Module pachyderm_sdk.api.auth

Expand source code
# Generated by the protocol buffer compiler.  DO NOT EDIT!
# sources: api/auth/auth.proto
# plugin: python-betterproto
# This file has been @generated
from dataclasses import dataclass
from datetime import datetime
from typing import (
    TYPE_CHECKING,
    Dict,
    List,
    Optional,
)

import betterproto
import betterproto.lib.google.protobuf as betterproto_lib_google_protobuf
import grpc


if TYPE_CHECKING:
    import grpc


class Permission(betterproto.Enum):
    """
    Permission represents the ability to perform a given operation on a
    Resource
    """

    PERMISSION_UNKNOWN = 0
    CLUSTER_MODIFY_BINDINGS = 100
    CLUSTER_GET_BINDINGS = 101
    CLUSTER_GET_PACHD_LOGS = 148
    CLUSTER_GET_LOKI_LOGS = 150
    CLUSTER_AUTH_ACTIVATE = 102
    CLUSTER_AUTH_DEACTIVATE = 103
    CLUSTER_AUTH_GET_CONFIG = 104
    CLUSTER_AUTH_SET_CONFIG = 105
    CLUSTER_AUTH_GET_ROBOT_TOKEN = 139
    CLUSTER_AUTH_MODIFY_GROUP_MEMBERS = 109
    CLUSTER_AUTH_GET_GROUPS = 110
    CLUSTER_AUTH_GET_GROUP_USERS = 111
    CLUSTER_AUTH_EXTRACT_TOKENS = 112
    CLUSTER_AUTH_RESTORE_TOKEN = 113
    CLUSTER_AUTH_GET_PERMISSIONS_FOR_PRINCIPAL = 141
    CLUSTER_AUTH_DELETE_EXPIRED_TOKENS = 140
    CLUSTER_AUTH_REVOKE_USER_TOKENS = 142
    CLUSTER_AUTH_ROTATE_ROOT_TOKEN = 147
    CLUSTER_ENTERPRISE_ACTIVATE = 114
    CLUSTER_ENTERPRISE_HEARTBEAT = 115
    CLUSTER_ENTERPRISE_GET_CODE = 116
    CLUSTER_ENTERPRISE_DEACTIVATE = 117
    CLUSTER_ENTERPRISE_PAUSE = 149
    CLUSTER_IDENTITY_SET_CONFIG = 118
    CLUSTER_IDENTITY_GET_CONFIG = 119
    CLUSTER_IDENTITY_CREATE_IDP = 120
    CLUSTER_IDENTITY_UPDATE_IDP = 121
    CLUSTER_IDENTITY_LIST_IDPS = 122
    CLUSTER_IDENTITY_GET_IDP = 123
    CLUSTER_IDENTITY_DELETE_IDP = 124
    CLUSTER_IDENTITY_CREATE_OIDC_CLIENT = 125
    CLUSTER_IDENTITY_UPDATE_OIDC_CLIENT = 126
    CLUSTER_IDENTITY_LIST_OIDC_CLIENTS = 127
    CLUSTER_IDENTITY_GET_OIDC_CLIENT = 128
    CLUSTER_IDENTITY_DELETE_OIDC_CLIENT = 129
    CLUSTER_DEBUG_DUMP = 131
    CLUSTER_LICENSE_ACTIVATE = 132
    CLUSTER_LICENSE_GET_CODE = 133
    CLUSTER_LICENSE_ADD_CLUSTER = 134
    CLUSTER_LICENSE_UPDATE_CLUSTER = 135
    CLUSTER_LICENSE_DELETE_CLUSTER = 136
    CLUSTER_LICENSE_LIST_CLUSTERS = 137
    CLUSTER_CREATE_SECRET = 143
    """TODO(actgardner): Make k8s secrets into nouns and add an Update RPC"""

    CLUSTER_LIST_SECRETS = 144
    SECRET_DELETE = 145
    SECRET_INSPECT = 146
    CLUSTER_EDIT_CLUSTER_METADATA = 151
    CLUSTER_DELETE_ALL = 138
    REPO_READ = 200
    REPO_WRITE = 201
    REPO_MODIFY_BINDINGS = 202
    REPO_DELETE = 203
    REPO_INSPECT_COMMIT = 204
    REPO_LIST_COMMIT = 205
    REPO_DELETE_COMMIT = 206
    REPO_CREATE_BRANCH = 207
    REPO_LIST_BRANCH = 208
    REPO_DELETE_BRANCH = 209
    REPO_INSPECT_FILE = 210
    REPO_LIST_FILE = 211
    REPO_ADD_PIPELINE_READER = 212
    REPO_REMOVE_PIPELINE_READER = 213
    REPO_ADD_PIPELINE_WRITER = 214
    PIPELINE_LIST_JOB = 301
    CLUSTER_SET_DEFAULTS = 302
    """CLUSTER_SET_DEFAULTS is part of PPS."""

    PROJECT_SET_DEFAULTS = 303
    """PROJECT_SET_DEFAULTS is part of PPS."""

