defaults to http://localhost/api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_client.Configuration( + host = "http://localhost/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_client.Configuration( + username = 'YOUR_USERNAME', + password = 'YOUR_PASSWORD' +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_client.Configuration( + access_token = 'YOUR_BEARER_TOKEN' +) + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Enter a context with an instance of the API client +with lakefs_client.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = experimental_api.ExperimentalApi(api_client) + user_id = "userId_example" # str | + principal_id = "principalId_example" # str | + + # example passing only required values which don't have defaults set + try: + # delete external principal from user + api_instance.delete_user_external_principal(user_id, principal_id) + except lakefs_client.ApiException as e: + print("Exception when calling ExperimentalApi->delete_user_external_principal: %s\n" % e) +``` + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + +### Return type + +void (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**204** | external principal detached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **get_user_external_principal** +> ExternalPrincipal get_user_external_principal(user_id, principal_id) + +get external principal of a user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): + +```python +import time +import lakefs_client +from lakefs_client.api import experimental_api +from lakefs_client.model.external_principal import ExternalPrincipal +from lakefs_client.model.error import Error +from pprint import pprint +# Defining the host is optional and defaults to http://localhost/api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_client.Configuration( + host = "http://localhost/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_client.Configuration( + username = 'YOUR_USERNAME', + password = 'YOUR_PASSWORD' +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_client.Configuration( + access_token = 'YOUR_BEARER_TOKEN' +) + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Enter a context with an instance of the API client +with lakefs_client.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = experimental_api.ExperimentalApi(api_client) + user_id = "userId_example" # str | + principal_id = "principalId_example" # str | + + # example passing only required values which don't have defaults set + try: + # get external principal of a user + api_response = api_instance.get_user_external_principal(user_id, principal_id) + pprint(api_response) + except lakefs_client.ApiException as e: + print("Exception when calling ExperimentalApi->get_user_external_principal: %s\n" % e) +``` + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + +### Return type + +[**ExternalPrincipal**](ExternalPrincipal.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principal | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **hard_reset_branch** > hard_reset_branch(repository, branch, ref) @@ -531,3 +870,126 @@ void (empty response body) [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **list_user_external_principals** +> ExternalPrincipalList list_user_external_principals(user_id) + +list user external policies + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): + +```python +import time +import lakefs_client +from lakefs_client.api import experimental_api +from lakefs_client.model.error import Error +from lakefs_client.model.external_principal_list import ExternalPrincipalList +from pprint import pprint +# Defining the host is optional and defaults to http://localhost/api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_client.Configuration( + host = "http://localhost/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_client.Configuration( + username = 'YOUR_USERNAME', + password = 'YOUR_PASSWORD' +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_client.Configuration( + access_token = 'YOUR_BEARER_TOKEN' +) + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Enter a context with an instance of the API client +with lakefs_client.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = experimental_api.ExperimentalApi(api_client) + user_id = "userId_example" # str | + prefix = "prefix_example" # str | return items prefixed with this value (optional) + after = "after_example" # str | return items after this value (optional) + amount = 100 # int | how many items to return (optional) if omitted the server will use the default value of 100 + + # example passing only required values which don't have defaults set + try: + # list user external policies + api_response = api_instance.list_user_external_principals(user_id) + pprint(api_response) + except lakefs_client.ApiException as e: + print("Exception when calling ExperimentalApi->list_user_external_principals: %s\n" % e) + + # example passing only required values which don't have defaults set + # and optional values + try: + # list user external policies + api_response = api_instance.list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) + pprint(api_response) + except lakefs_client.ApiException as e: + print("Exception when calling ExperimentalApi->list_user_external_principals: %s\n" % e) +``` + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **prefix** | **str**| return items prefixed with this value | [optional] + **after** | **str**| return items after this value | [optional] + **amount** | **int**| how many items to return | [optional] if omitted the server will use the default value of 100 + +### Return type + +[**ExternalPrincipalList**](ExternalPrincipalList.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principals list | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + diff --git a/clients/python-legacy/docs/ExternalApi.md b/clients/python-legacy/docs/ExternalApi.md new file mode 100644 index 00000000000..0b632fa0ea5 --- /dev/null +++ b/clients/python-legacy/docs/ExternalApi.md @@ -0,0 +1,470 @@ +# lakefs_client.ExternalApi + +All URIs are relative to *http://localhost/api/v1* + +Method | HTTP request | Description +------------- | ------------- | ------------- +[**create_user_external_principal**](ExternalApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user +[**delete_user_external_principal**](ExternalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user +[**get_user_external_principal**](ExternalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user +[**list_user_external_principals**](ExternalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies + + +# **create_user_external_principal** +> create_user_external_principal(user_id, principal_id, external_principal_creation) + +attach external principal to user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): + +```python +import time +import lakefs_client +from lakefs_client.api import external_api +from lakefs_client.model.error import Error +from lakefs_client.model.external_principal_creation import ExternalPrincipalCreation +from pprint import pprint +# Defining the host is optional and defaults to http://localhost/api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_client.Configuration( + host = "http://localhost/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_client.Configuration( + username = 'YOUR_USERNAME', + password = 'YOUR_PASSWORD' +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_client.Configuration( + access_token = 'YOUR_BEARER_TOKEN' +) + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Enter a context with an instance of the API client +with lakefs_client.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = external_api.ExternalApi(api_client) + user_id = "userId_example" # str | + principal_id = "principalId_example" # str | + external_principal_creation = ExternalPrincipalCreation( + settings=[ + ExternalPrincipalSettings( + key="key_example", + ), + ], + ) # ExternalPrincipalCreation | + + # example passing only required values which don't have defaults set + try: + # attach external principal to user + api_instance.create_user_external_principal(user_id, principal_id, external_principal_creation) + except lakefs_client.ApiException as e: + print("Exception when calling ExternalApi->create_user_external_principal: %s\n" % e) +``` + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + **external_principal_creation** | [**ExternalPrincipalCreation**](ExternalPrincipalCreation.md)| | + +### Return type + +void (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**201** | external principal attached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **delete_user_external_principal** +> delete_user_external_principal(user_id, principal_id) + +delete external principal from user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): + +```python +import time +import lakefs_client +from lakefs_client.api import external_api +from lakefs_client.model.error import Error +from pprint import pprint +# Defining the host is optional and defaults to http://localhost/api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_client.Configuration( + host = "http://localhost/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_client.Configuration( + username = 'YOUR_USERNAME', + password = 'YOUR_PASSWORD' +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_client.Configuration( + access_token = 'YOUR_BEARER_TOKEN' +) + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Enter a context with an instance of the API client +with lakefs_client.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = external_api.ExternalApi(api_client) + user_id = "userId_example" # str | + principal_id = "principalId_example" # str | + + # example passing only required values which don't have defaults set + try: + # delete external principal from user + api_instance.delete_user_external_principal(user_id, principal_id) + except lakefs_client.ApiException as e: + print("Exception when calling ExternalApi->delete_user_external_principal: %s\n" % e) +``` + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + +### Return type + +void (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**204** | external principal detached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **get_user_external_principal** +> ExternalPrincipal get_user_external_principal(user_id, principal_id) + +get external principal of a user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): + +```python +import time +import lakefs_client +from lakefs_client.api import external_api +from lakefs_client.model.external_principal import ExternalPrincipal +from lakefs_client.model.error import Error +from pprint import pprint +# Defining the host is optional and defaults to http://localhost/api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_client.Configuration( + host = "http://localhost/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_client.Configuration( + username = 'YOUR_USERNAME', + password = 'YOUR_PASSWORD' +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_client.Configuration( + access_token = 'YOUR_BEARER_TOKEN' +) + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Enter a context with an instance of the API client +with lakefs_client.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = external_api.ExternalApi(api_client) + user_id = "userId_example" # str | + principal_id = "principalId_example" # str | + + # example passing only required values which don't have defaults set + try: + # get external principal of a user + api_response = api_instance.get_user_external_principal(user_id, principal_id) + pprint(api_response) + except lakefs_client.ApiException as e: + print("Exception when calling ExternalApi->get_user_external_principal: %s\n" % e) +``` + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + +### Return type + +[**ExternalPrincipal**](ExternalPrincipal.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principal | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **list_user_external_principals** +> ExternalPrincipalList list_user_external_principals(user_id) + +list user external policies + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Bearer (JWT) Authentication (jwt_token): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): + +```python +import time +import lakefs_client +from lakefs_client.api import external_api +from lakefs_client.model.error import Error +from lakefs_client.model.external_principal_list import ExternalPrincipalList +from pprint import pprint +# Defining the host is optional and defaults to http://localhost/api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_client.Configuration( + host = "http://localhost/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_client.Configuration( + username = 'YOUR_USERNAME', + password = 'YOUR_PASSWORD' +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_client.Configuration( + access_token = 'YOUR_BEARER_TOKEN' +) + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = 'YOUR_API_KEY' + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Enter a context with an instance of the API client +with lakefs_client.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = external_api.ExternalApi(api_client) + user_id = "userId_example" # str | + prefix = "prefix_example" # str | return items prefixed with this value (optional) + after = "after_example" # str | return items after this value (optional) + amount = 100 # int | how many items to return (optional) if omitted the server will use the default value of 100 + + # example passing only required values which don't have defaults set + try: + # list user external policies + api_response = api_instance.list_user_external_principals(user_id) + pprint(api_response) + except lakefs_client.ApiException as e: + print("Exception when calling ExternalApi->list_user_external_principals: %s\n" % e) + + # example passing only required values which don't have defaults set + # and optional values + try: + # list user external policies + api_response = api_instance.list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) + pprint(api_response) + except lakefs_client.ApiException as e: + print("Exception when calling ExternalApi->list_user_external_principals: %s\n" % e) +``` + + +### Parameters + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **prefix** | **str**| return items prefixed with this value | [optional] + **after** | **str**| return items after this value | [optional] + **amount** | **int**| how many items to return | [optional] if omitted the server will use the default value of 100 + +### Return type + +[**ExternalPrincipalList**](ExternalPrincipalList.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [jwt_token](../README.md#jwt_token), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principals list | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + diff --git a/clients/python-legacy/docs/ExternalPrincipal.md b/clients/python-legacy/docs/ExternalPrincipal.md new file mode 100644 index 00000000000..ec43f81f5e2 --- /dev/null +++ b/clients/python-legacy/docs/ExternalPrincipal.md @@ -0,0 +1,14 @@ +# ExternalPrincipal + + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**id** | **str** | A unique identifier for the external principal | +**user_id** | **str** | lakeFS user ID to associate with an external principal. | +**settings** | [**[ExternalPrincipalSettings]**](ExternalPrincipalSettings.md) | | [optional] +**any string name** | **bool, date, datetime, dict, float, int, list, str, none_type** | any string name can be used but the value must be the correct type | [optional] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/clients/python-legacy/docs/ExternalPrincipalCreation.md b/clients/python-legacy/docs/ExternalPrincipalCreation.md new file mode 100644 index 00000000000..c287aa59503 --- /dev/null +++ b/clients/python-legacy/docs/ExternalPrincipalCreation.md @@ -0,0 +1,12 @@ +# ExternalPrincipalCreation + + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**settings** | [**[ExternalPrincipalSettings]**](ExternalPrincipalSettings.md) | | [optional] +**any string name** | **bool, date, datetime, dict, float, int, list, str, none_type** | any string name can be used but the value must be the correct type | [optional] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/clients/python-legacy/docs/ExternalPrincipalList.md b/clients/python-legacy/docs/ExternalPrincipalList.md new file mode 100644 index 00000000000..7c3ea05c971 --- /dev/null +++ b/clients/python-legacy/docs/ExternalPrincipalList.md @@ -0,0 +1,13 @@ +# ExternalPrincipalList + + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**pagination** | [**Pagination**](Pagination.md) | | +**results** | [**[ExternalPrincipal]**](ExternalPrincipal.md) | | +**any string name** | **bool, date, datetime, dict, float, int, list, str, none_type** | any string name can be used but the value must be the correct type | [optional] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/clients/python-legacy/docs/ExternalPrincipalSettings.md b/clients/python-legacy/docs/ExternalPrincipalSettings.md new file mode 100644 index 00000000000..3a2101dc8a8 --- /dev/null +++ b/clients/python-legacy/docs/ExternalPrincipalSettings.md @@ -0,0 +1,12 @@ +# ExternalPrincipalSettings + +Additional settings to be consumed by the remote authenticator + +## Properties +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**any string name** | **str** | any string name can be used but the value must be the correct type | [optional] + +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/clients/python-legacy/lakefs_client/api/auth_api.py b/clients/python-legacy/lakefs_client/api/auth_api.py index 905a2ea13b8..6692d2633f7 100644 --- a/clients/python-legacy/lakefs_client/api/auth_api.py +++ b/clients/python-legacy/lakefs_client/api/auth_api.py @@ -30,6 +30,9 @@ from lakefs_client.model.current_user import CurrentUser from lakefs_client.model.error import Error from lakefs_client.model.error_no_acl import ErrorNoACL +from lakefs_client.model.external_principal import ExternalPrincipal +from lakefs_client.model.external_principal_creation import ExternalPrincipalCreation +from lakefs_client.model.external_principal_list import ExternalPrincipalList from lakefs_client.model.group import Group from lakefs_client.model.group_creation import GroupCreation from lakefs_client.model.group_list import GroupList @@ -454,6 +457,74 @@ def __init__(self, api_client=None): }, api_client=api_client ) + self.create_user_external_principal_endpoint = _Endpoint( + settings={ + 'response_type': None, + 'auth': [ + 'basic_auth', + 'cookie_auth', + 'jwt_token', + 'oidc_auth', + 'saml_auth' + ], + 'endpoint_path': '/auth/users/{userId}/external/principal/{principalId}', + 'operation_id': 'create_user_external_principal', + 'http_method': 'POST', + 'servers': None, + }, + params_map={ + 'all': [ + 'user_id', + 'principal_id', + 'external_principal_creation', + ], + 'required': [ + 'user_id', + 'principal_id', + 'external_principal_creation', + ], + 'nullable': [ + ], + 'enum': [ + ], + 'validation': [ + ] + }, + root_map={ + 'validations': { + }, + 'allowed_values': { + }, + 'openapi_types': { + 'user_id': + (str,), + 'principal_id': + (str,), + 'external_principal_creation': + (ExternalPrincipalCreation,), + }, + 'attribute_map': { + 'user_id': 'userId', + 'principal_id': 'principalId', + }, + 'location_map': { + 'user_id': 'path', + 'principal_id': 'path', + 'external_principal_creation': 'body', + }, + 'collection_format_map': { + } + }, + headers_map={ + 'accept': [ + 'application/json' + ], + 'content_type': [ + 'application/json' + ] + }, + api_client=api_client + ) self.delete_credentials_endpoint = _Endpoint( settings={ 'response_type': None, @@ -741,6 +812,67 @@ def __init__(self, api_client=None): }, api_client=api_client ) + self.delete_user_external_principal_endpoint = _Endpoint( + settings={ + 'response_type': None, + 'auth': [ + 'basic_auth', + 'cookie_auth', + 'jwt_token', + 'oidc_auth', + 'saml_auth' + ], + 'endpoint_path': '/auth/users/{userId}/external/principal/{principalId}', + 'operation_id': 'delete_user_external_principal', + 'http_method': 'DELETE', + 'servers': None, + }, + params_map={ + 'all': [ + 'user_id', + 'principal_id', + ], + 'required': [ + 'user_id', + 'principal_id', + ], + 'nullable': [ + ], + 'enum': [ + ], + 'validation': [ + ] + }, + root_map={ + 'validations': { + }, + 'allowed_values': { + }, + 'openapi_types': { + 'user_id': + (str,), + 'principal_id': + (str,), + }, + 'attribute_map': { + 'user_id': 'userId', + 'principal_id': 'principalId', + }, + 'location_map': { + 'user_id': 'path', + 'principal_id': 'path', + }, + 'collection_format_map': { + } + }, + headers_map={ + 'accept': [ + 'application/json' + ], + 'content_type': [], + }, + api_client=api_client + ) self.detach_policy_from_group_endpoint = _Endpoint( settings={ 'response_type': None, @@ -1192,6 +1324,67 @@ def __init__(self, api_client=None): }, api_client=api_client ) + self.get_user_external_principal_endpoint = _Endpoint( + settings={ + 'response_type': (ExternalPrincipal,), + 'auth': [ + 'basic_auth', + 'cookie_auth', + 'jwt_token', + 'oidc_auth', + 'saml_auth' + ], + 'endpoint_path': '/auth/users/{userId}/external/principal/{principalId}', + 'operation_id': 'get_user_external_principal', + 'http_method': 'GET', + 'servers': None, + }, + params_map={ + 'all': [ + 'user_id', + 'principal_id', + ], + 'required': [ + 'user_id', + 'principal_id', + ], + 'nullable': [ + ], + 'enum': [ + ], + 'validation': [ + ] + }, + root_map={ + 'validations': { + }, + 'allowed_values': { + }, + 'openapi_types': { + 'user_id': + (str,), + 'principal_id': + (str,), + }, + 'attribute_map': { + 'user_id': 'userId', + 'principal_id': 'principalId', + }, + 'location_map': { + 'user_id': 'path', + 'principal_id': 'path', + }, + 'collection_format_map': { + } + }, + headers_map={ + 'accept': [ + 'application/json' + ], + 'content_type': [], + }, + api_client=api_client + ) self.list_group_members_endpoint = _Endpoint( settings={ 'response_type': (UserList,), @@ -1558,6 +1751,82 @@ def __init__(self, api_client=None): }, api_client=api_client ) + self.list_user_external_principals_endpoint = _Endpoint( + settings={ + 'response_type': (ExternalPrincipalList,), + 'auth': [ + 'basic_auth', + 'cookie_auth', + 'jwt_token', + 'oidc_auth', + 'saml_auth' + ], + 'endpoint_path': '/auth/users/{userId}/external/principals', + 'operation_id': 'list_user_external_principals', + 'http_method': 'GET', + 'servers': None, + }, + params_map={ + 'all': [ + 'user_id', + 'prefix', + 'after', + 'amount', + ], + 'required': [ + 'user_id', + ], + 'nullable': [ + ], + 'enum': [ + ], + 'validation': [ + 'amount', + ] + }, + root_map={ + 'validations': { + ('amount',): { + + 'inclusive_maximum': 1000, + 'inclusive_minimum': -1, + }, + }, + 'allowed_values': { + }, + 'openapi_types': { + 'user_id': + (str,), + 'prefix': + (str,), + 'after': + (str,), + 'amount': + (int,), + }, + 'attribute_map': { + 'user_id': 'userId', + 'prefix': 'prefix', + 'after': 'after', + 'amount': 'amount', + }, + 'location_map': { + 'user_id': 'path', + 'prefix': 'query', + 'after': 'query', + 'amount': 'query', + }, + 'collection_format_map': { + } + }, + headers_map={ + 'accept': [ + 'application/json' + ], + 'content_type': [], + }, + api_client=api_client + ) self.list_user_groups_endpoint = _Endpoint( settings={ 'response_type': (GroupList,), @@ -2416,6 +2685,79 @@ def create_user( kwargs['_host_index'] = kwargs.get('_host_index') return self.create_user_endpoint.call_with_http_info(**kwargs) + def create_user_external_principal( + self, + user_id, + principal_id, + external_principal_creation, + **kwargs + ): + """attach external principal to user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.create_user_external_principal(user_id, principal_id, external_principal_creation, async_req=True) + >>> result = thread.get() + + Args: + user_id (str): + principal_id (str): + external_principal_creation (ExternalPrincipalCreation): + + Keyword Args: + _return_http_data_only (bool): response data without head status + code and headers. Default is True. + _preload_content (bool): if False, the urllib3.HTTPResponse object + will be returned without reading/decoding response data. + Default is True. + _request_timeout (int/float/tuple): timeout setting for this request. If + one number provided, it will be total request timeout. It can also + be a pair (tuple) of (connection, read) timeouts. + Default is None. + _check_input_type (bool): specifies if type checking + should be done one the data sent to the server. + Default is True. + _check_return_type (bool): specifies if type checking + should be done one the data received from the server. + Default is True. + _host_index (int/None): specifies the index of the server + that we want to use. + Default is read from the configuration. + async_req (bool): execute request asynchronously + + Returns: + None + If the method is called asynchronously, returns the request + thread. + """ + kwargs['async_req'] = kwargs.get( + 'async_req', False + ) + kwargs['_return_http_data_only'] = kwargs.get( + '_return_http_data_only', True + ) + kwargs['_preload_content'] = kwargs.get( + '_preload_content', True + ) + kwargs['_request_timeout'] = kwargs.get( + '_request_timeout', None + ) + kwargs['_check_input_type'] = kwargs.get( + '_check_input_type', True + ) + kwargs['_check_return_type'] = kwargs.get( + '_check_return_type', True + ) + kwargs['_host_index'] = kwargs.get('_host_index') + kwargs['user_id'] = \ + user_id + kwargs['principal_id'] = \ + principal_id + kwargs['external_principal_creation'] = \ + external_principal_creation + return self.create_user_external_principal_endpoint.call_with_http_info(**kwargs) + def delete_credentials( self, user_id, @@ -2749,6 +3091,75 @@ def delete_user( user_id return self.delete_user_endpoint.call_with_http_info(**kwargs) + def delete_user_external_principal( + self, + user_id, + principal_id, + **kwargs + ): + """delete external principal from user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.delete_user_external_principal(user_id, principal_id, async_req=True) + >>> result = thread.get() + + Args: + user_id (str): + principal_id (str): + + Keyword Args: + _return_http_data_only (bool): response data without head status + code and headers. Default is True. + _preload_content (bool): if False, the urllib3.HTTPResponse object + will be returned without reading/decoding response data. + Default is True. + _request_timeout (int/float/tuple): timeout setting for this request. If + one number provided, it will be total request timeout. It can also + be a pair (tuple) of (connection, read) timeouts. + Default is None. + _check_input_type (bool): specifies if type checking + should be done one the data sent to the server. + Default is True. + _check_return_type (bool): specifies if type checking + should be done one the data received from the server. + Default is True. + _host_index (int/None): specifies the index of the server + that we want to use. + Default is read from the configuration. + async_req (bool): execute request asynchronously + + Returns: + None + If the method is called asynchronously, returns the request + thread. + """ + kwargs['async_req'] = kwargs.get( + 'async_req', False + ) + kwargs['_return_http_data_only'] = kwargs.get( + '_return_http_data_only', True + ) + kwargs['_preload_content'] = kwargs.get( + '_preload_content', True + ) + kwargs['_request_timeout'] = kwargs.get( + '_request_timeout', None + ) + kwargs['_check_input_type'] = kwargs.get( + '_check_input_type', True + ) + kwargs['_check_return_type'] = kwargs.get( + '_check_return_type', True + ) + kwargs['_host_index'] = kwargs.get('_host_index') + kwargs['user_id'] = \ + user_id + kwargs['principal_id'] = \ + principal_id + return self.delete_user_external_principal_endpoint.call_with_http_info(**kwargs) + def detach_policy_from_group( self, group_id, @@ -3276,6 +3687,75 @@ def get_user( user_id return self.get_user_endpoint.call_with_http_info(**kwargs) + def get_user_external_principal( + self, + user_id, + principal_id, + **kwargs + ): + """get external principal of a user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.get_user_external_principal(user_id, principal_id, async_req=True) + >>> result = thread.get() + + Args: + user_id (str): + principal_id (str): + + Keyword Args: + _return_http_data_only (bool): response data without head status + code and headers. Default is True. + _preload_content (bool): if False, the urllib3.HTTPResponse object + will be returned without reading/decoding response data. + Default is True. + _request_timeout (int/float/tuple): timeout setting for this request. If + one number provided, it will be total request timeout. It can also + be a pair (tuple) of (connection, read) timeouts. + Default is None. + _check_input_type (bool): specifies if type checking + should be done one the data sent to the server. + Default is True. + _check_return_type (bool): specifies if type checking + should be done one the data received from the server. + Default is True. + _host_index (int/None): specifies the index of the server + that we want to use. + Default is read from the configuration. + async_req (bool): execute request asynchronously + + Returns: + ExternalPrincipal + If the method is called asynchronously, returns the request + thread. + """ + kwargs['async_req'] = kwargs.get( + 'async_req', False + ) + kwargs['_return_http_data_only'] = kwargs.get( + '_return_http_data_only', True + ) + kwargs['_preload_content'] = kwargs.get( + '_preload_content', True + ) + kwargs['_request_timeout'] = kwargs.get( + '_request_timeout', None + ) + kwargs['_check_input_type'] = kwargs.get( + '_check_input_type', True + ) + kwargs['_check_return_type'] = kwargs.get( + '_check_return_type', True + ) + kwargs['_host_index'] = kwargs.get('_host_index') + kwargs['user_id'] = \ + user_id + kwargs['principal_id'] = \ + principal_id + return self.get_user_external_principal_endpoint.call_with_http_info(**kwargs) + def list_group_members( self, group_id, @@ -3606,6 +4086,74 @@ def list_user_credentials( user_id return self.list_user_credentials_endpoint.call_with_http_info(**kwargs) + def list_user_external_principals( + self, + user_id, + **kwargs + ): + """list user external policies # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.list_user_external_principals(user_id, async_req=True) + >>> result = thread.get() + + Args: + user_id (str): + + Keyword Args: + prefix (str): return items prefixed with this value. [optional] + after (str): return items after this value. [optional] + amount (int): how many items to return. [optional] if omitted the server will use the default value of 100 + _return_http_data_only (bool): response data without head status + code and headers. Default is True. + _preload_content (bool): if False, the urllib3.HTTPResponse object + will be returned without reading/decoding response data. + Default is True. + _request_timeout (int/float/tuple): timeout setting for this request. If + one number provided, it will be total request timeout. It can also + be a pair (tuple) of (connection, read) timeouts. + Default is None. + _check_input_type (bool): specifies if type checking + should be done one the data sent to the server. + Default is True. + _check_return_type (bool): specifies if type checking + should be done one the data received from the server. + Default is True. + _host_index (int/None): specifies the index of the server + that we want to use. + Default is read from the configuration. + async_req (bool): execute request asynchronously + + Returns: + ExternalPrincipalList + If the method is called asynchronously, returns the request + thread. + """ + kwargs['async_req'] = kwargs.get( + 'async_req', False + ) + kwargs['_return_http_data_only'] = kwargs.get( + '_return_http_data_only', True + ) + kwargs['_preload_content'] = kwargs.get( + '_preload_content', True + ) + kwargs['_request_timeout'] = kwargs.get( + '_request_timeout', None + ) + kwargs['_check_input_type'] = kwargs.get( + '_check_input_type', True + ) + kwargs['_check_return_type'] = kwargs.get( + '_check_return_type', True + ) + kwargs['_host_index'] = kwargs.get('_host_index') + kwargs['user_id'] = \ + user_id + return self.list_user_external_principals_endpoint.call_with_http_info(**kwargs) + def list_user_groups( self, user_id, diff --git a/clients/python-legacy/lakefs_client/api/experimental_api.py b/clients/python-legacy/lakefs_client/api/experimental_api.py index f3b421e7edb..f5616274126 100644 --- a/clients/python-legacy/lakefs_client/api/experimental_api.py +++ b/clients/python-legacy/lakefs_client/api/experimental_api.py @@ -25,6 +25,9 @@ from lakefs_client.model.abort_presign_multipart_upload import AbortPresignMultipartUpload from lakefs_client.model.complete_presign_multipart_upload import CompletePresignMultipartUpload from lakefs_client.model.error import Error +from lakefs_client.model.external_principal import ExternalPrincipal +from lakefs_client.model.external_principal_creation import ExternalPrincipalCreation +from lakefs_client.model.external_principal_list import ExternalPrincipalList from lakefs_client.model.object_stats import ObjectStats from lakefs_client.model.presign_multipart_upload import PresignMultipartUpload from lakefs_client.model.staging_location import StagingLocation @@ -271,6 +274,196 @@ def __init__(self, api_client=None): }, api_client=api_client ) + self.create_user_external_principal_endpoint = _Endpoint( + settings={ + 'response_type': None, + 'auth': [ + 'basic_auth', + 'cookie_auth', + 'jwt_token', + 'oidc_auth', + 'saml_auth' + ], + 'endpoint_path': '/auth/users/{userId}/external/principal/{principalId}', + 'operation_id': 'create_user_external_principal', + 'http_method': 'POST', + 'servers': None, + }, + params_map={ + 'all': [ + 'user_id', + 'principal_id', + 'external_principal_creation', + ], + 'required': [ + 'user_id', + 'principal_id', + 'external_principal_creation', + ], + 'nullable': [ + ], + 'enum': [ + ], + 'validation': [ + ] + }, + root_map={ + 'validations': { + }, + 'allowed_values': { + }, + 'openapi_types': { + 'user_id': + (str,), + 'principal_id': + (str,), + 'external_principal_creation': + (ExternalPrincipalCreation,), + }, + 'attribute_map': { + 'user_id': 'userId', + 'principal_id': 'principalId', + }, + 'location_map': { + 'user_id': 'path', + 'principal_id': 'path', + 'external_principal_creation': 'body', + }, + 'collection_format_map': { + } + }, + headers_map={ + 'accept': [ + 'application/json' + ], + 'content_type': [ + 'application/json' + ] + }, + api_client=api_client + ) + self.delete_user_external_principal_endpoint = _Endpoint( + settings={ + 'response_type': None, + 'auth': [ + 'basic_auth', + 'cookie_auth', + 'jwt_token', + 'oidc_auth', + 'saml_auth' + ], + 'endpoint_path': '/auth/users/{userId}/external/principal/{principalId}', + 'operation_id': 'delete_user_external_principal', + 'http_method': 'DELETE', + 'servers': None, + }, + params_map={ + 'all': [ + 'user_id', + 'principal_id', + ], + 'required': [ + 'user_id', + 'principal_id', + ], + 'nullable': [ + ], + 'enum': [ + ], + 'validation': [ + ] + }, + root_map={ + 'validations': { + }, + 'allowed_values': { + }, + 'openapi_types': { + 'user_id': + (str,), + 'principal_id': + (str,), + }, + 'attribute_map': { + 'user_id': 'userId', + 'principal_id': 'principalId', + }, + 'location_map': { + 'user_id': 'path', + 'principal_id': 'path', + }, + 'collection_format_map': { + } + }, + headers_map={ + 'accept': [ + 'application/json' + ], + 'content_type': [], + }, + api_client=api_client + ) + self.get_user_external_principal_endpoint = _Endpoint( + settings={ + 'response_type': (ExternalPrincipal,), + 'auth': [ + 'basic_auth', + 'cookie_auth', + 'jwt_token', + 'oidc_auth', + 'saml_auth' + ], + 'endpoint_path': '/auth/users/{userId}/external/principal/{principalId}', + 'operation_id': 'get_user_external_principal', + 'http_method': 'GET', + 'servers': None, + }, + params_map={ + 'all': [ + 'user_id', + 'principal_id', + ], + 'required': [ + 'user_id', + 'principal_id', + ], + 'nullable': [ + ], + 'enum': [ + ], + 'validation': [ + ] + }, + root_map={ + 'validations': { + }, + 'allowed_values': { + }, + 'openapi_types': { + 'user_id': + (str,), + 'principal_id': + (str,), + }, + 'attribute_map': { + 'user_id': 'userId', + 'principal_id': 'principalId', + }, + 'location_map': { + 'user_id': 'path', + 'principal_id': 'path', + }, + 'collection_format_map': { + } + }, + headers_map={ + 'accept': [ + 'application/json' + ], + 'content_type': [], + }, + api_client=api_client + ) self.hard_reset_branch_endpoint = _Endpoint( settings={ 'response_type': None, @@ -343,6 +536,82 @@ def __init__(self, api_client=None): }, api_client=api_client ) + self.list_user_external_principals_endpoint = _Endpoint( + settings={ + 'response_type': (ExternalPrincipalList,), + 'auth': [ + 'basic_auth', + 'cookie_auth', + 'jwt_token', + 'oidc_auth', + 'saml_auth' + ], + 'endpoint_path': '/auth/users/{userId}/external/principals', + 'operation_id': 'list_user_external_principals', + 'http_method': 'GET', + 'servers': None, + }, + params_map={ + 'all': [ + 'user_id', + 'prefix', + 'after', + 'amount', + ], + 'required': [ + 'user_id', + ], + 'nullable': [ + ], + 'enum': [ + ], + 'validation': [ + 'amount', + ] + }, + root_map={ + 'validations': { + ('amount',): { + + 'inclusive_maximum': 1000, + 'inclusive_minimum': -1, + }, + }, + 'allowed_values': { + }, + 'openapi_types': { + 'user_id': + (str,), + 'prefix': + (str,), + 'after': + (str,), + 'amount': + (int,), + }, + 'attribute_map': { + 'user_id': 'userId', + 'prefix': 'prefix', + 'after': 'after', + 'amount': 'amount', + }, + 'location_map': { + 'user_id': 'path', + 'prefix': 'query', + 'after': 'query', + 'amount': 'query', + }, + 'collection_format_map': { + } + }, + headers_map={ + 'accept': [ + 'application/json' + ], + 'content_type': [], + }, + api_client=api_client + ) def abort_presign_multipart_upload( self, @@ -577,6 +846,217 @@ def create_presign_multipart_upload( path return self.create_presign_multipart_upload_endpoint.call_with_http_info(**kwargs) + def create_user_external_principal( + self, + user_id, + principal_id, + external_principal_creation, + **kwargs + ): + """attach external principal to user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.create_user_external_principal(user_id, principal_id, external_principal_creation, async_req=True) + >>> result = thread.get() + + Args: + user_id (str): + principal_id (str): + external_principal_creation (ExternalPrincipalCreation): + + Keyword Args: + _return_http_data_only (bool): response data without head status + code and headers. Default is True. + _preload_content (bool): if False, the urllib3.HTTPResponse object + will be returned without reading/decoding response data. + Default is True. + _request_timeout (int/float/tuple): timeout setting for this request. If + one number provided, it will be total request timeout. It can also + be a pair (tuple) of (connection, read) timeouts. + Default is None. + _check_input_type (bool): specifies if type checking + should be done one the data sent to the server. + Default is True. + _check_return_type (bool): specifies if type checking + should be done one the data received from the server. + Default is True. + _host_index (int/None): specifies the index of the server + that we want to use. + Default is read from the configuration. + async_req (bool): execute request asynchronously + + Returns: + None + If the method is called asynchronously, returns the request + thread. + """ + kwargs['async_req'] = kwargs.get( + 'async_req', False + ) + kwargs['_return_http_data_only'] = kwargs.get( + '_return_http_data_only', True + ) + kwargs['_preload_content'] = kwargs.get( + '_preload_content', True + ) + kwargs['_request_timeout'] = kwargs.get( + '_request_timeout', None + ) + kwargs['_check_input_type'] = kwargs.get( + '_check_input_type', True + ) + kwargs['_check_return_type'] = kwargs.get( + '_check_return_type', True + ) + kwargs['_host_index'] = kwargs.get('_host_index') + kwargs['user_id'] = \ + user_id + kwargs['principal_id'] = \ + principal_id + kwargs['external_principal_creation'] = \ + external_principal_creation + return self.create_user_external_principal_endpoint.call_with_http_info(**kwargs) + + def delete_user_external_principal( + self, + user_id, + principal_id, + **kwargs + ): + """delete external principal from user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.delete_user_external_principal(user_id, principal_id, async_req=True) + >>> result = thread.get() + + Args: + user_id (str): + principal_id (str): + + Keyword Args: + _return_http_data_only (bool): response data without head status + code and headers. Default is True. + _preload_content (bool): if False, the urllib3.HTTPResponse object + will be returned without reading/decoding response data. + Default is True. + _request_timeout (int/float/tuple): timeout setting for this request. If + one number provided, it will be total request timeout. It can also + be a pair (tuple) of (connection, read) timeouts. + Default is None. + _check_input_type (bool): specifies if type checking + should be done one the data sent to the server. + Default is True. + _check_return_type (bool): specifies if type checking + should be done one the data received from the server. + Default is True. + _host_index (int/None): specifies the index of the server + that we want to use. + Default is read from the configuration. + async_req (bool): execute request asynchronously + + Returns: + None + If the method is called asynchronously, returns the request + thread. + """ + kwargs['async_req'] = kwargs.get( + 'async_req', False + ) + kwargs['_return_http_data_only'] = kwargs.get( + '_return_http_data_only', True + ) + kwargs['_preload_content'] = kwargs.get( + '_preload_content', True + ) + kwargs['_request_timeout'] = kwargs.get( + '_request_timeout', None + ) + kwargs['_check_input_type'] = kwargs.get( + '_check_input_type', True + ) + kwargs['_check_return_type'] = kwargs.get( + '_check_return_type', True + ) + kwargs['_host_index'] = kwargs.get('_host_index') + kwargs['user_id'] = \ + user_id + kwargs['principal_id'] = \ + principal_id + return self.delete_user_external_principal_endpoint.call_with_http_info(**kwargs) + + def get_user_external_principal( + self, + user_id, + principal_id, + **kwargs + ): + """get external principal of a user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.get_user_external_principal(user_id, principal_id, async_req=True) + >>> result = thread.get() + + Args: + user_id (str): + principal_id (str): + + Keyword Args: + _return_http_data_only (bool): response data without head status + code and headers. Default is True. + _preload_content (bool): if False, the urllib3.HTTPResponse object + will be returned without reading/decoding response data. + Default is True. + _request_timeout (int/float/tuple): timeout setting for this request. If + one number provided, it will be total request timeout. It can also + be a pair (tuple) of (connection, read) timeouts. + Default is None. + _check_input_type (bool): specifies if type checking + should be done one the data sent to the server. + Default is True. + _check_return_type (bool): specifies if type checking + should be done one the data received from the server. + Default is True. + _host_index (int/None): specifies the index of the server + that we want to use. + Default is read from the configuration. + async_req (bool): execute request asynchronously + + Returns: + ExternalPrincipal + If the method is called asynchronously, returns the request + thread. + """ + kwargs['async_req'] = kwargs.get( + 'async_req', False + ) + kwargs['_return_http_data_only'] = kwargs.get( + '_return_http_data_only', True + ) + kwargs['_preload_content'] = kwargs.get( + '_preload_content', True + ) + kwargs['_request_timeout'] = kwargs.get( + '_request_timeout', None + ) + kwargs['_check_input_type'] = kwargs.get( + '_check_input_type', True + ) + kwargs['_check_return_type'] = kwargs.get( + '_check_return_type', True + ) + kwargs['_host_index'] = kwargs.get('_host_index') + kwargs['user_id'] = \ + user_id + kwargs['principal_id'] = \ + principal_id + return self.get_user_external_principal_endpoint.call_with_http_info(**kwargs) + def hard_reset_branch( self, repository, @@ -652,3 +1132,71 @@ def hard_reset_branch( ref return self.hard_reset_branch_endpoint.call_with_http_info(**kwargs) + def list_user_external_principals( + self, + user_id, + **kwargs + ): + """list user external policies # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.list_user_external_principals(user_id, async_req=True) + >>> result = thread.get() + + Args: + user_id (str): + + Keyword Args: + prefix (str): return items prefixed with this value. [optional] + after (str): return items after this value. [optional] + amount (int): how many items to return. [optional] if omitted the server will use the default value of 100 + _return_http_data_only (bool): response data without head status + code and headers. Default is True. + _preload_content (bool): if False, the urllib3.HTTPResponse object + will be returned without reading/decoding response data. + Default is True. + _request_timeout (int/float/tuple): timeout setting for this request. If + one number provided, it will be total request timeout. It can also + be a pair (tuple) of (connection, read) timeouts. + Default is None. + _check_input_type (bool): specifies if type checking + should be done one the data sent to the server. + Default is True. + _check_return_type (bool): specifies if type checking + should be done one the data received from the server. + Default is True. + _host_index (int/None): specifies the index of the server + that we want to use. + Default is read from the configuration. + async_req (bool): execute request asynchronously + + Returns: + ExternalPrincipalList + If the method is called asynchronously, returns the request + thread. + """ + kwargs['async_req'] = kwargs.get( + 'async_req', False + ) + kwargs['_return_http_data_only'] = kwargs.get( + '_return_http_data_only', True + ) + kwargs['_preload_content'] = kwargs.get( + '_preload_content', True + ) + kwargs['_request_timeout'] = kwargs.get( + '_request_timeout', None + ) + kwargs['_check_input_type'] = kwargs.get( + '_check_input_type', True + ) + kwargs['_check_return_type'] = kwargs.get( + '_check_return_type', True + ) + kwargs['_host_index'] = kwargs.get('_host_index') + kwargs['user_id'] = \ + user_id + return self.list_user_external_principals_endpoint.call_with_http_info(**kwargs) + diff --git a/clients/python-legacy/lakefs_client/api/external_api.py b/clients/python-legacy/lakefs_client/api/external_api.py new file mode 100644 index 00000000000..123f8588d08 --- /dev/null +++ b/clients/python-legacy/lakefs_client/api/external_api.py @@ -0,0 +1,587 @@ +""" + lakeFS API + + lakeFS HTTP API # noqa: E501 + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by: https://openapi-generator.tech +""" + + +import re # noqa: F401 +import sys # noqa: F401 + +from lakefs_client.api_client import ApiClient, Endpoint as _Endpoint +from lakefs_client.model_utils import ( # noqa: F401 + check_allowed_values, + check_validations, + date, + datetime, + file_type, + none_type, + validate_and_convert_types +) +from lakefs_client.model.error import Error +from lakefs_client.model.external_principal import ExternalPrincipal +from lakefs_client.model.external_principal_creation import ExternalPrincipalCreation +from lakefs_client.model.external_principal_list import ExternalPrincipalList + + +class ExternalApi(object): + """NOTE: This class is auto generated by OpenAPI Generator + Ref: https://openapi-generator.tech + + Do not edit the class manually. + """ + + def __init__(self, api_client=None): + if api_client is None: + api_client = ApiClient() + self.api_client = api_client + self.create_user_external_principal_endpoint = _Endpoint( + settings={ + 'response_type': None, + 'auth': [ + 'basic_auth', + 'cookie_auth', + 'jwt_token', + 'oidc_auth', + 'saml_auth' + ], + 'endpoint_path': '/auth/users/{userId}/external/principal/{principalId}', + 'operation_id': 'create_user_external_principal', + 'http_method': 'POST', + 'servers': None, + }, + params_map={ + 'all': [ + 'user_id', + 'principal_id', + 'external_principal_creation', + ], + 'required': [ + 'user_id', + 'principal_id', + 'external_principal_creation', + ], + 'nullable': [ + ], + 'enum': [ + ], + 'validation': [ + ] + }, + root_map={ + 'validations': { + }, + 'allowed_values': { + }, + 'openapi_types': { + 'user_id': + (str,), + 'principal_id': + (str,), + 'external_principal_creation': + (ExternalPrincipalCreation,), + }, + 'attribute_map': { + 'user_id': 'userId', + 'principal_id': 'principalId', + }, + 'location_map': { + 'user_id': 'path', + 'principal_id': 'path', + 'external_principal_creation': 'body', + }, + 'collection_format_map': { + } + }, + headers_map={ + 'accept': [ + 'application/json' + ], + 'content_type': [ + 'application/json' + ] + }, + api_client=api_client + ) + self.delete_user_external_principal_endpoint = _Endpoint( + settings={ + 'response_type': None, + 'auth': [ + 'basic_auth', + 'cookie_auth', + 'jwt_token', + 'oidc_auth', + 'saml_auth' + ], + 'endpoint_path': '/auth/users/{userId}/external/principal/{principalId}', + 'operation_id': 'delete_user_external_principal', + 'http_method': 'DELETE', + 'servers': None, + }, + params_map={ + 'all': [ + 'user_id', + 'principal_id', + ], + 'required': [ + 'user_id', + 'principal_id', + ], + 'nullable': [ + ], + 'enum': [ + ], + 'validation': [ + ] + }, + root_map={ + 'validations': { + }, + 'allowed_values': { + }, + 'openapi_types': { + 'user_id': + (str,), + 'principal_id': + (str,), + }, + 'attribute_map': { + 'user_id': 'userId', + 'principal_id': 'principalId', + }, + 'location_map': { + 'user_id': 'path', + 'principal_id': 'path', + }, + 'collection_format_map': { + } + }, + headers_map={ + 'accept': [ + 'application/json' + ], + 'content_type': [], + }, + api_client=api_client + ) + self.get_user_external_principal_endpoint = _Endpoint( + settings={ + 'response_type': (ExternalPrincipal,), + 'auth': [ + 'basic_auth', + 'cookie_auth', + 'jwt_token', + 'oidc_auth', + 'saml_auth' + ], + 'endpoint_path': '/auth/users/{userId}/external/principal/{principalId}', + 'operation_id': 'get_user_external_principal', + 'http_method': 'GET', + 'servers': None, + }, + params_map={ + 'all': [ + 'user_id', + 'principal_id', + ], + 'required': [ + 'user_id', + 'principal_id', + ], + 'nullable': [ + ], + 'enum': [ + ], + 'validation': [ + ] + }, + root_map={ + 'validations': { + }, + 'allowed_values': { + }, + 'openapi_types': { + 'user_id': + (str,), + 'principal_id': + (str,), + }, + 'attribute_map': { + 'user_id': 'userId', + 'principal_id': 'principalId', + }, + 'location_map': { + 'user_id': 'path', + 'principal_id': 'path', + }, + 'collection_format_map': { + } + }, + headers_map={ + 'accept': [ + 'application/json' + ], + 'content_type': [], + }, + api_client=api_client + ) + self.list_user_external_principals_endpoint = _Endpoint( + settings={ + 'response_type': (ExternalPrincipalList,), + 'auth': [ + 'basic_auth', + 'cookie_auth', + 'jwt_token', + 'oidc_auth', + 'saml_auth' + ], + 'endpoint_path': '/auth/users/{userId}/external/principals', + 'operation_id': 'list_user_external_principals', + 'http_method': 'GET', + 'servers': None, + }, + params_map={ + 'all': [ + 'user_id', + 'prefix', + 'after', + 'amount', + ], + 'required': [ + 'user_id', + ], + 'nullable': [ + ], + 'enum': [ + ], + 'validation': [ + 'amount', + ] + }, + root_map={ + 'validations': { + ('amount',): { + + 'inclusive_maximum': 1000, + 'inclusive_minimum': -1, + }, + }, + 'allowed_values': { + }, + 'openapi_types': { + 'user_id': + (str,), + 'prefix': + (str,), + 'after': + (str,), + 'amount': + (int,), + }, + 'attribute_map': { + 'user_id': 'userId', + 'prefix': 'prefix', + 'after': 'after', + 'amount': 'amount', + }, + 'location_map': { + 'user_id': 'path', + 'prefix': 'query', + 'after': 'query', + 'amount': 'query', + }, + 'collection_format_map': { + } + }, + headers_map={ + 'accept': [ + 'application/json' + ], + 'content_type': [], + }, + api_client=api_client + ) + + def create_user_external_principal( + self, + user_id, + principal_id, + external_principal_creation, + **kwargs + ): + """attach external principal to user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.create_user_external_principal(user_id, principal_id, external_principal_creation, async_req=True) + >>> result = thread.get() + + Args: + user_id (str): + principal_id (str): + external_principal_creation (ExternalPrincipalCreation): + + Keyword Args: + _return_http_data_only (bool): response data without head status + code and headers. Default is True. + _preload_content (bool): if False, the urllib3.HTTPResponse object + will be returned without reading/decoding response data. + Default is True. + _request_timeout (int/float/tuple): timeout setting for this request. If + one number provided, it will be total request timeout. It can also + be a pair (tuple) of (connection, read) timeouts. + Default is None. + _check_input_type (bool): specifies if type checking + should be done one the data sent to the server. + Default is True. + _check_return_type (bool): specifies if type checking + should be done one the data received from the server. + Default is True. + _host_index (int/None): specifies the index of the server + that we want to use. + Default is read from the configuration. + async_req (bool): execute request asynchronously + + Returns: + None + If the method is called asynchronously, returns the request + thread. + """ + kwargs['async_req'] = kwargs.get( + 'async_req', False + ) + kwargs['_return_http_data_only'] = kwargs.get( + '_return_http_data_only', True + ) + kwargs['_preload_content'] = kwargs.get( + '_preload_content', True + ) + kwargs['_request_timeout'] = kwargs.get( + '_request_timeout', None + ) + kwargs['_check_input_type'] = kwargs.get( + '_check_input_type', True + ) + kwargs['_check_return_type'] = kwargs.get( + '_check_return_type', True + ) + kwargs['_host_index'] = kwargs.get('_host_index') + kwargs['user_id'] = \ + user_id + kwargs['principal_id'] = \ + principal_id + kwargs['external_principal_creation'] = \ + external_principal_creation + return self.create_user_external_principal_endpoint.call_with_http_info(**kwargs) + + def delete_user_external_principal( + self, + user_id, + principal_id, + **kwargs + ): + """delete external principal from user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.delete_user_external_principal(user_id, principal_id, async_req=True) + >>> result = thread.get() + + Args: + user_id (str): + principal_id (str): + + Keyword Args: + _return_http_data_only (bool): response data without head status + code and headers. Default is True. + _preload_content (bool): if False, the urllib3.HTTPResponse object + will be returned without reading/decoding response data. + Default is True. + _request_timeout (int/float/tuple): timeout setting for this request. If + one number provided, it will be total request timeout. It can also + be a pair (tuple) of (connection, read) timeouts. + Default is None. + _check_input_type (bool): specifies if type checking + should be done one the data sent to the server. + Default is True. + _check_return_type (bool): specifies if type checking + should be done one the data received from the server. + Default is True. + _host_index (int/None): specifies the index of the server + that we want to use. + Default is read from the configuration. + async_req (bool): execute request asynchronously + + Returns: + None + If the method is called asynchronously, returns the request + thread. + """ + kwargs['async_req'] = kwargs.get( + 'async_req', False + ) + kwargs['_return_http_data_only'] = kwargs.get( + '_return_http_data_only', True + ) + kwargs['_preload_content'] = kwargs.get( + '_preload_content', True + ) + kwargs['_request_timeout'] = kwargs.get( + '_request_timeout', None + ) + kwargs['_check_input_type'] = kwargs.get( + '_check_input_type', True + ) + kwargs['_check_return_type'] = kwargs.get( + '_check_return_type', True + ) + kwargs['_host_index'] = kwargs.get('_host_index') + kwargs['user_id'] = \ + user_id + kwargs['principal_id'] = \ + principal_id + return self.delete_user_external_principal_endpoint.call_with_http_info(**kwargs) + + def get_user_external_principal( + self, + user_id, + principal_id, + **kwargs + ): + """get external principal of a user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.get_user_external_principal(user_id, principal_id, async_req=True) + >>> result = thread.get() + + Args: + user_id (str): + principal_id (str): + + Keyword Args: + _return_http_data_only (bool): response data without head status + code and headers. Default is True. + _preload_content (bool): if False, the urllib3.HTTPResponse object + will be returned without reading/decoding response data. + Default is True. + _request_timeout (int/float/tuple): timeout setting for this request. If + one number provided, it will be total request timeout. It can also + be a pair (tuple) of (connection, read) timeouts. + Default is None. + _check_input_type (bool): specifies if type checking + should be done one the data sent to the server. + Default is True. + _check_return_type (bool): specifies if type checking + should be done one the data received from the server. + Default is True. + _host_index (int/None): specifies the index of the server + that we want to use. + Default is read from the configuration. + async_req (bool): execute request asynchronously + + Returns: + ExternalPrincipal + If the method is called asynchronously, returns the request + thread. + """ + kwargs['async_req'] = kwargs.get( + 'async_req', False + ) + kwargs['_return_http_data_only'] = kwargs.get( + '_return_http_data_only', True + ) + kwargs['_preload_content'] = kwargs.get( + '_preload_content', True + ) + kwargs['_request_timeout'] = kwargs.get( + '_request_timeout', None + ) + kwargs['_check_input_type'] = kwargs.get( + '_check_input_type', True + ) + kwargs['_check_return_type'] = kwargs.get( + '_check_return_type', True + ) + kwargs['_host_index'] = kwargs.get('_host_index') + kwargs['user_id'] = \ + user_id + kwargs['principal_id'] = \ + principal_id + return self.get_user_external_principal_endpoint.call_with_http_info(**kwargs) + + def list_user_external_principals( + self, + user_id, + **kwargs + ): + """list user external policies # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.list_user_external_principals(user_id, async_req=True) + >>> result = thread.get() + + Args: + user_id (str): + + Keyword Args: + prefix (str): return items prefixed with this value. [optional] + after (str): return items after this value. [optional] + amount (int): how many items to return. [optional] if omitted the server will use the default value of 100 + _return_http_data_only (bool): response data without head status + code and headers. Default is True. + _preload_content (bool): if False, the urllib3.HTTPResponse object + will be returned without reading/decoding response data. + Default is True. + _request_timeout (int/float/tuple): timeout setting for this request. If + one number provided, it will be total request timeout. It can also + be a pair (tuple) of (connection, read) timeouts. + Default is None. + _check_input_type (bool): specifies if type checking + should be done one the data sent to the server. + Default is True. + _check_return_type (bool): specifies if type checking + should be done one the data received from the server. + Default is True. + _host_index (int/None): specifies the index of the server + that we want to use. + Default is read from the configuration. + async_req (bool): execute request asynchronously + + Returns: + ExternalPrincipalList + If the method is called asynchronously, returns the request + thread. + """ + kwargs['async_req'] = kwargs.get( + 'async_req', False + ) + kwargs['_return_http_data_only'] = kwargs.get( + '_return_http_data_only', True + ) + kwargs['_preload_content'] = kwargs.get( + '_preload_content', True + ) + kwargs['_request_timeout'] = kwargs.get( + '_request_timeout', None + ) + kwargs['_check_input_type'] = kwargs.get( + '_check_input_type', True + ) + kwargs['_check_return_type'] = kwargs.get( + '_check_return_type', True + ) + kwargs['_host_index'] = kwargs.get('_host_index') + kwargs['user_id'] = \ + user_id + return self.list_user_external_principals_endpoint.call_with_http_info(**kwargs) + diff --git a/clients/python-legacy/lakefs_client/apis/__init__.py b/clients/python-legacy/lakefs_client/apis/__init__.py index 78330a40a0b..8641847c8c3 100644 --- a/clients/python-legacy/lakefs_client/apis/__init__.py +++ b/clients/python-legacy/lakefs_client/apis/__init__.py @@ -20,6 +20,7 @@ from lakefs_client.api.commits_api import CommitsApi from lakefs_client.api.config_api import ConfigApi from lakefs_client.api.experimental_api import ExperimentalApi +from lakefs_client.api.external_api import ExternalApi from lakefs_client.api.health_check_api import HealthCheckApi from lakefs_client.api.import_api import ImportApi from lakefs_client.api.internal_api import InternalApi diff --git a/clients/python-legacy/lakefs_client/client.py b/clients/python-legacy/lakefs_client/client.py index 59a339b55c1..6a0eed7e23f 100644 --- a/clients/python-legacy/lakefs_client/client.py +++ b/clients/python-legacy/lakefs_client/client.py @@ -9,6 +9,7 @@ from lakefs_client.api import commits_api from lakefs_client.api import config_api from lakefs_client.api import experimental_api +from lakefs_client.api import external_api from lakefs_client.api import health_check_api from lakefs_client.api import import_api from lakefs_client.api import internal_api @@ -49,6 +50,7 @@ def __init__(self, configuration=None, header_name=None, header_value=None, cook self.commits_api = commits_api.CommitsApi(self._api) self.config_api = config_api.ConfigApi(self._api) self.experimental_api = experimental_api.ExperimentalApi(self._api) + self.external_api = external_api.ExternalApi(self._api) self.health_check_api = health_check_api.HealthCheckApi(self._api) self.import_api = import_api.ImportApi(self._api) self.internal_api = internal_api.InternalApi(self._api) diff --git a/clients/python-legacy/lakefs_client/model/external_principal.py b/clients/python-legacy/lakefs_client/model/external_principal.py new file mode 100644 index 00000000000..83664a9fd42 --- /dev/null +++ b/clients/python-legacy/lakefs_client/model/external_principal.py @@ -0,0 +1,278 @@ +""" + lakeFS API + + lakeFS HTTP API # noqa: E501 + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by: https://openapi-generator.tech +""" + + +import re # noqa: F401 +import sys # noqa: F401 + +from lakefs_client.model_utils import ( # noqa: F401 + ApiTypeError, + ModelComposed, + ModelNormal, + ModelSimple, + cached_property, + change_keys_js_to_python, + convert_js_args_to_python_args, + date, + datetime, + file_type, + none_type, + validate_get_composed_info, +) +from ..model_utils import OpenApiModel +from lakefs_client.exceptions import ApiAttributeError + + +def lazy_import(): + from lakefs_client.model.external_principal_settings import ExternalPrincipalSettings + globals()['ExternalPrincipalSettings'] = ExternalPrincipalSettings + + +class ExternalPrincipal(ModelNormal): + """NOTE: This class is auto generated by OpenAPI Generator. + Ref: https://openapi-generator.tech + + Do not edit the class manually. + + Attributes: + allowed_values (dict): The key is the tuple path to the attribute + and the for var_name this is (var_name,). The value is a dict + with a capitalized key describing the allowed value and an allowed + value. These dicts store the allowed enum values. + attribute_map (dict): The key is attribute name + and the value is json key in definition. + discriminator_value_class_map (dict): A dict to go from the discriminator + variable value to the discriminator class name. + validations (dict): The key is the tuple path to the attribute + and the for var_name this is (var_name,). The value is a dict + that stores validations for max_length, min_length, max_items, + min_items, exclusive_maximum, inclusive_maximum, exclusive_minimum, + inclusive_minimum, and regex. + additional_properties_type (tuple): A tuple of classes accepted + as additional properties values. + """ + + allowed_values = { + } + + validations = { + } + + @cached_property + def additional_properties_type(): + """ + This must be a method because a model may have properties that are + of type self, this must run after the class is loaded + """ + lazy_import() + return (bool, date, datetime, dict, float, int, list, str, none_type,) # noqa: E501 + + _nullable = False + + @cached_property + def openapi_types(): + """ + This must be a method because a model may have properties that are + of type self, this must run after the class is loaded + + Returns + openapi_types (dict): The key is attribute name + and the value is attribute type. + """ + lazy_import() + return { + 'id': (str,), # noqa: E501 + 'user_id': (str,), # noqa: E501 + 'settings': ([ExternalPrincipalSettings],), # noqa: E501 + } + + @cached_property + def discriminator(): + return None + + + attribute_map = { + 'id': 'id', # noqa: E501 + 'user_id': 'user_id', # noqa: E501 + 'settings': 'settings', # noqa: E501 + } + + read_only_vars = { + } + + _composed_schemas = {} + + @classmethod + @convert_js_args_to_python_args + def _from_openapi_data(cls, id, user_id, *args, **kwargs): # noqa: E501 + """ExternalPrincipal - a model defined in OpenAPI + + Args: + id (str): A unique identifier for the external principal + user_id (str): lakeFS user ID to associate with an external principal. + + Keyword Args: + _check_type (bool): if True, values for parameters in openapi_types + will be type checked and a TypeError will be + raised if the wrong type is input. + Defaults to True + _path_to_item (tuple/list): This is a list of keys or values to + drill down to the model in received_data + when deserializing a response + _spec_property_naming (bool): True if the variable names in the input data + are serialized names, as specified in the OpenAPI document. + False if the variable names in the input data + are pythonic names, e.g. snake case (default) + _configuration (Configuration): the instance to use when + deserializing a file_type parameter. + If passed, type conversion is attempted + If omitted no type conversion is done. + _visited_composed_classes (tuple): This stores a tuple of + classes that we have traveled through so that + if we see that class again we will not use its + discriminator again. + When traveling through a discriminator, the + composed schema that is + is traveled through is added to this set. + For example if Animal has a discriminator + petType and we pass in "Dog", and the class Dog + allOf includes Animal, we move through Animal + once using the discriminator, and pick Dog. + Then in Dog, we will make an instance of the + Animal class but this time we won't travel + through its discriminator because we passed in + _visited_composed_classes = (Animal,) + settings ([ExternalPrincipalSettings]): [optional] # noqa: E501 + """ + + _check_type = kwargs.pop('_check_type', True) + _spec_property_naming = kwargs.pop('_spec_property_naming', False) + _path_to_item = kwargs.pop('_path_to_item', ()) + _configuration = kwargs.pop('_configuration', None) + _visited_composed_classes = kwargs.pop('_visited_composed_classes', ()) + + self = super(OpenApiModel, cls).__new__(cls) + + if args: + raise ApiTypeError( + "Invalid positional arguments=%s passed to %s. Remove those invalid positional arguments." % ( + args, + self.__class__.__name__, + ), + path_to_item=_path_to_item, + valid_classes=(self.__class__,), + ) + + self._data_store = {} + self._check_type = _check_type + self._spec_property_naming = _spec_property_naming + self._path_to_item = _path_to_item + self._configuration = _configuration + self._visited_composed_classes = _visited_composed_classes + (self.__class__,) + + self.id = id + self.user_id = user_id + for var_name, var_value in kwargs.items(): + if var_name not in self.attribute_map and \ + self._configuration is not None and \ + self._configuration.discard_unknown_keys and \ + self.additional_properties_type is None: + # discard variable. + continue + setattr(self, var_name, var_value) + return self + + required_properties = set([ + '_data_store', + '_check_type', + '_spec_property_naming', + '_path_to_item', + '_configuration', + '_visited_composed_classes', + ]) + + @convert_js_args_to_python_args + def __init__(self, id, user_id, *args, **kwargs): # noqa: E501 + """ExternalPrincipal - a model defined in OpenAPI + + Args: + id (str): A unique identifier for the external principal + user_id (str): lakeFS user ID to associate with an external principal. + + Keyword Args: + _check_type (bool): if True, values for parameters in openapi_types + will be type checked and a TypeError will be + raised if the wrong type is input. + Defaults to True + _path_to_item (tuple/list): This is a list of keys or values to + drill down to the model in received_data + when deserializing a response + _spec_property_naming (bool): True if the variable names in the input data + are serialized names, as specified in the OpenAPI document. + False if the variable names in the input data + are pythonic names, e.g. snake case (default) + _configuration (Configuration): the instance to use when + deserializing a file_type parameter. + If passed, type conversion is attempted + If omitted no type conversion is done. + _visited_composed_classes (tuple): This stores a tuple of + classes that we have traveled through so that + if we see that class again we will not use its + discriminator again. + When traveling through a discriminator, the + composed schema that is + is traveled through is added to this set. + For example if Animal has a discriminator + petType and we pass in "Dog", and the class Dog + allOf includes Animal, we move through Animal + once using the discriminator, and pick Dog. + Then in Dog, we will make an instance of the + Animal class but this time we won't travel + through its discriminator because we passed in + _visited_composed_classes = (Animal,) + settings ([ExternalPrincipalSettings]): [optional] # noqa: E501 + """ + + _check_type = kwargs.pop('_check_type', True) + _spec_property_naming = kwargs.pop('_spec_property_naming', False) + _path_to_item = kwargs.pop('_path_to_item', ()) + _configuration = kwargs.pop('_configuration', None) + _visited_composed_classes = kwargs.pop('_visited_composed_classes', ()) + + if args: + raise ApiTypeError( + "Invalid positional arguments=%s passed to %s. Remove those invalid positional arguments." % ( + args, + self.__class__.__name__, + ), + path_to_item=_path_to_item, + valid_classes=(self.__class__,), + ) + + self._data_store = {} + self._check_type = _check_type + self._spec_property_naming = _spec_property_naming + self._path_to_item = _path_to_item + self._configuration = _configuration + self._visited_composed_classes = _visited_composed_classes + (self.__class__,) + + self.id = id + self.user_id = user_id + for var_name, var_value in kwargs.items(): + if var_name not in self.attribute_map and \ + self._configuration is not None and \ + self._configuration.discard_unknown_keys and \ + self.additional_properties_type is None: + # discard variable. + continue + setattr(self, var_name, var_value) + if var_name in self.read_only_vars: + raise ApiAttributeError(f"`{var_name}` is a read-only attribute. Use `from_openapi_data` to instantiate " + f"class with read only attributes.") diff --git a/clients/python-legacy/lakefs_client/model/external_principal_creation.py b/clients/python-legacy/lakefs_client/model/external_principal_creation.py new file mode 100644 index 00000000000..418fb83e1fe --- /dev/null +++ b/clients/python-legacy/lakefs_client/model/external_principal_creation.py @@ -0,0 +1,262 @@ +""" + lakeFS API + + lakeFS HTTP API # noqa: E501 + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by: https://openapi-generator.tech +""" + + +import re # noqa: F401 +import sys # noqa: F401 + +from lakefs_client.model_utils import ( # noqa: F401 + ApiTypeError, + ModelComposed, + ModelNormal, + ModelSimple, + cached_property, + change_keys_js_to_python, + convert_js_args_to_python_args, + date, + datetime, + file_type, + none_type, + validate_get_composed_info, +) +from ..model_utils import OpenApiModel +from lakefs_client.exceptions import ApiAttributeError + + +def lazy_import(): + from lakefs_client.model.external_principal_settings import ExternalPrincipalSettings + globals()['ExternalPrincipalSettings'] = ExternalPrincipalSettings + + +class ExternalPrincipalCreation(ModelNormal): + """NOTE: This class is auto generated by OpenAPI Generator. + Ref: https://openapi-generator.tech + + Do not edit the class manually. + + Attributes: + allowed_values (dict): The key is the tuple path to the attribute + and the for var_name this is (var_name,). The value is a dict + with a capitalized key describing the allowed value and an allowed + value. These dicts store the allowed enum values. + attribute_map (dict): The key is attribute name + and the value is json key in definition. + discriminator_value_class_map (dict): A dict to go from the discriminator + variable value to the discriminator class name. + validations (dict): The key is the tuple path to the attribute + and the for var_name this is (var_name,). The value is a dict + that stores validations for max_length, min_length, max_items, + min_items, exclusive_maximum, inclusive_maximum, exclusive_minimum, + inclusive_minimum, and regex. + additional_properties_type (tuple): A tuple of classes accepted + as additional properties values. + """ + + allowed_values = { + } + + validations = { + } + + @cached_property + def additional_properties_type(): + """ + This must be a method because a model may have properties that are + of type self, this must run after the class is loaded + """ + lazy_import() + return (bool, date, datetime, dict, float, int, list, str, none_type,) # noqa: E501 + + _nullable = False + + @cached_property + def openapi_types(): + """ + This must be a method because a model may have properties that are + of type self, this must run after the class is loaded + + Returns + openapi_types (dict): The key is attribute name + and the value is attribute type. + """ + lazy_import() + return { + 'settings': ([ExternalPrincipalSettings],), # noqa: E501 + } + + @cached_property + def discriminator(): + return None + + + attribute_map = { + 'settings': 'settings', # noqa: E501 + } + + read_only_vars = { + } + + _composed_schemas = {} + + @classmethod + @convert_js_args_to_python_args + def _from_openapi_data(cls, *args, **kwargs): # noqa: E501 + """ExternalPrincipalCreation - a model defined in OpenAPI + + Keyword Args: + _check_type (bool): if True, values for parameters in openapi_types + will be type checked and a TypeError will be + raised if the wrong type is input. + Defaults to True + _path_to_item (tuple/list): This is a list of keys or values to + drill down to the model in received_data + when deserializing a response + _spec_property_naming (bool): True if the variable names in the input data + are serialized names, as specified in the OpenAPI document. + False if the variable names in the input data + are pythonic names, e.g. snake case (default) + _configuration (Configuration): the instance to use when + deserializing a file_type parameter. + If passed, type conversion is attempted + If omitted no type conversion is done. + _visited_composed_classes (tuple): This stores a tuple of + classes that we have traveled through so that + if we see that class again we will not use its + discriminator again. + When traveling through a discriminator, the + composed schema that is + is traveled through is added to this set. + For example if Animal has a discriminator + petType and we pass in "Dog", and the class Dog + allOf includes Animal, we move through Animal + once using the discriminator, and pick Dog. + Then in Dog, we will make an instance of the + Animal class but this time we won't travel + through its discriminator because we passed in + _visited_composed_classes = (Animal,) + settings ([ExternalPrincipalSettings]): [optional] # noqa: E501 + """ + + _check_type = kwargs.pop('_check_type', True) + _spec_property_naming = kwargs.pop('_spec_property_naming', False) + _path_to_item = kwargs.pop('_path_to_item', ()) + _configuration = kwargs.pop('_configuration', None) + _visited_composed_classes = kwargs.pop('_visited_composed_classes', ()) + + self = super(OpenApiModel, cls).__new__(cls) + + if args: + raise ApiTypeError( + "Invalid positional arguments=%s passed to %s. Remove those invalid positional arguments." % ( + args, + self.__class__.__name__, + ), + path_to_item=_path_to_item, + valid_classes=(self.__class__,), + ) + + self._data_store = {} + self._check_type = _check_type + self._spec_property_naming = _spec_property_naming + self._path_to_item = _path_to_item + self._configuration = _configuration + self._visited_composed_classes = _visited_composed_classes + (self.__class__,) + + for var_name, var_value in kwargs.items(): + if var_name not in self.attribute_map and \ + self._configuration is not None and \ + self._configuration.discard_unknown_keys and \ + self.additional_properties_type is None: + # discard variable. + continue + setattr(self, var_name, var_value) + return self + + required_properties = set([ + '_data_store', + '_check_type', + '_spec_property_naming', + '_path_to_item', + '_configuration', + '_visited_composed_classes', + ]) + + @convert_js_args_to_python_args + def __init__(self, *args, **kwargs): # noqa: E501 + """ExternalPrincipalCreation - a model defined in OpenAPI + + Keyword Args: + _check_type (bool): if True, values for parameters in openapi_types + will be type checked and a TypeError will be + raised if the wrong type is input. + Defaults to True + _path_to_item (tuple/list): This is a list of keys or values to + drill down to the model in received_data + when deserializing a response + _spec_property_naming (bool): True if the variable names in the input data + are serialized names, as specified in the OpenAPI document. + False if the variable names in the input data + are pythonic names, e.g. snake case (default) + _configuration (Configuration): the instance to use when + deserializing a file_type parameter. + If passed, type conversion is attempted + If omitted no type conversion is done. + _visited_composed_classes (tuple): This stores a tuple of + classes that we have traveled through so that + if we see that class again we will not use its + discriminator again. + When traveling through a discriminator, the + composed schema that is + is traveled through is added to this set. + For example if Animal has a discriminator + petType and we pass in "Dog", and the class Dog + allOf includes Animal, we move through Animal + once using the discriminator, and pick Dog. + Then in Dog, we will make an instance of the + Animal class but this time we won't travel + through its discriminator because we passed in + _visited_composed_classes = (Animal,) + settings ([ExternalPrincipalSettings]): [optional] # noqa: E501 + """ + + _check_type = kwargs.pop('_check_type', True) + _spec_property_naming = kwargs.pop('_spec_property_naming', False) + _path_to_item = kwargs.pop('_path_to_item', ()) + _configuration = kwargs.pop('_configuration', None) + _visited_composed_classes = kwargs.pop('_visited_composed_classes', ()) + + if args: + raise ApiTypeError( + "Invalid positional arguments=%s passed to %s. Remove those invalid positional arguments." % ( + args, + self.__class__.__name__, + ), + path_to_item=_path_to_item, + valid_classes=(self.__class__,), + ) + + self._data_store = {} + self._check_type = _check_type + self._spec_property_naming = _spec_property_naming + self._path_to_item = _path_to_item + self._configuration = _configuration + self._visited_composed_classes = _visited_composed_classes + (self.__class__,) + + for var_name, var_value in kwargs.items(): + if var_name not in self.attribute_map and \ + self._configuration is not None and \ + self._configuration.discard_unknown_keys and \ + self.additional_properties_type is None: + # discard variable. + continue + setattr(self, var_name, var_value) + if var_name in self.read_only_vars: + raise ApiAttributeError(f"`{var_name}` is a read-only attribute. Use `from_openapi_data` to instantiate " + f"class with read only attributes.") diff --git a/clients/python-legacy/lakefs_client/model/external_principal_list.py b/clients/python-legacy/lakefs_client/model/external_principal_list.py new file mode 100644 index 00000000000..177a111ace8 --- /dev/null +++ b/clients/python-legacy/lakefs_client/model/external_principal_list.py @@ -0,0 +1,276 @@ +""" + lakeFS API + + lakeFS HTTP API # noqa: E501 + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by: https://openapi-generator.tech +""" + + +import re # noqa: F401 +import sys # noqa: F401 + +from lakefs_client.model_utils import ( # noqa: F401 + ApiTypeError, + ModelComposed, + ModelNormal, + ModelSimple, + cached_property, + change_keys_js_to_python, + convert_js_args_to_python_args, + date, + datetime, + file_type, + none_type, + validate_get_composed_info, +) +from ..model_utils import OpenApiModel +from lakefs_client.exceptions import ApiAttributeError + + +def lazy_import(): + from lakefs_client.model.external_principal import ExternalPrincipal + from lakefs_client.model.pagination import Pagination + globals()['ExternalPrincipal'] = ExternalPrincipal + globals()['Pagination'] = Pagination + + +class ExternalPrincipalList(ModelNormal): + """NOTE: This class is auto generated by OpenAPI Generator. + Ref: https://openapi-generator.tech + + Do not edit the class manually. + + Attributes: + allowed_values (dict): The key is the tuple path to the attribute + and the for var_name this is (var_name,). The value is a dict + with a capitalized key describing the allowed value and an allowed + value. These dicts store the allowed enum values. + attribute_map (dict): The key is attribute name + and the value is json key in definition. + discriminator_value_class_map (dict): A dict to go from the discriminator + variable value to the discriminator class name. + validations (dict): The key is the tuple path to the attribute + and the for var_name this is (var_name,). The value is a dict + that stores validations for max_length, min_length, max_items, + min_items, exclusive_maximum, inclusive_maximum, exclusive_minimum, + inclusive_minimum, and regex. + additional_properties_type (tuple): A tuple of classes accepted + as additional properties values. + """ + + allowed_values = { + } + + validations = { + } + + @cached_property + def additional_properties_type(): + """ + This must be a method because a model may have properties that are + of type self, this must run after the class is loaded + """ + lazy_import() + return (bool, date, datetime, dict, float, int, list, str, none_type,) # noqa: E501 + + _nullable = False + + @cached_property + def openapi_types(): + """ + This must be a method because a model may have properties that are + of type self, this must run after the class is loaded + + Returns + openapi_types (dict): The key is attribute name + and the value is attribute type. + """ + lazy_import() + return { + 'pagination': (Pagination,), # noqa: E501 + 'results': ([ExternalPrincipal],), # noqa: E501 + } + + @cached_property + def discriminator(): + return None + + + attribute_map = { + 'pagination': 'pagination', # noqa: E501 + 'results': 'results', # noqa: E501 + } + + read_only_vars = { + } + + _composed_schemas = {} + + @classmethod + @convert_js_args_to_python_args + def _from_openapi_data(cls, pagination, results, *args, **kwargs): # noqa: E501 + """ExternalPrincipalList - a model defined in OpenAPI + + Args: + pagination (Pagination): + results ([ExternalPrincipal]): + + Keyword Args: + _check_type (bool): if True, values for parameters in openapi_types + will be type checked and a TypeError will be + raised if the wrong type is input. + Defaults to True + _path_to_item (tuple/list): This is a list of keys or values to + drill down to the model in received_data + when deserializing a response + _spec_property_naming (bool): True if the variable names in the input data + are serialized names, as specified in the OpenAPI document. + False if the variable names in the input data + are pythonic names, e.g. snake case (default) + _configuration (Configuration): the instance to use when + deserializing a file_type parameter. + If passed, type conversion is attempted + If omitted no type conversion is done. + _visited_composed_classes (tuple): This stores a tuple of + classes that we have traveled through so that + if we see that class again we will not use its + discriminator again. + When traveling through a discriminator, the + composed schema that is + is traveled through is added to this set. + For example if Animal has a discriminator + petType and we pass in "Dog", and the class Dog + allOf includes Animal, we move through Animal + once using the discriminator, and pick Dog. + Then in Dog, we will make an instance of the + Animal class but this time we won't travel + through its discriminator because we passed in + _visited_composed_classes = (Animal,) + """ + + _check_type = kwargs.pop('_check_type', True) + _spec_property_naming = kwargs.pop('_spec_property_naming', False) + _path_to_item = kwargs.pop('_path_to_item', ()) + _configuration = kwargs.pop('_configuration', None) + _visited_composed_classes = kwargs.pop('_visited_composed_classes', ()) + + self = super(OpenApiModel, cls).__new__(cls) + + if args: + raise ApiTypeError( + "Invalid positional arguments=%s passed to %s. Remove those invalid positional arguments." % ( + args, + self.