    PROJECT_CREATE = 400
    PROJECT_DELETE = 401
    PROJECT_LIST_REPO = 402
    PROJECT_CREATE_REPO = 403
    PROJECT_MODIFY_BINDINGS = 404


class ResourceType(betterproto.Enum):
    """ResourceType represents the type of a Resource"""

    RESOURCE_TYPE_UNKNOWN = 0
    CLUSTER = 1
    REPO = 2
    SPEC_REPO = 3
    PROJECT = 4


@dataclass(eq=False, repr=False)
class ActivateRequest(betterproto.Message):
    """
    ActivateRequest enables authentication on the cluster. It issues an auth
    token with no expiration for the irrevocable admin user `pach:root`.
    """

    root_token: str = betterproto.string_field(1)
    """
    If set, this token is used as the root user login token. Otherwise the root
    token is randomly generated and returned in the response.
    """


@dataclass(eq=False, repr=False)
class ActivateResponse(betterproto.Message):
    pach_token: str = betterproto.string_field(1)
    """
    pach_token authenticates the caller with Pachyderm (if you want to perform
    Pachyderm operations after auth has been activated as themselves, you must
    present this token along with your regular request)
    """


@dataclass(eq=False, repr=False)
class DeactivateRequest(betterproto.Message):
    pass


@dataclass(eq=False, repr=False)
class DeactivateResponse(betterproto.Message):
    pass


@dataclass(eq=False, repr=False)
class RotateRootTokenRequest(betterproto.Message):
    root_token: str = betterproto.string_field(1)
    """
    root_token is used as the new root token value. If it's unset, then a token
    will be auto-generated.
    """


@dataclass(eq=False, repr=False)
class RotateRootTokenResponse(betterproto.Message):
    root_token: str = betterproto.string_field(1)


@dataclass(eq=False, repr=False)
class OidcConfig(betterproto.Message):
    """Configure Pachyderm's auth system with an OIDC provider"""

    issuer: str = betterproto.string_field(1)
    client_id: str = betterproto.string_field(2)
    client_secret: str = betterproto.string_field(3)
    redirect_uri: str = betterproto.string_field(4)
    scopes: List[str] = betterproto.string_field(5)
    require_email_verified: bool = betterproto.bool_field(6)
    localhost_issuer: bool = betterproto.bool_field(7)
    """
    localhost_issuer ignores the contents of the issuer claim and makes all
    OIDC requests to the embedded OIDC provider. This is necessary to support
    some network configurations like Minikube.
    """

    user_accessible_issuer_host: str = betterproto.string_field(8)
    """
    user_accessible_issuer_host can be set to override the host used in the
    OAuth2 authorization URL in case the OIDC issuer isn't accessible outside
    the cluster. This requires a fully formed URL with scheme of either http or
    https. This is necessary to support some configurations like Minikube.
    """


@dataclass(eq=False, repr=False)
class GetConfigurationRequest(betterproto.Message):
    pass


@dataclass(eq=False, repr=False)
class GetConfigurationResponse(betterproto.Message):
    configuration: "OidcConfig" = betterproto.message_field(1)


@dataclass(eq=False, repr=False)
class SetConfigurationRequest(betterproto.Message):
    configuration: "OidcConfig" = betterproto.message_field(1)


@dataclass(eq=False, repr=False)
class SetConfigurationResponse(betterproto.Message):
    pass


@dataclass(eq=False, repr=False)
class TokenInfo(betterproto.Message):
    """
    TokenInfo is the 'value' of an auth token 'key' in the 'tokens' collection
    """

    subject: str = betterproto.string_field(1)
    """
    Subject (i.e. Pachyderm account) that a given token authorizes. See the
    note at the top of the doc for an explanation of subject structure.
    """

    expiration: datetime = betterproto.message_field(2)
    hashed_token: str = betterproto.string_field(3)


@dataclass(eq=False, repr=False)
class AuthenticateRequest(betterproto.Message):
    oidc_state: str = betterproto.string_field(1)
    """
    This is the session state that Pachyderm creates in order to keep track of
    information related to the current OIDC session.
    """

    id_token: str = betterproto.string_field(2)
    """This is an ID Token issued by the OIDC provider."""


@dataclass(eq=False, repr=False)
class AuthenticateResponse(betterproto.Message):
    pach_token: str = betterproto.string_field(1)
    """
    pach_token authenticates the caller with Pachyderm (if you want to perform
    Pachyderm operations after auth has been activated as themselves, you must
    present this token along with your regular request)
    """


@dataclass(eq=False, repr=False)
class WhoAmIRequest(betterproto.Message):
    pass


@dataclass(eq=False, repr=False)
class WhoAmIResponse(betterproto.Message):
    username: str = betterproto.string_field(1)
    expiration: datetime = betterproto.message_field(2)


@dataclass(eq=False, repr=False)
class GetRolesForPermissionRequest(betterproto.Message):
    permission: "Permission" = betterproto.enum_field(1)


@dataclass(eq=False, repr=False)
class GetRolesForPermissionResponse(betterproto.Message):
    roles: List["Role"] = betterproto.message_field(1)


@dataclass(eq=False, repr=False)
class Roles(betterproto.Message):
    """Roles represents the set of roles a principal has"""

    roles: Dict[str, bool] = betterproto.map_field(
        1, betterproto.TYPE_STRING, betterproto.TYPE_BOOL
    )


@dataclass(eq=False, repr=False)
class RoleBinding(betterproto.Message):
    """
    RoleBinding represents the set of roles principals have on a given Resource
    """

    entries: Dict[str, "Roles"] = betterproto.map_field(
        1, betterproto.TYPE_STRING, betterproto.TYPE_MESSAGE
    )
    """
    principal -> roles. All principal names include the structured prefix
    indicating their type.
    """


@dataclass(eq=False, repr=False)
class Resource(betterproto.Message):
    """
    Resource represents any resource that has role-bindings in the system
    """

    type: "ResourceType" = betterproto.enum_field(1)
    name: str = betterproto.string_field(2)


@dataclass(eq=False, repr=False)
class Users(betterproto.Message):
    usernames: Dict[str, bool] = betterproto.map_field(
        1, betterproto.TYPE_STRING, betterproto.TYPE_BOOL
    )


@dataclass(eq=False, repr=False)
class Groups(betterproto.Message):
    groups: Dict[str, bool] = betterproto.map_field(
        1, betterproto.TYPE_STRING, betterproto.TYPE_BOOL
    )


@dataclass(eq=False, repr=False)
class Role(betterproto.Message):
    name: str = betterproto.string_field(1)
    permissions: List["Permission"] = betterproto.enum_field(2)
    can_be_bound_to: List["ResourceType"] = betterproto.enum_field(3)
    """
    Resources this role can be bound to.  For example, you can't apply
    clusterAdmin to a repo, so REPO would not be listed here.
    """

    returned_for: List["ResourceType"] = betterproto.enum_field(4)
    """
    Resources this role is returned for.  For example, a principal might have
    clusterAdmin permissions on the cluster, and this is what allows them to
    write to a repo.  So, clusterAdmin is returned for the repo, even though it
    cannot be bound to a repo.
    """


@dataclass(eq=False, repr=False)
class AuthorizeRequest(betterproto.Message):
    resource: "Resource" = betterproto.message_field(1)
    permissions: List["Permission"] = betterproto.enum_field(2)
    """permissions are the operations the caller is attempting to perform"""


@dataclass(eq=False, repr=False)
class AuthorizeResponse(betterproto.Message):
    authorized: bool = betterproto.bool_field(1)
    """authorized is true if the caller has the require permissions"""

    satisfied: List["Permission"] = betterproto.enum_field(2)
    """satisfied is the set of permission that the principal has"""

    missing: List["Permission"] = betterproto.enum_field(3)
    """missing is the set of permissions that the principal lacks"""

    principal: str = betterproto.string_field(4)
    """principal is the principal the request was evaluated for"""


@dataclass(eq=False, repr=False)
class GetPermissionsRequest(betterproto.Message):
    """
    GetPermissions evaluates the current user's permissions on a resource
    """

    resource: "Resource" = betterproto.message_field(1)


@dataclass(eq=False, repr=False)
class GetPermissionsForPrincipalRequest(betterproto.Message):
    """
    GetPermissionsForPrincipal evaluates an arbitrary principal's permissions
    on a resource
    """

    resource: "Resource" = betterproto.message_field(1)
    principal: str = betterproto.string_field(2)


@dataclass(eq=False, repr=False)
class GetPermissionsResponse(betterproto.Message):
    permissions: List["Permission"] = betterproto.enum_field(1)
    """permissions is the set of permissions the principal has"""

    roles: List[str] = betterproto.string_field(2)
    """roles is the set of roles the principal has"""


@dataclass(eq=False, repr=False)
class ModifyRoleBindingRequest(betterproto.Message):
    resource: "Resource" = betterproto.message_field(1)
    """resource is the resource to modify the role bindings on"""

    principal: str = betterproto.string_field(2)
    """principal is the principal to modify the roles binding for"""

    roles: List[str] = betterproto.string_field(3)
    """
    roles is the set of roles for principal - an empty list removes all role
    bindings
    """


@dataclass(eq=False, repr=False)
class ModifyRoleBindingResponse(betterproto.Message):
    pass


@dataclass(eq=False, repr=False)
class GetRoleBindingRequest(betterproto.Message):
    resource: "Resource" = betterproto.message_field(1)


@dataclass(eq=False, repr=False)
class GetRoleBindingResponse(betterproto.Message):
    binding: "RoleBinding" = betterproto.message_field(1)


@dataclass(eq=False, repr=False)
class SessionInfo(betterproto.Message):
    """
    SessionInfo stores information associated with one OIDC authentication
    session (i.e. a single instance of a single user logging in). Sessions are
    short-lived and stored in the 'oidc-authns' collection, keyed by the OIDC
    'state' token (30-character CSPRNG-generated string). 'GetOIDCLogin'
    generates and inserts entries, then /authorization-code/callback retrieves
    an access token from the ID provider and uses it to retrive the caller's
    email and store it in 'email', and finally Authorize() returns a Pachyderm
    token identified with that email address as a subject in Pachyderm.
    """

    nonce: str = betterproto.string_field(1)
    """
    nonce is used by /authorization-code/callback to validate session
    continuity with the IdP after a user has arrived there from GetOIDCLogin().
    This is a 30-character CSPRNG-generated string.
    """

    email: str = betterproto.string_field(2)
    """
    email contains the email adddress associated with a user in their OIDC ID
    provider. Currently users are identified with their email address rather
    than their OIDC subject identifier to make switching between OIDC ID
    providers easier for users, and to make user identities more easily
    comprehensible in Pachyderm. The OIDC spec doesn't require that users'
    emails be present or unique, but we think this will be preferable in
    practice.
    """

    conversion_err: bool = betterproto.bool_field(3)
    """
    conversion_err indicates whether an error was encountered while exchanging
    an auth code for an access token, or while obtaining a user's email (in
    /authorization-code/callback). Storing the error state here allows any
    sibling calls to Authenticate() (i.e. using the same OIDC state token) to
    notify their caller that an error has occurred. We avoid passing the caller
    any details of the error (which are logged by Pachyderm) to avoid giving
    information to a user who has network access to Pachyderm but not an
    account in the OIDC provider.
    """