__class__.__name__, + ), + path_to_item=_path_to_item, + valid_classes=(self.__class__,), + ) + + self._data_store = {} + self._check_type = _check_type + self._spec_property_naming = _spec_property_naming + self._path_to_item = _path_to_item + self._configuration = _configuration + self._visited_composed_classes = _visited_composed_classes + (self.__class__,) + + self.pagination = pagination + self.results = results + for var_name, var_value in kwargs.items(): + if var_name not in self.attribute_map and \ + self._configuration is not None and \ + self._configuration.discard_unknown_keys and \ + self.additional_properties_type is None: + # discard variable. + continue + setattr(self, var_name, var_value) + return self + + required_properties = set([ + '_data_store', + '_check_type', + '_spec_property_naming', + '_path_to_item', + '_configuration', + '_visited_composed_classes', + ]) + + @convert_js_args_to_python_args + def __init__(self, pagination, results, *args, **kwargs): # noqa: E501 + """ExternalPrincipalList - a model defined in OpenAPI + + Args: + pagination (Pagination): + results ([ExternalPrincipal]): + + Keyword Args: + _check_type (bool): if True, values for parameters in openapi_types + will be type checked and a TypeError will be + raised if the wrong type is input. + Defaults to True + _path_to_item (tuple/list): This is a list of keys or values to + drill down to the model in received_data + when deserializing a response + _spec_property_naming (bool): True if the variable names in the input data + are serialized names, as specified in the OpenAPI document. + False if the variable names in the input data + are pythonic names, e.g. snake case (default) + _configuration (Configuration): the instance to use when + deserializing a file_type parameter. + If passed, type conversion is attempted + If omitted no type conversion is done. + _visited_composed_classes (tuple): This stores a tuple of + classes that we have traveled through so that + if we see that class again we will not use its + discriminator again. + When traveling through a discriminator, the + composed schema that is + is traveled through is added to this set. + For example if Animal has a discriminator + petType and we pass in "Dog", and the class Dog + allOf includes Animal, we move through Animal + once using the discriminator, and pick Dog. + Then in Dog, we will make an instance of the + Animal class but this time we won't travel + through its discriminator because we passed in + _visited_composed_classes = (Animal,) + """ + + _check_type = kwargs.pop('_check_type', True) + _spec_property_naming = kwargs.pop('_spec_property_naming', False) + _path_to_item = kwargs.pop('_path_to_item', ()) + _configuration = kwargs.pop('_configuration', None) + _visited_composed_classes = kwargs.pop('_visited_composed_classes', ()) + + if args: + raise ApiTypeError( + "Invalid positional arguments=%s passed to %s. Remove those invalid positional arguments." % ( + args, + self.__class__.__name__, + ), + path_to_item=_path_to_item, + valid_classes=(self.__class__,), + ) + + self._data_store = {} + self._check_type = _check_type + self._spec_property_naming = _spec_property_naming + self._path_to_item = _path_to_item + self._configuration = _configuration + self._visited_composed_classes = _visited_composed_classes + (self.__class__,) + + self.pagination = pagination + self.results = results + for var_name, var_value in kwargs.items(): + if var_name not in self.attribute_map and \ + self._configuration is not None and \ + self._configuration.discard_unknown_keys and \ + self.additional_properties_type is None: + # discard variable. + continue + setattr(self, var_name, var_value) + if var_name in self.read_only_vars: + raise ApiAttributeError(f"`{var_name}` is a read-only attribute. Use `from_openapi_data` to instantiate " + f"class with read only attributes.") diff --git a/clients/python-legacy/lakefs_client/model/external_principal_settings.py b/clients/python-legacy/lakefs_client/model/external_principal_settings.py new file mode 100644 index 00000000000..b9381da0d5a --- /dev/null +++ b/clients/python-legacy/lakefs_client/model/external_principal_settings.py @@ -0,0 +1,252 @@ +""" + lakeFS API + + lakeFS HTTP API # noqa: E501 + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by: https://openapi-generator.tech +""" + + +import re # noqa: F401 +import sys # noqa: F401 + +from lakefs_client.model_utils import ( # noqa: F401 + ApiTypeError, + ModelComposed, + ModelNormal, + ModelSimple, + cached_property, + change_keys_js_to_python, + convert_js_args_to_python_args, + date, + datetime, + file_type, + none_type, + validate_get_composed_info, +) +from ..model_utils import OpenApiModel +from lakefs_client.exceptions import ApiAttributeError + + + +class ExternalPrincipalSettings(ModelNormal): + """NOTE: This class is auto generated by OpenAPI Generator. + Ref: https://openapi-generator.tech + + Do not edit the class manually. + + Attributes: + allowed_values (dict): The key is the tuple path to the attribute + and the for var_name this is (var_name,). The value is a dict + with a capitalized key describing the allowed value and an allowed + value. These dicts store the allowed enum values. + attribute_map (dict): The key is attribute name + and the value is json key in definition. + discriminator_value_class_map (dict): A dict to go from the discriminator + variable value to the discriminator class name. + validations (dict): The key is the tuple path to the attribute + and the for var_name this is (var_name,). The value is a dict + that stores validations for max_length, min_length, max_items, + min_items, exclusive_maximum, inclusive_maximum, exclusive_minimum, + inclusive_minimum, and regex. + additional_properties_type (tuple): A tuple of classes accepted + as additional properties values. + """ + + allowed_values = { + } + + validations = { + } + + @cached_property + def additional_properties_type(): + """ + This must be a method because a model may have properties that are + of type self, this must run after the class is loaded + """ + return (str,) # noqa: E501 + + _nullable = False + + @cached_property + def openapi_types(): + """ + This must be a method because a model may have properties that are + of type self, this must run after the class is loaded + + Returns + openapi_types (dict): The key is attribute name + and the value is attribute type. + """ + return { + } + + @cached_property + def discriminator(): + return None + + + attribute_map = { + } + + read_only_vars = { + } + + _composed_schemas = {} + + @classmethod + @convert_js_args_to_python_args + def _from_openapi_data(cls, *args, **kwargs): # noqa: E501 + """ExternalPrincipalSettings - a model defined in OpenAPI + + Keyword Args: + _check_type (bool): if True, values for parameters in openapi_types + will be type checked and a TypeError will be + raised if the wrong type is input. + Defaults to True + _path_to_item (tuple/list): This is a list of keys or values to + drill down to the model in received_data + when deserializing a response + _spec_property_naming (bool): True if the variable names in the input data + are serialized names, as specified in the OpenAPI document. + False if the variable names in the input data + are pythonic names, e.g. snake case (default) + _configuration (Configuration): the instance to use when + deserializing a file_type parameter. + If passed, type conversion is attempted + If omitted no type conversion is done. + _visited_composed_classes (tuple): This stores a tuple of + classes that we have traveled through so that + if we see that class again we will not use its + discriminator again. + When traveling through a discriminator, the + composed schema that is + is traveled through is added to this set. + For example if Animal has a discriminator + petType and we pass in "Dog", and the class Dog + allOf includes Animal, we move through Animal + once using the discriminator, and pick Dog. + Then in Dog, we will make an instance of the + Animal class but this time we won't travel + through its discriminator because we passed in + _visited_composed_classes = (Animal,) + """ + + _check_type = kwargs.pop('_check_type', True) + _spec_property_naming = kwargs.pop('_spec_property_naming', False) + _path_to_item = kwargs.pop('_path_to_item', ()) + _configuration = kwargs.pop('_configuration', None) + _visited_composed_classes = kwargs.pop('_visited_composed_classes', ()) + + self = super(OpenApiModel, cls).__new__(cls) + + if args: + raise ApiTypeError( + "Invalid positional arguments=%s passed to %s. Remove those invalid positional arguments." % ( + args, + self.__class__.__name__, + ), + path_to_item=_path_to_item, + valid_classes=(self.__class__,), + ) + + self._data_store = {} + self._check_type = _check_type + self._spec_property_naming = _spec_property_naming + self._path_to_item = _path_to_item + self._configuration = _configuration + self._visited_composed_classes = _visited_composed_classes + (self.__class__,) + + for var_name, var_value in kwargs.items(): + if var_name not in self.attribute_map and \ + self._configuration is not None and \ + self._configuration.discard_unknown_keys and \ + self.additional_properties_type is None: + # discard variable. + continue + setattr(self, var_name, var_value) + return self + + required_properties = set([ + '_data_store', + '_check_type', + '_spec_property_naming', + '_path_to_item', + '_configuration', + '_visited_composed_classes', + ]) + + @convert_js_args_to_python_args + def __init__(self, *args, **kwargs): # noqa: E501 + """ExternalPrincipalSettings - a model defined in OpenAPI + + Keyword Args: + _check_type (bool): if True, values for parameters in openapi_types + will be type checked and a TypeError will be + raised if the wrong type is input. + Defaults to True + _path_to_item (tuple/list): This is a list of keys or values to + drill down to the model in received_data + when deserializing a response + _spec_property_naming (bool): True if the variable names in the input data + are serialized names, as specified in the OpenAPI document. + False if the variable names in the input data + are pythonic names, e.g. snake case (default) + _configuration (Configuration): the instance to use when + deserializing a file_type parameter. + If passed, type conversion is attempted + If omitted no type conversion is done. + _visited_composed_classes (tuple): This stores a tuple of + classes that we have traveled through so that + if we see that class again we will not use its + discriminator again. + When traveling through a discriminator, the + composed schema that is + is traveled through is added to this set. + For example if Animal has a discriminator + petType and we pass in "Dog", and the class Dog + allOf includes Animal, we move through Animal + once using the discriminator, and pick Dog. + Then in Dog, we will make an instance of the + Animal class but this time we won't travel + through its discriminator because we passed in + _visited_composed_classes = (Animal,) + """ + + _check_type = kwargs.pop('_check_type', True) + _spec_property_naming = kwargs.pop('_spec_property_naming', False) + _path_to_item = kwargs.pop('_path_to_item', ()) + _configuration = kwargs.pop('_configuration', None) + _visited_composed_classes = kwargs.pop('_visited_composed_classes', ()) + + if args: + raise ApiTypeError( + "Invalid positional arguments=%s passed to %s. Remove those invalid positional arguments." % ( + args, + self.__class__.__name__, + ), + path_to_item=_path_to_item, + valid_classes=(self.__class__,), + ) + + self._data_store = {} + self._check_type = _check_type + self._spec_property_naming = _spec_property_naming + self._path_to_item = _path_to_item + self._configuration = _configuration + self._visited_composed_classes = _visited_composed_classes + (self.__class__,) + + for var_name, var_value in kwargs.items(): + if var_name not in self.attribute_map and \ + self._configuration is not None and \ + self._configuration.discard_unknown_keys and \ + self.additional_properties_type is None: + # discard variable. + continue + setattr(self, var_name, var_value) + if var_name in self.read_only_vars: + raise ApiAttributeError(f"`{var_name}` is a read-only attribute. Use `from_openapi_data` to instantiate " + f"class with read only attributes.") diff --git a/clients/python-legacy/lakefs_client/models/__init__.py b/clients/python-legacy/lakefs_client/models/__init__.py index 4c83f7436db..a75a5e24e39 100644 --- a/clients/python-legacy/lakefs_client/models/__init__.py +++ b/clients/python-legacy/lakefs_client/models/__init__.py @@ -34,6 +34,10 @@ from lakefs_client.model.diff_list import DiffList from lakefs_client.model.error import Error from lakefs_client.model.error_no_acl import ErrorNoACL +from lakefs_client.model.external_principal import ExternalPrincipal +from lakefs_client.model.external_principal_creation import ExternalPrincipalCreation +from lakefs_client.model.external_principal_list import ExternalPrincipalList +from lakefs_client.model.external_principal_settings import ExternalPrincipalSettings from lakefs_client.model.find_merge_base_result import FindMergeBaseResult from lakefs_client.model.garbage_collection_config import GarbageCollectionConfig from lakefs_client.model.garbage_collection_prepare_response import GarbageCollectionPrepareResponse diff --git a/clients/python-legacy/test/test_auth_api.py b/clients/python-legacy/test/test_auth_api.py index 711f38fe944..99cddb20fba 100644 --- a/clients/python-legacy/test/test_auth_api.py +++ b/clients/python-legacy/test/test_auth_api.py @@ -73,6 +73,13 @@ def test_create_user(self): """ pass + def test_create_user_external_principal(self): + """Test case for create_user_external_principal + + attach external principal to user # noqa: E501 + """ + pass + def test_delete_credentials(self): """Test case for delete_credentials @@ -108,6 +115,13 @@ def test_delete_user(self): """ pass + def test_delete_user_external_principal(self): + """Test case for delete_user_external_principal + + delete external principal from user # noqa: E501 + """ + pass + def test_detach_policy_from_group(self): """Test case for detach_policy_from_group @@ -164,6 +178,13 @@ def test_get_user(self): """ pass + def test_get_user_external_principal(self): + """Test case for get_user_external_principal + + get external principal of a user # noqa: E501 + """ + pass + def test_list_group_members(self): """Test case for list_group_members @@ -199,6 +220,13 @@ def test_list_user_credentials(self): """ pass + def test_list_user_external_principals(self): + """Test case for list_user_external_principals + + list user external policies # noqa: E501 + """ + pass + def test_list_user_groups(self): """Test case for list_user_groups diff --git a/clients/python-legacy/test/test_experimental_api.py b/clients/python-legacy/test/test_experimental_api.py index c6d34c63820..e3986775877 100644 --- a/clients/python-legacy/test/test_experimental_api.py +++ b/clients/python-legacy/test/test_experimental_api.py @@ -45,6 +45,27 @@ def test_create_presign_multipart_upload(self): """ pass + def test_create_user_external_principal(self): + """Test case for create_user_external_principal + + attach external principal to user # noqa: E501 + """ + pass + + def test_delete_user_external_principal(self): + """Test case for delete_user_external_principal + + delete external principal from user # noqa: E501 + """ + pass + + def test_get_user_external_principal(self): + """Test case for get_user_external_principal + + get external principal of a user # noqa: E501 + """ + pass + def test_hard_reset_branch(self): """Test case for hard_reset_branch @@ -52,6 +73,13 @@ def test_hard_reset_branch(self): """ pass + def test_list_user_external_principals(self): + """Test case for list_user_external_principals + + list user external policies # noqa: E501 + """ + pass + if __name__ == '__main__': unittest.main() diff --git a/clients/python-legacy/test/test_external_api.py b/clients/python-legacy/test/test_external_api.py new file mode 100644 index 00000000000..aa915c6e12a --- /dev/null +++ b/clients/python-legacy/test/test_external_api.py @@ -0,0 +1,57 @@ +""" + lakeFS API + + lakeFS HTTP API # noqa: E501 + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by: https://openapi-generator.tech +""" + + +import unittest + +import lakefs_client +from lakefs_client.api.external_api import ExternalApi # noqa: E501 + + +class TestExternalApi(unittest.TestCase): + """ExternalApi unit test stubs""" + + def setUp(self): + self.api = ExternalApi() # noqa: E501 + + def tearDown(self): + pass + + def test_create_user_external_principal(self): + """Test case for create_user_external_principal + + attach external principal to user # noqa: E501 + """ + pass + + def test_delete_user_external_principal(self): + """Test case for delete_user_external_principal + + delete external principal from user # noqa: E501 + """ + pass + + def test_get_user_external_principal(self): + """Test case for get_user_external_principal + + get external principal of a user # noqa: E501 + """ + pass + + def test_list_user_external_principals(self): + """Test case for list_user_external_principals + + list user external policies # noqa: E501 + """ + pass + + +if __name__ == '__main__': + unittest.main() diff --git a/clients/python-legacy/test/test_external_principal.py b/clients/python-legacy/test/test_external_principal.py new file mode 100644 index 00000000000..5a41a926d38 --- /dev/null +++ b/clients/python-legacy/test/test_external_principal.py @@ -0,0 +1,38 @@ +""" + lakeFS API + + lakeFS HTTP API # noqa: E501 + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by: https://openapi-generator.tech +""" + + +import sys +import unittest + +import lakefs_client +from lakefs_client.model.external_principal_settings import ExternalPrincipalSettings +globals()['ExternalPrincipalSettings'] = ExternalPrincipalSettings +from lakefs_client.model.external_principal import ExternalPrincipal + + +class TestExternalPrincipal(unittest.TestCase): + """ExternalPrincipal unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def testExternalPrincipal(self): + """Test ExternalPrincipal""" + # FIXME: construct object with mandatory attributes with example values + # model = ExternalPrincipal() # noqa: E501 + pass + + +if __name__ == '__main__': + unittest.main() diff --git a/clients/python-legacy/test/test_external_principal_creation.py b/clients/python-legacy/test/test_external_principal_creation.py new file mode 100644 index 00000000000..919a82a06d8 --- /dev/null +++ b/clients/python-legacy/test/test_external_principal_creation.py @@ -0,0 +1,38 @@ +""" + lakeFS API + + lakeFS HTTP API # noqa: E501 + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by: https://openapi-generator.tech +""" + + +import sys +import unittest + +import lakefs_client +from lakefs_client.model.external_principal_settings import ExternalPrincipalSettings +globals()['ExternalPrincipalSettings'] = ExternalPrincipalSettings +from lakefs_client.model.external_principal_creation import ExternalPrincipalCreation + + +class TestExternalPrincipalCreation(unittest.TestCase): + """ExternalPrincipalCreation unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def testExternalPrincipalCreation(self): + """Test ExternalPrincipalCreation""" + # FIXME: construct object with mandatory attributes with example values + # model = ExternalPrincipalCreation() # noqa: E501 + pass + + +if __name__ == '__main__': + unittest.main() diff --git a/clients/python-legacy/test/test_external_principal_list.py b/clients/python-legacy/test/test_external_principal_list.py new file mode 100644 index 00000000000..376b2de9ecc --- /dev/null +++ b/clients/python-legacy/test/test_external_principal_list.py @@ -0,0 +1,40 @@ +""" + lakeFS API + + lakeFS HTTP API # noqa: E501 + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by: https://openapi-generator.tech +""" + + +import sys +import unittest + +import lakefs_client +from lakefs_client.model.external_principal import ExternalPrincipal +from lakefs_client.model.pagination import Pagination +globals()['ExternalPrincipal'] = ExternalPrincipal +globals()['Pagination'] = Pagination +from lakefs_client.model.external_principal_list import ExternalPrincipalList + + +class TestExternalPrincipalList(unittest.TestCase): + """ExternalPrincipalList unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def testExternalPrincipalList(self): + """Test ExternalPrincipalList""" + # FIXME: construct object with mandatory attributes with example values + # model = ExternalPrincipalList() # noqa: E501 + pass + + +if __name__ == '__main__': + unittest.main() diff --git a/clients/python-legacy/test/test_external_principal_settings.py b/clients/python-legacy/test/test_external_principal_settings.py new file mode 100644 index 00000000000..52fd35a115b --- /dev/null +++ b/clients/python-legacy/test/test_external_principal_settings.py @@ -0,0 +1,36 @@ +""" + lakeFS API + + lakeFS HTTP API # noqa: E501 + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by: https://openapi-generator.tech +""" + + +import sys +import unittest + +import lakefs_client +from lakefs_client.model.external_principal_settings import ExternalPrincipalSettings + + +class TestExternalPrincipalSettings(unittest.TestCase): + """ExternalPrincipalSettings unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def testExternalPrincipalSettings(self): + """Test ExternalPrincipalSettings""" + # FIXME: construct object with mandatory attributes with example values + # model = ExternalPrincipalSettings() # noqa: E501 + pass + + +if __name__ == '__main__': + unittest.main() diff --git a/clients/python/.openapi-generator/FILES b/clients/python/.openapi-generator/FILES index 19de8c03de5..96d21e6a69e 100644 --- a/clients/python/.openapi-generator/FILES +++ b/clients/python/.openapi-generator/FILES @@ -31,6 +31,10 @@ docs/DiffList.md docs/Error.md docs/ErrorNoACL.md docs/ExperimentalApi.md +docs/ExternalApi.md +docs/ExternalPrincipal.md +docs/ExternalPrincipalCreation.md +docs/ExternalPrincipalList.md docs/FindMergeBaseResult.md docs/GarbageCollectionConfig.md docs/GarbageCollectionPrepareResponse.md @@ -116,6 +120,7 @@ lakefs_sdk/api/branches_api.py lakefs_sdk/api/commits_api.py lakefs_sdk/api/config_api.py lakefs_sdk/api/experimental_api.py +lakefs_sdk/api/external_api.py lakefs_sdk/api/health_check_api.py lakefs_sdk/api/import_api.py lakefs_sdk/api/internal_api.py @@ -156,6 +161,9 @@ lakefs_sdk/models/diff.py lakefs_sdk/models/diff_list.py lakefs_sdk/models/error.py lakefs_sdk/models/error_no_acl.py +lakefs_sdk/models/external_principal.py +lakefs_sdk/models/external_principal_creation.py +lakefs_sdk/models/external_principal_list.py lakefs_sdk/models/find_merge_base_result.py lakefs_sdk/models/garbage_collection_config.py lakefs_sdk/models/garbage_collection_prepare_response.py @@ -263,6 +271,10 @@ test/test_diff_list.py test/test_error.py test/test_error_no_acl.py test/test_experimental_api.py +test/test_external_api.py +test/test_external_principal.py +test/test_external_principal_creation.py +test/test_external_principal_list.py test/test_find_merge_base_result.py test/test_garbage_collection_config.py test/test_garbage_collection_prepare_response.py diff --git a/clients/python/README.md b/clients/python/README.md index fefda69459c..af0868eae4c 100644 --- a/clients/python/README.md +++ b/clients/python/README.md @@ -130,11 +130,13 @@ Class | Method | HTTP request | Description *AuthApi* | [**create_group**](docs/AuthApi.md#create_group) | **POST** /auth/groups | create group *AuthApi* | [**create_policy**](docs/AuthApi.md#create_policy) | **POST** /auth/policies | create policy *AuthApi* | [**create_user**](docs/AuthApi.md#create_user) | **POST** /auth/users | create user +*AuthApi* | [**create_user_external_principal**](docs/AuthApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user *AuthApi* | [**delete_credentials**](docs/AuthApi.md#delete_credentials) | **DELETE** /auth/users/{userId}/credentials/{accessKeyId} | delete credentials *AuthApi* | [**delete_group**](docs/AuthApi.md#delete_group) | **DELETE** /auth/groups/{groupId} | delete group *AuthApi* | [**delete_group_membership**](docs/AuthApi.md#delete_group_membership) | **DELETE** /auth/groups/{groupId}/members/{userId} | delete group membership *AuthApi* | [**delete_policy**](docs/AuthApi.md#delete_policy) | **DELETE** /auth/policies/{policyId} | delete policy *AuthApi* | [**delete_user**](docs/AuthApi.md#delete_user) | **DELETE** /auth/users/{userId} | delete user +*AuthApi* | [**delete_user_external_principal**](docs/AuthApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user *AuthApi* | [**detach_policy_from_group**](docs/AuthApi.md#detach_policy_from_group) | **DELETE** /auth/groups/{groupId}/policies/{policyId} | detach policy from group *AuthApi* | [**detach_policy_from_user**](docs/AuthApi.md#detach_policy_from_user) | **DELETE** /auth/users/{userId}/policies/{policyId} | detach policy from user *AuthApi* | [**get_credentials**](docs/AuthApi.md#get_credentials) | **GET** /auth/users/{userId}/credentials/{accessKeyId} | get credentials @@ -143,11 +145,13 @@ Class | Method | HTTP request | Description *AuthApi* | [**get_group_acl**](docs/AuthApi.md#get_group_acl) | **GET** /auth/groups/{groupId}/acl | get ACL of group *AuthApi* | [**get_policy**](docs/AuthApi.md#get_policy) | **GET** /auth/policies/{policyId} | get policy *AuthApi* | [**get_user**](docs/AuthApi.md#get_user) | **GET** /auth/users/{userId} | get user +*AuthApi* | [**get_user_external_principal**](docs/AuthApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user *AuthApi* | [**list_group_members**](docs/AuthApi.md#list_group_members) | **GET** /auth/groups/{groupId}/members | list group members *AuthApi* | [**list_group_policies**](docs/AuthApi.md#list_group_policies) | **GET** /auth/groups/{groupId}/policies | list group policies *AuthApi* | [**list_groups**](docs/AuthApi.md#list_groups) | **GET** /auth/groups | list groups *AuthApi* | [**list_policies**](docs/AuthApi.md#list_policies) | **GET** /auth/policies | list policies *AuthApi* | [**list_user_credentials**](docs/AuthApi.md#list_user_credentials) | **GET** /auth/users/{userId}/credentials | list user credentials +*AuthApi* | [**list_user_external_principals**](docs/AuthApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies *AuthApi* | [**list_user_groups**](docs/AuthApi.md#list_user_groups) | **GET** /auth/users/{userId}/groups | list user groups *AuthApi* | [**list_user_policies**](docs/AuthApi.md#list_user_policies) | **GET** /auth/users/{userId}/policies | list user policies *AuthApi* | [**list_users**](docs/AuthApi.md#list_users) | **GET** /auth/users | list users @@ -168,7 +172,15 @@ Class | Method | HTTP request | Description *ExperimentalApi* | [**abort_presign_multipart_upload**](docs/ExperimentalApi.md#abort_presign_multipart_upload) | **DELETE** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Abort a presign multipart upload *ExperimentalApi* | [**complete_presign_multipart_upload**](docs/ExperimentalApi.md#complete_presign_multipart_upload) | **PUT** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Complete a presign multipart upload request *ExperimentalApi* | [**create_presign_multipart_upload**](docs/ExperimentalApi.md#create_presign_multipart_upload) | **POST** /repositories/{repository}/branches/{branch}/staging/pmpu | Initiate a multipart upload +*ExperimentalApi* | [**create_user_external_principal**](docs/ExperimentalApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user +*ExperimentalApi* | [**delete_user_external_principal**](docs/ExperimentalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user +*ExperimentalApi* | [**get_user_external_principal**](docs/ExperimentalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user *ExperimentalApi* | [**hard_reset_branch**](docs/ExperimentalApi.md#hard_reset_branch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch +*ExperimentalApi* | [**list_user_external_principals**](docs/ExperimentalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*ExternalApi* | [**create_user_external_principal**](docs/ExternalApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user +*ExternalApi* | [**delete_user_external_principal**](docs/ExternalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user +*ExternalApi* | [**get_user_external_principal**](docs/ExternalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user +*ExternalApi* | [**list_user_external_principals**](docs/ExternalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies *HealthCheckApi* | [**health_check**](docs/HealthCheckApi.md#health_check) | **GET** /healthcheck | *ImportApi* | [**import_cancel**](docs/ImportApi.md#import_cancel) | **DELETE** /repositories/{repository}/branches/{branch}/import | cancel ongoing import *ImportApi* | [**import_start**](docs/ImportApi.md#import_start) | **POST** /repositories/{repository}/branches/{branch}/import | import data from object store @@ -264,6 +276,9 @@ Class | Method | HTTP request | Description - [DiffList](docs/DiffList.md) - [Error](docs/Error.md) - [ErrorNoACL](docs/ErrorNoACL.md) + - [ExternalPrincipal](docs/ExternalPrincipal.md) + - [ExternalPrincipalCreation](docs/ExternalPrincipalCreation.md) + - [ExternalPrincipalList](docs/ExternalPrincipalList.md) - [FindMergeBaseResult](docs/FindMergeBaseResult.md) - [GarbageCollectionConfig](docs/GarbageCollectionConfig.md) - [GarbageCollectionPrepareResponse](docs/GarbageCollectionPrepareResponse.md) diff --git a/clients/python/docs/AuthApi.md b/clients/python/docs/AuthApi.md index 5af07c004da..59a6ef5bd9c 100644 --- a/clients/python/docs/AuthApi.md +++ b/clients/python/docs/AuthApi.md @@ -11,11 +11,13 @@ Method | HTTP request | Description [**create_group**](AuthApi.md#create_group) | **POST** /auth/groups | create group [**create_policy**](AuthApi.md#create_policy) | **POST** /auth/policies | create policy [**create_user**](AuthApi.md#create_user) | **POST** /auth/users | create user +[**create_user_external_principal**](AuthApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user [**delete_credentials**](AuthApi.md#delete_credentials) | **DELETE** /auth/users/{userId}/credentials/{accessKeyId} | delete credentials [**delete_group**](AuthApi.md#delete_group) | **DELETE** /auth/groups/{groupId} | delete group [**delete_group_membership**](AuthApi.md#delete_group_membership) | **DELETE** /auth/groups/{groupId}/members/{userId} | delete group membership [**delete_policy**](AuthApi.md#delete_policy) | **DELETE** /auth/policies/{policyId} | delete policy [**delete_user**](AuthApi.md#delete_user) | **DELETE** /auth/users/{userId} | delete user +[**delete_user_external_principal**](AuthApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user [**detach_policy_from_group**](AuthApi.md#detach_policy_from_group) | **DELETE** /auth/groups/{groupId}/policies/{policyId} | detach policy from group [**detach_policy_from_user**](AuthApi.md#detach_policy_from_user) | **DELETE** /auth/users/{userId}/policies/{policyId} | detach policy from user [**get_credentials**](AuthApi.md#get_credentials) | **GET** /auth/users/{userId}/credentials/{accessKeyId} | get credentials @@ -24,11 +26,13 @@ Method | HTTP request | Description [**get_group_acl**](AuthApi.md#get_group_acl) | **GET** /auth/groups/{groupId}/acl | get ACL of group [**get_policy**](AuthApi.md#get_policy) | **GET** /auth/policies/{policyId} | get policy [**get_user**](AuthApi.md#get_user) | **GET** /auth/users/{userId} | get user +[**get_user_external_principal**](AuthApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user [**list_group_members**](AuthApi.md#list_group_members) | **GET** /auth/groups/{groupId}/members | list group members [**list_group_policies**](AuthApi.md#list_group_policies) | **GET** /auth/groups/{groupId}/policies | list group policies [**list_groups**](AuthApi.md#list_groups) | **GET** /auth/groups | list groups [**list_policies**](AuthApi.md#list_policies) | **GET** /auth/policies | list policies [**list_user_credentials**](AuthApi.md#list_user_credentials) | **GET** /auth/users/{userId}/credentials | list user credentials +[**list_user_external_principals**](AuthApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies [**list_user_groups**](AuthApi.md#list_user_groups) | **GET** /auth/users/{userId}/groups | list user groups [**list_user_policies**](AuthApi.md#list_user_policies) | **GET** /auth/users/{userId}/policies | list user policies [**list_users**](AuthApi.md#list_users) | **GET** /auth/users | list users @@ -808,6 +812,118 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **create_user_external_principal** +> create_user_external_principal(user_id, principal_id, external_principal_creation) + +attach external principal to user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): +* Bearer (JWT) Authentication (jwt_token): + +```python +import time +import os +import lakefs_sdk +from lakefs_sdk.models.external_principal_creation import ExternalPrincipalCreation +from lakefs_sdk.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to /api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_sdk.Configuration( + host = "/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_sdk.Configuration( + username = os.environ["USERNAME"], + password = os.environ["PASSWORD"] +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_sdk.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with lakefs_sdk.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = lakefs_sdk.AuthApi(api_client) + user_id = 'user_id_example' # str | + principal_id = 'principal_id_example' # str | + external_principal_creation = lakefs_sdk.ExternalPrincipalCreation() # ExternalPrincipalCreation | + + try: + # attach external principal to user + api_instance.create_user_external_principal(user_id, principal_id, external_principal_creation) + except Exception as e: + print("Exception when calling AuthApi->create_user_external_principal: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + **external_principal_creation** | [**ExternalPrincipalCreation**](ExternalPrincipalCreation.md)| | + +### Return type + +void (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**201** | external principal attached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **delete_credentials** > delete_credentials(user_id, access_key_id) @@ -1347,6 +1463,115 @@ void (empty response body) [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **delete_user_external_principal** +> delete_user_external_principal(user_id, principal_id) + +delete external principal from user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): +* Bearer (JWT) Authentication (jwt_token): + +```python +import time +import os +import lakefs_sdk +from lakefs_sdk.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to /api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_sdk.Configuration( + host = "/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_sdk.Configuration( + username = os.environ["USERNAME"], + password = os.environ["PASSWORD"] +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_sdk.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with lakefs_sdk.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = lakefs_sdk.AuthApi(api_client) + user_id = 'user_id_example' # str | + principal_id = 'principal_id_example' # str | + + try: + # delete external principal from user + api_instance.delete_user_external_principal(user_id, principal_id) + except Exception as e: + print("Exception when calling AuthApi->delete_user_external_principal: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + +### Return type + +void (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**204** | external principal detached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **detach_policy_from_group** > detach_policy_from_group(group_id, policy_id) @@ -2219,6 +2444,118 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **get_user_external_principal** +> ExternalPrincipal get_user_external_principal(user_id, principal_id) + +get external principal of a user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): +* Bearer (JWT) Authentication (jwt_token): + +```python +import time +import os +import lakefs_sdk +from lakefs_sdk.models.external_principal import ExternalPrincipal +from lakefs_sdk.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to /api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_sdk.Configuration( + host = "/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_sdk.Configuration( + username = os.environ["USERNAME"], + password = os.environ["PASSWORD"] +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_sdk.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with lakefs_sdk.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = lakefs_sdk.AuthApi(api_client) + user_id = 'user_id_example' # str | + principal_id = 'principal_id_example' # str | + + try: + # get external principal of a user + api_response = api_instance.get_user_external_principal(user_id, principal_id) + print("The response of AuthApi->get_user_external_principal:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling AuthApi->get_user_external_principal: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + +### Return type + +[**ExternalPrincipal**](ExternalPrincipal.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principal | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **list_group_members** > UserList list_group_members(group_id, prefix=prefix, after=after, amount=amount) @@ -2792,6 +3129,122 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **list_user_external_principals** +> ExternalPrincipalList list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) + +list user external policies + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): +* Bearer (JWT) Authentication (jwt_token): + +```python +import time +import os +import lakefs_sdk +from lakefs_sdk.models.external_principal_list import ExternalPrincipalList +from lakefs_sdk.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to /api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_sdk.Configuration( + host = "/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_sdk.Configuration( + username = os.environ["USERNAME"], + password = os.environ["PASSWORD"] +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_sdk.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with lakefs_sdk.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = lakefs_sdk.AuthApi(api_client) + user_id = 'user_id_example' # str | + prefix = 'prefix_example' # str | return items prefixed with this value (optional) + after = 'after_example' # str | return items after this value (optional) + amount = 100 # int | how many items to return (optional) (default to 100) + + try: + # list user external policies + api_response = api_instance.list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) + print("The response of AuthApi->list_user_external_principals:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling AuthApi->list_user_external_principals: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **prefix** | **str**| return items prefixed with this value | [optional] + **after** | **str**| return items after this value | [optional] + **amount** | **int**| how many items to return | [optional] [default to 100] + +### Return type + +[**ExternalPrincipalList**](ExternalPrincipalList.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principals list | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **list_user_groups** > GroupList list_user_groups(user_id, prefix=prefix, after=after, amount=amount) diff --git a/clients/python/docs/ExperimentalApi.md b/clients/python/docs/ExperimentalApi.md index 82475237b08..867cac640f8 100644 --- a/clients/python/docs/ExperimentalApi.md +++ b/clients/python/docs/ExperimentalApi.md @@ -7,7 +7,11 @@ Method | HTTP request | Description [**abort_presign_multipart_upload**](ExperimentalApi.md#abort_presign_multipart_upload) | **DELETE** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Abort a presign multipart upload [**complete_presign_multipart_upload**](ExperimentalApi.md#complete_presign_multipart_upload) | **PUT** /repositories/{repository}/branches/{branch}/staging/pmpu/{uploadId} | Complete a presign multipart upload request [**create_presign_multipart_upload**](ExperimentalApi.md#create_presign_multipart_upload) | **POST** /repositories/{repository}/branches/{branch}/staging/pmpu | Initiate a multipart upload +[**create_user_external_principal**](ExperimentalApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user +[**delete_user_external_principal**](ExperimentalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user +[**get_user_external_principal**](ExperimentalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user [**hard_reset_branch**](ExperimentalApi.md#hard_reset_branch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch +[**list_user_external_principals**](ExperimentalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies # **abort_presign_multipart_upload** @@ -371,6 +375,339 @@ Name | Type | Description | Notes [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **create_user_external_principal** +> create_user_external_principal(user_id, principal_id, external_principal_creation) + +attach external principal to user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): +* Bearer (JWT) Authentication (jwt_token): + +```python +import time +import os +import lakefs_sdk +from lakefs_sdk.models.external_principal_creation import ExternalPrincipalCreation +from lakefs_sdk.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to /api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_sdk.Configuration( + host = "/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_sdk.Configuration( + username = os.environ["USERNAME"], + password = os.environ["PASSWORD"] +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_sdk.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with lakefs_sdk.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = lakefs_sdk.ExperimentalApi(api_client) + user_id = 'user_id_example' # str | + principal_id = 'principal_id_example' # str | + external_principal_creation = lakefs_sdk.ExternalPrincipalCreation() # ExternalPrincipalCreation | + + try: + # attach external principal to user + api_instance.create_user_external_principal(user_id, principal_id, external_principal_creation) + except Exception as e: + print("Exception when calling ExperimentalApi->create_user_external_principal: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + **external_principal_creation** | [**ExternalPrincipalCreation**](ExternalPrincipalCreation.md)| | + +### Return type + +void (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**201** | external principal attached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **delete_user_external_principal** +> delete_user_external_principal(user_id, principal_id) + +delete external principal from user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): +* Bearer (JWT) Authentication (jwt_token): + +```python +import time +import os +import lakefs_sdk +from lakefs_sdk.