@dataclass(eq=False, repr=False)
class GetOidcLoginRequest(betterproto.Message):
    pass


@dataclass(eq=False, repr=False)
class GetOidcLoginResponse(betterproto.Message):
    login_url: str = betterproto.string_field(1)
    """The login URL generated for the OIDC object"""

    state: str = betterproto.string_field(2)


@dataclass(eq=False, repr=False)
class GetRobotTokenRequest(betterproto.Message):
    robot: str = betterproto.string_field(1)
    """
    The returned token will allow the caller to access resources as this robot
    user
    """

    ttl: int = betterproto.int64_field(2)
    """
    ttl indicates the requested (approximate) remaining lifetime of this token,
    in seconds
    """


@dataclass(eq=False, repr=False)
class GetRobotTokenResponse(betterproto.Message):
    token: str = betterproto.string_field(1)
    """A new auth token for the requested robot"""


@dataclass(eq=False, repr=False)
class RevokeAuthTokenRequest(betterproto.Message):
    token: str = betterproto.string_field(1)


@dataclass(eq=False, repr=False)
class RevokeAuthTokenResponse(betterproto.Message):
    number: int = betterproto.int64_field(1)


@dataclass(eq=False, repr=False)
class SetGroupsForUserRequest(betterproto.Message):
    username: str = betterproto.string_field(1)
    groups: List[str] = betterproto.string_field(2)


@dataclass(eq=False, repr=False)
class SetGroupsForUserResponse(betterproto.Message):
    pass


@dataclass(eq=False, repr=False)
class ModifyMembersRequest(betterproto.Message):
    group: str = betterproto.string_field(1)
    add: List[str] = betterproto.string_field(2)
    remove: List[str] = betterproto.string_field(3)


@dataclass(eq=False, repr=False)
class ModifyMembersResponse(betterproto.Message):
    pass


@dataclass(eq=False, repr=False)
class GetGroupsRequest(betterproto.Message):
    pass


@dataclass(eq=False, repr=False)
class GetGroupsForPrincipalRequest(betterproto.Message):
    principal: str = betterproto.string_field(1)


@dataclass(eq=False, repr=False)
class GetGroupsResponse(betterproto.Message):
    groups: List[str] = betterproto.string_field(1)


@dataclass(eq=False, repr=False)
class GetUsersRequest(betterproto.Message):
    group: str = betterproto.string_field(1)


@dataclass(eq=False, repr=False)
class GetUsersResponse(betterproto.Message):
    usernames: List[str] = betterproto.string_field(1)


@dataclass(eq=False, repr=False)
class ExtractAuthTokensRequest(betterproto.Message):
    """
    ExtractAuthTokens returns all the hashed robot tokens that have been
    issued. User tokens are not extracted as they can be recreated by logging
    in.
    """

    pass


@dataclass(eq=False, repr=False)
class ExtractAuthTokensResponse(betterproto.Message):
    tokens: List["TokenInfo"] = betterproto.message_field(1)


@dataclass(eq=False, repr=False)
class RestoreAuthTokenRequest(betterproto.Message):
    """
    RestoreAuthToken inserts a hashed token that has previously been extracted.
    """

    token: "TokenInfo" = betterproto.message_field(1)


@dataclass(eq=False, repr=False)
class RestoreAuthTokenResponse(betterproto.Message):
    pass


@dataclass(eq=False, repr=False)
class RevokeAuthTokensForUserRequest(betterproto.Message):
    username: str = betterproto.string_field(1)


@dataclass(eq=False, repr=False)
class RevokeAuthTokensForUserResponse(betterproto.Message):
    number: int = betterproto.int64_field(1)


@dataclass(eq=False, repr=False)
class DeleteExpiredAuthTokensRequest(betterproto.Message):
    pass


@dataclass(eq=False, repr=False)
class DeleteExpiredAuthTokensResponse(betterproto.Message):
    pass


class ApiStub:

    def __init__(self, channel: "grpc.Channel"):
        self.__rpc_activate = channel.unary_unary(
            "/auth_v2.API/Activate",
            request_serializer=ActivateRequest.SerializeToString,
            response_deserializer=ActivateResponse.FromString,
        )
        self.__rpc_deactivate = channel.unary_unary(
            "/auth_v2.API/Deactivate",
            request_serializer=DeactivateRequest.SerializeToString,
            response_deserializer=DeactivateResponse.FromString,
        )
        self.__rpc_get_configuration = channel.unary_unary(
            "/auth_v2.API/GetConfiguration",
            request_serializer=GetConfigurationRequest.SerializeToString,
            response_deserializer=GetConfigurationResponse.FromString,
        )
        self.__rpc_set_configuration = channel.unary_unary(
            "/auth_v2.API/SetConfiguration",
            request_serializer=SetConfigurationRequest.SerializeToString,
            response_deserializer=SetConfigurationResponse.FromString,
        )
        self.__rpc_authenticate = channel.unary_unary(
            "/auth_v2.API/Authenticate",
            request_serializer=AuthenticateRequest.SerializeToString,
            response_deserializer=AuthenticateResponse.FromString,
        )
        self.__rpc_authorize = channel.unary_unary(
            "/auth_v2.API/Authorize",
            request_serializer=AuthorizeRequest.SerializeToString,
            response_deserializer=AuthorizeResponse.FromString,
        )
        self.__rpc_get_permissions = channel.unary_unary(
            "/auth_v2.API/GetPermissions",
            request_serializer=GetPermissionsRequest.SerializeToString,
            response_deserializer=GetPermissionsResponse.FromString,
        )
        self.__rpc_get_permissions_for_principal = channel.unary_unary(
            "/auth_v2.API/GetPermissionsForPrincipal",
            request_serializer=GetPermissionsForPrincipalRequest.SerializeToString,
            response_deserializer=GetPermissionsResponse.FromString,
        )
        self.__rpc_who_am_i = channel.unary_unary(
            "/auth_v2.API/WhoAmI",
            request_serializer=WhoAmIRequest.SerializeToString,
            response_deserializer=WhoAmIResponse.FromString,
        )
        self.__rpc_get_roles_for_permission = channel.unary_unary(
            "/auth_v2.API/GetRolesForPermission",
            request_serializer=GetRolesForPermissionRequest.SerializeToString,
            response_deserializer=GetRolesForPermissionResponse.FromString,
        )
        self.__rpc_modify_role_binding = channel.unary_unary(
            "/auth_v2.API/ModifyRoleBinding",
            request_serializer=ModifyRoleBindingRequest.SerializeToString,
            response_deserializer=ModifyRoleBindingResponse.FromString,
        )
        self.__rpc_get_role_binding = channel.unary_unary(
            "/auth_v2.API/GetRoleBinding",
            request_serializer=GetRoleBindingRequest.SerializeToString,
            response_deserializer=GetRoleBindingResponse.FromString,
        )
        self.__rpc_get_oidc_login = channel.unary_unary(
            "/auth_v2.API/GetOIDCLogin",
            request_serializer=GetOidcLoginRequest.SerializeToString,
            response_deserializer=GetOidcLoginResponse.FromString,
        )
        self.__rpc_get_robot_token = channel.unary_unary(
            "/auth_v2.API/GetRobotToken",
            request_serializer=GetRobotTokenRequest.SerializeToString,
            response_deserializer=GetRobotTokenResponse.FromString,
        )
        self.__rpc_revoke_auth_token = channel.unary_unary(
            "/auth_v2.API/RevokeAuthToken",
            request_serializer=RevokeAuthTokenRequest.SerializeToString,
            response_deserializer=RevokeAuthTokenResponse.FromString,
        )
        self.__rpc_revoke_auth_tokens_for_user = channel.unary_unary(
            "/auth_v2.API/RevokeAuthTokensForUser",
            request_serializer=RevokeAuthTokensForUserRequest.SerializeToString,
            response_deserializer=RevokeAuthTokensForUserResponse.FromString,
        )
        self.__rpc_set_groups_for_user = channel.unary_unary(
            "/auth_v2.API/SetGroupsForUser",
            request_serializer=SetGroupsForUserRequest.SerializeToString,
            response_deserializer=SetGroupsForUserResponse.FromString,
        )
        self.__rpc_modify_members = channel.unary_unary(
            "/auth_v2.API/ModifyMembers",
            request_serializer=ModifyMembersRequest.SerializeToString,
            response_deserializer=ModifyMembersResponse.FromString,
        )
        self.__rpc_get_groups = channel.unary_unary(
            "/auth_v2.API/GetGroups",
            request_serializer=GetGroupsRequest.SerializeToString,
            response_deserializer=GetGroupsResponse.FromString,
        )
        self.__rpc_get_groups_for_principal = channel.unary_unary(
            "/auth_v2.API/GetGroupsForPrincipal",
            request_serializer=GetGroupsForPrincipalRequest.SerializeToString,
            response_deserializer=GetGroupsResponse.FromString,
        )
        self.__rpc_get_users = channel.unary_unary(
            "/auth_v2.API/GetUsers",
            request_serializer=GetUsersRequest.SerializeToString,
            response_deserializer=GetUsersResponse.FromString,
        )
        self.__rpc_extract_auth_tokens = channel.unary_unary(
            "/auth_v2.API/ExtractAuthTokens",
            request_serializer=ExtractAuthTokensRequest.SerializeToString,
            response_deserializer=ExtractAuthTokensResponse.FromString,
        )
        self.__rpc_restore_auth_token = channel.unary_unary(
            "/auth_v2.API/RestoreAuthToken",
            request_serializer=RestoreAuthTokenRequest.SerializeToString,
            response_deserializer=RestoreAuthTokenResponse.FromString,
        )
        self.__rpc_delete_expired_auth_tokens = channel.unary_unary(
            "/auth_v2.API/DeleteExpiredAuthTokens",
            request_serializer=DeleteExpiredAuthTokensRequest.SerializeToString,
            response_deserializer=DeleteExpiredAuthTokensResponse.FromString,
        )
        self.__rpc_rotate_root_token = channel.unary_unary(
            "/auth_v2.API/RotateRootToken",
            request_serializer=RotateRootTokenRequest.SerializeToString,
            response_deserializer=RotateRootTokenResponse.FromString,
        )

    def activate(self, *, root_token: str = "") -> "ActivateResponse":

        request = ActivateRequest()
        request.root_token = root_token

        return self.__rpc_activate(request)

    def deactivate(self) -> "DeactivateResponse":

        request = DeactivateRequest()

        return self.__rpc_deactivate(request)

    def get_configuration(self) -> "GetConfigurationResponse":