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to /api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_sdk.Configuration( + host = "/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_sdk.Configuration( + username = os.environ["USERNAME"], + password = os.environ["PASSWORD"] +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_sdk.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with lakefs_sdk.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = lakefs_sdk.ExperimentalApi(api_client) + user_id = 'user_id_example' # str | + principal_id = 'principal_id_example' # str | + + try: + # delete external principal from user + api_instance.delete_user_external_principal(user_id, principal_id) + except Exception as e: + print("Exception when calling ExperimentalApi->delete_user_external_principal: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + +### Return type + +void (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**204** | external principal detached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **get_user_external_principal** +> ExternalPrincipal get_user_external_principal(user_id, principal_id) + +get external principal of a user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): +* Bearer (JWT) Authentication (jwt_token): + +```python +import time +import os +import lakefs_sdk +from lakefs_sdk.models.external_principal import ExternalPrincipal +from lakefs_sdk.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to /api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_sdk.Configuration( + host = "/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_sdk.Configuration( + username = os.environ["USERNAME"], + password = os.environ["PASSWORD"] +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_sdk.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with lakefs_sdk.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = lakefs_sdk.ExperimentalApi(api_client) + user_id = 'user_id_example' # str | + principal_id = 'principal_id_example' # str | + + try: + # get external principal of a user + api_response = api_instance.get_user_external_principal(user_id, principal_id) + print("The response of ExperimentalApi->get_user_external_principal:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling ExperimentalApi->get_user_external_principal: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + +### Return type + +[**ExternalPrincipal**](ExternalPrincipal.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principal | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **hard_reset_branch** > hard_reset_branch(repository, branch, ref, force=force) @@ -488,3 +825,119 @@ void (empty response body) [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **list_user_external_principals** +> ExternalPrincipalList list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) + +list user external policies + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): +* Bearer (JWT) Authentication (jwt_token): + +```python +import time +import os +import lakefs_sdk +from lakefs_sdk.models.external_principal_list import ExternalPrincipalList +from lakefs_sdk.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to /api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_sdk.Configuration( + host = "/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_sdk.Configuration( + username = os.environ["USERNAME"], + password = os.environ["PASSWORD"] +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_sdk.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with lakefs_sdk.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = lakefs_sdk.ExperimentalApi(api_client) + user_id = 'user_id_example' # str | + prefix = 'prefix_example' # str | return items prefixed with this value (optional) + after = 'after_example' # str | return items after this value (optional) + amount = 100 # int | how many items to return (optional) (default to 100) + + try: + # list user external policies + api_response = api_instance.list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) + print("The response of ExperimentalApi->list_user_external_principals:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling ExperimentalApi->list_user_external_principals: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **prefix** | **str**| return items prefixed with this value | [optional] + **after** | **str**| return items after this value | [optional] + **amount** | **int**| how many items to return | [optional] [default to 100] + +### Return type + +[**ExternalPrincipalList**](ExternalPrincipalList.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principals list | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + diff --git a/clients/python/docs/ExternalApi.md b/clients/python/docs/ExternalApi.md new file mode 100644 index 00000000000..2e8559c4b2c --- /dev/null +++ b/clients/python/docs/ExternalApi.md @@ -0,0 +1,461 @@ +# lakefs_sdk.ExternalApi + +All URIs are relative to */api/v1* + +Method | HTTP request | Description +------------- | ------------- | ------------- +[**create_user_external_principal**](ExternalApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user +[**delete_user_external_principal**](ExternalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user +[**get_user_external_principal**](ExternalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user +[**list_user_external_principals**](ExternalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies + + +# **create_user_external_principal** +> create_user_external_principal(user_id, principal_id, external_principal_creation) + +attach external principal to user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): +* Bearer (JWT) Authentication (jwt_token): + +```python +import time +import os +import lakefs_sdk +from lakefs_sdk.models.external_principal_creation import ExternalPrincipalCreation +from lakefs_sdk.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to /api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_sdk.Configuration( + host = "/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_sdk.Configuration( + username = os.environ["USERNAME"], + password = os.environ["PASSWORD"] +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_sdk.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with lakefs_sdk.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = lakefs_sdk.ExternalApi(api_client) + user_id = 'user_id_example' # str | + principal_id = 'principal_id_example' # str | + external_principal_creation = lakefs_sdk.ExternalPrincipalCreation() # ExternalPrincipalCreation | + + try: + # attach external principal to user + api_instance.create_user_external_principal(user_id, principal_id, external_principal_creation) + except Exception as e: + print("Exception when calling ExternalApi->create_user_external_principal: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + **external_principal_creation** | [**ExternalPrincipalCreation**](ExternalPrincipalCreation.md)| | + +### Return type + +void (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: application/json + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**201** | external principal attached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **delete_user_external_principal** +> delete_user_external_principal(user_id, principal_id) + +delete external principal from user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): +* Bearer (JWT) Authentication (jwt_token): + +```python +import time +import os +import lakefs_sdk +from lakefs_sdk.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to /api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_sdk.Configuration( + host = "/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_sdk.Configuration( + username = os.environ["USERNAME"], + password = os.environ["PASSWORD"] +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_sdk.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with lakefs_sdk.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = lakefs_sdk.ExternalApi(api_client) + user_id = 'user_id_example' # str | + principal_id = 'principal_id_example' # str | + + try: + # delete external principal from user + api_instance.delete_user_external_principal(user_id, principal_id) + except Exception as e: + print("Exception when calling ExternalApi->delete_user_external_principal: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + +### Return type + +void (empty response body) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**204** | external principal detached successfully | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **get_user_external_principal** +> ExternalPrincipal get_user_external_principal(user_id, principal_id) + +get external principal of a user + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): +* Bearer (JWT) Authentication (jwt_token): + +```python +import time +import os +import lakefs_sdk +from lakefs_sdk.models.external_principal import ExternalPrincipal +from lakefs_sdk.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to /api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_sdk.Configuration( + host = "/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_sdk.Configuration( + username = os.environ["USERNAME"], + password = os.environ["PASSWORD"] +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_sdk.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with lakefs_sdk.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = lakefs_sdk.ExternalApi(api_client) + user_id = 'user_id_example' # str | + principal_id = 'principal_id_example' # str | + + try: + # get external principal of a user + api_response = api_instance.get_user_external_principal(user_id, principal_id) + print("The response of ExternalApi->get_user_external_principal:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling ExternalApi->get_user_external_principal: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **principal_id** | **str**| | + +### Return type + +[**ExternalPrincipal**](ExternalPrincipal.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principal | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + +# **list_user_external_principals** +> ExternalPrincipalList list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) + +list user external policies + +### Example + +* Basic Authentication (basic_auth): +* Api Key Authentication (cookie_auth): +* Api Key Authentication (oidc_auth): +* Api Key Authentication (saml_auth): +* Bearer (JWT) Authentication (jwt_token): + +```python +import time +import os +import lakefs_sdk +from lakefs_sdk.models.external_principal_list import ExternalPrincipalList +from lakefs_sdk.rest import ApiException +from pprint import pprint + +# Defining the host is optional and defaults to /api/v1 +# See configuration.py for a list of all supported configuration parameters. +configuration = lakefs_sdk.Configuration( + host = "/api/v1" +) + +# The client must configure the authentication and authorization parameters +# in accordance with the API server security policy. +# Examples for each auth method are provided below, use the example that +# satisfies your auth use case. + +# Configure HTTP basic authorization: basic_auth +configuration = lakefs_sdk.Configuration( + username = os.environ["USERNAME"], + password = os.environ["PASSWORD"] +) + +# Configure API key authorization: cookie_auth +configuration.api_key['cookie_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['cookie_auth'] = 'Bearer' + +# Configure API key authorization: oidc_auth +configuration.api_key['oidc_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['oidc_auth'] = 'Bearer' + +# Configure API key authorization: saml_auth +configuration.api_key['saml_auth'] = os.environ["API_KEY"] + +# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed +# configuration.api_key_prefix['saml_auth'] = 'Bearer' + +# Configure Bearer authorization (JWT): jwt_token +configuration = lakefs_sdk.Configuration( + access_token = os.environ["BEARER_TOKEN"] +) + +# Enter a context with an instance of the API client +with lakefs_sdk.ApiClient(configuration) as api_client: + # Create an instance of the API class + api_instance = lakefs_sdk.ExternalApi(api_client) + user_id = 'user_id_example' # str | + prefix = 'prefix_example' # str | return items prefixed with this value (optional) + after = 'after_example' # str | return items after this value (optional) + amount = 100 # int | how many items to return (optional) (default to 100) + + try: + # list user external policies + api_response = api_instance.list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) + print("The response of ExternalApi->list_user_external_principals:\n") + pprint(api_response) + except Exception as e: + print("Exception when calling ExternalApi->list_user_external_principals: %s\n" % e) +``` + + + +### Parameters + + +Name | Type | Description | Notes +------------- | ------------- | ------------- | ------------- + **user_id** | **str**| | + **prefix** | **str**| return items prefixed with this value | [optional] + **after** | **str**| return items after this value | [optional] + **amount** | **int**| how many items to return | [optional] [default to 100] + +### Return type + +[**ExternalPrincipalList**](ExternalPrincipalList.md) + +### Authorization + +[basic_auth](../README.md#basic_auth), [cookie_auth](../README.md#cookie_auth), [oidc_auth](../README.md#oidc_auth), [saml_auth](../README.md#saml_auth), [jwt_token](../README.md#jwt_token) + +### HTTP request headers + + - **Content-Type**: Not defined + - **Accept**: application/json + +### HTTP response details + +| Status code | Description | Response headers | +|-------------|-------------|------------------| +**200** | external principals list | - | +**401** | Unauthorized | - | +**404** | Resource Not Found | - | +**420** | too many requests | - | +**0** | Internal Server Error | - | + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + diff --git a/clients/python/docs/ExternalPrincipal.md b/clients/python/docs/ExternalPrincipal.md new file mode 100644 index 00000000000..ef7d0fc67ae --- /dev/null +++ b/clients/python/docs/ExternalPrincipal.md @@ -0,0 +1,31 @@ +# ExternalPrincipal + + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**id** | **str** | A unique identifier for the external principal | +**user_id** | **str** | lakeFS user ID to associate with an external principal. | +**settings** | **List[Dict[str, str]]** | | [optional] + +## Example + +```python +from lakefs_sdk.models.external_principal import ExternalPrincipal + +# TODO update the JSON string below +json = "{}" +# create an instance of ExternalPrincipal from a JSON string +external_principal_instance = ExternalPrincipal.from_json(json) +# print the JSON string representation of the object +print ExternalPrincipal.to_json() + +# convert the object into a dict +external_principal_dict = external_principal_instance.to_dict() +# create an instance of ExternalPrincipal from a dict +external_principal_form_dict = external_principal.from_dict(external_principal_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/clients/python/docs/ExternalPrincipalCreation.md b/clients/python/docs/ExternalPrincipalCreation.md new file mode 100644 index 00000000000..4b481622ac5 --- /dev/null +++ b/clients/python/docs/ExternalPrincipalCreation.md @@ -0,0 +1,29 @@ +# ExternalPrincipalCreation + + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**settings** | **List[Dict[str, str]]** | | [optional] + +## Example + +```python +from lakefs_sdk.models.external_principal_creation import ExternalPrincipalCreation + +# TODO update the JSON string below +json = "{}" +# create an instance of ExternalPrincipalCreation from a JSON string +external_principal_creation_instance = ExternalPrincipalCreation.from_json(json) +# print the JSON string representation of the object +print ExternalPrincipalCreation.to_json() + +# convert the object into a dict +external_principal_creation_dict = external_principal_creation_instance.to_dict() +# create an instance of ExternalPrincipalCreation from a dict +external_principal_creation_form_dict = external_principal_creation.from_dict(external_principal_creation_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/clients/python/docs/ExternalPrincipalList.md b/clients/python/docs/ExternalPrincipalList.md new file mode 100644 index 00000000000..24d01b71339 --- /dev/null +++ b/clients/python/docs/ExternalPrincipalList.md @@ -0,0 +1,30 @@ +# ExternalPrincipalList + + +## Properties + +Name | Type | Description | Notes +------------ | ------------- | ------------- | ------------- +**pagination** | [**Pagination**](Pagination.md) | | +**results** | [**List[ExternalPrincipal]**](ExternalPrincipal.md) | | + +## Example + +```python +from lakefs_sdk.models.external_principal_list import ExternalPrincipalList + +# TODO update the JSON string below +json = "{}" +# create an instance of ExternalPrincipalList from a JSON string +external_principal_list_instance = ExternalPrincipalList.from_json(json) +# print the JSON string representation of the object +print ExternalPrincipalList.to_json() + +# convert the object into a dict +external_principal_list_dict = external_principal_list_instance.to_dict() +# create an instance of ExternalPrincipalList from a dict +external_principal_list_form_dict = external_principal_list.from_dict(external_principal_list_dict) +``` +[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) + + diff --git a/clients/python/lakefs_sdk/__init__.py b/clients/python/lakefs_sdk/__init__.py index b48aa5949e9..e3df21d13b5 100644 --- a/clients/python/lakefs_sdk/__init__.py +++ b/clients/python/lakefs_sdk/__init__.py @@ -24,6 +24,7 @@ from lakefs_sdk.api.commits_api import CommitsApi from lakefs_sdk.api.config_api import ConfigApi from lakefs_sdk.api.experimental_api import ExperimentalApi +from lakefs_sdk.api.external_api import ExternalApi from lakefs_sdk.api.health_check_api import HealthCheckApi from lakefs_sdk.api.import_api import ImportApi from lakefs_sdk.api.internal_api import InternalApi @@ -71,6 +72,9 @@ from lakefs_sdk.models.diff_list import DiffList from lakefs_sdk.models.error import Error from lakefs_sdk.models.error_no_acl import ErrorNoACL +from lakefs_sdk.models.external_principal import ExternalPrincipal +from lakefs_sdk.models.external_principal_creation import ExternalPrincipalCreation +from lakefs_sdk.models.external_principal_list import ExternalPrincipalList from lakefs_sdk.models.find_merge_base_result import FindMergeBaseResult from lakefs_sdk.models.garbage_collection_config import GarbageCollectionConfig from lakefs_sdk.models.garbage_collection_prepare_response import GarbageCollectionPrepareResponse diff --git a/clients/python/lakefs_sdk/api/__init__.py b/clients/python/lakefs_sdk/api/__init__.py index 681961c9e22..cf5184bbae1 100644 --- a/clients/python/lakefs_sdk/api/__init__.py +++ b/clients/python/lakefs_sdk/api/__init__.py @@ -7,6 +7,7 @@ from lakefs_sdk.api.commits_api import CommitsApi from lakefs_sdk.api.config_api import ConfigApi from lakefs_sdk.api.experimental_api import ExperimentalApi +from lakefs_sdk.api.external_api import ExternalApi from lakefs_sdk.api.health_check_api import HealthCheckApi from lakefs_sdk.api.import_api import ImportApi from lakefs_sdk.api.internal_api import InternalApi diff --git a/clients/python/lakefs_sdk/api/auth_api.py b/clients/python/lakefs_sdk/api/auth_api.py index 1db38562874..ed09c132130 100644 --- a/clients/python/lakefs_sdk/api/auth_api.py +++ b/clients/python/lakefs_sdk/api/auth_api.py @@ -30,6 +30,9 @@ from lakefs_sdk.models.credentials_list import CredentialsList from lakefs_sdk.models.credentials_with_secret import CredentialsWithSecret from lakefs_sdk.models.current_user import CurrentUser +from lakefs_sdk.models.external_principal import ExternalPrincipal +from lakefs_sdk.models.external_principal_creation import ExternalPrincipalCreation +from lakefs_sdk.models.external_principal_list import ExternalPrincipalList from lakefs_sdk.models.group import Group from lakefs_sdk.models.group_creation import GroupCreation from lakefs_sdk.models.group_list import GroupList @@ -1072,6 +1075,164 @@ def create_user_with_http_info(self, user_creation : Optional[UserCreation] = No collection_formats=_collection_formats, _request_auth=_params.get('_request_auth')) + @validate_arguments + def create_user_external_principal(self, user_id : StrictStr, principal_id : StrictStr, external_principal_creation : ExternalPrincipalCreation, **kwargs) -> None: # noqa: E501 + """attach external principal to user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.create_user_external_principal(user_id, principal_id, external_principal_creation, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param external_principal_creation: (required) + :type external_principal_creation: ExternalPrincipalCreation + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: None + """ + kwargs['_return_http_data_only'] = True + if '_preload_content' in kwargs: + raise ValueError("Error! Please call the create_user_external_principal_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.create_user_external_principal_with_http_info(user_id, principal_id, external_principal_creation, **kwargs) # noqa: E501 + + @validate_arguments + def create_user_external_principal_with_http_info(self, user_id : StrictStr, principal_id : StrictStr, external_principal_creation : ExternalPrincipalCreation, **kwargs) -> ApiResponse: # noqa: E501 + """attach external principal to user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.create_user_external_principal_with_http_info(user_id, principal_id, external_principal_creation, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param external_principal_creation: (required) + :type external_principal_creation: ExternalPrincipalCreation + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _preload_content: if False, the ApiResponse.data will + be set to none and raw_data will store the + HTTP response body without reading/decoding. + Default is True. + :type _preload_content: bool, optional + :param _return_http_data_only: response data instead of ApiResponse + object with status code, headers, etc + :type _return_http_data_only: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the authentication + in the spec for a single request. + :type _request_auth: dict, optional + :type _content_type: string, optional: force content-type for the request + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: None + """ + + _params = locals() + + _all_params = [ + 'user_id', + 'principal_id', + 'external_principal_creation' + ] + _all_params.extend( + [ + 'async_req', + '_return_http_data_only', + '_preload_content', + '_request_timeout', + '_request_auth', + '_content_type', + '_headers' + ] + ) + + # validate the arguments + for _key, _val in _params['kwargs'].items(): + if _key not in _all_params: + raise ApiTypeError( + "Got an unexpected keyword argument '%s'" + " to method create_user_external_principal" % _key + ) + _params[_key] = _val + del _params['kwargs'] + + _collection_formats = {} + + # process the path parameters + _path_params = {} + if _params['user_id']: + _path_params['userId'] = _params['user_id'] + + if _params['principal_id']: + _path_params['principalId'] = _params['principal_id'] + + + # process the query parameters + _query_params = [] + # process the header parameters + _header_params = dict(_params.get('_headers', {})) + # process the form parameters + _form_params = [] + _files = {} + # process the body parameter + _body_params = None + if _params['external_principal_creation'] is not None: + _body_params = _params['external_principal_creation'] + + # set the HTTP header `Accept` + _header_params['Accept'] = self.api_client.select_header_accept( + ['application/json']) # noqa: E501 + + # set the HTTP header `Content-Type` + _content_types_list = _params.get('_content_type', + self.api_client.select_header_content_type( + ['application/json'])) + if _content_types_list: + _header_params['Content-Type'] = _content_types_list + + # authentication setting + _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 + + _response_types_map = {} + + return self.api_client.call_api( + '/auth/users/{userId}/external/principal/{principalId}', 'POST', + _path_params, + _query_params, + _header_params, + body=_body_params, + post_params=_form_params, + files=_files, + response_types_map=_response_types_map, + auth_settings=_auth_settings, + async_req=_params.get('async_req'), + _return_http_data_only=_params.get('_return_http_data_only'), # noqa: E501 + _preload_content=_params.get('_preload_content', True), + _request_timeout=_params.get('_request_timeout'), + collection_formats=_collection_formats, + _request_auth=_params.get('_request_auth')) + @validate_arguments def delete_credentials(self, user_id : StrictStr, access_key_id : StrictStr, **kwargs) -> None: # noqa: E501 """delete credentials # noqa: E501 @@ -1763,6 +1924,149 @@ def delete_user_with_http_info(self, user_id : StrictStr, **kwargs) -> ApiRespon collection_formats=_collection_formats, _request_auth=_params.get('_request_auth')) + @validate_arguments + def delete_user_external_principal(self, user_id : StrictStr, principal_id : StrictStr, **kwargs) -> None: # noqa: E501 + """delete external principal from user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.delete_user_external_principal(user_id, principal_id, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: None + """ + kwargs['_return_http_data_only'] = True + if '_preload_content' in kwargs: + raise ValueError("Error! Please call the delete_user_external_principal_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.delete_user_external_principal_with_http_info(user_id, principal_id, **kwargs) # noqa: E501 + + @validate_arguments + def delete_user_external_principal_with_http_info(self, user_id : StrictStr, principal_id : StrictStr, **kwargs) -> ApiResponse: # noqa: E501 + """delete external principal from user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.delete_user_external_principal_with_http_info(user_id, principal_id, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _preload_content: if False, the ApiResponse.data will + be set to none and raw_data will store the + HTTP response body without reading/decoding. + Default is True. + :type _preload_content: bool, optional + :param _return_http_data_only: response data instead of ApiResponse + object with status code, headers, etc + :type _return_http_data_only: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the authentication + in the spec for a single request. + :type _request_auth: dict, optional + :type _content_type: string, optional: force content-type for the request + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: None + """ + + _params = locals() + + _all_params = [ + 'user_id', + 'principal_id' + ] + _all_params.extend( + [ + 'async_req', + '_return_http_data_only', + '_preload_content', + '_request_timeout', + '_request_auth', + '_content_type', + '_headers' + ] + ) + + # validate the arguments + for _key, _val in _params['kwargs'].items(): + if _key not in _all_params: + raise ApiTypeError( + "Got an unexpected keyword argument '%s'" + " to method delete_user_external_principal" % _key + ) + _params[_key] = _val + del _params['kwargs'] + + _collection_formats = {} + + # process the path parameters + _path_params = {} + if _params['user_id']: + _path_params['userId'] = _params['user_id'] + + if _params['principal_id']: + _path_params['principalId'] = _params['principal_id'] + + + # process the query parameters + _query_params = [] + # process the header parameters + _header_params = dict(_params.get('_headers', {})) + # process the form parameters + _form_params = [] + _files = {} + # process the body parameter + _body_params = None + # set the HTTP header `Accept` + _header_params['Accept'] = self.api_client.select_header_accept( + ['application/json']) # noqa: E501 + + # authentication setting + _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 + + _response_types_map = {} + + return self.api_client.call_api( + '/auth/users/{userId}/external/principal/{principalId}', 'DELETE', + _path_params, + _query_params, + _header_params, + body=_body_params, + post_params=_form_params, + files=_files, + response_types_map=_response_types_map, + auth_settings=_auth_settings, + async_req=_params.get('async_req'), + _return_http_data_only=_params.get('_return_http_data_only'), # noqa: E501 + _preload_content=_params.get('_preload_content', True), + _request_timeout=_params.get('_request_timeout'), + collection_formats=_collection_formats, + _request_auth=_params.get('_request_auth')) + @validate_arguments def detach_policy_from_group(self, group_id : StrictStr, policy_id : StrictStr, **kwargs) -> None: # noqa: E501 """detach policy from group # noqa: E501 @@ -2443,14 +2747,154 @@ def get_group_with_http_info(self, group_id : StrictStr, **kwargs) -> ApiRespons _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 _response_types_map = { - '200': "Group", + '200': "Group", + '401': "Error", + '404': "Error", + '420': None, + } + + return self.api_client.call_api( + '/auth/groups/{groupId}', 'GET', + _path_params, + _query_params, + _header_params, + body=_body_params, + post_params=_form_params, + files=_files, + response_types_map=_response_types_map, + auth_settings=_auth_settings, + async_req=_params.get('async_req'), + _return_http_data_only=_params.get('_return_http_data_only'), # noqa: E501 + _preload_content=_params.get('_preload_content', True), + _request_timeout=_params.get('_request_timeout'), + collection_formats=_collection_formats, + _request_auth=_params.get('_request_auth')) + + @validate_arguments + def get_group_acl(self, group_id : StrictStr, **kwargs) -> ACL: # noqa: E501 + """get ACL of group # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.get_group_acl(group_id, async_req=True) + >>> result = thread.get() + + :param group_id: (required) + :type group_id: str + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: ACL + """ + kwargs['_return_http_data_only'] = True + if '_preload_content' in kwargs: + raise ValueError("Error! Please call the get_group_acl_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.get_group_acl_with_http_info(group_id, **kwargs) # noqa: E501 + + @validate_arguments + def get_group_acl_with_http_info(self, group_id : StrictStr, **kwargs) -> ApiResponse: # noqa: E501 + """get ACL of group # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.get_group_acl_with_http_info(group_id, async_req=True) + >>> result = thread.get() + + :param group_id: (required) + :type group_id: str + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _preload_content: if False, the ApiResponse.data will + be set to none and raw_data will store the + HTTP response body without reading/decoding. + Default is True. + :type _preload_content: bool, optional + :param _return_http_data_only: response data instead of ApiResponse + object with status code, headers, etc + :type _return_http_data_only: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the authentication + in the spec for a single request. + :type _request_auth: dict, optional + :type _content_type: string, optional: force content-type for the request + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: tuple(ACL, status_code(int), headers(HTTPHeaderDict)) + """ + + _params = locals() + + _all_params = [ + 'group_id' + ] + _all_params.extend( + [ + 'async_req', + '_return_http_data_only', + '_preload_content', + '_request_timeout', + '_request_auth', + '_content_type', + '_headers' + ] + ) + + # validate the arguments + for _key, _val in _params['kwargs'].items(): + if _key not in _all_params: + raise ApiTypeError( + "Got an unexpected keyword argument '%s'" + " to method get_group_acl" % _key + ) + _params[_key] = _val + del _params['kwargs'] + + _collection_formats = {} + + # process the path parameters + _path_params = {} + if _params['group_id']: + _path_params['groupId'] = _params['group_id'] + + + # process the query parameters + _query_params = [] + # process the header parameters + _header_params = dict(_params.get('_headers', {})) + # process the form parameters + _form_params = [] + _files = {} + # process the body parameter + _body_params = None + # set the HTTP header `Accept` + _header_params['Accept'] = self.api_client.select_header_accept( + ['application/json']) # noqa: E501 + + # authentication setting + _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 + + _response_types_map = { + '200': "ACL", '401': "Error", - '404': "Error", + '404': "ErrorNoACL", '420': None, } return self.api_client.call_api( - '/auth/groups/{groupId}', 'GET', + '/auth/groups/{groupId}/acl', 'GET', _path_params, _query_params, _header_params, @@ -2467,17 +2911,17 @@ def get_group_with_http_info(self, group_id : StrictStr, **kwargs) -> ApiRespons _request_auth=_params.get('_request_auth')) @validate_arguments - def get_group_acl(self, group_id : StrictStr, **kwargs) -> ACL: # noqa: E501 - """get ACL of group # noqa: E501 + def get_policy(self, policy_id : StrictStr, **kwargs) -> Policy: # noqa: E501 + """get policy # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True - >>> thread = api.get_group_acl(group_id, async_req=True) + >>> thread = api.get_policy(policy_id, async_req=True) >>> result = thread.get() - :param group_id: (required) - :type group_id: str + :param policy_id: (required) + :type policy_id: str :param async_req: Whether to execute the request asynchronously. :type async_req: bool, optional :param _request_timeout: timeout setting for this request. If one @@ -2487,25 +2931,25 @@ def get_group_acl(self, group_id : StrictStr, **kwargs) -> ACL: # noqa: E501 :return: Returns the result object. If the method is called asynchronously, returns the request thread. - :rtype: ACL + :rtype: Policy """ kwargs['_return_http_data_only'] = True if '_preload_content' in kwargs: - raise ValueError("Error! Please call the get_group_acl_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") - return self.get_group_acl_with_http_info(group_id, **kwargs) # noqa: E501 + raise ValueError("Error! Please call the get_policy_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.get_policy_with_http_info(policy_id, **kwargs) # noqa: E501 @validate_arguments - def get_group_acl_with_http_info(self, group_id : StrictStr, **kwargs) -> ApiResponse: # noqa: E501 - """get ACL of group # noqa: E501 + def get_policy_with_http_info(self, policy_id : StrictStr, **kwargs) -> ApiResponse: # noqa: E501 + """get policy # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True - >>> thread = api.get_group_acl_with_http_info(group_id, async_req=True) + >>> thread = api.get_policy_with_http_info(policy_id, async_req=True) >>> result = thread.get() - :param group_id: (required) - :type group_id: str + :param policy_id: (required) + :type policy_id: str :param async_req: Whether to execute the request asynchronously. :type async_req: bool, optional :param _preload_content: if False, the ApiResponse.data will @@ -2528,13 +2972,13 @@ def get_group_acl_with_http_info(self, group_id : StrictStr, **kwargs) -> ApiRes :return: Returns the result object. If the method is called asynchronously, returns the request thread. - :rtype: tuple(ACL, status_code(int), headers(HTTPHeaderDict)) + :rtype: tuple(Policy, status_code(int), headers(HTTPHeaderDict)) """ _params = locals() _all_params = [ - 'group_id' + 'policy_id' ] _all_params.extend( [ @@ -2553,7 +2997,7 @@ def get_group_acl_with_http_info(self, group_id : StrictStr, **kwargs) -> ApiRes if _key not in _all_params: raise ApiTypeError( "Got an unexpected keyword argument '%s'" - " to method get_group_acl" % _key + " to method get_policy" % _key ) _params[_key] = _val del _params['kwargs'] @@ -2562,8 +3006,8 @@ def get_group_acl_with_http_info(self, group_id : StrictStr, **kwargs) -> ApiRes # process the path parameters _path_params = {} - if _params['group_id']: - _path_params['groupId'] = _params['group_id'] + if _params['policy_id']: + _path_params['policyId'] = _params['policy_id'] # process the query parameters @@ -2583,14 +3027,14 @@ def get_group_acl_with_http_info(self, group_id : StrictStr, **kwargs) -> ApiRes _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 _response_types_map = { - '200': "ACL", + '200': "Policy", '401': "Error", - '404': "ErrorNoACL", + '404': "Error", '420': None, } return self.api_client.call_api( - '/auth/groups/{groupId}/acl', 'GET', + '/auth/policies/{policyId}', 'GET', _path_params, _query_params, _header_params, @@ -2607,17 +3051,17 @@ def get_group_acl_with_http_info(self, group_id : StrictStr, **kwargs) -> ApiRes _request_auth=_params.get('_request_auth')) @validate_arguments - def get_policy(self, policy_id : StrictStr, **kwargs) -> Policy: # noqa: E501 - """get policy # noqa: E501 + def get_user(self, user_id : StrictStr, **kwargs) -> User: # noqa: E501 + """get user # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True - >>> thread = api.get_policy(policy_id, async_req=True) + >>> thread = api.get_user(user_id, async_req=True) >>> result = thread.get() - :param policy_id: (required) - :type policy_id: str + :param user_id: (required) + :type user_id: str :param async_req: Whether to execute the request asynchronously. :type async_req: bool, optional :param _request_timeout: timeout setting for this request. If one @@ -2627,25 +3071,25 @@ def get_policy(self, policy_id : StrictStr, **kwargs) -> Policy: # noqa: E501 :return: Returns the result object. If the method is called asynchronously, returns the request thread. - :rtype: Policy + :rtype: User """ kwargs['_return_http_data_only'] = True if '_preload_content' in kwargs: - raise ValueError("Error! Please call the get_policy_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") - return self.get_policy_with_http_info(policy_id, **kwargs) # noqa: E501 + raise ValueError("Error! Please call the get_user_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.get_user_with_http_info(user_id, **kwargs) # noqa: E501 @validate_arguments - def get_policy_with_http_info(self, policy_id : StrictStr, **kwargs) -> ApiResponse: # noqa: E501 - """get policy # noqa: E501 + def get_user_with_http_info(self, user_id : StrictStr, **kwargs) -> ApiResponse: # noqa: E501 + """get user # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True - >>> thread = api.get_policy_with_http_info(policy_id, async_req=True) + >>> thread = api.get_user_with_http_info(user_id, async_req=True) >>> result = thread.get() - :param policy_id: (required) - :type policy_id: str + :param user_id: (required) + :type user_id: str :param async_req: Whether to execute the request asynchronously. :type async_req: bool, optional :param _preload_content: if False, the ApiResponse.data will @@ -2668,13 +3112,13 @@ def get_policy_with_http_info(self, policy_id : StrictStr, **kwargs) -> ApiRespo :return: Returns the result object. If the method is called asynchronously, returns the request thread. - :rtype: tuple(Policy, status_code(int), headers(HTTPHeaderDict)) + :rtype: tuple(User, status_code(int), headers(HTTPHeaderDict)) """ _params = locals() _all_params = [ - 'policy_id' + 'user_id' ] _all_params.extend( [ @@ -2693,7 +3137,7 @@ def get_policy_with_http_info(self, policy_id : StrictStr, **kwargs) -> ApiRespo if _key not in _all_params: raise ApiTypeError( "Got an unexpected keyword argument '%s'" - " to method get_policy" % _key + " to method get_user" % _key ) _params[_key] = _val del _params['kwargs'] @@ -2702,8 +3146,8 @@ def get_policy_with_http_info(self, policy_id : StrictStr, **kwargs) -> ApiRespo # process the path parameters _path_params = {} - if _params['policy_id']: - _path_params['policyId'] = _params['policy_id'] + if _params['user_id']: + _path_params['userId'] = _params['user_id'] # process the query parameters @@ -2723,14 +3167,14 @@ def get_policy_with_http_info(self, policy_id : StrictStr, **kwargs) -> ApiRespo _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 _response_types_map = { - '200': "Policy", + '200': "User", '401': "Error", '404': "Error", '420': None, } return self.api_client.call_api( - '/auth/policies/{policyId}', 'GET', + '/auth/users/{userId}', 'GET', _path_params, _query_params, _header_params, @@ -2747,17 +3191,19 @@ def get_policy_with_http_info(self, policy_id : StrictStr, **kwargs) -> ApiRespo _request_auth=_params.get('_request_auth')) @validate_arguments - def get_user(self, user_id : StrictStr, **kwargs) -> User: # noqa: E501 - """get user # noqa: E501 + def get_user_external_principal(self, user_id : StrictStr, principal_id : StrictStr, **kwargs) -> ExternalPrincipal: # noqa: E501 + """get external principal of a user # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True - >>> thread = api.get_user(user_id, async_req=True) + >>> thread = api.get_user_external_principal(user_id, principal_id, async_req=True) >>> result = thread.get() :param user_id: (required) :type user_id: str + :param principal_id: (required) + :type principal_id: str :param async_req: Whether to execute the request asynchronously. :type async_req: bool, optional :param _request_timeout: timeout setting for this request. If one @@ -2767,25 +3213,27 @@ def get_user(self, user_id : StrictStr, **kwargs) -> User: # noqa: E501 :return: Returns the result object. If the method is called asynchronously, returns the request thread. - :rtype: User + :rtype: ExternalPrincipal """ kwargs['_return_http_data_only'] = True if '_preload_content' in kwargs: - raise ValueError("Error! Please call the get_user_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") - return self.get_user_with_http_info(user_id, **kwargs) # noqa: E501 + raise ValueError("Error! Please call the get_user_external_principal_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.get_user_external_principal_with_http_info(user_id, principal_id, **kwargs) # noqa: E501 @validate_arguments - def get_user_with_http_info(self, user_id : StrictStr, **kwargs) -> ApiResponse: # noqa: E501 - """get user # noqa: E501 + def get_user_external_principal_with_http_info(self, user_id : StrictStr, principal_id : StrictStr, **kwargs) -> ApiResponse: # noqa: E501 + """get external principal of a user # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True - >>> thread = api.get_user_with_http_info(user_id, async_req=True) + >>> thread = api.get_user_external_principal_with_http_info(user_id, principal_id, async_req=True) >>> result = thread.get() :param user_id: (required) :type user_id: str + :param principal_id: (required) + :type principal_id: str :param async_req: Whether to execute the request asynchronously. :type async_req: bool, optional :param _preload_content: if False, the ApiResponse.data will @@ -2808,13 +3256,14 @@ def get_user_with_http_info(self, user_id : StrictStr, **kwargs) -> ApiResponse: :return: Returns the result object. If the method is called asynchronously, returns the request thread. - :rtype: tuple(User, status_code(int), headers(HTTPHeaderDict)) + :rtype: tuple(ExternalPrincipal, status_code(int), headers(HTTPHeaderDict)) """ _params = locals() _all_params = [ - 'user_id' + 'user_id', + 'principal_id' ] _all_params.extend( [ @@ -2833,7 +3282,7 @@ def get_user_with_http_info(self, user_id : StrictStr, **kwargs) -> ApiResponse: if _key not in _all_params: raise ApiTypeError( "Got an unexpected keyword argument '%s'" - " to method get_user" % _key + " to method get_user_external_principal" % _key ) _params[_key] = _val del _params['kwargs'] @@ -2845,6 +3294,9 @@ def get_user_with_http_info(self, user_id : StrictStr, **kwargs) -> ApiResponse: if _params['user_id']: _path_params['userId'] = _params['user_id'] + if _params['principal_id']: + _path_params['principalId'] = _params['principal_id'] + # process the query parameters _query_params = [] @@ -2863,14 +3315,14 @@ def get_user_with_http_info(self, user_id : StrictStr, **kwargs) -> ApiResponse: _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 _response_types_map = { - '200': "User", + '200': "ExternalPrincipal", '401': "Error", '404': "Error", '420': None, } return self.api_client.call_api( - '/auth/users/{userId}', 'GET', + '/auth/users/{userId}/external/principal/{principalId}', 'GET', _path_params, _query_params, _header_params, @@ -3687,6 +4139,170 @@ def list_user_credentials_with_http_info(self, user_id : StrictStr, prefix : Ann collection_formats=_collection_formats, _request_auth=_params.get('_request_auth')) + @validate_arguments + def list_user_external_principals(self, user_id : StrictStr, prefix : Annotated[Optional[StrictStr], Field(description="return items prefixed with this value")] = None, after : Annotated[Optional[StrictStr], Field(description="return items after this value")] = None, amount : Annotated[Optional[conint(strict=True, le=1000, ge=-1)], Field(description="how many items to return")] = None, **kwargs) -> ExternalPrincipalList: # noqa: E501 + """list user external policies # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.list_user_external_principals(user_id, prefix, after, amount, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param prefix: return items prefixed with this value + :type prefix: str + :param after: return items after this value + :type after: str + :param amount: how many items to return + :type amount: int + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: ExternalPrincipalList + """ + kwargs['_return_http_data_only'] = True + if '_preload_content' in kwargs: + raise ValueError("Error! Please call the list_user_external_principals_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.list_user_external_principals_with_http_info(user_id, prefix, after, amount, **kwargs) # noqa: E501 + + @validate_arguments + def list_user_external_principals_with_http_info(self, user_id : StrictStr, prefix : Annotated[Optional[StrictStr], Field(description="return items prefixed with this value")] = None, after : Annotated[Optional[StrictStr], Field(description="return items after this value")] = None, amount : Annotated[Optional[conint(strict=True, le=1000, ge=-1)], Field(description="how many items to return")] = None, **kwargs) -> ApiResponse: # noqa: E501 + """list user external policies # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.list_user_external_principals_with_http_info(user_id, prefix, after, amount, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param prefix: return items prefixed with this value + :type prefix: str + :param after: return items after this value + :type after: str + :param amount: how many items to return + :type amount: int + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _preload_content: if False, the ApiResponse.data will + be set to none and raw_data will store the + HTTP response body without reading/decoding. + Default is True. + :type _preload_content: bool, optional + :param _return_http_data_only: response data instead of ApiResponse + object with status code, headers, etc + :type _return_http_data_only: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the authentication + in the spec for a single request. + :type _request_auth: dict, optional + :type _content_type: string, optional: force content-type for the request + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: tuple(ExternalPrincipalList, status_code(int), headers(HTTPHeaderDict)) + """ + + _params = locals() + + _all_params = [ + 'user_id', + 'prefix', + 'after', + 'amount' + ] + _all_params.extend( + [ + 'async_req', + '_return_http_data_only', + '_preload_content', + '_request_timeout', + '_request_auth', + '_content_type', + '_headers' + ] + ) + + # validate the arguments + for _key, _val in _params['kwargs'].items(): + if _key not in _all_params: + raise ApiTypeError( + "Got an unexpected keyword argument '%s'" + " to method list_user_external_principals" % _key + ) + _params[_key] = _val + del _params['kwargs'] + + _collection_formats = {} + + # process the path parameters + _path_params = {} + if _params['user_id']: + _path_params['userId'] = _params['user_id'] + + + # process the query parameters + _query_params = [] + if _params.get('prefix') is not None: # noqa: E501 + _query_params.append(('prefix', _params['prefix'])) + + if _params.get('after') is not None: # noqa: E501 + _query_params.append(('after', _params['after'])) + + if _params.get('amount') is not None: # noqa: E501 + _query_params.append(('amount', _params['amount'])) + + # process the header parameters + _header_params = dict(_params.get('_headers', {})) + # process the form parameters + _form_params = [] + _files = {} + # process the body parameter + _body_params = None + # set the HTTP header `Accept` + _header_params['Accept'] = self.api_client.select_header_accept( + ['application/json']) # noqa: E501 + + # authentication setting + _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 + + _response_types_map = { + '200': "ExternalPrincipalList", + '401': "Error", + '404': "Error", + '420': None, + } + + return self.api_client.call_api( + '/auth/users/{userId}/external/principals', 'GET', + _path_params, + _query_params, + _header_params, + body=_body_params, + post_params=_form_params, + files=_files, + response_types_map=_response_types_map, + auth_settings=_auth_settings, + async_req=_params.get('async_req'), + _return_http_data_only=_params.get('_return_http_data_only'), # noqa: E501 + _preload_content=_params.get('_preload_content', True), + _request_timeout=_params.get('_request_timeout'), + collection_formats=_collection_formats, + _request_auth=_params.get('_request_auth')) + @validate_arguments def list_user_groups(self, user_id : StrictStr, prefix : Annotated[Optional[StrictStr], Field(description="return items prefixed with this value")] = None, after : Annotated[Optional[StrictStr], Field(description="return items after this value")] = None, amount : Annotated[Optional[conint(strict=True, le=1000, ge=-1)], Field(description="how many items to return")] = None, **kwargs) -> GroupList: # noqa: E501 """list user groups # noqa: E501 diff --git a/clients/python/lakefs_sdk/api/experimental_api.py b/clients/python/lakefs_sdk/api/experimental_api.py index 302801232d9..ca88bcffa64 100644 --- a/clients/python/lakefs_sdk/api/experimental_api.py +++ b/clients/python/lakefs_sdk/api/experimental_api.py @@ -20,12 +20,15 @@ from pydantic import validate_arguments, ValidationError from typing_extensions import Annotated -from pydantic import Field, StrictBool, StrictInt, StrictStr +from pydantic import Field, StrictBool, StrictInt, StrictStr, conint from typing import Optional from lakefs_sdk.models.abort_presign_multipart_upload import AbortPresignMultipartUpload from lakefs_sdk.models.complete_presign_multipart_upload import CompletePresignMultipartUpload +from lakefs_sdk.models.external_principal import ExternalPrincipal +from lakefs_sdk.models.external_principal_creation import ExternalPrincipalCreation +from lakefs_sdk.models.external_principal_list import ExternalPrincipalList from lakefs_sdk.models.object_stats import ObjectStats from lakefs_sdk.models.presign_multipart_upload import PresignMultipartUpload @@ -575,6 +578,455 @@ def create_presign_multipart_upload_with_http_info(self, repository : StrictStr, collection_formats=_collection_formats, _request_auth=_params.get('_request_auth')) + @validate_arguments + def create_user_external_principal(self, user_id : StrictStr, principal_id : StrictStr, external_principal_creation : ExternalPrincipalCreation, **kwargs) -> None: # noqa: E501 + """attach external principal to user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.create_user_external_principal(user_id, principal_id, external_principal_creation, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param external_principal_creation: (required) + :type external_principal_creation: ExternalPrincipalCreation + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: None + """ + kwargs['_return_http_data_only'] = True + if '_preload_content' in kwargs: + raise ValueError("Error! Please call the create_user_external_principal_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.create_user_external_principal_with_http_info(user_id, principal_id, external_principal_creation, **kwargs) # noqa: E501 + + @validate_arguments + def create_user_external_principal_with_http_info(self, user_id : StrictStr, principal_id : StrictStr, external_principal_creation : ExternalPrincipalCreation, **kwargs) -> ApiResponse: # noqa: E501 + """attach external principal to user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.create_user_external_principal_with_http_info(user_id, principal_id, external_principal_creation, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param external_principal_creation: (required) + :type external_principal_creation: ExternalPrincipalCreation + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _preload_content: if False, the ApiResponse.data will + be set to none and raw_data will store the + HTTP response body without reading/decoding. + Default is True. + :type _preload_content: bool, optional + :param _return_http_data_only: response data instead of ApiResponse + object with status code, headers, etc + :type _return_http_data_only: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the authentication + in the spec for a single request. + :type _request_auth: dict, optional + :type _content_type: string, optional: force content-type for the request + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: None + """ + + _params = locals() + + _all_params = [ + 'user_id', + 'principal_id', + 'external_principal_creation' + ] + _all_params.extend( + [ + 'async_req', + '_return_http_data_only', + '_preload_content', + '_request_timeout', + '_request_auth', + '_content_type', + '_headers' + ] + ) + + # validate the arguments + for _key, _val in _params['kwargs'].items(): + if _key not in _all_params: + raise ApiTypeError( + "Got an unexpected keyword argument '%s'" + " to method create_user_external_principal" % _key + ) + _params[_key] = _val + del _params['kwargs'] + + _collection_formats = {} + + # process the path parameters + _path_params = {} + if _params['user_id']: + _path_params['userId'] = _params['user_id'] + + if _params['principal_id']: + _path_params['principalId'] = _params['principal_id'] + + + # process the query parameters + _query_params = [] + # process the header parameters + _header_params = dict(_params.get('_headers', {})) + # process the form parameters + _form_params = [] + _files = {} + # process the body parameter + _body_params = None + if _params['external_principal_creation'] is not None: + _body_params = _params['external_principal_creation'] + + # set the HTTP header `Accept` + _header_params['Accept'] = self.api_client.select_header_accept( + ['application/json']) # noqa: E501 + + # set the HTTP header `Content-Type` + _content_types_list = _params.get('_content_type', + self.api_client.select_header_content_type( + ['application/json'])) + if _content_types_list: + _header_params['Content-Type'] = _content_types_list + + # authentication setting + _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 + + _response_types_map = {} + + return self.api_client.call_api( + '/auth/users/{userId}/external/principal/{principalId}', 'POST', + _path_params, + _query_params, + _header_params, + body=_body_params, + post_params=_form_params, + files=_files, + response_types_map=_response_types_map, + auth_settings=_auth_settings, + async_req=_params.get('async_req'), + _return_http_data_only=_params.get('_return_http_data_only'), # noqa: E501 + _preload_content=_params.get('_preload_content', True), + _request_timeout=_params.get('_request_timeout'), + collection_formats=_collection_formats, + _request_auth=_params.get('_request_auth')) + + @validate_arguments + def delete_user_external_principal(self, user_id : StrictStr, principal_id : StrictStr, **kwargs) -> None: # noqa: E501 + """delete external principal from user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.delete_user_external_principal(user_id, principal_id, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: None + """ + kwargs['_return_http_data_only'] = True + if '_preload_content' in kwargs: + raise ValueError("Error! Please call the delete_user_external_principal_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.delete_user_external_principal_with_http_info(user_id, principal_id, **kwargs) # noqa: E501 + + @validate_arguments + def delete_user_external_principal_with_http_info(self, user_id : StrictStr, principal_id : StrictStr, **kwargs) -> ApiResponse: # noqa: E501 + """delete external principal from user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.delete_user_external_principal_with_http_info(user_id, principal_id, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _preload_content: if False, the ApiResponse.data will + be set to none and raw_data will store the + HTTP response body without reading/decoding. + Default is True. + :type _preload_content: bool, optional + :param _return_http_data_only: response data instead of ApiResponse + object with status code, headers, etc + :type _return_http_data_only: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the authentication + in the spec for a single request. + :type _request_auth: dict, optional + :type _content_type: string, optional: force content-type for the request + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: None + """ + + _params = locals() + + _all_params = [ + 'user_id', + 'principal_id' + ] + _all_params.extend( + [ + 'async_req', + '_return_http_data_only', + '_preload_content', + '_request_timeout', + '_request_auth', + '_content_type', + '_headers' + ] + ) + + # validate the arguments + for _key, _val in _params['kwargs'].items(): + if _key not in _all_params: + raise ApiTypeError( + "Got an unexpected keyword argument '%s'" + " to method delete_user_external_principal" % _key + ) + _params[_key] = _val + del _params['kwargs'] + + _collection_formats = {} + + # process the path parameters + _path_params = {} + if _params['user_id']: + _path_params['userId'] = _params['user_id'] + + if _params['principal_id']: + _path_params['principalId'] = _params['principal_id'] + + + # process the query parameters + _query_params = [] + # process the header parameters + _header_params = dict(_params.get('_headers', {})) + # process the form parameters + _form_params = [] + _files = {} + # process the body parameter + _body_params = None + # set the HTTP header `Accept` + _header_params['Accept'] = self.api_client.select_header_accept( + ['application/json']) # noqa: E501 + + # authentication setting + _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 + + _response_types_map = {} + + return self.api_client.call_api( + '/auth/users/{userId}/external/principal/{principalId}', 'DELETE', + _path_params, + _query_params, + _header_params, + body=_body_params, + post_params=_form_params, + files=_files, + response_types_map=_response_types_map, + auth_settings=_auth_settings, + async_req=_params.get('async_req'), + _return_http_data_only=_params.get('_return_http_data_only'), # noqa: E501 + _preload_content=_params.get('_preload_content', True), + _request_timeout=_params.get('_request_timeout'), + collection_formats=_collection_formats, + _request_auth=_params.get('_request_auth')) + + @validate_arguments + def get_user_external_principal(self, user_id : StrictStr, principal_id : StrictStr, **kwargs) -> ExternalPrincipal: # noqa: E501 + """get external principal of a user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.get_user_external_principal(user_id, principal_id, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: ExternalPrincipal + """ + kwargs['_return_http_data_only'] = True + if '_preload_content' in kwargs: + raise ValueError("Error! Please call the get_user_external_principal_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.get_user_external_principal_with_http_info(user_id, principal_id, **kwargs) # noqa: E501 + + @validate_arguments + def get_user_external_principal_with_http_info(self, user_id : StrictStr, principal_id : StrictStr, **kwargs) -> ApiResponse: # noqa: E501 + """get external principal of a user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.get_user_external_principal_with_http_info(user_id, principal_id, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _preload_content: if False, the ApiResponse.data will + be set to none and raw_data will store the + HTTP response body without reading/decoding. + Default is True. + :type _preload_content: bool, optional + :param _return_http_data_only: response data instead of ApiResponse + object with status code, headers, etc + :type _return_http_data_only: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the authentication + in the spec for a single request. + :type _request_auth: dict, optional + :type _content_type: string, optional: force content-type for the request + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: tuple(ExternalPrincipal, status_code(int), headers(HTTPHeaderDict)) + """ + + _params = locals() + + _all_params = [ + 'user_id', + 'principal_id' + ] + _all_params.extend( + [ + 'async_req', + '_return_http_data_only', + '_preload_content', + '_request_timeout', + '_request_auth', + '_content_type', + '_headers' + ] + ) + + # validate the arguments + for _key, _val in _params['kwargs'].items(): + if _key not in _all_params: + raise ApiTypeError( + "Got an unexpected keyword argument '%s'" + " to method get_user_external_principal" % _key + ) + _params[_key] = _val + del _params['kwargs'] + + _collection_formats = {} + + # process the path parameters + _path_params = {} + if _params['user_id']: + _path_params['userId'] = _params['user_id'] + + if _params['principal_id']: + _path_params['principalId'] = _params['principal_id'] + + + # process the query parameters + _query_params = [] + # process the header parameters + _header_params = dict(_params.get('_headers', {})) + # process the form parameters + _form_params = [] + _files = {} + # process the body parameter + _body_params = None + # set the HTTP header `Accept` + _header_params['Accept'] = self.api_client.select_header_accept( + ['application/json']) # noqa: E501 + + # authentication setting + _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 + + _response_types_map = { + '200': "ExternalPrincipal", + '401': "Error", + '404': "Error", + '420': None, + } + + return self.api_client.call_api( + '/auth/users/{userId}/external/principal/{principalId}', 'GET', + _path_params, + _query_params, + _header_params, + body=_body_params, + post_params=_form_params, + files=_files, + response_types_map=_response_types_map, + auth_settings=_auth_settings, + async_req=_params.get('async_req'), + _return_http_data_only=_params.get('_return_http_data_only'), # noqa: E501 + _preload_content=_params.get('_preload_content', True), + _request_timeout=_params.get('_request_timeout'), + collection_formats=_collection_formats, + _request_auth=_params.get('_request_auth')) + @validate_arguments def hard_reset_branch(self, repository : StrictStr, branch : StrictStr, ref : Annotated[StrictStr, Field(..., description="After reset, branch will point at this reference.")], force : Optional[StrictBool] = None, **kwargs) -> None: # noqa: E501 """hard reset branch # noqa: E501 @@ -735,3 +1187,167 @@ def hard_reset_branch_with_http_info(self, repository : StrictStr, branch : Stri _request_timeout=_params.get('_request_timeout'), collection_formats=_collection_formats, _request_auth=_params.get('_request_auth')) + + @validate_arguments + def list_user_external_principals(self, user_id : StrictStr, prefix : Annotated[Optional[StrictStr], Field(description="return items prefixed with this value")] = None, after : Annotated[Optional[StrictStr], Field(description="return items after this value")] = None, amount : Annotated[Optional[conint(strict=True, le=1000, ge=-1)], Field(description="how many items to return")] = None, **kwargs) -> ExternalPrincipalList: # noqa: E501 + """list user external policies # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.list_user_external_principals(user_id, prefix, after, amount, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param prefix: return items prefixed with this value + :type prefix: str + :param after: return items after this value + :type after: str + :param amount: how many items to return + :type amount: int + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: ExternalPrincipalList + """ + kwargs['_return_http_data_only'] = True + if '_preload_content' in kwargs: + raise ValueError("Error! Please call the list_user_external_principals_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.list_user_external_principals_with_http_info(user_id, prefix, after, amount, **kwargs) # noqa: E501 + + @validate_arguments + def list_user_external_principals_with_http_info(self, user_id : StrictStr, prefix : Annotated[Optional[StrictStr], Field(description="return items prefixed with this value")] = None, after : Annotated[Optional[StrictStr], Field(description="return items after this value")] = None, amount : Annotated[Optional[conint(strict=True, le=1000, ge=-1)], Field(description="how many items to return")] = None, **kwargs) -> ApiResponse: # noqa: E501 + """list user external policies # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.list_user_external_principals_with_http_info(user_id, prefix, after, amount, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param prefix: return items prefixed with this value + :type prefix: str + :param after: return items after this value + :type after: str + :param amount: how many items to return + :type amount: int + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _preload_content: if False, the ApiResponse.data will + be set to none and raw_data will store the + HTTP response body without reading/decoding. + Default is True. + :type _preload_content: bool, optional + :param _return_http_data_only: response data instead of ApiResponse + object with status code, headers, etc + :type _return_http_data_only: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the authentication + in the spec for a single request. + :type _request_auth: dict, optional + :type _content_type: string, optional: force content-type for the request + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: tuple(ExternalPrincipalList, status_code(int), headers(HTTPHeaderDict)) + """ + + _params = locals() + + _all_params = [ + 'user_id', + 'prefix', + 'after', + 'amount' + ] + _all_params.extend( + [ + 'async_req', + '_return_http_data_only', + '_preload_content', + '_request_timeout', + '_request_auth', + '_content_type', + '_headers' + ] + ) + + # validate the arguments + for _key, _val in _params['kwargs'].items(): + if _key not in _all_params: + raise ApiTypeError( + "Got an unexpected keyword argument '%s'" + " to method list_user_external_principals" % _key + ) + _params[_key] = _val + del _params['kwargs'] + + _collection_formats = {} + + # process the path parameters + _path_params = {} + if _params['user_id']: + _path_params['userId'] = _params['user_id'] + + + # process the query parameters + _query_params = [] + if _params.get('prefix') is not None: # noqa: E501 + _query_params.append(('prefix', _params['prefix'])) + + if _params.get('after') is not None: # noqa: E501 + _query_params.append(('after', _params['after'])) + + if _params.get('amount') is not None: # noqa: E501 + _query_params.append(('amount', _params['amount'])) + + # process the header parameters + _header_params = dict(_params.get('_headers', {})) + # process the form parameters + _form_params = [] + _files = {} + # process the body parameter + _body_params = None + # set the HTTP header `Accept` + _header_params['Accept'] = self.api_client.select_header_accept( + ['application/json']) # noqa: E501 + + # authentication setting + _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 + + _response_types_map = { + '200': "ExternalPrincipalList", + '401': "Error", + '404': "Error", + '420': None, + } + + return self.api_client.call_api( + '/auth/users/{userId}/external/principals', 'GET', + _path_params, + _query_params, + _header_params, + body=_body_params, + post_params=_form_params, + files=_files, + response_types_map=_response_types_map, + auth_settings=_auth_settings, + async_req=_params.get('async_req'), + _return_http_data_only=_params.get('_return_http_data_only'), # noqa: E501 + _preload_content=_params.get('_preload_content', True), + _request_timeout=_params.get('_request_timeout'), + collection_formats=_collection_formats, + _request_auth=_params.get('_request_auth')) diff --git a/clients/python/lakefs_sdk/api/external_api.py b/clients/python/lakefs_sdk/api/external_api.py new file mode 100644 index 00000000000..13feb1a51eb --- /dev/null +++ b/clients/python/lakefs_sdk/api/external_api.py @@ -0,0 +1,662 @@ +# coding: utf-8 + +""" + lakeFS API + + lakeFS HTTP API + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import re # noqa: F401 +import io +import warnings + +from pydantic import validate_arguments, ValidationError +from typing_extensions import Annotated + +from pydantic import Field, StrictStr, conint + +from typing import Optional + +from lakefs_sdk.models.external_principal import ExternalPrincipal +from lakefs_sdk.models.external_principal_creation import ExternalPrincipalCreation +from lakefs_sdk.models.external_principal_list import ExternalPrincipalList + +from lakefs_sdk.api_client import ApiClient +from lakefs_sdk.api_response import ApiResponse +from lakefs_sdk.exceptions import ( # noqa: F401 + ApiTypeError, + ApiValueError +) + + +class ExternalApi(object): + """NOTE: This class is auto generated by OpenAPI Generator + Ref: https://openapi-generator.tech + + Do not edit the class manually. + """ + + def __init__(self, api_client=None): + if api_client is None: + api_client = ApiClient.get_default() + self.api_client = api_client + + @validate_arguments + def create_user_external_principal(self, user_id : StrictStr, principal_id : StrictStr, external_principal_creation : ExternalPrincipalCreation, **kwargs) -> None: # noqa: E501 + """attach external principal to user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.create_user_external_principal(user_id, principal_id, external_principal_creation, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param external_principal_creation: (required) + :type external_principal_creation: ExternalPrincipalCreation + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: None + """ + kwargs['_return_http_data_only'] = True + if '_preload_content' in kwargs: + raise ValueError("Error! Please call the create_user_external_principal_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.create_user_external_principal_with_http_info(user_id, principal_id, external_principal_creation, **kwargs) # noqa: E501 + + @validate_arguments + def create_user_external_principal_with_http_info(self, user_id : StrictStr, principal_id : StrictStr, external_principal_creation : ExternalPrincipalCreation, **kwargs) -> ApiResponse: # noqa: E501 + """attach external principal to user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.create_user_external_principal_with_http_info(user_id, principal_id, external_principal_creation, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param external_principal_creation: (required) + :type external_principal_creation: ExternalPrincipalCreation + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _preload_content: if False, the ApiResponse.data will + be set to none and raw_data will store the + HTTP response body without reading/decoding. + Default is True. + :type _preload_content: bool, optional + :param _return_http_data_only: response data instead of ApiResponse + object with status code, headers, etc + :type _return_http_data_only: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the authentication + in the spec for a single request. + :type _request_auth: dict, optional + :type _content_type: string, optional: force content-type for the request + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: None + """ + + _params = locals() + + _all_params = [ + 'user_id', + 'principal_id', + 'external_principal_creation' + ] + _all_params.extend( + [ + 'async_req', + '_return_http_data_only', + '_preload_content', + '_request_timeout', + '_request_auth', + '_content_type', + '_headers' + ] + ) + + # validate the arguments + for _key, _val in _params['kwargs'].items(): + if _key not in _all_params: + raise ApiTypeError( + "Got an unexpected keyword argument '%s'" + " to method create_user_external_principal" % _key + ) + _params[_key] = _val + del _params['kwargs'] + + _collection_formats = {} + + # process the path parameters + _path_params = {} + if _params['user_id']: + _path_params['userId'] = _params['user_id'] + + if _params['principal_id']: + _path_params['principalId'] = _params['principal_id'] + + + # process the query parameters + _query_params = [] + # process the header parameters + _header_params = dict(_params.get('_headers', {})) + # process the form parameters + _form_params = [] + _files = {} + # process the body parameter + _body_params = None + if _params['external_principal_creation'] is not None: + _body_params = _params['external_principal_creation'] + + # set the HTTP header `Accept` + _header_params['Accept'] = self.api_client.select_header_accept( + ['application/json']) # noqa: E501 + + # set the HTTP header `Content-Type` + _content_types_list = _params.get('_content_type', + self.api_client.select_header_content_type( + ['application/json'])) + if _content_types_list: + _header_params['Content-Type'] = _content_types_list + + # authentication setting + _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 + + _response_types_map = {} + + return self.api_client.call_api( + '/auth/users/{userId}/external/principal/{principalId}', 'POST', + _path_params, + _query_params, + _header_params, + body=_body_params, + post_params=_form_params, + files=_files, + response_types_map=_response_types_map, + auth_settings=_auth_settings, + async_req=_params.get('async_req'), + _return_http_data_only=_params.get('_return_http_data_only'), # noqa: E501 + _preload_content=_params.get('_preload_content', True), + _request_timeout=_params.get('_request_timeout'), + collection_formats=_collection_formats, + _request_auth=_params.get('_request_auth')) + + @validate_arguments + def delete_user_external_principal(self, user_id : StrictStr, principal_id : StrictStr, **kwargs) -> None: # noqa: E501 + """delete external principal from user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.delete_user_external_principal(user_id, principal_id, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: None + """ + kwargs['_return_http_data_only'] = True + if '_preload_content' in kwargs: + raise ValueError("Error! Please call the delete_user_external_principal_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.delete_user_external_principal_with_http_info(user_id, principal_id, **kwargs) # noqa: E501 + + @validate_arguments + def delete_user_external_principal_with_http_info(self, user_id : StrictStr, principal_id : StrictStr, **kwargs) -> ApiResponse: # noqa: E501 + """delete external principal from user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.delete_user_external_principal_with_http_info(user_id, principal_id, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _preload_content: if False, the ApiResponse.data will + be set to none and raw_data will store the + HTTP response body without reading/decoding. + Default is True. + :type _preload_content: bool, optional + :param _return_http_data_only: response data instead of ApiResponse + object with status code, headers, etc + :type _return_http_data_only: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the authentication + in the spec for a single request. + :type _request_auth: dict, optional + :type _content_type: string, optional: force content-type for the request + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: None + """ + + _params = locals() + + _all_params = [ + 'user_id', + 'principal_id' + ] + _all_params.extend( + [ + 'async_req', + '_return_http_data_only', + '_preload_content', + '_request_timeout', + '_request_auth', + '_content_type', + '_headers' + ] + ) + + # validate the arguments + for _key, _val in _params['kwargs'].items(): + if _key not in _all_params: + raise ApiTypeError( + "Got an unexpected keyword argument '%s'" + " to method delete_user_external_principal" % _key + ) + _params[_key] = _val + del _params['kwargs'] + + _collection_formats = {} + + # process the path parameters + _path_params = {} + if _params['user_id']: + _path_params['userId'] = _params['user_id'] + + if _params['principal_id']: + _path_params['principalId'] = _params['principal_id'] + + + # process the query parameters + _query_params = [] + # process the header parameters + _header_params = dict(_params.get('_headers', {})) + # process the form parameters + _form_params = [] + _files = {} + # process the body parameter + _body_params = None + # set the HTTP header `Accept` + _header_params['Accept'] = self.api_client.select_header_accept( + ['application/json']) # noqa: E501 + + # authentication setting + _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 + + _response_types_map = {} + + return self.api_client.call_api( + '/auth/users/{userId}/external/principal/{principalId}', 'DELETE', + _path_params, + _query_params, + _header_params, + body=_body_params, + post_params=_form_params, + files=_files, + response_types_map=_response_types_map, + auth_settings=_auth_settings, + async_req=_params.get('async_req'), + _return_http_data_only=_params.get('_return_http_data_only'), # noqa: E501 + _preload_content=_params.get('_preload_content', True), + _request_timeout=_params.get('_request_timeout'), + collection_formats=_collection_formats, + _request_auth=_params.get('_request_auth')) + + @validate_arguments + def get_user_external_principal(self, user_id : StrictStr, principal_id : StrictStr, **kwargs) -> ExternalPrincipal: # noqa: E501 + """get external principal of a user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.get_user_external_principal(user_id, principal_id, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: ExternalPrincipal + """ + kwargs['_return_http_data_only'] = True + if '_preload_content' in kwargs: + raise ValueError("Error! Please call the get_user_external_principal_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.get_user_external_principal_with_http_info(user_id, principal_id, **kwargs) # noqa: E501 + + @validate_arguments + def get_user_external_principal_with_http_info(self, user_id : StrictStr, principal_id : StrictStr, **kwargs) -> ApiResponse: # noqa: E501 + """get external principal of a user # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.get_user_external_principal_with_http_info(user_id, principal_id, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param principal_id: (required) + :type principal_id: str + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _preload_content: if False, the ApiResponse.data will + be set to none and raw_data will store the + HTTP response body without reading/decoding. + Default is True. + :type _preload_content: bool, optional + :param _return_http_data_only: response data instead of ApiResponse + object with status code, headers, etc + :type _return_http_data_only: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the authentication + in the spec for a single request. + :type _request_auth: dict, optional + :type _content_type: string, optional: force content-type for the request + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: tuple(ExternalPrincipal, status_code(int), headers(HTTPHeaderDict)) + """ + + _params = locals() + + _all_params = [ + 'user_id', + 'principal_id' + ] + _all_params.extend( + [ + 'async_req', + '_return_http_data_only', + '_preload_content', + '_request_timeout', + '_request_auth', + '_content_type', + '_headers' + ] + ) + + # validate the arguments + for _key, _val in _params['kwargs'].items(): + if _key not in _all_params: + raise ApiTypeError( + "Got an unexpected keyword argument '%s'" + " to method get_user_external_principal" % _key + ) + _params[_key] = _val + del _params['kwargs'] + + _collection_formats = {} + + # process the path parameters + _path_params = {} + if _params['user_id']: + _path_params['userId'] = _params['user_id'] + + if _params['principal_id']: + _path_params['principalId'] = _params['principal_id'] + + + # process the query parameters + _query_params = [] + # process the header parameters + _header_params = dict(_params.get('_headers', {})) + # process the form parameters + _form_params = [] + _files = {} + # process the body parameter + _body_params = None + # set the HTTP header `Accept` + _header_params['Accept'] = self.api_client.select_header_accept( + ['application/json']) # noqa: E501 + + # authentication setting + _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 + + _response_types_map = { + '200': "ExternalPrincipal", + '401': "Error", + '404': "Error", + '420': None, + } + + return self.api_client.call_api( + '/auth/users/{userId}/external/principal/{principalId}', 'GET', + _path_params, + _query_params, + _header_params, + body=_body_params, + post_params=_form_params, + files=_files, + response_types_map=_response_types_map, + auth_settings=_auth_settings, + async_req=_params.get('async_req'), + _return_http_data_only=_params.get('_return_http_data_only'), # noqa: E501 + _preload_content=_params.get('_preload_content', True), + _request_timeout=_params.get('_request_timeout'), + collection_formats=_collection_formats, + _request_auth=_params.get('_request_auth')) + + @validate_arguments + def list_user_external_principals(self, user_id : StrictStr, prefix : Annotated[Optional[StrictStr], Field(description="return items prefixed with this value")] = None, after : Annotated[Optional[StrictStr], Field(description="return items after this value")] = None, amount : Annotated[Optional[conint(strict=True, le=1000, ge=-1)], Field(description="how many items to return")] = None, **kwargs) -> ExternalPrincipalList: # noqa: E501 + """list user external policies # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.list_user_external_principals(user_id, prefix, after, amount, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param prefix: return items prefixed with this value + :type prefix: str + :param after: return items after this value + :type after: str + :param amount: how many items to return + :type amount: int + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: ExternalPrincipalList + """ + kwargs['_return_http_data_only'] = True + if '_preload_content' in kwargs: + raise ValueError("Error! Please call the list_user_external_principals_with_http_info method with `_preload_content` instead and obtain raw data from ApiResponse.raw_data") + return self.list_user_external_principals_with_http_info(user_id, prefix, after, amount, **kwargs) # noqa: E501 + + @validate_arguments + def list_user_external_principals_with_http_info(self, user_id : StrictStr, prefix : Annotated[Optional[StrictStr], Field(description="return items prefixed with this value")] = None, after : Annotated[Optional[StrictStr], Field(description="return items after this value")] = None, amount : Annotated[Optional[conint(strict=True, le=1000, ge=-1)], Field(description="how many items to return")] = None, **kwargs) -> ApiResponse: # noqa: E501 + """list user external policies # noqa: E501 + + This method makes a synchronous HTTP request by default. To make an + asynchronous HTTP request, please pass async_req=True + + >>> thread = api.list_user_external_principals_with_http_info(user_id, prefix, after, amount, async_req=True) + >>> result = thread.get() + + :param user_id: (required) + :type user_id: str + :param prefix: return items prefixed with this value + :type prefix: str + :param after: return items after this value + :type after: str + :param amount: how many items to return + :type amount: int + :param async_req: Whether to execute the request asynchronously. + :type async_req: bool, optional + :param _preload_content: if False, the ApiResponse.data will + be set to none and raw_data will store the + HTTP response body without reading/decoding. + Default is True. + :type _preload_content: bool, optional + :param _return_http_data_only: response data instead of ApiResponse + object with status code, headers, etc + :type _return_http_data_only: bool, optional + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the authentication + in the spec for a single request. + :type _request_auth: dict, optional + :type _content_type: string, optional: force content-type for the request + :return: Returns the result object. + If the method is called asynchronously, + returns the request thread. + :rtype: tuple(ExternalPrincipalList, status_code(int), headers(HTTPHeaderDict)) + """ + + _params = locals() + + _all_params = [ + 'user_id', + 'prefix', + 'after', + 'amount' + ] + _all_params.extend( + [ + 'async_req', + '_return_http_data_only', + '_preload_content', + '_request_timeout', + '_request_auth', + '_content_type', + '_headers' + ] + ) + + # validate the arguments + for _key, _val in _params['kwargs'].items(): + if _key not in _all_params: + raise ApiTypeError( + "Got an unexpected keyword argument '%s'" + " to method list_user_external_principals" % _key + ) + _params[_key] = _val + del _params['kwargs'] + + _collection_formats = {} + + # process the path parameters + _path_params = {} + if _params['user_id']: + _path_params['userId'] = _params['user_id'] + + + # process the query parameters + _query_params = [] + if _params.get('prefix') is not None: # noqa: E501 + _query_params.append(('prefix', _params['prefix'])) + + if _params.get('after') is