        request = GetConfigurationRequest()

        return self.__rpc_get_configuration(request)

    def set_configuration(
        self, *, configuration: "OidcConfig" = None
    ) -> "SetConfigurationResponse":

        request = SetConfigurationRequest()
        if configuration is not None:
            request.configuration = configuration

        return self.__rpc_set_configuration(request)

    def authenticate(
        self, *, oidc_state: str = "", id_token: str = ""
    ) -> "AuthenticateResponse":

        request = AuthenticateRequest()
        request.oidc_state = oidc_state
        request.id_token = id_token

        return self.__rpc_authenticate(request)

    def authorize(
        self,
        *,
        resource: "Resource" = None,
        permissions: Optional[List["Permission"]] = None
    ) -> "AuthorizeResponse":
        permissions = permissions or []

        request = AuthorizeRequest()
        if resource is not None:
            request.resource = resource
        request.permissions = permissions

        return self.__rpc_authorize(request)

    def get_permissions(
        self, *, resource: "Resource" = None
    ) -> "GetPermissionsResponse":

        request = GetPermissionsRequest()
        if resource is not None:
            request.resource = resource

        return self.__rpc_get_permissions(request)

    def get_permissions_for_principal(
        self, *, resource: "Resource" = None, principal: str = ""
    ) -> "GetPermissionsResponse":

        request = GetPermissionsForPrincipalRequest()
        if resource is not None:
            request.resource = resource
        request.principal = principal

        return self.__rpc_get_permissions_for_principal(request)

    def who_am_i(self) -> "WhoAmIResponse":

        request = WhoAmIRequest()

        return self.__rpc_who_am_i(request)

    def get_roles_for_permission(
        self, *, permission: "Permission" = None
    ) -> "GetRolesForPermissionResponse":

        request = GetRolesForPermissionRequest()
        request.permission = permission

        return self.__rpc_get_roles_for_permission(request)

    def modify_role_binding(
        self,
        *,
        resource: "Resource" = None,
        principal: str = "",
        roles: Optional[List[str]] = None
    ) -> "ModifyRoleBindingResponse":
        roles = roles or []

        request = ModifyRoleBindingRequest()
        if resource is not None:
            request.resource = resource
        request.principal = principal
        request.roles = roles

        return self.__rpc_modify_role_binding(request)

    def get_role_binding(
        self, *, resource: "Resource" = None
    ) -> "GetRoleBindingResponse":

        request = GetRoleBindingRequest()
        if resource is not None:
            request.resource = resource

        return self.__rpc_get_role_binding(request)

    def get_oidc_login(self) -> "GetOidcLoginResponse":

        request = GetOidcLoginRequest()

        return self.__rpc_get_oidc_login(request)

    def get_robot_token(
        self, *, robot: str = "", ttl: int = 0
    ) -> "GetRobotTokenResponse":

        request = GetRobotTokenRequest()
        request.robot = robot
        request.ttl = ttl

        return self.__rpc_get_robot_token(request)

    def revoke_auth_token(self, *, token: str = "") -> "RevokeAuthTokenResponse":

        request = RevokeAuthTokenRequest()
        request.token = token

        return self.__rpc_revoke_auth_token(request)

    def revoke_auth_tokens_for_user(
        self, *, username: str = ""
    ) -> "RevokeAuthTokensForUserResponse":

        request = RevokeAuthTokensForUserRequest()
        request.username = username

        return self.__rpc_revoke_auth_tokens_for_user(request)

    def set_groups_for_user(
        self, *, username: str = "", groups: Optional[List[str]] = None
    ) -> "SetGroupsForUserResponse":
        groups = groups or []

        request = SetGroupsForUserRequest()
        request.username = username
        request.groups = groups

        return self.__rpc_set_groups_for_user(request)

    def modify_members(
        self,
        *,
        group: str = "",
        add: Optional[List[str]] = None,
        remove: Optional[List[str]] = None
    ) -> "ModifyMembersResponse":
        add = add or []
        remove = remove or []

        request = ModifyMembersRequest()
        request.group = group
        request.add = add
        request.remove = remove

        return self.__rpc_modify_members(request)

    def get_groups(self) -> "GetGroupsResponse":

        request = GetGroupsRequest()

        return self.__rpc_get_groups(request)

    def get_groups_for_principal(self, *, principal: str = "") -> "GetGroupsResponse":

        request = GetGroupsForPrincipalRequest()
        request.principal = principal

        return self.__rpc_get_groups_for_principal(request)

    def get_users(self, *, group: str = "") -> "GetUsersResponse":

        request = GetUsersRequest()
        request.group = group

        return self.__rpc_get_users(request)

    def extract_auth_tokens(self) -> "ExtractAuthTokensResponse":

        request = ExtractAuthTokensRequest()

        return self.__rpc_extract_auth_tokens(request)

    def restore_auth_token(
        self, *, token: "TokenInfo" = None
    ) -> "RestoreAuthTokenResponse":

        request = RestoreAuthTokenRequest()
        if token is not None:
            request.token = token

        return self.__rpc_restore_auth_token(request)

    def delete_expired_auth_tokens(self) -> "DeleteExpiredAuthTokensResponse":

        request = DeleteExpiredAuthTokensRequest()

        return self.__rpc_delete_expired_auth_tokens(request)

    def rotate_root_token(self, *, root_token: str = "") -> "RotateRootTokenResponse":

        request = RotateRootTokenRequest()
        request.root_token = root_token

        return self.__rpc_rotate_root_token(request)

Classes

class Permission (*args, **kwds)

Permission represents the ability to perform a given operation on a Resource

Expand source code
class Permission(betterproto.Enum):
    """
    Permission represents the ability to perform a given operation on a
    Resource
    """

    PERMISSION_UNKNOWN = 0
    CLUSTER_MODIFY_BINDINGS = 100
    CLUSTER_GET_BINDINGS = 101
    CLUSTER_GET_PACHD_LOGS = 148
    CLUSTER_GET_LOKI_LOGS = 150
    CLUSTER_AUTH_ACTIVATE = 102
    CLUSTER_AUTH_DEACTIVATE = 103
    CLUSTER_AUTH_GET_CONFIG = 104
    CLUSTER_AUTH_SET_CONFIG = 105
    CLUSTER_AUTH_GET_ROBOT_TOKEN = 139
    CLUSTER_AUTH_MODIFY_GROUP_MEMBERS = 109
    CLUSTER_AUTH_GET_GROUPS = 110
    CLUSTER_AUTH_GET_GROUP_USERS = 111
    CLUSTER_AUTH_EXTRACT_TOKENS = 112
    CLUSTER_AUTH_RESTORE_TOKEN = 113
    CLUSTER_AUTH_GET_PERMISSIONS_FOR_PRINCIPAL = 141
    CLUSTER_AUTH_DELETE_EXPIRED_TOKENS = 140
    CLUSTER_AUTH_REVOKE_USER_TOKENS = 142
    CLUSTER_AUTH_ROTATE_ROOT_TOKEN = 147
    CLUSTER_ENTERPRISE_ACTIVATE = 114
    CLUSTER_ENTERPRISE_HEARTBEAT = 115
    CLUSTER_ENTERPRISE_GET_CODE = 116
    CLUSTER_ENTERPRISE_DEACTIVATE = 117
    CLUSTER_ENTERPRISE_PAUSE = 149
    CLUSTER_IDENTITY_SET_CONFIG = 118
    CLUSTER_IDENTITY_GET_CONFIG = 119
    CLUSTER_IDENTITY_CREATE_IDP = 120
    CLUSTER_IDENTITY_UPDATE_IDP = 121
    CLUSTER_IDENTITY_LIST_IDPS = 122
    CLUSTER_IDENTITY_GET_IDP = 123
    CLUSTER_IDENTITY_DELETE_IDP = 124
    CLUSTER_IDENTITY_CREATE_OIDC_CLIENT = 125
    CLUSTER_IDENTITY_UPDATE_OIDC_CLIENT = 126
    CLUSTER_IDENTITY_LIST_OIDC_CLIENTS = 127
    CLUSTER_IDENTITY_GET_OIDC_CLIENT = 128
    CLUSTER_IDENTITY_DELETE_OIDC_CLIENT = 129
    CLUSTER_DEBUG_DUMP = 131
    CLUSTER_LICENSE_ACTIVATE = 132
    CLUSTER_LICENSE_GET_CODE = 133
    CLUSTER_LICENSE_ADD_CLUSTER = 134
    CLUSTER_LICENSE_UPDATE_CLUSTER = 135
    CLUSTER_LICENSE_DELETE_CLUSTER = 136
    CLUSTER_LICENSE_LIST_CLUSTERS = 137
    CLUSTER_CREATE_SECRET = 143
    """TODO(actgardner): Make k8s secrets into nouns and add an Update RPC"""

    CLUSTER_LIST_SECRETS = 144
    SECRET_DELETE = 145
    SECRET_INSPECT = 146
    CLUSTER_EDIT_CLUSTER_METADATA = 151
    CLUSTER_DELETE_ALL = 138
    REPO_READ = 200
    REPO_WRITE = 201
    REPO_MODIFY_BINDINGS = 202
    REPO_DELETE = 203
    REPO_INSPECT_COMMIT = 204
    REPO_LIST_COMMIT = 205
    REPO_DELETE_COMMIT = 206
    REPO_CREATE_BRANCH = 207
    REPO_LIST_BRANCH = 208
    REPO_DELETE_BRANCH = 209
    REPO_INSPECT_FILE = 210
    REPO_LIST_FILE = 211
    REPO_ADD_PIPELINE_READER = 212
    REPO_REMOVE_PIPELINE_READER = 213
    REPO_ADD_PIPELINE_WRITER = 214
    PIPELINE_LIST_JOB = 301
    CLUSTER_SET_DEFAULTS = 302
    """CLUSTER_SET_DEFAULTS is part of PPS."""

    PROJECT_SET_DEFAULTS = 303
    """PROJECT_SET_DEFAULTS is part of PPS."""