not None: # noqa: E501 + _query_params.append(('after', _params['after'])) + + if _params.get('amount') is not None: # noqa: E501 + _query_params.append(('amount', _params['amount'])) + + # process the header parameters + _header_params = dict(_params.get('_headers', {})) + # process the form parameters + _form_params = [] + _files = {} + # process the body parameter + _body_params = None + # set the HTTP header `Accept` + _header_params['Accept'] = self.api_client.select_header_accept( + ['application/json']) # noqa: E501 + + # authentication setting + _auth_settings = ['basic_auth', 'cookie_auth', 'oidc_auth', 'saml_auth', 'jwt_token'] # noqa: E501 + + _response_types_map = { + '200': "ExternalPrincipalList", + '401': "Error", + '404': "Error", + '420': None, + } + + return self.api_client.call_api( + '/auth/users/{userId}/external/principals', 'GET', + _path_params, + _query_params, + _header_params, + body=_body_params, + post_params=_form_params, + files=_files, + response_types_map=_response_types_map, + auth_settings=_auth_settings, + async_req=_params.get('async_req'), + _return_http_data_only=_params.get('_return_http_data_only'), # noqa: E501 + _preload_content=_params.get('_preload_content', True), + _request_timeout=_params.get('_request_timeout'), + collection_formats=_collection_formats, + _request_auth=_params.get('_request_auth')) diff --git a/clients/python/lakefs_sdk/client.py b/clients/python/lakefs_sdk/client.py index 7236d02f2fe..af7ba26553f 100644 --- a/clients/python/lakefs_sdk/client.py +++ b/clients/python/lakefs_sdk/client.py @@ -8,6 +8,7 @@ from lakefs_sdk.api import commits_api from lakefs_sdk.api import config_api from lakefs_sdk.api import experimental_api +from lakefs_sdk.api import external_api from lakefs_sdk.api import health_check_api from lakefs_sdk.api import import_api from lakefs_sdk.api import internal_api @@ -63,6 +64,7 @@ def __init__(self, configuration=None, header_name=None, header_value=None, cook self.commits_api = commits_api.CommitsApi(self._api) self.config_api = config_api.ConfigApi(self._api) self.experimental_api = experimental_api.ExperimentalApi(self._api) + self.external_api = external_api.ExternalApi(self._api) self.health_check_api = health_check_api.HealthCheckApi(self._api) self.import_api = import_api.ImportApi(self._api) self.internal_api = internal_api.InternalApi(self._api) diff --git a/clients/python/lakefs_sdk/models/__init__.py b/clients/python/lakefs_sdk/models/__init__.py index 639249b29c8..eba3f9a1860 100644 --- a/clients/python/lakefs_sdk/models/__init__.py +++ b/clients/python/lakefs_sdk/models/__init__.py @@ -40,6 +40,9 @@ from lakefs_sdk.models.diff_list import DiffList from lakefs_sdk.models.error import Error from lakefs_sdk.models.error_no_acl import ErrorNoACL +from lakefs_sdk.models.external_principal import ExternalPrincipal +from lakefs_sdk.models.external_principal_creation import ExternalPrincipalCreation +from lakefs_sdk.models.external_principal_list import ExternalPrincipalList from lakefs_sdk.models.find_merge_base_result import FindMergeBaseResult from lakefs_sdk.models.garbage_collection_config import GarbageCollectionConfig from lakefs_sdk.models.garbage_collection_prepare_response import GarbageCollectionPrepareResponse diff --git a/clients/python/lakefs_sdk/models/external_principal.py b/clients/python/lakefs_sdk/models/external_principal.py new file mode 100644 index 00000000000..64340926192 --- /dev/null +++ b/clients/python/lakefs_sdk/models/external_principal.py @@ -0,0 +1,76 @@ +# coding: utf-8 + +""" + lakeFS API + + lakeFS HTTP API + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + + +from typing import Dict, List, Optional +from pydantic import BaseModel, Field, StrictStr, conlist + +class ExternalPrincipal(BaseModel): + """ + ExternalPrincipal + """ + id: StrictStr = Field(..., description="A unique identifier for the external principal") + user_id: StrictStr = Field(..., description="lakeFS user ID to associate with an external principal. ") + settings: Optional[conlist(Dict[str, StrictStr])] = None + __properties = ["id", "user_id", "settings"] + + class Config: + """Pydantic configuration""" + allow_population_by_field_name = True + validate_assignment = True + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.dict(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> ExternalPrincipal: + """Create an instance of ExternalPrincipal from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self): + """Returns the dictionary representation of the model using alias""" + _dict = self.dict(by_alias=True, + exclude={ + }, + exclude_none=True) + return _dict + + @classmethod + def from_dict(cls, obj: dict) -> ExternalPrincipal: + """Create an instance of ExternalPrincipal from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return ExternalPrincipal.parse_obj(obj) + + _obj = ExternalPrincipal.parse_obj({ + "id": obj.get("id"), + "user_id": obj.get("user_id"), + "settings": obj.get("settings") + }) + return _obj + + diff --git a/clients/python/lakefs_sdk/models/external_principal_creation.py b/clients/python/lakefs_sdk/models/external_principal_creation.py new file mode 100644 index 00000000000..9e7aef4133d --- /dev/null +++ b/clients/python/lakefs_sdk/models/external_principal_creation.py @@ -0,0 +1,72 @@ +# coding: utf-8 + +""" + lakeFS API + + lakeFS HTTP API + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + + +from typing import Dict, List, Optional +from pydantic import BaseModel, StrictStr, conlist + +class ExternalPrincipalCreation(BaseModel): + """ + ExternalPrincipalCreation + """ + settings: Optional[conlist(Dict[str, StrictStr])] = None + __properties = ["settings"] + + class Config: + """Pydantic configuration""" + allow_population_by_field_name = True + validate_assignment = True + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.dict(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> ExternalPrincipalCreation: + """Create an instance of ExternalPrincipalCreation from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self): + """Returns the dictionary representation of the model using alias""" + _dict = self.dict(by_alias=True, + exclude={ + }, + exclude_none=True) + return _dict + + @classmethod + def from_dict(cls, obj: dict) -> ExternalPrincipalCreation: + """Create an instance of ExternalPrincipalCreation from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return ExternalPrincipalCreation.parse_obj(obj) + + _obj = ExternalPrincipalCreation.parse_obj({ + "settings": obj.get("settings") + }) + return _obj + + diff --git a/clients/python/lakefs_sdk/models/external_principal_list.py b/clients/python/lakefs_sdk/models/external_principal_list.py new file mode 100644 index 00000000000..79df3ef7500 --- /dev/null +++ b/clients/python/lakefs_sdk/models/external_principal_list.py @@ -0,0 +1,86 @@ +# coding: utf-8 + +""" + lakeFS API + + lakeFS HTTP API + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +from __future__ import annotations +import pprint +import re # noqa: F401 +import json + + +from typing import List +from pydantic import BaseModel, Field, conlist +from lakefs_sdk.models.external_principal import ExternalPrincipal +from lakefs_sdk.models.pagination import Pagination + +class ExternalPrincipalList(BaseModel): + """ + ExternalPrincipalList + """ + pagination: Pagination = Field(...) + results: conlist(ExternalPrincipal) = Field(...) + __properties = ["pagination", "results"] + + class Config: + """Pydantic configuration""" + allow_population_by_field_name = True + validate_assignment = True + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.dict(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> ExternalPrincipalList: + """Create an instance of ExternalPrincipalList from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self): + """Returns the dictionary representation of the model using alias""" + _dict = self.dict(by_alias=True, + exclude={ + }, + exclude_none=True) + # override the default output from pydantic by calling `to_dict()` of pagination + if self.pagination: + _dict['pagination'] = self.pagination.to_dict() + # override the default output from pydantic by calling `to_dict()` of each item in results (list) + _items = [] + if self.results: + for _item in self.results: + if _item: + _items.append(_item.to_dict()) + _dict['results'] = _items + return _dict + + @classmethod + def from_dict(cls, obj: dict) -> ExternalPrincipalList: + """Create an instance of ExternalPrincipalList from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return ExternalPrincipalList.parse_obj(obj) + + _obj = ExternalPrincipalList.parse_obj({ + "pagination": Pagination.from_dict(obj.get("pagination")) if obj.get("pagination") is not None else None, + "results": [ExternalPrincipal.from_dict(_item) for _item in obj.get("results")] if obj.get("results") is not None else None + }) + return _obj + + diff --git a/clients/python/test/test_auth_api.py b/clients/python/test/test_auth_api.py index 738f335ef17..3ebc1d2d3a4 100644 --- a/clients/python/test/test_auth_api.py +++ b/clients/python/test/test_auth_api.py @@ -78,6 +78,13 @@ def test_create_user(self): """ pass + def test_create_user_external_principal(self): + """Test case for create_user_external_principal + + attach external principal to user # noqa: E501 + """ + pass + def test_delete_credentials(self): """Test case for delete_credentials @@ -113,6 +120,13 @@ def test_delete_user(self): """ pass + def test_delete_user_external_principal(self): + """Test case for delete_user_external_principal + + delete external principal from user # noqa: E501 + """ + pass + def test_detach_policy_from_group(self): """Test case for detach_policy_from_group @@ -169,6 +183,13 @@ def test_get_user(self): """ pass + def test_get_user_external_principal(self): + """Test case for get_user_external_principal + + get external principal of a user # noqa: E501 + """ + pass + def test_list_group_members(self): """Test case for list_group_members @@ -204,6 +225,13 @@ def test_list_user_credentials(self): """ pass + def test_list_user_external_principals(self): + """Test case for list_user_external_principals + + list user external policies # noqa: E501 + """ + pass + def test_list_user_groups(self): """Test case for list_user_groups diff --git a/clients/python/test/test_experimental_api.py b/clients/python/test/test_experimental_api.py index 5cb997d3360..aafe6cbca4f 100644 --- a/clients/python/test/test_experimental_api.py +++ b/clients/python/test/test_experimental_api.py @@ -50,6 +50,27 @@ def test_create_presign_multipart_upload(self): """ pass + def test_create_user_external_principal(self): + """Test case for create_user_external_principal + + attach external principal to user # noqa: E501 + """ + pass + + def test_delete_user_external_principal(self): + """Test case for delete_user_external_principal + + delete external principal from user # noqa: E501 + """ + pass + + def test_get_user_external_principal(self): + """Test case for get_user_external_principal + + get external principal of a user # noqa: E501 + """ + pass + def test_hard_reset_branch(self): """Test case for hard_reset_branch @@ -57,6 +78,13 @@ def test_hard_reset_branch(self): """ pass + def test_list_user_external_principals(self): + """Test case for list_user_external_principals + + list user external policies # noqa: E501 + """ + pass + if __name__ == '__main__': unittest.main() diff --git a/clients/python/test/test_external_api.py b/clients/python/test/test_external_api.py new file mode 100644 index 00000000000..67f71e72045 --- /dev/null +++ b/clients/python/test/test_external_api.py @@ -0,0 +1,62 @@ +# coding: utf-8 + +""" + lakeFS API + + lakeFS HTTP API + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest + +import lakefs_sdk +from lakefs_sdk.api.external_api import ExternalApi # noqa: E501 +from lakefs_sdk.rest import ApiException + + +class TestExternalApi(unittest.TestCase): + """ExternalApi unit test stubs""" + + def setUp(self): + self.api = lakefs_sdk.api.external_api.ExternalApi() # noqa: E501 + + def tearDown(self): + pass + + def test_create_user_external_principal(self): + """Test case for create_user_external_principal + + attach external principal to user # noqa: E501 + """ + pass + + def test_delete_user_external_principal(self): + """Test case for delete_user_external_principal + + delete external principal from user # noqa: E501 + """ + pass + + def test_get_user_external_principal(self): + """Test case for get_user_external_principal + + get external principal of a user # noqa: E501 + """ + pass + + def test_list_user_external_principals(self): + """Test case for list_user_external_principals + + list user external policies # noqa: E501 + """ + pass + + +if __name__ == '__main__': + unittest.main() diff --git a/clients/python/test/test_external_principal.py b/clients/python/test/test_external_principal.py new file mode 100644 index 00000000000..a01aad6c4dc --- /dev/null +++ b/clients/python/test/test_external_principal.py @@ -0,0 +1,63 @@ +# coding: utf-8 + +""" + lakeFS API + + lakeFS HTTP API + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest +import datetime + +import lakefs_sdk +from lakefs_sdk.models.external_principal import ExternalPrincipal # noqa: E501 +from lakefs_sdk.rest import ApiException + +class TestExternalPrincipal(unittest.TestCase): + """ExternalPrincipal unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional): + """Test ExternalPrincipal + include_option is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `ExternalPrincipal` + """ + model = lakefs_sdk.models.external_principal.ExternalPrincipal() # noqa: E501 + if include_optional : + return ExternalPrincipal( + id = '', + user_id = '', + settings = [ + { + 'key' : '' + } + ] + ) + else : + return ExternalPrincipal( + id = '', + user_id = '', + ) + """ + + def testExternalPrincipal(self): + """Test ExternalPrincipal""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/clients/python/test/test_external_principal_creation.py b/clients/python/test/test_external_principal_creation.py new file mode 100644 index 00000000000..d5a771cc179 --- /dev/null +++ b/clients/python/test/test_external_principal_creation.py @@ -0,0 +1,59 @@ +# coding: utf-8 + +""" + lakeFS API + + lakeFS HTTP API + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest +import datetime + +import lakefs_sdk +from lakefs_sdk.models.external_principal_creation import ExternalPrincipalCreation # noqa: E501 +from lakefs_sdk.rest import ApiException + +class TestExternalPrincipalCreation(unittest.TestCase): + """ExternalPrincipalCreation unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional): + """Test ExternalPrincipalCreation + include_option is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `ExternalPrincipalCreation` + """ + model = lakefs_sdk.models.external_principal_creation.ExternalPrincipalCreation() # noqa: E501 + if include_optional : + return ExternalPrincipalCreation( + settings = [ + { + 'key' : '' + } + ] + ) + else : + return ExternalPrincipalCreation( + ) + """ + + def testExternalPrincipalCreation(self): + """Test ExternalPrincipalCreation""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/clients/python/test/test_external_principal_list.py b/clients/python/test/test_external_principal_list.py new file mode 100644 index 00000000000..268a37db9a3 --- /dev/null +++ b/clients/python/test/test_external_principal_list.py @@ -0,0 +1,84 @@ +# coding: utf-8 + +""" + lakeFS API + + lakeFS HTTP API + + The version of the OpenAPI document: 1.0.0 + Contact: services@treeverse.io + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + + +import unittest +import datetime + +import lakefs_sdk +from lakefs_sdk.models.external_principal_list import ExternalPrincipalList # noqa: E501 +from lakefs_sdk.rest import ApiException + +class TestExternalPrincipalList(unittest.TestCase): + """ExternalPrincipalList unit test stubs""" + + def setUp(self): + pass + + def tearDown(self): + pass + + def make_instance(self, include_optional): + """Test ExternalPrincipalList + include_option is a boolean, when False only required + params are included, when True both required and + optional params are included """ + # uncomment below to create an instance of `ExternalPrincipalList` + """ + model = lakefs_sdk.models.external_principal_list.ExternalPrincipalList() # noqa: E501 + if include_optional : + return ExternalPrincipalList( + pagination = lakefs_sdk.models.pagination.Pagination( + has_more = True, + next_offset = '', + results = 0, + max_per_page = 0, ), + results = [ + lakefs_sdk.models.external_principal.ExternalPrincipal( + id = '', + user_id = '', + settings = [ + { + 'key' : '' + } + ], ) + ] + ) + else : + return ExternalPrincipalList( + pagination = lakefs_sdk.models.pagination.Pagination( + has_more = True, + next_offset = '', + results = 0, + max_per_page = 0, ), + results = [ + lakefs_sdk.models.external_principal.ExternalPrincipal( + id = '', + user_id = '', + settings = [ + { + 'key' : '' + } + ], ) + ], + ) + """ + + def testExternalPrincipalList(self): + """Test ExternalPrincipalList""" + # inst_req_only = self.make_instance(include_optional=False) + # inst_req_and_optional = self.make_instance(include_optional=True) + +if __name__ == '__main__': + unittest.main() diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 9776a3fe5aa..7b32dcb3e4c 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -5236,7 +5236,7 @@ func (c *Controller) GetUsageReportSummary(w http.ResponseWriter, r *http.Reques func (c *Controller) CreateUserExternalPrincipal(w http.ResponseWriter, r *http.Request, body apigen.CreateUserExternalPrincipalJSONRequestBody, userID, principalID string) { ctx := r.Context() - if c.Config.IsAuthUISimplified() && c.Auth.IsExternalPrincipalsEnabled(ctx) { + if c.Config.IsAuthUISimplified() || !c.Auth.IsExternalPrincipalsEnabled(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5248,9 +5248,10 @@ func (c *Controller) CreateUserExternalPrincipal(w http.ResponseWriter, r *http. }) { return } - c.LogAction(ctx, "create_external_principal", r, "", "", "") - // TODO(isan) Settings should be passed here as part of the request. i.e using session name or not - err := c.Auth.CreateExternalPrincipal(ctx, principalID, userID) + + c.LogAction(ctx, "create_user_external_principal", r, "", "", "") + + err := c.Auth.CreateUserExternalPrincipal(ctx, userID, principalID) if c.handleAPIError(ctx, w, r, err) { return } @@ -5259,7 +5260,7 @@ func (c *Controller) CreateUserExternalPrincipal(w http.ResponseWriter, r *http. func (c *Controller) DeleteUserExternalPrincipal(w http.ResponseWriter, r *http.Request, userID, principalID string) { ctx := r.Context() - if c.Config.IsAuthUISimplified() && c.Auth.IsExternalPrincipalsEnabled(ctx) { + if c.Config.IsAuthUISimplified() || !c.Auth.IsExternalPrincipalsEnabled(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5271,8 +5272,8 @@ func (c *Controller) DeleteUserExternalPrincipal(w http.ResponseWriter, r *http. }) { return } - c.LogAction(ctx, "delete_external_principal", r, "", "", "") - err := c.Auth.DeleteExternalPrincipalFromUser(ctx, principalID) + c.LogAction(ctx, "delete_user_external_principal", r, "", "", "") + err := c.Auth.DeleteUserExternalPrincipal(ctx, userID, principalID) if c.handleAPIError(ctx, w, r, err) { return } @@ -5281,34 +5282,34 @@ func (c *Controller) DeleteUserExternalPrincipal(w http.ResponseWriter, r *http. func (c *Controller) GetUserExternalPrincipal(w http.ResponseWriter, r *http.Request, userID, principalID string) { ctx := r.Context() - if c.Config.IsAuthUISimplified() && c.Auth.IsExternalPrincipalsEnabled(ctx) { + if c.Config.IsAuthUISimplified() || !c.Auth.IsExternalPrincipalsEnabled(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } if !c.authorize(w, r, permissions.Node{ Permission: permissions.Permission{ - Action: permissions.ReadUserExternalPrincipalAction, + Action: permissions.ReadUserAction, Resource: permissions.UserArn(userID), }, }) { return } - c.LogAction(ctx, "get_external_principal", r, "", "", "") - // TODO(isan) pass settings as well - principal, err := c.Auth.GetExternalPrincipal(ctx, principalID) + c.LogAction(ctx, "get_user_external_principal", r, "", "", "") + + principal, err := c.Auth.GetUserExternalPrincipal(ctx, userID, principalID) if c.handleAPIError(ctx, w, r, err) { return } response := apigen.ExternalPrincipal{ Id: principal.ID, - UserId: principal.Username, + UserId: principal.UserID, } writeResponse(w, r, http.StatusOK, response) } func (c *Controller) ListUserExternalPrincipals(w http.ResponseWriter, r *http.Request, userID string, params apigen.ListUserExternalPrincipalsParams) { ctx := r.Context() - if c.Config.IsAuthUISimplified() && c.Auth.IsExternalPrincipalsEnabled(ctx) { + if c.Config.IsAuthUISimplified() || !c.Auth.IsExternalPrincipalsEnabled(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5323,7 +5324,7 @@ func (c *Controller) ListUserExternalPrincipals(w http.ResponseWriter, r *http.R c.LogAction(ctx, "list_user_external_principals", r, "", "", "") - _, paginator, err := c.Auth.ListUserExternalPrincipals(ctx, userID, &model.PaginationParams{ + principals, paginator, err := c.Auth.ListUserExternalPrincipals(ctx, userID, &model.PaginationParams{ Prefix: paginationPrefix(params.Prefix), Amount: paginationAmount(params.Amount), After: paginationAfter(params.After), @@ -5334,11 +5335,19 @@ func (c *Controller) ListUserExternalPrincipals(w http.ResponseWriter, r *http.R } response := apigen.ExternalPrincipalList{ - Results: nil, + Results: make([]apigen.ExternalPrincipal, len(principals)), Pagination: apigen.Pagination{ HasMore: paginator.NextPageToken != "", NextOffset: paginator.NextPageToken, Results: paginator.Amount, - }} + }, + } + + for i, p := range principals { + response.Results[i] = apigen.ExternalPrincipal{ + Id: p.ID, + UserId: p.UserID, + } + } writeResponse(w, r, http.StatusOK, response) } diff --git a/pkg/auth/mock/mock_auth_client.go b/pkg/auth/mock/mock_auth_client.go index 54b6a91716f..c1df5742efb 100644 --- a/pkg/auth/mock/mock_auth_client.go +++ b/pkg/auth/mock/mock_auth_client.go @@ -156,46 +156,6 @@ func (mr *MockClientWithResponsesInterfaceMockRecorder) CreateCredentialsWithRes return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateCredentialsWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).CreateCredentialsWithResponse), varargs...) } -// CreateExternalPrincipalWithBodyWithResponse mocks base method. -func (m *MockClientWithResponsesInterface) CreateExternalPrincipalWithBodyWithResponse(arg0 context.Context, arg1 string, arg2 io.Reader, arg3 ...auth.RequestEditorFn) (*auth.CreateExternalPrincipalResponse, error) { - m.ctrl.T.Helper() - varargs := []interface{}{arg0, arg1, arg2} - for _, a := range arg3 { - varargs = append(varargs, a) - } - ret := m.ctrl.Call(m, "CreateExternalPrincipalWithBodyWithResponse", varargs...) - ret0, _ := ret[0].(*auth.CreateExternalPrincipalResponse) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// CreateExternalPrincipalWithBodyWithResponse indicates an expected call of CreateExternalPrincipalWithBodyWithResponse. -func (mr *MockClientWithResponsesInterfaceMockRecorder) CreateExternalPrincipalWithBodyWithResponse(arg0, arg1, arg2 interface{}, arg3 ...interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - varargs := append([]interface{}{arg0, arg1, arg2}, arg3...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateExternalPrincipalWithBodyWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).CreateExternalPrincipalWithBodyWithResponse), varargs...) -} - -// CreateExternalPrincipalWithResponse mocks base method. -func (m *MockClientWithResponsesInterface) CreateExternalPrincipalWithResponse(arg0 context.Context, arg1 auth.CreateExternalPrincipalJSONRequestBody, arg2 ...auth.RequestEditorFn) (*auth.CreateExternalPrincipalResponse, error) { - m.ctrl.T.Helper() - varargs := []interface{}{arg0, arg1} - for _, a := range arg2 { - varargs = append(varargs, a) - } - ret := m.ctrl.Call(m, "CreateExternalPrincipalWithResponse", varargs...) - ret0, _ := ret[0].(*auth.CreateExternalPrincipalResponse) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// CreateExternalPrincipalWithResponse indicates an expected call of CreateExternalPrincipalWithResponse. -func (mr *MockClientWithResponsesInterfaceMockRecorder) CreateExternalPrincipalWithResponse(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateExternalPrincipalWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).CreateExternalPrincipalWithResponse), varargs...) -} - // CreateGroupWithBodyWithResponse mocks base method. func (m *MockClientWithResponsesInterface) CreateGroupWithBodyWithResponse(arg0 context.Context, arg1 string, arg2 io.Reader, arg3 ...auth.RequestEditorFn) (*auth.CreateGroupResponse, error) { m.ctrl.T.Helper() @@ -276,6 +236,26 @@ func (mr *MockClientWithResponsesInterfaceMockRecorder) CreatePolicyWithResponse return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreatePolicyWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).CreatePolicyWithResponse), varargs...) } +// CreateUserExternalPrincipalWithResponse mocks base method. +func (m *MockClientWithResponsesInterface) CreateUserExternalPrincipalWithResponse(arg0 context.Context, arg1, arg2 string, arg3 ...auth.RequestEditorFn) (*auth.CreateUserExternalPrincipalResponse, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1, arg2} + for _, a := range arg3 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "CreateUserExternalPrincipalWithResponse", varargs...) + ret0, _ := ret[0].(*auth.CreateUserExternalPrincipalResponse) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// CreateUserExternalPrincipalWithResponse indicates an expected call of CreateUserExternalPrincipalWithResponse. +func (mr *MockClientWithResponsesInterfaceMockRecorder) CreateUserExternalPrincipalWithResponse(arg0, arg1, arg2 interface{}, arg3 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1, arg2}, arg3...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateUserExternalPrincipalWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).CreateUserExternalPrincipalWithResponse), varargs...) +} + // CreateUserWithBodyWithResponse mocks base method. func (m *MockClientWithResponsesInterface) CreateUserWithBodyWithResponse(arg0 context.Context, arg1 string, arg2 io.Reader, arg3 ...auth.RequestEditorFn) (*auth.CreateUserResponse, error) { m.ctrl.T.Helper() @@ -336,26 +316,6 @@ func (mr *MockClientWithResponsesInterfaceMockRecorder) DeleteCredentialsWithRes return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteCredentialsWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).DeleteCredentialsWithResponse), varargs...) } -// DeleteExternalPrincipalFromUserWithResponse mocks base method. -func (m *MockClientWithResponsesInterface) DeleteExternalPrincipalFromUserWithResponse(arg0 context.Context, arg1 string, arg2 ...auth.RequestEditorFn) (*auth.DeleteExternalPrincipalFromUserResponse, error) { - m.ctrl.T.Helper() - varargs := []interface{}{arg0, arg1} - for _, a := range arg2 { - varargs = append(varargs, a) - } - ret := m.ctrl.Call(m, "DeleteExternalPrincipalFromUserWithResponse", varargs...) - ret0, _ := ret[0].(*auth.DeleteExternalPrincipalFromUserResponse) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// DeleteExternalPrincipalFromUserWithResponse indicates an expected call of DeleteExternalPrincipalFromUserWithResponse. -func (mr *MockClientWithResponsesInterfaceMockRecorder) DeleteExternalPrincipalFromUserWithResponse(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteExternalPrincipalFromUserWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).DeleteExternalPrincipalFromUserWithResponse), varargs...) -} - // DeleteGroupMembershipWithResponse mocks base method. func (m *MockClientWithResponsesInterface) DeleteGroupMembershipWithResponse(arg0 context.Context, arg1, arg2 string, arg3 ...auth.RequestEditorFn) (*auth.DeleteGroupMembershipResponse, error) { m.ctrl.T.Helper() @@ -416,6 +376,26 @@ func (mr *MockClientWithResponsesInterfaceMockRecorder) DeletePolicyWithResponse return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeletePolicyWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).DeletePolicyWithResponse), varargs...) } +// DeleteUserExternalPrincipalWithResponse mocks base method. +func (m *MockClientWithResponsesInterface) DeleteUserExternalPrincipalWithResponse(arg0 context.Context, arg1, arg2 string, arg3 ...auth.RequestEditorFn) (*auth.DeleteUserExternalPrincipalResponse, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1, arg2} + for _, a := range arg3 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "DeleteUserExternalPrincipalWithResponse", varargs...) + ret0, _ := ret[0].(*auth.DeleteUserExternalPrincipalResponse) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DeleteUserExternalPrincipalWithResponse indicates an expected call of DeleteUserExternalPrincipalWithResponse. +func (mr *MockClientWithResponsesInterfaceMockRecorder) DeleteUserExternalPrincipalWithResponse(arg0, arg1, arg2 interface{}, arg3 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1, arg2}, arg3...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteUserExternalPrincipalWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).DeleteUserExternalPrincipalWithResponse), varargs...) +} + // DeleteUserWithResponse mocks base method. func (m *MockClientWithResponsesInterface) DeleteUserWithResponse(arg0 context.Context, arg1 string, arg2 ...auth.RequestEditorFn) (*auth.DeleteUserResponse, error) { m.ctrl.T.Helper() @@ -516,26 +496,6 @@ func (mr *MockClientWithResponsesInterfaceMockRecorder) GetCredentialsWithRespon return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetCredentialsWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).GetCredentialsWithResponse), varargs...) } -// GetExternalPrincipalWithResponse mocks base method. -func (m *MockClientWithResponsesInterface) GetExternalPrincipalWithResponse(arg0 context.Context, arg1 string, arg2 ...auth.RequestEditorFn) (*auth.GetExternalPrincipalResponse, error) { - m.ctrl.T.Helper() - varargs := []interface{}{arg0, arg1} - for _, a := range arg2 { - varargs = append(varargs, a) - } - ret := m.ctrl.Call(m, "GetExternalPrincipalWithResponse", varargs...) - ret0, _ := ret[0].(*auth.GetExternalPrincipalResponse) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// GetExternalPrincipalWithResponse indicates an expected call of GetExternalPrincipalWithResponse. -func (mr *MockClientWithResponsesInterfaceMockRecorder) GetExternalPrincipalWithResponse(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetExternalPrincipalWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).GetExternalPrincipalWithResponse), varargs...) -} - // GetGroupWithResponse mocks base method. func (m *MockClientWithResponsesInterface) GetGroupWithResponse(arg0 context.Context, arg1 string, arg2 ...auth.RequestEditorFn) (*auth.GetGroupResponse, error) { m.ctrl.T.Helper() @@ -576,6 +536,26 @@ func (mr *MockClientWithResponsesInterfaceMockRecorder) GetPolicyWithResponse(ar return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetPolicyWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).GetPolicyWithResponse), varargs...) } +// GetUserExternalPrincipalWithResponse mocks base method. +func (m *MockClientWithResponsesInterface) GetUserExternalPrincipalWithResponse(arg0 context.Context, arg1, arg2 string, arg3 ...auth.RequestEditorFn) (*auth.GetUserExternalPrincipalResponse, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1, arg2} + for _, a := range arg3 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "GetUserExternalPrincipalWithResponse", varargs...) + ret0, _ := ret[0].(*auth.GetUserExternalPrincipalResponse) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetUserExternalPrincipalWithResponse indicates an expected call of GetUserExternalPrincipalWithResponse. +func (mr *MockClientWithResponsesInterfaceMockRecorder) GetUserExternalPrincipalWithResponse(arg0, arg1, arg2 interface{}, arg3 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1, arg2}, arg3...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetUserExternalPrincipalWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).GetUserExternalPrincipalWithResponse), varargs...) +} + // GetUserWithResponse mocks base method. func (m *MockClientWithResponsesInterface) GetUserWithResponse(arg0 context.Context, arg1 string, arg2 ...auth.RequestEditorFn) (*auth.GetUserResponse, error) { m.ctrl.T.Helper() @@ -636,26 +616,6 @@ func (mr *MockClientWithResponsesInterfaceMockRecorder) HealthCheckWithResponse( return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HealthCheckWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).HealthCheckWithResponse), varargs...) } -// ListExternalPrincipalsWithResponse mocks base method. -func (m *MockClientWithResponsesInterface) ListExternalPrincipalsWithResponse(arg0 context.Context, arg1 *auth.ListExternalPrincipalsParams, arg2 ...auth.RequestEditorFn) (*auth.ListExternalPrincipalsResponse, error) { - m.ctrl.T.Helper() - varargs := []interface{}{arg0, arg1} - for _, a := range arg2 { - varargs = append(varargs, a) - } - ret := m.ctrl.Call(m, "ListExternalPrincipalsWithResponse", varargs...) - ret0, _ := ret[0].(*auth.ListExternalPrincipalsResponse) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// ListExternalPrincipalsWithResponse indicates an expected call of ListExternalPrincipalsWithResponse. -func (mr *MockClientWithResponsesInterfaceMockRecorder) ListExternalPrincipalsWithResponse(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - varargs := append([]interface{}{arg0, arg1}, arg2...) - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListExternalPrincipalsWithResponse", reflect.TypeOf((*MockClientWithResponsesInterface)(nil).ListExternalPrincipalsWithResponse), varargs...) -} - // ListGroupMembersWithResponse mocks base method. func (m *MockClientWithResponsesInterface) ListGroupMembersWithResponse(arg0 context.Context, arg1 string, arg2 *auth.ListGroupMembersParams, arg3 ...auth.RequestEditorFn) (*auth.ListGroupMembersResponse, error) { m.ctrl.T.Helper() diff --git a/pkg/auth/model/model.go b/pkg/auth/model/model.go index 336487e0c3f..deed047351d 100644 --- a/pkg/auth/model/model.go +++ b/pkg/auth/model/model.go @@ -200,8 +200,8 @@ type CredentialKeys struct { } type ExternalPrincipal struct { - ID string `db:"id"` - Username string `db:"username"` + ID string `db:"id"` + UserID string `db:"user_id"` } func (u *User) UpdatePassword(password string) error { diff --git a/pkg/auth/service.go b/pkg/auth/service.go index f82425d5e1c..3696c5108f9 100644 --- a/pkg/auth/service.go +++ b/pkg/auth/service.go @@ -79,11 +79,10 @@ type EmailInviter interface { type ExternalPrincipalsService interface { IsExternalPrincipalsEnabled(ctx context.Context) bool - CreateExternalPrincipal(ctx context.Context, externalPrincipalID, username string) error - DeleteExternalPrincipalFromUser(ctx context.Context, externalPrincipalID string) error - GetExternalPrincipal(ctx context.Context, externalPrincipalID string) (*model.ExternalPrincipal, error) - ListExternalPrincipals(ctx context.Context, params *model.PaginationParams) ([]string, *model.Paginator, error) - ListUserExternalPrincipals(ctx context.Context, username string, params *model.PaginationParams) ([]string, *model.Paginator, error) + CreateUserExternalPrincipal(ctx context.Context, userID, principalID string) error + DeleteUserExternalPrincipal(ctx context.Context, userID, principalID string) error + GetUserExternalPrincipal(ctx context.Context, userID, principalID string) (*model.ExternalPrincipal, error) + ListUserExternalPrincipals(ctx context.Context, userID string, params *model.PaginationParams) ([]*model.ExternalPrincipal, *model.Paginator, error) } type Service interface { @@ -1117,19 +1116,17 @@ func claimTokenIDOnce(ctx context.Context, tokenID string, expiresAt int64, mark func (s *AuthService) IsExternalPrincipalsEnabled(ctx context.Context) bool { return false } -func (s *AuthService) CreateExternalPrincipal(ctx context.Context, externalPrincipalID, username string) error { +func (s *AuthService) CreateUserExternalPrincipal(ctx context.Context, userID, principalID string) error { return ErrNotImplemented } -func (s *AuthService) DeleteExternalPrincipalFromUser(ctx context.Context, externalPrincipalID string) error { + +func (s *AuthService) DeleteUserExternalPrincipal(ctx context.Context, userID, principalID string) error { return ErrNotImplemented } -func (s *AuthService) GetExternalPrincipal(ctx context.Context, externalPrincipalID string) (*model.ExternalPrincipal, error) { +func (s *AuthService) GetUserExternalPrincipal(ctx context.Context, userID, principalID string) (*model.ExternalPrincipal, error) { return nil, ErrNotImplemented } -func (s *AuthService) ListExternalPrincipals(ctx context.Context, params *model.PaginationParams) ([]string, *model.Paginator, error) { - return nil, nil, ErrNotImplemented -} -func (s *AuthService) ListUserExternalPrincipals(ctx context.Context, username string, params *model.PaginationParams) ([]string, *model.Paginator, error) { +func (s *AuthService) ListUserExternalPrincipals(ctx context.Context, userID string, params *model.PaginationParams) ([]*model.ExternalPrincipal, *model.Paginator, error) { return nil, nil, ErrNotImplemented } @@ -1968,15 +1965,12 @@ func (a *APIAuthService) CheckHealth(ctx context.Context, logger logging.Logger, func (a *APIAuthService) IsExternalPrincipalsEnabled(ctx context.Context) bool { return a.externalPrincipalseEnabled } -func (a *APIAuthService) CreateExternalPrincipal(ctx context.Context, externalPrincipalID, username string) error { +func (a *APIAuthService) CreateUserExternalPrincipal(ctx context.Context, userID, principalID string) error { if !a.IsExternalPrincipalsEnabled(ctx) { return fmt.Errorf("not enabled: %w", ErrInvalidRequest) } - resp, err := a.apiClient.CreateExternalPrincipalWithResponse(ctx, CreateExternalPrincipalJSONRequestBody{ - Id: externalPrincipalID, - UserId: username, - }) + resp, err := a.apiClient.CreateUserExternalPrincipalWithResponse(ctx, userID, principalID) if err != nil { return fmt.Errorf("create principal: %w", err) @@ -1985,22 +1979,22 @@ func (a *APIAuthService) CreateExternalPrincipal(ctx context.Context, externalPr return a.validateResponse(resp, http.StatusCreated) } -func (a *APIAuthService) DeleteExternalPrincipalFromUser(ctx context.Context, externalPrincipalID string) error { +func (a *APIAuthService) DeleteUserExternalPrincipal(ctx context.Context, userID, principalID string) error { if !a.IsExternalPrincipalsEnabled(ctx) { return fmt.Errorf("not enabled: %w", ErrInvalidRequest) } - resp, err := a.apiClient.DeleteExternalPrincipalFromUserWithResponse(ctx, externalPrincipalID) + resp, err := a.apiClient.DeleteUserExternalPrincipalWithResponse(ctx, userID, principalID) if err != nil { return fmt.Errorf("delete external principal: %w", err) } return a.validateResponse(resp, http.StatusNoContent) } -func (a *APIAuthService) GetExternalPrincipal(ctx context.Context, externalPrincipalID string) (*model.ExternalPrincipal, error) { +func (a *APIAuthService) GetUserExternalPrincipal(ctx context.Context, userID, principalID string) (*model.ExternalPrincipal, error) { if !a.IsExternalPrincipalsEnabled(ctx) { return nil, fmt.Errorf("not enabled: %w", ErrInvalidRequest) } - resp, err := a.apiClient.GetExternalPrincipalWithResponse(ctx, externalPrincipalID) + resp, err := a.apiClient.GetUserExternalPrincipalWithResponse(ctx, userID, principalID) if err != nil { return nil, fmt.Errorf("get external principal: %w", err) } @@ -2008,46 +2002,35 @@ func (a *APIAuthService) GetExternalPrincipal(ctx context.Context, externalPrinc return nil, err } return &model.ExternalPrincipal{ - ID: resp.JSON200.Id, - Username: resp.JSON200.UserId, + ID: resp.JSON200.Id, + UserID: resp.JSON200.UserId, }, nil } -func (a *APIAuthService) ListExternalPrincipals(ctx context.Context, params *model.PaginationParams) ([]string, *model.Paginator, error) { +func (a *APIAuthService) ListUserExternalPrincipals(ctx context.Context, userID string, params *model.PaginationParams) ([]*model.ExternalPrincipal, *model.Paginator, error) { if !a.IsExternalPrincipalsEnabled(ctx) { return nil, nil, fmt.Errorf("not enabled: %w", ErrInvalidRequest) } - resp, err := a.apiClient.ListExternalPrincipalsWithResponse(ctx, &ListExternalPrincipalsParams{ + resp, err := a.apiClient.ListUserExternalPrincipalsWithResponse(ctx, userID, &ListUserExternalPrincipalsParams{ Prefix: paginationPrefix(params.Prefix), After: paginationAfter(params.After), Amount: paginationAmount(params.Amount), }) if err != nil { - return nil, nil, fmt.Errorf("list external principals: %w", err) + return nil, nil, fmt.Errorf("list user external principals: %w", err) } if err := a.validateResponse(resp, http.StatusOK); err != nil { return nil, nil, err } - return resp.JSON200.Results, toPagination(resp.JSON200.Pagination), nil -} - -func (a *APIAuthService) ListUserExternalPrincipals(ctx context.Context, username string, params *model.PaginationParams) ([]string, *model.Paginator, error) { - if !a.IsExternalPrincipalsEnabled(ctx) { - return nil, nil, fmt.Errorf("not enabled: %w", ErrInvalidRequest) - } - resp, err := a.apiClient.ListUserExternalPrincipalsWithResponse(ctx, username, &ListUserExternalPrincipalsParams{ - Prefix: paginationPrefix(params.Prefix), - After: paginationAfter(params.After), - Amount: paginationAmount(params.Amount), - }) - if err != nil { - return nil, nil, fmt.Errorf("list user external principals: %w", err) - } - if err := a.validateResponse(resp, http.StatusOK); err != nil { - return nil, nil, err + principals := make([]*model.ExternalPrincipal, len(resp.JSON200.Results)) + for i, p := range resp.JSON200.Results { + principals[i] = &model.ExternalPrincipal{ + ID: p.Id, + UserID: p.UserId, + } } - return resp.JSON200.Results, toPagination(resp.JSON200.Pagination), nil + return principals, toPagination(resp.JSON200.Pagination), nil } func NewAPIAuthService(apiEndpoint, token string, externalPrincipalseEnabled bool, secretStore crypt.SecretStore, cacheConf params.ServiceCache, logger logging.Logger) (*APIAuthService, error) { @@ -2118,7 +2101,7 @@ func groupIDOrDisplayName(group Group) string { return group.Name } -func NewAPIAuthServiceWithClient(client ClientWithResponsesInterface, secretStore crypt.SecretStore, cacheConf params.ServiceCache, logger logging.Logger) (*APIAuthService, error) { +func NewAPIAuthServiceWithClient(client ClientWithResponsesInterface, externalPrincipalseEnabled bool, secretStore crypt.SecretStore, cacheConf params.ServiceCache, logger logging.Logger) (*APIAuthService, error) { var cache Cache if cacheConf.Enabled { cache = NewLRUCache(cacheConf.Size, cacheConf.TTL, cacheConf.Jitter) @@ -2126,9 +2109,10 @@ func NewAPIAuthServiceWithClient(client ClientWithResponsesInterface, secretStor cache = &DummyCache{} } return &APIAuthService{ - apiClient: client, - secretStore: secretStore, - cache: cache, - logger: logger, + apiClient: client, + secretStore: secretStore, + cache: cache, + logger: logger, + externalPrincipalseEnabled: externalPrincipalseEnabled, }, nil } diff --git a/pkg/auth/service_test.go b/pkg/auth/service_test.go index 41389c569d1..73c0ae73903 100644 --- a/pkg/auth/service_test.go +++ b/pkg/auth/service_test.go @@ -1120,7 +1120,7 @@ func NewTestApiService(t *testing.T, withCache bool) (*mock.MockClientWithRespon cacheParams.TTL = time.Minute cacheParams.Jitter = time.Minute } - s, err := auth.NewAPIAuthServiceWithClient(mockClient, secretStore, cacheParams, logging.ContextUnavailable()) + s, err := auth.NewAPIAuthServiceWithClient(mockClient, true, secretStore, cacheParams, logging.ContextUnavailable()) if err != nil { t.Fatalf("failed initiating API service with mock") } @@ -2605,3 +2605,141 @@ func TestAPIAuthService_AddCredentials(t *testing.T) { }) } } + +func TestAPIAuthService_CreateUserExternalPrincipal(t *testing.T) { + mockClient, s := NewTestApiService(t, false) + + tests := []struct { + name string + userID string + principalID string + responseStatusCode int + expectedErr error + }{ + { + name: "successful_principal1", + userID: "user1", + principalID: "arn:aws:sts::123:assumed-role/MyRole/SessionName", + responseStatusCode: http.StatusCreated, + }, + { + name: "successful_principal2", + userID: "user1", + principalID: "arn:aws:sts::456:assumed-role/OtherRole", + responseStatusCode: http.StatusCreated, + }, + { + name: "err_existing_principal", + userID: "user2", + principalID: "arn:aws:sts::456:assumed-role/OtherRole", + responseStatusCode: http.StatusConflict, + expectedErr: auth.ErrAlreadyExists, + }, + { + name: "successful_principal3", + userID: "user2", + principalID: "arn:aws:sts::456:assumed-role/Principal3", + responseStatusCode: http.StatusCreated, + }, + { + name: "err_no_such_user", + userID: "no-user", + principalID: "arn:aws:sts::456:assumed-role/Principal3", + responseStatusCode: http.StatusNotFound, + expectedErr: auth.ErrNotFound, + }, + } + for _, tt := range tests { + t.Run(tt.userID, func(t *testing.T) { + ctx := context.Background() + response := &auth.CreateUserExternalPrincipalResponse{ + HTTPResponse: &http.Response{ + StatusCode: tt.responseStatusCode, + }, + } + mockClient.EXPECT().CreateUserExternalPrincipalWithResponse(gomock.Any(), tt.userID, tt.principalID).Return(response, nil) + err := s.CreateUserExternalPrincipal(ctx, tt.userID, tt.principalID) + if !errors.Is(err, tt.expectedErr) { + t.Fatalf("CreateUserExternalPrincipal: expected err: %v got: %v", tt.expectedErr, err) + } + if err != nil { + return + } + }) + } +} +func TestAPIAuthService_ReusePrincipalAfterDelete(t *testing.T) { + mockClient, s := NewTestApiService(t, false) + userA := "user_a" + userB := "user_b" + principalId := "arn:aws:sts::123:assumed-role/MyRole/SessionName" + ctx := context.Background() + + // create principal A for user1 + mockClient.EXPECT().CreateUserExternalPrincipalWithResponse(gomock.Any(), userA, principalId).Return(&auth.CreateUserExternalPrincipalResponse{ + HTTPResponse: &http.Response{ + StatusCode: http.StatusCreated, + }, + }, nil) + err := s.CreateUserExternalPrincipal(ctx, userA, principalId) + require.NoErrorf(t, err, "creating initial principal for user %s", userA) + + // delete principal A for user1 + mockClient.EXPECT().DeleteUserExternalPrincipalWithResponse(gomock.Any(), userA, principalId).Return(&auth.DeleteUserExternalPrincipalResponse{ + HTTPResponse: &http.Response{ + StatusCode: http.StatusNoContent, + }, + }, nil) + err = s.DeleteUserExternalPrincipal(ctx, userA, principalId) + require.NoErrorf(t, err, "deleting principal for user %s", userA) + + // re-use principal A again for user2 + mockClient.EXPECT().CreateUserExternalPrincipalWithResponse(gomock.Any(), userB, principalId).Return(&auth.CreateUserExternalPrincipalResponse{ + HTTPResponse: &http.Response{ + StatusCode: http.StatusCreated, + }, + }, nil) + err = s.CreateUserExternalPrincipal(ctx, userB, principalId) + require.NoErrorf(t, err, "re-using principal for user %s", userB) +} + +func TestAPIAuthService_DeleteExternalPrincipalAttachedToUserDelete(t *testing.T) { + mockClient, s := NewTestApiService(t, false) + userId := "user" + principalId := "arn:aws:sts::123:assumed-role/MyRole/SessionName" + ctx := context.Background() + + // create userA and principalA + mockClient.EXPECT().CreateUserExternalPrincipalWithResponse(gomock.Any(), userId, principalId).Return(&auth.CreateUserExternalPrincipalResponse{ + HTTPResponse: &http.Response{ + StatusCode: http.StatusCreated, + }, + }, nil) + err := s.CreateUserExternalPrincipal(ctx, userId, principalId) + require.NoError(t, err) + + // delete user A + mockClient.EXPECT().DeleteUserWithResponse(gomock.Any(), userId).Return(&auth.DeleteUserResponse{ + HTTPResponse: &http.Response{ + StatusCode: http.StatusNoContent, + }, + }) + err = s.DeleteUser(ctx, userId) + require.NoError(t, err) + + // get principalA and expect error + mockClient.EXPECT().GetUserExternalPrincipalWithResponse(gomock.Any(), userId, gomock.Any()).Return(&auth.GetUserExternalPrincipalResponse{ + HTTPResponse: &http.Response{ + StatusCode: http.StatusNotFound, + }, + }, &auth.ErrNotFound) + + _, err = s.GetUserExternalPrincipal(ctx, userId, principalId) + require.Errorf(t, err, "principal should not exist if a user is deleted") +} + +// func TestAPIAuthService_ListUserExternalPrincipals(t *testing.T) { +// mockClient, s := NewTestApiService(t, false) +// users := []string{"u1", "u2", "u3", "u4", "u5", "u6", "u7", "u8", "u9", "u10"} + +// } diff --git a/pkg/config/config.go b/pkg/config/config.go index 3b364640371..146c05276d3 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -521,6 +521,11 @@ func (c *Config) IsAuthUISimplified() bool { func (c *Config) IsAuthTypeAPI() bool { return c.Auth.API.Endpoint != "" } +func (c *Config) IsExternalPrincipalsEnabled() bool { + // IsAuthTypeAPI must be true since the local auth service doesnt support external principals + // ExternalPrincipalsEnabled indicates that the remote auth service enables external principals support since its optional extension + return c.IsAuthTypeAPI() && c.Auth.RemoteAuthenticator.ExternalPrincipalsEnabled +} func (c *Config) UISnippets() []apiparams.CodeSnippet { snippets := make([]apiparams.CodeSnippet, 0, len(c.UI.Snippets)) diff --git a/pkg/permissions/actions.gen.go b/pkg/permissions/actions.gen.go index 12a31286093..55b91257cd5 100644 --- a/pkg/permissions/actions.gen.go +++ b/pkg/permissions/actions.gen.go @@ -52,8 +52,6 @@ var Actions = []string{ "auth:ListCredentials", "auth:CreateUserExternalPrincipal", "auth:DeleteUserExternalPrincipal", - "auth:ListUserExternalPrincipals", - "auth:ReadUserExternalPrincipal", "ci:ReadAction", "retention:PrepareGarbageCollectionCommits", "retention:GetGarbageCollectionRules", diff --git a/pkg/permissions/actions.go b/pkg/permissions/actions.go index 0b18a64e31d..c495cfd16da 100644 --- a/pkg/permissions/actions.go +++ b/pkg/permissions/actions.go @@ -63,8 +63,6 @@ const ( ListCredentialsAction = "auth:ListCredentials" //nolint:gosec CreateUserExternalPrincipalAction = "auth:CreateUserExternalPrincipal" DeleteUserExternalPrincipalAction = "auth:DeleteUserExternalPrincipal" - ListUserExternalPrincipalsAction = "auth:ListUserExternalPrincipals" - ReadUserExternalPrincipalAction = "auth:ReadUserExternalPrincipal" ReadActionsAction = "ci:ReadAction" PrepareGarbageCollectionCommitsAction = "retention:PrepareGarbageCollectionCommits" GetGarbageCollectionRulesAction = "retention:GetGarbageCollectionRules" From 8ecf161944df82bbd8348680d52f25e81f5e9bb7 Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Tue, 12 Mar 2024 16:19:12 +0200 Subject: [PATCH 18/21] remove test --- pkg/auth/service_test.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/pkg/auth/service_test.go b/pkg/auth/service_test.go index 73c0ae73903..21d895c1854 100644 --- a/pkg/auth/service_test.go +++ b/pkg/auth/service_test.go @@ -2737,9 +2737,3 @@ func TestAPIAuthService_DeleteExternalPrincipalAttachedToUserDelete(t *testing.T _, err = s.GetUserExternalPrincipal(ctx, userId, principalId) require.Errorf(t, err, "principal should not exist if a user is deleted") } - -// func TestAPIAuthService_ListUserExternalPrincipals(t *testing.T) { -// mockClient, s := NewTestApiService(t, false) -// users := []string{"u1", "u2", "u3", "u4", "u5", "u6", "u7", "u8", "u9", "u10"} - -// } From 2b690e25d47a6c7682c35b55ae002b3d5f6a2366 Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Wed, 13 Mar 2024 15:49:54 +0200 Subject: [PATCH 19/21] fix unitest --- pkg/auth/service_test.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pkg/auth/service_test.go b/pkg/auth/service_test.go index 21d895c1854..85aa1dd5dd8 100644 --- a/pkg/auth/service_test.go +++ b/pkg/auth/service_test.go @@ -2723,16 +2723,16 @@ func TestAPIAuthService_DeleteExternalPrincipalAttachedToUserDelete(t *testing.T HTTPResponse: &http.Response{ StatusCode: http.StatusNoContent, }, - }) + }, nil) err = s.DeleteUser(ctx, userId) require.NoError(t, err) - // get principalA and expect error - mockClient.EXPECT().GetUserExternalPrincipalWithResponse(gomock.Any(), userId, gomock.Any()).Return(&auth.GetUserExternalPrincipalResponse{ - HTTPResponse: &http.Response{ - StatusCode: http.StatusNotFound, - }, - }, &auth.ErrNotFound) + mockClient.EXPECT().GetUserExternalPrincipalWithResponse(gomock.Any(), userId, gomock.Any()).Return( + &auth.GetUserExternalPrincipalResponse{ + HTTPResponse: &http.Response{ + StatusCode: http.StatusNotFound, + }, + }, auth.ErrNotFound) _, err = s.GetUserExternalPrincipal(ctx, userId, principalId) require.Errorf(t, err, "principal should not exist if a user is deleted") From 3ffb2073e38d28fec4e19f0f156bf1dd49897854 Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Thu, 14 Mar 2024 13:46:39 +0200 Subject: [PATCH 20/21] update check for support --- pkg/api/controller.go | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/pkg/api/controller.go b/pkg/api/controller.go index 6e6579a90b3..8591c951148 100644 --- a/pkg/api/controller.go +++ b/pkg/api/controller.go @@ -5237,7 +5237,7 @@ func (c *Controller) GetUsageReportSummary(w http.ResponseWriter, r *http.Reques func (c *Controller) CreateUserExternalPrincipal(w http.ResponseWriter, r *http.Request, body apigen.CreateUserExternalPrincipalJSONRequestBody, userID, principalID string) { ctx := r.Context() - if c.Config.IsAuthUISimplified() || !c.Auth.IsExternalPrincipalsEnabled(ctx) { + if c.isExternalPrincipalNotSupported(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5261,7 +5261,7 @@ func (c *Controller) CreateUserExternalPrincipal(w http.ResponseWriter, r *http. func (c *Controller) DeleteUserExternalPrincipal(w http.ResponseWriter, r *http.Request, userID, principalID string) { ctx := r.Context() - if c.Config.IsAuthUISimplified() || !c.Auth.IsExternalPrincipalsEnabled(ctx) { + if c.isExternalPrincipalNotSupported(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5283,7 +5283,7 @@ func (c *Controller) DeleteUserExternalPrincipal(w http.ResponseWriter, r *http. func (c *Controller) GetUserExternalPrincipal(w http.ResponseWriter, r *http.Request, userID, principalID string) { ctx := r.Context() - if c.Config.IsAuthUISimplified() || !c.Auth.IsExternalPrincipalsEnabled(ctx) { + if c.isExternalPrincipalNotSupported(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5310,7 +5310,7 @@ func (c *Controller) GetUserExternalPrincipal(w http.ResponseWriter, r *http.Req func (c *Controller) ListUserExternalPrincipals(w http.ResponseWriter, r *http.Request, userID string, params apigen.ListUserExternalPrincipalsParams) { ctx := r.Context() - if c.Config.IsAuthUISimplified() || !c.Auth.IsExternalPrincipalsEnabled(ctx) { + if c.isExternalPrincipalNotSupported(ctx) { writeError(w, r, http.StatusNotImplemented, "Not implemented") return } @@ -5352,3 +5352,8 @@ func (c *Controller) ListUserExternalPrincipals(w http.ResponseWriter, r *http.R } writeResponse(w, r, http.StatusOK, response) } + +func (c *Controller) isExternalPrincipalNotSupported(ctx context.Context) bool { + // if IsAuthUISimplified true then it means the user not using RBAC model + return c.Config.IsAuthUISimplified() || !c.Auth.IsExternalPrincipalsEnabled(ctx) +} From 7600075938d560a4479af03b00334265d3c49ed0 Mon Sep 17 00:00:00 2001 From: Isan Rivkin Date: Thu, 14 Mar 2024 17:51:41 +0200 Subject: [PATCH 21/21] update review comments --- api/swagger.yml | 8 +++++--- clients/java-legacy/README.md | 6 +++--- clients/java-legacy/api/openapi.yaml | 10 ++++++++-- clients/java-legacy/docs/AuthApi.md | 5 +++-- clients/java-legacy/docs/ExperimentalApi.md | 5 +++-- clients/java-legacy/docs/ExternalApi.md | 5 +++-- clients/java-legacy/docs/ExternalPrincipal.md | 2 +- .../main/java/io/lakefs/clients/api/AuthApi.java | 10 +++++++--- .../io/lakefs/clients/api/ExperimentalApi.java | 10 +++++++--- .../java/io/lakefs/clients/api/ExternalApi.java | 10 +++++++--- .../clients/api/model/ExternalPrincipal.java | 4 ++-- .../java/io/lakefs/clients/api/AuthApiTest.java | 2 +- .../lakefs/clients/api/ExperimentalApiTest.java | 2 +- .../io/lakefs/clients/api/ExternalApiTest.java | 2 +- clients/java/README.md | 6 +++--- clients/java/api/openapi.yaml | 10 ++++++++-- clients/java/docs/AuthApi.md | 5 +++-- clients/java/docs/ExperimentalApi.md | 5 +++-- clients/java/docs/ExternalApi.md | 5 +++-- clients/java/docs/ExternalPrincipal.md | 2 +- .../main/java/io/lakefs/clients/sdk/AuthApi.java | 7 ++++++- .../io/lakefs/clients/sdk/ExperimentalApi.java | 7 ++++++- .../java/io/lakefs/clients/sdk/ExternalApi.java | 7 ++++++- .../clients/sdk/model/ExternalPrincipal.java | 2 +- .../java/io/lakefs/clients/sdk/AuthApiTest.java | 2 +- .../lakefs/clients/sdk/ExperimentalApiTest.java | 2 +- .../io/lakefs/clients/sdk/ExternalApiTest.java | 2 +- clients/python-legacy/README.md | 6 +++--- clients/python-legacy/docs/AuthApi.md | 9 +++++---- clients/python-legacy/docs/ExperimentalApi.md | 9 +++++---- clients/python-legacy/docs/ExternalApi.md | 9 +++++---- clients/python-legacy/docs/ExternalPrincipal.md | 2 +- .../python-legacy/lakefs_client/api/auth_api.py | 2 +- .../lakefs_client/api/experimental_api.py | 2 +- .../lakefs_client/api/external_api.py | 2 +- .../lakefs_client/model/external_principal.py | 4 ++-- clients/python-legacy/test/test_auth_api.py | 2 +- .../python-legacy/test/test_experimental_api.py | 2 +- clients/python-legacy/test/test_external_api.py | 2 +- clients/python/README.md | 6 +++--- clients/python/docs/AuthApi.md | 7 ++++--- clients/python/docs/ExperimentalApi.md | 7 ++++--- clients/python/docs/ExternalApi.md | 7 ++++--- clients/python/docs/ExternalPrincipal.md | 2 +- clients/python/lakefs_sdk/api/auth_api.py | 4 ++-- .../python/lakefs_sdk/api/experimental_api.py | 4 ++-- clients/python/lakefs_sdk/api/external_api.py | 4 ++-- .../lakefs_sdk/models/external_principal.py | 2 +- clients/python/test/test_auth_api.py | 2 +- clients/python/test/test_experimental_api.py | 2 +- clients/python/test/test_external_api.py | 2 +- docs/assets/js/swagger.yml | 8 +++++--- docs/reference/configuration.md | 1 + pkg/auth/model/model.go | 7 +++++-- pkg/auth/service.go | 16 ++++++++++------ 55 files changed, 169 insertions(+), 106 deletions(-) diff --git a/api/swagger.yml b/api/swagger.yml index c40d74fd253..bb14777143d 100644 --- a/api/swagger.yml +++ b/api/swagger.yml @@ -1632,6 +1632,7 @@ components: required: - installation_id - reports + ExternalPrincipalList: type: object required: @@ -1664,7 +1665,7 @@ components: properties: id: type: string - description: A unique identifier for the external principal + description: A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name user_id: type: string description: | @@ -2465,6 +2466,8 @@ paths: $ref: "#/components/responses/Unauthorized" 404: $ref: "#/components/responses/NotFound" + 409: + $ref: "#/components/responses/Conflict" 420: description: too many requests default: @@ -2526,9 +2529,8 @@ paths: - $ref: "#/components/parameters/PaginationPrefix" - $ref: "#/components/parameters/PaginationAfter" - $ref: "#/components/parameters/PaginationAmount" - description: will return all external principals id attached to the user operationId: listUserExternalPrincipals - summary: list user external policies + summary: list user external policies attached to a user responses: 200: description: external principals list diff --git a/clients/java-legacy/README.md b/clients/java-legacy/README.md index f5a0539fc86..283c01eedb0 100644 --- a/clients/java-legacy/README.md +++ b/clients/java-legacy/README.md @@ -167,7 +167,7 @@ Class | Method | HTTP request | Description *AuthApi* | [**listGroups**](docs/AuthApi.md#listGroups) | **GET** /auth/groups | list groups *AuthApi* | [**listPolicies**](docs/AuthApi.md#listPolicies) | **GET** /auth/policies | list policies *AuthApi* | [**listUserCredentials**](docs/AuthApi.md#listUserCredentials) | **GET** /auth/users/{userId}/credentials | list user credentials -*AuthApi* | [**listUserExternalPrincipals**](docs/AuthApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*AuthApi* | [**listUserExternalPrincipals**](docs/AuthApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user *AuthApi* | [**listUserGroups**](docs/AuthApi.md#listUserGroups) | **GET** /auth/users/{userId}/groups | list user groups *AuthApi* | [**listUserPolicies**](docs/AuthApi.md#listUserPolicies) | **GET** /auth/users/{userId}/policies | list user policies *AuthApi* | [**listUsers**](docs/AuthApi.md#listUsers) | **GET** /auth/users | list users @@ -192,11 +192,11 @@ Class | Method | HTTP request | Description *ExperimentalApi* | [**deleteUserExternalPrincipal**](docs/ExperimentalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user *ExperimentalApi* | [**getUserExternalPrincipal**](docs/ExperimentalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user *ExperimentalApi* | [**hardResetBranch**](docs/ExperimentalApi.md#hardResetBranch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch -*ExperimentalApi* | [**listUserExternalPrincipals**](docs/ExperimentalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*ExperimentalApi* | [**listUserExternalPrincipals**](docs/ExperimentalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user *ExternalApi* | [**createUserExternalPrincipal**](docs/ExternalApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user *ExternalApi* | [**deleteUserExternalPrincipal**](docs/ExternalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user *ExternalApi* | [**getUserExternalPrincipal**](docs/ExternalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user -*ExternalApi* | [**listUserExternalPrincipals**](docs/ExternalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*ExternalApi* | [**listUserExternalPrincipals**](docs/ExternalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user *HealthCheckApi* | [**healthCheck**](docs/HealthCheckApi.md#healthCheck) | **GET** /healthcheck | *ImportApi* | [**importCancel**](docs/ImportApi.md#importCancel) | **DELETE** /repositories/{repository}/branches/{branch}/import | cancel ongoing import *ImportApi* | [**importStart**](docs/ImportApi.md#importStart) | **POST** /repositories/{repository}/branches/{branch}/import | import data from object store diff --git a/clients/java-legacy/api/openapi.yaml b/clients/java-legacy/api/openapi.yaml index 4b84ab9f486..4a5a6a1d592 100644 --- a/clients/java-legacy/api/openapi.yaml +++ b/clients/java-legacy/api/openapi.yaml @@ -1513,6 +1513,12 @@ paths: schema: $ref: '#/components/schemas/Error' description: Resource Not Found + "409": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Resource Conflicts With Target "420": description: too many requests default: @@ -1593,7 +1599,7 @@ paths: schema: $ref: '#/components/schemas/Error' description: Internal Server Error - summary: list user external policies + summary: list user external policies attached to a user tags: - auth - external @@ -9011,7 +9017,7 @@ components: id: id properties: id: - description: A unique identifier for the external principal + description: A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name type: string user_id: description: | diff --git a/clients/java-legacy/docs/AuthApi.md b/clients/java-legacy/docs/AuthApi.md index 0a41ad46c37..fff5b7ebc57 100644 --- a/clients/java-legacy/docs/AuthApi.md +++ b/clients/java-legacy/docs/AuthApi.md @@ -32,7 +32,7 @@ Method | HTTP request | Description [**listGroups**](AuthApi.md#listGroups) | **GET** /auth/groups | list groups [**listPolicies**](AuthApi.md#listPolicies) | **GET** /auth/policies | list policies [**listUserCredentials**](AuthApi.md#listUserCredentials) | **GET** /auth/users/{userId}/credentials | list user credentials -[**listUserExternalPrincipals**](AuthApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies +[**listUserExternalPrincipals**](AuthApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user [**listUserGroups**](AuthApi.md#listUserGroups) | **GET** /auth/users/{userId}/groups | list user groups [**listUserPolicies**](AuthApi.md#listUserPolicies) | **GET** /auth/users/{userId}/policies | list user policies [**listUsers**](AuthApi.md#listUsers) | **GET** /auth/users | list users @@ -782,6 +782,7 @@ null (empty response body) **201** | external principal attached successfully | - | **401** | Unauthorized | - | **404** | Resource Not Found | - | +**409** | Resource Conflicts With Target | - | **420** | too many requests | - | **0** | Internal Server Error | - | @@ -2650,7 +2651,7 @@ Name | Type | Description | Notes # **listUserExternalPrincipals** > ExternalPrincipalList listUserExternalPrincipals(userId, prefix, after, amount) -list user external policies +list user external policies attached to a user ### Example ```java diff --git a/clients/java-legacy/docs/ExperimentalApi.md b/clients/java-legacy/docs/ExperimentalApi.md index b28d54c2d8a..a4d891638f7 100644 --- a/clients/java-legacy/docs/ExperimentalApi.md +++ b/clients/java-legacy/docs/ExperimentalApi.md @@ -11,7 +11,7 @@ Method | HTTP request | Description [**deleteUserExternalPrincipal**](ExperimentalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user [**getUserExternalPrincipal**](ExperimentalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user [**hardResetBranch**](ExperimentalApi.md#hardResetBranch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch -[**listUserExternalPrincipals**](ExperimentalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies +[**listUserExternalPrincipals**](ExperimentalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user @@ -413,6 +413,7 @@ null (empty response body) **201** | external principal attached successfully | - | **401** | Unauthorized | - | **404** | Resource Not Found | - | +**409** | Resource Conflicts With Target | - | **420** | too many requests | - | **0** | Internal Server Error | - | @@ -708,7 +709,7 @@ null (empty response body) # **listUserExternalPrincipals** > ExternalPrincipalList listUserExternalPrincipals(userId, prefix, after, amount) -list user external policies +list user external policies attached to a user ### Example ```java diff --git a/clients/java-legacy/docs/ExternalApi.md b/clients/java-legacy/docs/ExternalApi.md index 89643e7af12..11a267baf24 100644 --- a/clients/java-legacy/docs/ExternalApi.md +++ b/clients/java-legacy/docs/ExternalApi.md @@ -7,7 +7,7 @@ Method | HTTP request | Description [**createUserExternalPrincipal**](ExternalApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user [**deleteUserExternalPrincipal**](ExternalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user [**getUserExternalPrincipal**](ExternalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user -[**listUserExternalPrincipals**](ExternalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies +[**listUserExternalPrincipals**](ExternalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user @@ -102,6 +102,7 @@ null (empty response body) **201** | external principal attached successfully | - | **401** | Unauthorized | - | **404** | Resource Not Found | - | +**409** | Resource Conflicts With Target | - | **420** | too many requests | - | **0** | Internal Server Error | - | @@ -296,7 +297,7 @@ Name | Type | Description | Notes # **listUserExternalPrincipals** > ExternalPrincipalList listUserExternalPrincipals(userId, prefix, after, amount) -list user external policies +list user external policies attached to a user ### Example ```java diff --git a/clients/java-legacy/docs/ExternalPrincipal.md b/clients/java-legacy/docs/ExternalPrincipal.md index b5966b42646..718d53279b5 100644 --- a/clients/java-legacy/docs/ExternalPrincipal.md +++ b/clients/java-legacy/docs/ExternalPrincipal.md @@ -7,7 +7,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**id** | **String** | A unique identifier for the external principal | +**id** | **String** | A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name | **userId** | **String** | lakeFS user ID to associate with an external principal. | **settings** | **List<Map<String, String>>** | | [optional] diff --git a/clients/java-legacy/src/main/java/io/lakefs/clients/api/AuthApi.java b/clients/java-legacy/src/main/java/io/lakefs/clients/api/AuthApi.java index 29d9e41d93d..0462a6231a3 100644 --- a/clients/java-legacy/src/main/java/io/lakefs/clients/api/AuthApi.java +++ b/clients/java-legacy/src/main/java/io/lakefs/clients/api/AuthApi.java @@ -996,6 +996,7 @@ public okhttp3.Call createUserAsync(UserCreation userCreation, final ApiCallback 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -1069,6 +1070,7 @@ private okhttp3.Call createUserExternalPrincipalValidateBeforeCall(String userId 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -1091,6 +1093,7 @@ public void createUserExternalPrincipal(String userId, String principalId, Exter 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -1115,6 +1118,7 @@ public ApiResponse createUserExternalPrincipalWithHttpInfo(String userId, 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -3862,7 +3866,7 @@ private okhttp3.Call listUserExternalPrincipalsValidateBeforeCall(String userId, } /** - * list user external policies + * list user external policies attached to a user * * @param userId (required) * @param prefix return items prefixed with this value (optional) @@ -3886,7 +3890,7 @@ public ExternalPrincipalList listUserExternalPrincipals(String userId, String pr } /** - * list user external policies + * list user external policies attached to a user * * @param userId (required) * @param prefix return items prefixed with this value (optional) @@ -3911,7 +3915,7 @@ public ApiResponse listUserExternalPrincipalsWithHttpInfo } /** - * list user external policies (asynchronously) + * list user external policies attached to a user (asynchronously) * * @param userId (required) * @param prefix return items prefixed with this value (optional) diff --git a/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExperimentalApi.java b/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExperimentalApi.java index a8028bdd48e..fecc4802c95 100644 --- a/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExperimentalApi.java +++ b/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExperimentalApi.java @@ -577,6 +577,7 @@ public okhttp3.Call createPresignMultipartUploadAsync(String repository, String 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -650,6 +651,7 @@ private okhttp3.Call createUserExternalPrincipalValidateBeforeCall(String userId 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -672,6 +674,7 @@ public void createUserExternalPrincipal(String userId, String principalId, Exter 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -696,6 +699,7 @@ public ApiResponse createUserExternalPrincipalWithHttpInfo(String userId, 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -1218,7 +1222,7 @@ private okhttp3.Call listUserExternalPrincipalsValidateBeforeCall(String userId, } /** - * list user external policies + * list user external policies attached to a user * * @param userId (required) * @param prefix return items prefixed with this value (optional) @@ -1242,7 +1246,7 @@ public ExternalPrincipalList listUserExternalPrincipals(String userId, String pr } /** - * list user external policies + * list user external policies attached to a user * * @param userId (required) * @param prefix return items prefixed with this value (optional) @@ -1267,7 +1271,7 @@ public ApiResponse listUserExternalPrincipalsWithHttpInfo } /** - * list user external policies (asynchronously) + * list user external policies attached to a user (asynchronously) * * @param userId (required) * @param prefix return items prefixed with this value (optional) diff --git a/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExternalApi.java b/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExternalApi.java index 0213d9c8a41..e31aeb9d8ad 100644 --- a/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExternalApi.java +++ b/clients/java-legacy/src/main/java/io/lakefs/clients/api/ExternalApi.java @@ -71,6 +71,7 @@ public void setApiClient(ApiClient apiClient) { 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -144,6 +145,7 @@ private okhttp3.Call createUserExternalPrincipalValidateBeforeCall(String userId 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -166,6 +168,7 @@ public void createUserExternalPrincipal(String userId, String principalId, Exter 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -190,6 +193,7 @@ public ApiResponse createUserExternalPrincipalWithHttpInfo(String userId, 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -549,7 +553,7 @@ private okhttp3.Call listUserExternalPrincipalsValidateBeforeCall(String userId, } /** - * list user external policies + * list user external policies attached to a user * * @param userId (required) * @param prefix return items prefixed with this value (optional) @@ -573,7 +577,7 @@ public ExternalPrincipalList listUserExternalPrincipals(String userId, String pr } /** - * list user external policies + * list user external policies attached to a user * * @param userId (required) * @param prefix return items prefixed with this value (optional) @@ -598,7 +602,7 @@ public ApiResponse listUserExternalPrincipalsWithHttpInfo } /** - * list user external policies (asynchronously) + * list user external policies attached to a user (asynchronously) * * @param userId (required) * @param prefix return items prefixed with this value (optional) diff --git a/clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipal.java b/clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipal.java index 176691165b8..d44e2c24f4e 100644 --- a/clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipal.java +++ b/clients/java-legacy/src/main/java/io/lakefs/clients/api/model/ExternalPrincipal.java @@ -52,11 +52,11 @@ public ExternalPrincipal id(String id) { } /** - * A unique identifier for the external principal + * A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name * @return id **/ @javax.annotation.Nonnull - @ApiModelProperty(required = true, value = "A unique identifier for the external principal") + @ApiModelProperty(required = true, value = "A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name") public String getId() { return id; diff --git a/clients/java-legacy/src/test/java/io/lakefs/clients/api/AuthApiTest.java b/clients/java-legacy/src/test/java/io/lakefs/clients/api/AuthApiTest.java index 43b7ba5edca..eab521fc4e3 100644 --- a/clients/java-legacy/src/test/java/io/lakefs/clients/api/AuthApiTest.java +++ b/clients/java-legacy/src/test/java/io/lakefs/clients/api/AuthApiTest.java @@ -496,7 +496,7 @@ public void listUserCredentialsTest() throws ApiException { } /** - * list user external policies + * list user external policies attached to a user * * * diff --git a/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExperimentalApiTest.java b/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExperimentalApiTest.java index 3a7b303b760..217096ab0e6 100644 --- a/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExperimentalApiTest.java +++ b/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExperimentalApiTest.java @@ -164,7 +164,7 @@ public void hardResetBranchTest() throws ApiException { } /** - * list user external policies + * list user external policies attached to a user * * * diff --git a/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExternalApiTest.java b/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExternalApiTest.java index 494b8d8ffc1..54c39eea4ee 100644 --- a/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExternalApiTest.java +++ b/clients/java-legacy/src/test/java/io/lakefs/clients/api/ExternalApiTest.java @@ -85,7 +85,7 @@ public void getUserExternalPrincipalTest() throws ApiException { } /** - * list user external policies + * list user external policies attached to a user * * * diff --git a/clients/java/README.md b/clients/java/README.md index 38b0e50eeed..fa6f8dfe512 100644 --- a/clients/java/README.md +++ b/clients/java/README.md @@ -175,7 +175,7 @@ Class | Method | HTTP request | Description *AuthApi* | [**listGroups**](docs/AuthApi.md#listGroups) | **GET** /auth/groups | list groups *AuthApi* | [**listPolicies**](docs/AuthApi.md#listPolicies) | **GET** /auth/policies | list policies *AuthApi* | [**listUserCredentials**](docs/AuthApi.md#listUserCredentials) | **GET** /auth/users/{userId}/credentials | list user credentials -*AuthApi* | [**listUserExternalPrincipals**](docs/AuthApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*AuthApi* | [**listUserExternalPrincipals**](docs/AuthApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user *AuthApi* | [**listUserGroups**](docs/AuthApi.md#listUserGroups) | **GET** /auth/users/{userId}/groups | list user groups *AuthApi* | [**listUserPolicies**](docs/AuthApi.md#listUserPolicies) | **GET** /auth/users/{userId}/policies | list user policies *AuthApi* | [**listUsers**](docs/AuthApi.md#listUsers) | **GET** /auth/users | list users @@ -200,11 +200,11 @@ Class | Method | HTTP request | Description *ExperimentalApi* | [**deleteUserExternalPrincipal**](docs/ExperimentalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user *ExperimentalApi* | [**getUserExternalPrincipal**](docs/ExperimentalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user *ExperimentalApi* | [**hardResetBranch**](docs/ExperimentalApi.md#hardResetBranch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch -*ExperimentalApi* | [**listUserExternalPrincipals**](docs/ExperimentalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*ExperimentalApi* | [**listUserExternalPrincipals**](docs/ExperimentalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user *ExternalApi* | [**createUserExternalPrincipal**](docs/ExternalApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user *ExternalApi* | [**deleteUserExternalPrincipal**](docs/ExternalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user *ExternalApi* | [**getUserExternalPrincipal**](docs/ExternalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user -*ExternalApi* | [**listUserExternalPrincipals**](docs/ExternalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*ExternalApi* | [**listUserExternalPrincipals**](docs/ExternalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user *HealthCheckApi* | [**healthCheck**](docs/HealthCheckApi.md#healthCheck) | **GET** /healthcheck | *ImportApi* | [**importCancel**](docs/ImportApi.md#importCancel) | **DELETE** /repositories/{repository}/branches/{branch}/import | cancel ongoing import *ImportApi* | [**importStart**](docs/ImportApi.md#importStart) | **POST** /repositories/{repository}/branches/{branch}/import | import data from object store diff --git a/clients/java/api/openapi.yaml b/clients/java/api/openapi.yaml index 336c6e8593c..60f5ef46651 100644 --- a/clients/java/api/openapi.yaml +++ b/clients/java/api/openapi.yaml @@ -1513,6 +1513,12 @@ paths: schema: $ref: '#/components/schemas/Error' description: Resource Not Found + "409": + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + description: Resource Conflicts With Target "420": description: too many requests default: @@ -1593,7 +1599,7 @@ paths: schema: $ref: '#/components/schemas/Error' description: Internal Server Error - summary: list user external policies + summary: list user external policies attached to a user tags: - auth - external @@ -8986,7 +8992,7 @@ components: id: id properties: id: - description: A unique identifier for the external principal + description: A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name type: string user_id: description: | diff --git a/clients/java/docs/AuthApi.md b/clients/java/docs/AuthApi.md index fea8756359b..e9297294e94 100644 --- a/clients/java/docs/AuthApi.md +++ b/clients/java/docs/AuthApi.md @@ -32,7 +32,7 @@ All URIs are relative to */api/v1* | [**listGroups**](AuthApi.md#listGroups) | **GET** /auth/groups | list groups | | [**listPolicies**](AuthApi.md#listPolicies) | **GET** /auth/policies | list policies | | [**listUserCredentials**](AuthApi.md#listUserCredentials) | **GET** /auth/users/{userId}/credentials | list user credentials | -| [**listUserExternalPrincipals**](AuthApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies | +| [**listUserExternalPrincipals**](AuthApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user | | [**listUserGroups**](AuthApi.md#listUserGroups) | **GET** /auth/users/{userId}/groups | list user groups | | [**listUserPolicies**](AuthApi.md#listUserPolicies) | **GET** /auth/users/{userId}/policies | list user policies | | [**listUsers**](AuthApi.md#listUsers) | **GET** /auth/users | list users | @@ -792,6 +792,7 @@ null (empty response body) | **201** | external principal attached successfully | - | | **401** | Unauthorized | - | | **404** | Resource Not Found | - | +| **409** | Resource Conflicts With Target | - | | **420** | too many requests | - | | **0** | Internal Server Error | - | @@ -2695,7 +2696,7 @@ public class Example { # **listUserExternalPrincipals** > ExternalPrincipalList listUserExternalPrincipals(userId).prefix(prefix).after(after).amount(amount).execute(); -list user external policies +list user external policies attached to a user ### Example ```java diff --git a/clients/java/docs/ExperimentalApi.md b/clients/java/docs/ExperimentalApi.md index 99f1d9920c0..93066520d31 100644 --- a/clients/java/docs/ExperimentalApi.md +++ b/clients/java/docs/ExperimentalApi.md @@ -11,7 +11,7 @@ All URIs are relative to */api/v1* | [**deleteUserExternalPrincipal**](ExperimentalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user | | [**getUserExternalPrincipal**](ExperimentalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user | | [**hardResetBranch**](ExperimentalApi.md#hardResetBranch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch | -| [**listUserExternalPrincipals**](ExperimentalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies | +| [**listUserExternalPrincipals**](ExperimentalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user | @@ -420,6 +420,7 @@ null (empty response body) | **201** | external principal attached successfully | - | | **401** | Unauthorized | - | | **404** | Resource Not Found | - | +| **409** | Resource Conflicts With Target | - | | **420** | too many requests | - | | **0** | Internal Server Error | - | @@ -719,7 +720,7 @@ null (empty response body) # **listUserExternalPrincipals** > ExternalPrincipalList listUserExternalPrincipals(userId).prefix(prefix).after(after).amount(amount).execute(); -list user external policies +list user external policies attached to a user ### Example ```java diff --git a/clients/java/docs/ExternalApi.md b/clients/java/docs/ExternalApi.md index 3a669e736a3..9d68b4d29d3 100644 --- a/clients/java/docs/ExternalApi.md +++ b/clients/java/docs/ExternalApi.md @@ -7,7 +7,7 @@ All URIs are relative to */api/v1* | [**createUserExternalPrincipal**](ExternalApi.md#createUserExternalPrincipal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user | | [**deleteUserExternalPrincipal**](ExternalApi.md#deleteUserExternalPrincipal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user | | [**getUserExternalPrincipal**](ExternalApi.md#getUserExternalPrincipal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user | -| [**listUserExternalPrincipals**](ExternalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies | +| [**listUserExternalPrincipals**](ExternalApi.md#listUserExternalPrincipals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user | @@ -103,6 +103,7 @@ null (empty response body) | **201** | external principal attached successfully | - | | **401** | Unauthorized | - | | **404** | Resource Not Found | - | +| **409** | Resource Conflicts With Target | - | | **420** | too many requests | - | | **0** | Internal Server Error | - | @@ -299,7 +300,7 @@ public class Example { # **listUserExternalPrincipals** > ExternalPrincipalList listUserExternalPrincipals(userId).prefix(prefix).after(after).amount(amount).execute(); -list user external policies +list user external policies attached to a user ### Example ```java diff --git a/clients/java/docs/ExternalPrincipal.md b/clients/java/docs/ExternalPrincipal.md index 961b2b990fc..b8d84c41c81 100644 --- a/clients/java/docs/ExternalPrincipal.md +++ b/clients/java/docs/ExternalPrincipal.md @@ -7,7 +7,7 @@ | Name | Type | Description | Notes | |------------ | ------------- | ------------- | -------------| -|**id** | **String** | A unique identifier for the external principal | | +|**id** | **String** | A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name | | |**userId** | **String** | lakeFS user ID to associate with an external principal. | | |**settings** | **List<Map<String, String>>** | | [optional] | diff --git a/clients/java/src/main/java/io/lakefs/clients/sdk/AuthApi.java b/clients/java/src/main/java/io/lakefs/clients/sdk/AuthApi.java index ceeeab23ad4..8ada5533a68 100644 --- a/clients/java/src/main/java/io/lakefs/clients/sdk/AuthApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/sdk/AuthApi.java @@ -1429,6 +1429,7 @@ private APIcreateUserExternalPrincipalRequest(String userId, String principalId, 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -1446,6 +1447,7 @@ public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -1464,6 +1466,7 @@ public void execute() throws ApiException { 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -1483,6 +1486,7 @@ public ApiResponse executeWithHttpInfo() throws ApiException { 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -1505,6 +1509,7 @@ public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiEx 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -5346,7 +5351,7 @@ public okhttp3.Call executeAsync(final ApiCallback _callb } /** - * list user external policies + * list user external policies attached to a user * * @param userId (required) * @return APIlistUserExternalPrincipalsRequest diff --git a/clients/java/src/main/java/io/lakefs/clients/sdk/ExperimentalApi.java b/clients/java/src/main/java/io/lakefs/clients/sdk/ExperimentalApi.java index d80d5af6567..2152ccf849b 100644 --- a/clients/java/src/main/java/io/lakefs/clients/sdk/ExperimentalApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/sdk/ExperimentalApi.java @@ -835,6 +835,7 @@ private APIcreateUserExternalPrincipalRequest(String userId, String principalId, 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -852,6 +853,7 @@ public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -870,6 +872,7 @@ public void execute() throws ApiException { 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -889,6 +892,7 @@ public ApiResponse executeWithHttpInfo() throws ApiException { 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -911,6 +915,7 @@ public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiEx 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -1690,7 +1695,7 @@ public okhttp3.Call executeAsync(final ApiCallback _callb } /** - * list user external policies + * list user external policies attached to a user * * @param userId (required) * @return APIlistUserExternalPrincipalsRequest diff --git a/clients/java/src/main/java/io/lakefs/clients/sdk/ExternalApi.java b/clients/java/src/main/java/io/lakefs/clients/sdk/ExternalApi.java index fc7d154c7d8..2ff74393886 100644 --- a/clients/java/src/main/java/io/lakefs/clients/sdk/ExternalApi.java +++ b/clients/java/src/main/java/io/lakefs/clients/sdk/ExternalApi.java @@ -178,6 +178,7 @@ private APIcreateUserExternalPrincipalRequest(String userId, String principalId, 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -195,6 +196,7 @@ public okhttp3.Call buildCall(final ApiCallback _callback) throws ApiException { 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -213,6 +215,7 @@ public void execute() throws ApiException { 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -232,6 +235,7 @@ public ApiResponse executeWithHttpInfo() throws ApiException { 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -254,6 +258,7 @@ public okhttp3.Call executeAsync(final ApiCallback _callback) throws ApiEx 201 external principal attached successfully - 401 Unauthorized - 404 Resource Not Found - + 409 Resource Conflicts With Target - 420 too many requests - 0 Internal Server Error - @@ -819,7 +824,7 @@ public okhttp3.Call executeAsync(final ApiCallback _callb } /** - * list user external policies + * list user external policies attached to a user * * @param userId (required) * @return APIlistUserExternalPrincipalsRequest diff --git a/clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipal.java b/clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipal.java index 14b7a688ab4..df201f1b84e 100644 --- a/clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipal.java +++ b/clients/java/src/main/java/io/lakefs/clients/sdk/model/ExternalPrincipal.java @@ -77,7 +77,7 @@ public ExternalPrincipal id(String id) { } /** - * A unique identifier for the external principal + * A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name * @return id **/ @javax.annotation.Nonnull diff --git a/clients/java/src/test/java/io/lakefs/clients/sdk/AuthApiTest.java b/clients/java/src/test/java/io/lakefs/clients/sdk/AuthApiTest.java index 0a60f07ad87..52f679e23aa 100644 --- a/clients/java/src/test/java/io/lakefs/clients/sdk/AuthApiTest.java +++ b/clients/java/src/test/java/io/lakefs/clients/sdk/AuthApiTest.java @@ -456,7 +456,7 @@ public void listUserCredentialsTest() throws ApiException { } /** - * list user external policies + * list user external policies attached to a user * * @throws ApiException if the Api call fails */ diff --git a/clients/java/src/test/java/io/lakefs/clients/sdk/ExperimentalApiTest.java b/clients/java/src/test/java/io/lakefs/clients/sdk/ExperimentalApiTest.java index af4a51fb112..0a309a9169b 100644 --- a/clients/java/src/test/java/io/lakefs/clients/sdk/ExperimentalApiTest.java +++ b/clients/java/src/test/java/io/lakefs/clients/sdk/ExperimentalApiTest.java @@ -161,7 +161,7 @@ public void hardResetBranchTest() throws ApiException { } /** - * list user external policies + * list user external policies attached to a user * * @throws ApiException if the Api call fails */ diff --git a/clients/java/src/test/java/io/lakefs/clients/sdk/ExternalApiTest.java b/clients/java/src/test/java/io/lakefs/clients/sdk/ExternalApiTest.java index 8f4fbe92586..8fa702c7cae 100644 --- a/clients/java/src/test/java/io/lakefs/clients/sdk/ExternalApiTest.java +++ b/clients/java/src/test/java/io/lakefs/clients/sdk/ExternalApiTest.java @@ -78,7 +78,7 @@ public void getUserExternalPrincipalTest() throws ApiException { } /** - * list user external policies + * list user external policies attached to a user * * @throws ApiException if the Api call fails */ diff --git a/clients/python-legacy/README.md b/clients/python-legacy/README.md index 6df7c5f8e28..929b3f54440 100644 --- a/clients/python-legacy/README.md +++ b/clients/python-legacy/README.md @@ -148,7 +148,7 @@ Class | Method | HTTP request | Description *AuthApi* | [**list_groups**](docs/AuthApi.md#list_groups) | **GET** /auth/groups | list groups *AuthApi* | [**list_policies**](docs/AuthApi.md#list_policies) | **GET** /auth/policies | list policies *AuthApi* | [**list_user_credentials**](docs/AuthApi.md#list_user_credentials) | **GET** /auth/users/{userId}/credentials | list user credentials -*AuthApi* | [**list_user_external_principals**](docs/AuthApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*AuthApi* | [**list_user_external_principals**](docs/AuthApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user *AuthApi* | [**list_user_groups**](docs/AuthApi.md#list_user_groups) | **GET** /auth/users/{userId}/groups | list user groups *AuthApi* | [**list_user_policies**](docs/AuthApi.md#list_user_policies) | **GET** /auth/users/{userId}/policies | list user policies *AuthApi* | [**list_users**](docs/AuthApi.md#list_users) | **GET** /auth/users | list users @@ -173,11 +173,11 @@ Class | Method | HTTP request | Description *ExperimentalApi* | [**delete_user_external_principal**](docs/ExperimentalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user *ExperimentalApi* | [**get_user_external_principal**](docs/ExperimentalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user *ExperimentalApi* | [**hard_reset_branch**](docs/ExperimentalApi.md#hard_reset_branch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch -*ExperimentalApi* | [**list_user_external_principals**](docs/ExperimentalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*ExperimentalApi* | [**list_user_external_principals**](docs/ExperimentalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user *ExternalApi* | [**create_user_external_principal**](docs/ExternalApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user *ExternalApi* | [**delete_user_external_principal**](docs/ExternalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user *ExternalApi* | [**get_user_external_principal**](docs/ExternalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user -*ExternalApi* | [**list_user_external_principals**](docs/ExternalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*ExternalApi* | [**list_user_external_principals**](docs/ExternalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user *HealthCheckApi* | [**health_check**](docs/HealthCheckApi.md#health_check) | **GET** /healthcheck | *ImportApi* | [**import_cancel**](docs/ImportApi.md#import_cancel) | **DELETE** /repositories/{repository}/branches/{branch}/import | cancel ongoing import *ImportApi* | [**import_start**](docs/ImportApi.md#import_start) | **POST** /repositories/{repository}/branches/{branch}/import | import data from object store diff --git a/clients/python-legacy/docs/AuthApi.md b/clients/python-legacy/docs/AuthApi.md index d93fbeaa774..13f315ed897 100644 --- a/clients/python-legacy/docs/AuthApi.md +++ b/clients/python-legacy/docs/AuthApi.md @@ -32,7 +32,7 @@ Method | HTTP request | Description [**list_groups**](AuthApi.md#list_groups) | **GET** /auth/groups | list groups [**list_policies**](AuthApi.md#list_policies) | **GET** /auth/policies | list policies [**list_user_credentials**](AuthApi.md#list_user_credentials) | **GET** /auth/users/{userId}/credentials | list user credentials -[**list_user_external_principals**](AuthApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies +[**list_user_external_principals**](AuthApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user [**list_user_groups**](AuthApi.md#list_user_groups) | **GET** /auth/users/{userId}/groups | list user groups [**list_user_policies**](AuthApi.md#list_user_policies) | **GET** /auth/users/{userId}/policies | list user policies [**list_users**](AuthApi.md#list_users) | **GET** /auth/users | list users @@ -932,6 +932,7 @@ void (empty response body) **201** | external principal attached successfully | - | **401** | Unauthorized | - | **404** | Resource Not Found | - | +**409** | Resource Conflicts With Target | - | **420** | too many requests | - | **0** | Internal Server Error | - | @@ -3142,7 +3143,7 @@ Name | Type | Description | Notes # **list_user_external_principals** > ExternalPrincipalList list_user_external_principals(user_id) -list user external policies +list user external policies attached to a user ### Example @@ -3210,7 +3211,7 @@ with lakefs_client.ApiClient(configuration) as api_client: # example passing only required values which don't have defaults set try: - # list user external policies + # list user external policies attached to a user api_response = api_instance.list_user_external_principals(user_id) pprint(api_response) except lakefs_client.ApiException as e: @@ -3219,7 +3220,7 @@ with lakefs_client.ApiClient(configuration) as api_client: # example passing only required values which don't have defaults set # and optional values try: - # list user external policies + # list user external policies attached to a user api_response = api_instance.list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) pprint(api_response) except lakefs_client.ApiException as e: diff --git a/clients/python-legacy/docs/ExperimentalApi.md b/clients/python-legacy/docs/ExperimentalApi.md index 7a14223aa48..f3d3ff682af 100644 --- a/clients/python-legacy/docs/ExperimentalApi.md +++ b/clients/python-legacy/docs/ExperimentalApi.md @@ -11,7 +11,7 @@ Method | HTTP request | Description [**delete_user_external_principal**](ExperimentalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user [**get_user_external_principal**](ExperimentalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user [**hard_reset_branch**](ExperimentalApi.md#hard_reset_branch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch -[**list_user_external_principals**](ExperimentalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies +[**list_user_external_principals**](ExperimentalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user # **abort_presign_multipart_upload** @@ -523,6 +523,7 @@ void (empty response body) **201** | external principal attached successfully | - | **401** | Unauthorized | - | **404** | Resource Not Found | - | +**409** | Resource Conflicts With Target | - | **420** | too many requests | - | **0** | Internal Server Error | - | @@ -873,7 +874,7 @@ void (empty response body) # **list_user_external_principals** > ExternalPrincipalList list_user_external_principals(user_id) -list user external policies +list user external policies attached to a user ### Example @@ -941,7 +942,7 @@ with lakefs_client.ApiClient(configuration) as api_client: # example passing only required values which don't have defaults set try: - # list user external policies + # list user external policies attached to a user api_response = api_instance.list_user_external_principals(user_id) pprint(api_response) except lakefs_client.ApiException as e: @@ -950,7 +951,7 @@ with lakefs_client.ApiClient(configuration) as api_client: # example passing only required values which don't have defaults set # and optional values try: - # list user external policies + # list user external policies attached to a user api_response = api_instance.list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) pprint(api_response) except lakefs_client.ApiException as e: diff --git a/clients/python-legacy/docs/ExternalApi.md b/clients/python-legacy/docs/ExternalApi.md index 0b632fa0ea5..5f3684047c5 100644 --- a/clients/python-legacy/docs/ExternalApi.md +++ b/clients/python-legacy/docs/ExternalApi.md @@ -7,7 +7,7 @@ Method | HTTP request | Description [**create_user_external_principal**](ExternalApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user [**delete_user_external_principal**](ExternalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user [**get_user_external_principal**](ExternalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user -[**list_user_external_principals**](ExternalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies +[**list_user_external_principals**](ExternalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user # **create_user_external_principal** @@ -122,6 +122,7 @@ void (empty response body) **201** | external principal attached successfully | - | **401** | Unauthorized | - | **404** | Resource Not Found | - | +**409** | Resource Conflicts With Target | - | **420** | too many requests | - | **0** | Internal Server Error | - | @@ -348,7 +349,7 @@ Name | Type | Description | Notes # **list_user_external_principals** > ExternalPrincipalList list_user_external_principals(user_id) -list user external policies +list user external policies attached to a user ### Example @@ -416,7 +417,7 @@ with lakefs_client.ApiClient(configuration) as api_client: # example passing only required values which don't have defaults set try: - # list user external policies + # list user external policies attached to a user api_response = api_instance.list_user_external_principals(user_id) pprint(api_response) except lakefs_client.ApiException as e: @@ -425,7 +426,7 @@ with lakefs_client.ApiClient(configuration) as api_client: # example passing only required values which don't have defaults set # and optional values try: - # list user external policies + # list user external policies attached to a user api_response = api_instance.list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) pprint(api_response) except lakefs_client.ApiException as e: diff --git a/clients/python-legacy/docs/ExternalPrincipal.md b/clients/python-legacy/docs/ExternalPrincipal.md index ec43f81f5e2..7e1c0b6f433 100644 --- a/clients/python-legacy/docs/ExternalPrincipal.md +++ b/clients/python-legacy/docs/ExternalPrincipal.md @@ -4,7 +4,7 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**id** | **str** | A unique identifier for the external principal | +**id** | **str** | A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name | **user_id** | **str** | lakeFS user ID to associate with an external principal. | **settings** | [**[ExternalPrincipalSettings]**](ExternalPrincipalSettings.md) | | [optional] **any string name** | **bool, date, datetime, dict, float, int, list, str, none_type** | any string name can be used but the value must be the correct type | [optional] diff --git a/clients/python-legacy/lakefs_client/api/auth_api.py b/clients/python-legacy/lakefs_client/api/auth_api.py index 6692d2633f7..0dd09d2d8ca 100644 --- a/clients/python-legacy/lakefs_client/api/auth_api.py +++ b/clients/python-legacy/lakefs_client/api/auth_api.py @@ -4091,7 +4091,7 @@ def list_user_external_principals( user_id, **kwargs ): - """list user external policies # noqa: E501 + """list user external policies attached to a user # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True diff --git a/clients/python-legacy/lakefs_client/api/experimental_api.py b/clients/python-legacy/lakefs_client/api/experimental_api.py index f5616274126..300244f02ba 100644 --- a/clients/python-legacy/lakefs_client/api/experimental_api.py +++ b/clients/python-legacy/lakefs_client/api/experimental_api.py @@ -1137,7 +1137,7 @@ def list_user_external_principals( user_id, **kwargs ): - """list user external policies # noqa: E501 + """list user external policies attached to a user # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True diff --git a/clients/python-legacy/lakefs_client/api/external_api.py b/clients/python-legacy/lakefs_client/api/external_api.py index 123f8588d08..37d38c4cf76 100644 --- a/clients/python-legacy/lakefs_client/api/external_api.py +++ b/clients/python-legacy/lakefs_client/api/external_api.py @@ -522,7 +522,7 @@ def list_user_external_principals( user_id, **kwargs ): - """list user external policies # noqa: E501 + """list user external policies attached to a user # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True diff --git a/clients/python-legacy/lakefs_client/model/external_principal.py b/clients/python-legacy/lakefs_client/model/external_principal.py index 83664a9fd42..3e42c14d770 100644 --- a/clients/python-legacy/lakefs_client/model/external_principal.py +++ b/clients/python-legacy/lakefs_client/model/external_principal.py @@ -115,7 +115,7 @@ def _from_openapi_data(cls, id, user_id, *args, **kwargs): # noqa: E501 """ExternalPrincipal - a model defined in OpenAPI Args: - id (str): A unique identifier for the external principal + id (str): A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name user_id (str): lakeFS user ID to associate with an external principal. Keyword Args: @@ -203,7 +203,7 @@ def __init__(self, id, user_id, *args, **kwargs): # noqa: E501 """ExternalPrincipal - a model defined in OpenAPI Args: - id (str): A unique identifier for the external principal + id (str): A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name user_id (str): lakeFS user ID to associate with an external principal. Keyword Args: diff --git a/clients/python-legacy/test/test_auth_api.py b/clients/python-legacy/test/test_auth_api.py index 99cddb20fba..afed428bcf0 100644 --- a/clients/python-legacy/test/test_auth_api.py +++ b/clients/python-legacy/test/test_auth_api.py @@ -223,7 +223,7 @@ def test_list_user_credentials(self): def test_list_user_external_principals(self): """Test case for list_user_external_principals - list user external policies # noqa: E501 + list user external policies attached to a user # noqa: E501 """ pass diff --git a/clients/python-legacy/test/test_experimental_api.py b/clients/python-legacy/test/test_experimental_api.py index e3986775877..57b18569350 100644 --- a/clients/python-legacy/test/test_experimental_api.py +++ b/clients/python-legacy/test/test_experimental_api.py @@ -76,7 +76,7 @@ def test_hard_reset_branch(self): def test_list_user_external_principals(self): """Test case for list_user_external_principals - list user external policies # noqa: E501 + list user external policies attached to a user # noqa: E501 """ pass diff --git a/clients/python-legacy/test/test_external_api.py b/clients/python-legacy/test/test_external_api.py index aa915c6e12a..5f173952c45 100644 --- a/clients/python-legacy/test/test_external_api.py +++ b/clients/python-legacy/test/test_external_api.py @@ -48,7 +48,7 @@ def test_get_user_external_principal(self): def test_list_user_external_principals(self): """Test case for list_user_external_principals - list user external policies # noqa: E501 + list user external policies attached to a user # noqa: E501 """ pass diff --git a/clients/python/README.md b/clients/python/README.md index af0868eae4c..fca065250b4 100644 --- a/clients/python/README.md +++ b/clients/python/README.md @@ -151,7 +151,7 @@ Class | Method | HTTP request | Description *AuthApi* | [**list_groups**](docs/AuthApi.md#list_groups) | **GET** /auth/groups | list groups *AuthApi* | [**list_policies**](docs/AuthApi.md#list_policies) | **GET** /auth/policies | list policies *AuthApi* | [**list_user_credentials**](docs/AuthApi.md#list_user_credentials) | **GET** /auth/users/{userId}/credentials | list user credentials -*AuthApi* | [**list_user_external_principals**](docs/AuthApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*AuthApi* | [**list_user_external_principals**](docs/AuthApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user *AuthApi* | [**list_user_groups**](docs/AuthApi.md#list_user_groups) | **GET** /auth/users/{userId}/groups | list user groups *AuthApi* | [**list_user_policies**](docs/AuthApi.md#list_user_policies) | **GET** /auth/users/{userId}/policies | list user policies *AuthApi* | [**list_users**](docs/AuthApi.md#list_users) | **GET** /auth/users | list users @@ -176,11 +176,11 @@ Class | Method | HTTP request | Description *ExperimentalApi* | [**delete_user_external_principal**](docs/ExperimentalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user *ExperimentalApi* | [**get_user_external_principal**](docs/ExperimentalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user *ExperimentalApi* | [**hard_reset_branch**](docs/ExperimentalApi.md#hard_reset_branch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch -*ExperimentalApi* | [**list_user_external_principals**](docs/ExperimentalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*ExperimentalApi* | [**list_user_external_principals**](docs/ExperimentalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user *ExternalApi* | [**create_user_external_principal**](docs/ExternalApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user *ExternalApi* | [**delete_user_external_principal**](docs/ExternalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user *ExternalApi* | [**get_user_external_principal**](docs/ExternalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user -*ExternalApi* | [**list_user_external_principals**](docs/ExternalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies +*ExternalApi* | [**list_user_external_principals**](docs/ExternalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user *HealthCheckApi* | [**health_check**](docs/HealthCheckApi.md#health_check) | **GET** /healthcheck | *ImportApi* | [**import_cancel**](docs/ImportApi.md#import_cancel) | **DELETE** /repositories/{repository}/branches/{branch}/import | cancel ongoing import *ImportApi* | [**import_start**](docs/ImportApi.md#import_start) | **POST** /repositories/{repository}/branches/{branch}/import | import data from object store diff --git a/clients/python/docs/AuthApi.md b/clients/python/docs/AuthApi.md index 59a6ef5bd9c..6b30d14f051 100644 --- a/clients/python/docs/AuthApi.md +++ b/clients/python/docs/AuthApi.md @@ -32,7 +32,7 @@ Method | HTTP request | Description [**list_groups**](AuthApi.md#list_groups) | **GET** /auth/groups | list groups [**list_policies**](AuthApi.md#list_policies) | **GET** /auth/policies | list policies [**list_user_credentials**](AuthApi.md#list_user_credentials) | **GET** /auth/users/{userId}/credentials | list user credentials -[**list_user_external_principals**](AuthApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies +[**list_user_external_principals**](AuthApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user [**list_user_groups**](AuthApi.md#list_user_groups) | **GET** /auth/users/{userId}/groups | list user groups [**list_user_policies**](AuthApi.md#list_user_policies) | **GET** /auth/users/{userId}/policies | list user policies [**list_users**](AuthApi.md#list_users) | **GET** /auth/users | list users @@ -919,6 +919,7 @@ void (empty response body) **201** | external principal attached successfully | - | **401** | Unauthorized | - | **404** | Resource Not Found | - | +**409** | Resource Conflicts With Target | - | **420** | too many requests | - | **0** | Internal Server Error | - | @@ -3132,7 +3133,7 @@ Name | Type | Description | Notes # **list_user_external_principals** > ExternalPrincipalList list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) -list user external policies +list user external policies attached to a user ### Example @@ -3200,7 +3201,7 @@ with lakefs_sdk.ApiClient(configuration) as api_client: amount = 100 # int | how many items to return (optional) (default to 100) try: - # list user external policies + # list user external policies attached to a user api_response = api_instance.list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) print("The response of AuthApi->list_user_external_principals:\n") pprint(api_response) diff --git a/clients/python/docs/ExperimentalApi.md b/clients/python/docs/ExperimentalApi.md index 867cac640f8..ac033313722 100644 --- a/clients/python/docs/ExperimentalApi.md +++ b/clients/python/docs/ExperimentalApi.md @@ -11,7 +11,7 @@ Method | HTTP request | Description [**delete_user_external_principal**](ExperimentalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user [**get_user_external_principal**](ExperimentalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user [**hard_reset_branch**](ExperimentalApi.md#hard_reset_branch) | **PUT** /repositories/{repository}/branches/{branch}/hard_reset | hard reset branch -[**list_user_external_principals**](ExperimentalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies +[**list_user_external_principals**](ExperimentalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user # **abort_presign_multipart_upload** @@ -482,6 +482,7 @@ void (empty response body) **201** | external principal attached successfully | - | **401** | Unauthorized | - | **404** | Resource Not Found | - | +**409** | Resource Conflicts With Target | - | **420** | too many requests | - | **0** | Internal Server Error | - | @@ -828,7 +829,7 @@ void (empty response body) # **list_user_external_principals** > ExternalPrincipalList list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) -list user external policies +list user external policies attached to a user ### Example @@ -896,7 +897,7 @@ with lakefs_sdk.ApiClient(configuration) as api_client: amount = 100 # int | how many items to return (optional) (default to 100) try: - # list user external policies + # list user external policies attached to a user api_response = api_instance.list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) print("The response of ExperimentalApi->list_user_external_principals:\n") pprint(api_response) diff --git a/clients/python/docs/ExternalApi.md b/clients/python/docs/ExternalApi.md index 2e8559c4b2c..94ed204c8e2 100644 --- a/clients/python/docs/ExternalApi.md +++ b/clients/python/docs/ExternalApi.md @@ -7,7 +7,7 @@ Method | HTTP request | Description [**create_user_external_principal**](ExternalApi.md#create_user_external_principal) | **POST** /auth/users/{userId}/external/principal/{principalId} | attach external principal to user [**delete_user_external_principal**](ExternalApi.md#delete_user_external_principal) | **DELETE** /auth/users/{userId}/external/principal/{principalId} | delete external principal from user [**get_user_external_principal**](ExternalApi.md#get_user_external_principal) | **GET** /auth/users/{userId}/external/principal/{principalId} | get external principal of a user -[**list_user_external_principals**](ExternalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies +[**list_user_external_principals**](ExternalApi.md#list_user_external_principals) | **GET** /auth/users/{userId}/external/principals | list user external policies attached to a user # **create_user_external_principal** @@ -117,6 +117,7 @@ void (empty response body) **201** | external principal attached successfully | - | **401** | Unauthorized | - | **404** | Resource Not Found | - | +**409** | Resource Conflicts With Target | - | **420** | too many requests | - | **0** | Internal Server Error | - | @@ -346,7 +347,7 @@ Name | Type | Description | Notes # **list_user_external_principals** > ExternalPrincipalList list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) -list user external policies +list user external policies attached to a user ### Example @@ -414,7 +415,7 @@ with lakefs_sdk.ApiClient(configuration) as api_client: amount = 100 # int | how many items to return (optional) (default to 100) try: - # list user external policies + # list user external policies attached to a user api_response = api_instance.list_user_external_principals(user_id, prefix=prefix, after=after, amount=amount) print("The response of ExternalApi->list_user_external_principals:\n") pprint(api_response) diff --git a/clients/python/docs/ExternalPrincipal.md b/clients/python/docs/ExternalPrincipal.md index ef7d0fc67ae..3f2c0e538db 100644 --- a/clients/python/docs/ExternalPrincipal.md +++ b/clients/python/docs/ExternalPrincipal.md @@ -5,7 +5,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**id** | **str** | A unique identifier for the external principal | +**id** | **str** | A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name | **user_id** | **str** | lakeFS user ID to associate with an external principal. | **settings** | **List[Dict[str, str]]** | | [optional] diff --git a/clients/python/lakefs_sdk/api/auth_api.py b/clients/python/lakefs_sdk/api/auth_api.py index ed09c132130..3449524b19f 100644 --- a/clients/python/lakefs_sdk/api/auth_api.py +++ b/clients/python/lakefs_sdk/api/auth_api.py @@ -4141,7 +4141,7 @@ def list_user_credentials_with_http_info(self, user_id : StrictStr, prefix : Ann @validate_arguments def list_user_external_principals(self, user_id : StrictStr, prefix : Annotated[Optional[StrictStr], Field(description="return items prefixed with this value")] = None, after : Annotated[Optional[StrictStr], Field(description="return items after this value")] = None, amount : Annotated[Optional[conint(strict=True, le=1000, ge=-1)], Field(description="how many items to return")] = None, **kwargs) -> ExternalPrincipalList: # noqa: E501 - """list user external policies # noqa: E501 + """list user external policies attached to a user # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True @@ -4175,7 +4175,7 @@ def list_user_external_principals(self, user_id : StrictStr, prefix : Annotated[ @validate_arguments def list_user_external_principals_with_http_info(self, user_id : StrictStr, prefix : Annotated[Optional[StrictStr], Field(description="return items prefixed with this value")] = None, after : Annotated[Optional[StrictStr], Field(description="return items after this value")] = None, amount : Annotated[Optional[conint(strict=True, le=1000, ge=-1)], Field(description="how many items to return")] = None, **kwargs) -> ApiResponse: # noqa: E501 - """list user external policies # noqa: E501 + """list user external policies attached to a user # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True diff --git a/clients/python/lakefs_sdk/api/experimental_api.py b/clients/python/lakefs_sdk/api/experimental_api.py index ca88bcffa64..12ff0560d6b 100644 --- a/clients/python/lakefs_sdk/api/experimental_api.py +++ b/clients/python/lakefs_sdk/api/experimental_api.py @@ -1190,7 +1190,7 @@ def hard_reset_branch_with_http_info(self, repository : StrictStr, branch : Stri @validate_arguments def list_user_external_principals(self, user_id : StrictStr, prefix : Annotated[Optional[StrictStr], Field(description="return items prefixed with this value")] = None, after : Annotated[Optional[StrictStr], Field(description="return items after this value")] = None, amount : Annotated[Optional[conint(strict=True, le=1000, ge=-1)], Field(description="how many items to return")] = None, **kwargs) -> ExternalPrincipalList: # noqa: E501 - """list user external policies # noqa: E501 + """list user external policies attached to a user # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True @@ -1224,7 +1224,7 @@ def list_user_external_principals(self, user_id : StrictStr, prefix : Annotated[ @validate_arguments def list_user_external_principals_with_http_info(self, user_id : StrictStr, prefix : Annotated[Optional[StrictStr], Field(description="return items prefixed with this value")] = None, after : Annotated[Optional[StrictStr], Field(description="return items after this value")] = None, amount : Annotated[Optional[conint(strict=True, le=1000, ge=-1)], Field(description="how many items to return")] = None, **kwargs) -> ApiResponse: # noqa: E501 - """list user external policies # noqa: E501 + """list user external policies attached to a user # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True diff --git a/clients/python/lakefs_sdk/api/external_api.py b/clients/python/lakefs_sdk/api/external_api.py index 13feb1a51eb..85fe39392a0 100644 --- a/clients/python/lakefs_sdk/api/external_api.py +++ b/clients/python/lakefs_sdk/api/external_api.py @@ -499,7 +499,7 @@ def get_user_external_principal_with_http_info(self, user_id : StrictStr, princi @validate_arguments def list_user_external_principals(self, user_id : StrictStr, prefix : Annotated[Optional[StrictStr], Field(description="return items prefixed with this value")] = None, after : Annotated[Optional[StrictStr], Field(description="return items after this value")] = None, amount : Annotated[Optional[conint(strict=True, le=1000, ge=-1)], Field(description="how many items to return")] = None, **kwargs) -> ExternalPrincipalList: # noqa: E501 - """list user external policies # noqa: E501 + """list user external policies attached to a user # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True @@ -533,7 +533,7 @@ def list_user_external_principals(self, user_id : StrictStr, prefix : Annotated[ @validate_arguments def list_user_external_principals_with_http_info(self, user_id : StrictStr, prefix : Annotated[Optional[StrictStr], Field(description="return items prefixed with this value")] = None, after : Annotated[Optional[StrictStr], Field(description="return items after this value")] = None, amount : Annotated[Optional[conint(strict=True, le=1000, ge=-1)], Field(description="how many items to return")] = None, **kwargs) -> ApiResponse: # noqa: E501 - """list user external policies # noqa: E501 + """list user external policies attached to a user # noqa: E501 This method makes a synchronous HTTP request by default. To make an asynchronous HTTP request, please pass async_req=True diff --git a/clients/python/lakefs_sdk/models/external_principal.py b/clients/python/lakefs_sdk/models/external_principal.py index 64340926192..ff4f5ada8c6 100644 --- a/clients/python/lakefs_sdk/models/external_principal.py +++ b/clients/python/lakefs_sdk/models/external_principal.py @@ -26,7 +26,7 @@ class ExternalPrincipal(BaseModel): """ ExternalPrincipal """ - id: StrictStr = Field(..., description="A unique identifier for the external principal") + id: StrictStr = Field(..., description="A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name") user_id: StrictStr = Field(..., description="lakeFS user ID to associate with an external principal. ") settings: Optional[conlist(Dict[str, StrictStr])] = None __properties = ["id", "user_id", "settings"] diff --git a/clients/python/test/test_auth_api.py b/clients/python/test/test_auth_api.py index 3ebc1d2d3a4..a0bdbe2d976 100644 --- a/clients/python/test/test_auth_api.py +++ b/clients/python/test/test_auth_api.py @@ -228,7 +228,7 @@ def test_list_user_credentials(self): def test_list_user_external_principals(self): """Test case for list_user_external_principals - list user external policies # noqa: E501 + list user external policies attached to a user # noqa: E501 """ pass diff --git a/clients/python/test/test_experimental_api.py b/clients/python/test/test_experimental_api.py index aafe6cbca4f..5181c5fdc88 100644 --- a/clients/python/test/test_experimental_api.py +++ b/clients/python/test/test_experimental_api.py @@ -81,7 +81,7 @@ def test_hard_reset_branch(self): def test_list_user_external_principals(self): """Test case for list_user_external_principals - list user external policies # noqa: E501 + list user external policies attached to a user # noqa: E501 """ pass diff --git a/clients/python/test/test_external_api.py b/clients/python/test/test_external_api.py index 67f71e72045..4bb24081fde 100644 --- a/clients/python/test/test_external_api.py +++ b/clients/python/test/test_external_api.py @@ -53,7 +53,7 @@ def test_get_user_external_principal(self): def test_list_user_external_principals(self): """Test case for list_user_external_principals - list user external policies # noqa: E501 + list user external policies attached to a user # noqa: E501 """ pass diff --git a/docs/assets/js/swagger.yml b/docs/assets/js/swagger.yml index c40d74fd253..bb14777143d 100644 --- a/docs/assets/js/swagger.yml +++ b/docs/assets/js/swagger.yml @@ -1632,6 +1632,7 @@ components: required: - installation_id - reports + ExternalPrincipalList: type: object required: @@ -1664,7 +1665,7 @@ components: properties: id: type: string - description: A unique identifier for the external principal + description: A unique identifier for the external principal i.e aws:sts::123:assumed-role/role-name user_id: type: string description: | @@ -2465,6 +2466,8 @@ paths: $ref: "#/components/responses/Unauthorized" 404: $ref: "#/components/responses/NotFound" + 409: + $ref: "#/components/responses/Conflict" 420: description: too many requests default: @@ -2526,9 +2529,8 @@ paths: - $ref: "#/components/parameters/PaginationPrefix" - $ref: "#/components/parameters/PaginationAfter" - $ref: "#/components/parameters/PaginationAmount" - description: will return all external principals id attached to the user operationId: listUserExternalPrincipals - summary: list user external policies + summary: list user external policies attached to a user responses: 200: description: external principals list diff --git a/docs/reference/configuration.md b/docs/reference/configuration.md index ea5403686f1..0f4d6dd2cf3 100644 --- a/docs/reference/configuration.md +++ b/docs/reference/configuration.md @@ -93,6 +93,7 @@ This reference uses `.` to denote the nesting of values. **Note:** It is best to keep this somewhere safe such as KMS or Hashicorp Vault, and provide it to the system at run time {: .note } * `auth.remote_authenticator.enabled` `(bool : false)` - If specified, also authenticate users via this Remote Authenticator server. +* `auth.remote_authenticator.external_principals_enabled` `(bool : false)` - If true, external principals will be enabled, e.g auth service and login api's. * `auth.remote_authenticator.endpoint` `(string : required)` - Endpoint URL of the remote authentication service (e.g. https://my-auth.example.com/auth). * `auth.remote_authenticator.default_user_group` `(string : Viewers)` - Create users in this group (i.e `Viewers`, `Developers`, etc). * `auth.remote_authenticator.request_timeout` `(duration : 10s)` - If specified, timeout for remote authentication requests. diff --git a/pkg/auth/model/model.go b/pkg/auth/model/model.go index deed047351d..0d546e1af3a 100644 --- a/pkg/auth/model/model.go +++ b/pkg/auth/model/model.go @@ -199,9 +199,12 @@ type CredentialKeys struct { SecretAccessKey string `json:"secret_access_key"` } +// ExternalPrincipal represents an attachment of a user to an external identity such as an IAM Role ARN type ExternalPrincipal struct { - ID string `db:"id"` - UserID string `db:"user_id"` + // External Principal ID (i.e ARN) + ID string `json:"id"` + // The attached lakeFS user ID + UserID string `json:"user_id"` } func (u *User) UpdatePassword(password string) error { diff --git a/pkg/auth/service.go b/pkg/auth/service.go index 3696c5108f9..9a2847c115c 100644 --- a/pkg/auth/service.go +++ b/pkg/auth/service.go @@ -77,6 +77,8 @@ type EmailInviter interface { InviteUser(ctx context.Context, email string) error } +// ExternalPrincipalsService is an interface for managing external principals (e.g. IAM users, groups, etc.) +// It's part of the AuthService api's and is used as an administrative API to that service. type ExternalPrincipalsService interface { IsExternalPrincipalsEnabled(ctx context.Context) bool CreateUserExternalPrincipal(ctx context.Context, userID, principalID string) error @@ -98,7 +100,6 @@ type Service interface { GetUserByEmail(ctx context.Context, email string) (*model.User, error) ListUsers(ctx context.Context, params *model.PaginationParams) ([]*model.User, *model.Paginator, error) - // external principals ExternalPrincipalsService // groups @@ -1116,6 +1117,7 @@ func claimTokenIDOnce(ctx context.Context, tokenID string, expiresAt int64, mark func (s *AuthService) IsExternalPrincipalsEnabled(ctx context.Context) bool { return false } + func (s *AuthService) CreateUserExternalPrincipal(ctx context.Context, userID, principalID string) error { return ErrNotImplemented } @@ -1123,9 +1125,11 @@ func (s *AuthService) CreateUserExternalPrincipal(ctx context.Context, userID, p func (s *AuthService) DeleteUserExternalPrincipal(ctx context.Context, userID, principalID string) error { return ErrNotImplemented } + func (s *AuthService) GetUserExternalPrincipal(ctx context.Context, userID, principalID string) (*model.ExternalPrincipal, error) { return nil, ErrNotImplemented } + func (s *AuthService) ListUserExternalPrincipals(ctx context.Context, userID string, params *model.PaginationParams) ([]*model.ExternalPrincipal, *model.Paginator, error) { return nil, nil, ErrNotImplemented } @@ -1965,13 +1969,13 @@ func (a *APIAuthService) CheckHealth(ctx context.Context, logger logging.Logger, func (a *APIAuthService) IsExternalPrincipalsEnabled(ctx context.Context) bool { return a.externalPrincipalseEnabled } + func (a *APIAuthService) CreateUserExternalPrincipal(ctx context.Context, userID, principalID string) error { if !a.IsExternalPrincipalsEnabled(ctx) { - return fmt.Errorf("not enabled: %w", ErrInvalidRequest) + return fmt.Errorf("external principals disabled: %w", ErrInvalidRequest) } resp, err := a.apiClient.CreateUserExternalPrincipalWithResponse(ctx, userID, principalID) - if err != nil { return fmt.Errorf("create principal: %w", err) } @@ -1981,7 +1985,7 @@ func (a *APIAuthService) CreateUserExternalPrincipal(ctx context.Context, userID func (a *APIAuthService) DeleteUserExternalPrincipal(ctx context.Context, userID, principalID string) error { if !a.IsExternalPrincipalsEnabled(ctx) { - return fmt.Errorf("not enabled: %w", ErrInvalidRequest) + return fmt.Errorf("external principals disabled: %w", ErrInvalidRequest) } resp, err := a.apiClient.DeleteUserExternalPrincipalWithResponse(ctx, userID, principalID) if err != nil { @@ -1992,7 +1996,7 @@ func (a *APIAuthService) DeleteUserExternalPrincipal(ctx context.Context, userID func (a *APIAuthService) GetUserExternalPrincipal(ctx context.Context, userID, principalID string) (*model.ExternalPrincipal, error) { if !a.IsExternalPrincipalsEnabled(ctx) { - return nil, fmt.Errorf("not enabled: %w", ErrInvalidRequest) + return nil, fmt.Errorf("external principals disabled: %w", ErrInvalidRequest) } resp, err := a.apiClient.GetUserExternalPrincipalWithResponse(ctx, userID, principalID) if err != nil { @@ -2009,7 +2013,7 @@ func (a *APIAuthService) GetUserExternalPrincipal(ctx context.Context, userID, p func (a *APIAuthService) ListUserExternalPrincipals(ctx context.Context, userID string, params *model.PaginationParams) ([]*model.ExternalPrincipal, *model.Paginator, error) { if !a.IsExternalPrincipalsEnabled(ctx) { - return nil, nil, fmt.Errorf("not enabled: %w", ErrInvalidRequest) + return nil, nil, fmt.Errorf("external principals disabled: %w", ErrInvalidRequest) } resp, err := a.apiClient.ListUserExternalPrincipalsWithResponse(ctx, userID, &ListUserExternalPrincipalsParams{ Prefix: paginationPrefix(params.Prefix),