    PROJECT_CREATE = 400
    PROJECT_DELETE = 401
    PROJECT_LIST_REPO = 402
    PROJECT_CREATE_REPO = 403
    PROJECT_MODIFY_BINDINGS = 404

Ancestors

  • betterproto.Enum
  • enum.IntEnum
  • builtins.int
  • enum.ReprEnum
  • enum.Enum

Class variables

var PERMISSION_UNKNOWN
var CLUSTER_MODIFY_BINDINGS
var CLUSTER_GET_BINDINGS
var CLUSTER_GET_PACHD_LOGS
var CLUSTER_GET_LOKI_LOGS
var CLUSTER_AUTH_ACTIVATE
var CLUSTER_AUTH_DEACTIVATE
var CLUSTER_AUTH_GET_CONFIG
var CLUSTER_AUTH_SET_CONFIG
var CLUSTER_AUTH_GET_ROBOT_TOKEN
var CLUSTER_AUTH_MODIFY_GROUP_MEMBERS
var CLUSTER_AUTH_GET_GROUPS
var CLUSTER_AUTH_GET_GROUP_USERS
var CLUSTER_AUTH_EXTRACT_TOKENS
var CLUSTER_AUTH_RESTORE_TOKEN
var CLUSTER_AUTH_GET_PERMISSIONS_FOR_PRINCIPAL
var CLUSTER_AUTH_DELETE_EXPIRED_TOKENS
var CLUSTER_AUTH_REVOKE_USER_TOKENS
var CLUSTER_AUTH_ROTATE_ROOT_TOKEN
var CLUSTER_ENTERPRISE_ACTIVATE
var CLUSTER_ENTERPRISE_HEARTBEAT
var CLUSTER_ENTERPRISE_GET_CODE
var CLUSTER_ENTERPRISE_DEACTIVATE
var CLUSTER_ENTERPRISE_PAUSE
var CLUSTER_IDENTITY_SET_CONFIG
var CLUSTER_IDENTITY_GET_CONFIG
var CLUSTER_IDENTITY_CREATE_IDP
var CLUSTER_IDENTITY_UPDATE_IDP
var CLUSTER_IDENTITY_LIST_IDPS
var CLUSTER_IDENTITY_GET_IDP
var CLUSTER_IDENTITY_DELETE_IDP
var CLUSTER_IDENTITY_CREATE_OIDC_CLIENT
var CLUSTER_IDENTITY_UPDATE_OIDC_CLIENT
var CLUSTER_IDENTITY_LIST_OIDC_CLIENTS
var CLUSTER_IDENTITY_GET_OIDC_CLIENT
var CLUSTER_IDENTITY_DELETE_OIDC_CLIENT
var CLUSTER_DEBUG_DUMP
var CLUSTER_LICENSE_ACTIVATE
var CLUSTER_LICENSE_GET_CODE
var CLUSTER_LICENSE_ADD_CLUSTER
var CLUSTER_LICENSE_UPDATE_CLUSTER
var CLUSTER_LICENSE_DELETE_CLUSTER
var CLUSTER_LICENSE_LIST_CLUSTERS
var CLUSTER_CREATE_SECRET

TODO(actgardner): Make k8s secrets into nouns and add an Update RPC

var CLUSTER_LIST_SECRETS
var SECRET_DELETE
var SECRET_INSPECT
var CLUSTER_EDIT_CLUSTER_METADATA
var CLUSTER_DELETE_ALL
var REPO_READ
var REPO_WRITE
var REPO_MODIFY_BINDINGS
var REPO_DELETE
var REPO_INSPECT_COMMIT
var REPO_LIST_COMMIT
var REPO_DELETE_COMMIT
var REPO_CREATE_BRANCH
var REPO_LIST_BRANCH
var REPO_DELETE_BRANCH
var REPO_INSPECT_FILE
var REPO_LIST_FILE
var REPO_ADD_PIPELINE_READER
var REPO_REMOVE_PIPELINE_READER
var REPO_ADD_PIPELINE_WRITER
var PIPELINE_LIST_JOB
var CLUSTER_SET_DEFAULTS

CLUSTER_SET_DEFAULTS is part of PPS.

var PROJECT_SET_DEFAULTS

PROJECT_SET_DEFAULTS is part of PPS.

var PROJECT_CREATE
var PROJECT_DELETE
var PROJECT_LIST_REPO
var PROJECT_CREATE_REPO
var PROJECT_MODIFY_BINDINGS
class ResourceType (*args, **kwds)

ResourceType represents the type of a Resource

Expand source code
class ResourceType(betterproto.Enum):
    """ResourceType represents the type of a Resource"""

    RESOURCE_TYPE_UNKNOWN = 0
    CLUSTER = 1
    REPO = 2
    SPEC_REPO = 3
    PROJECT = 4

Ancestors

  • betterproto.Enum
  • enum.IntEnum
  • builtins.int
  • enum.ReprEnum
  • enum.Enum

Class variables

var RESOURCE_TYPE_UNKNOWN
var CLUSTER
var REPO
var SPEC_REPO
var PROJECT
class ActivateRequest (root_token: str = None)

ActivateRequest enables authentication on the cluster. It issues an auth token with no expiration for the irrevocable admin user pach:root.

Expand source code
@dataclass(eq=False, repr=False)
class ActivateRequest(betterproto.Message):
    """
    ActivateRequest enables authentication on the cluster. It issues an auth
    token with no expiration for the irrevocable admin user `pach:root`.
    """

    root_token: str = betterproto.string_field(1)
    """
    If set, this token is used as the root user login token. Otherwise the root
    token is randomly generated and returned in the response.
    """

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var root_token : str

If set, this token is used as the root user login token. Otherwise the root token is randomly generated and returned in the response.

class ActivateResponse (pach_token: str = None)

ActivateResponse(pach_token: str = None)

Expand source code
@dataclass(eq=False, repr=False)
class ActivateResponse(betterproto.Message):
    pach_token: str = betterproto.string_field(1)
    """
    pach_token authenticates the caller with Pachyderm (if you want to perform
    Pachyderm operations after auth has been activated as themselves, you must
    present this token along with your regular request)
    """

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var pach_token : str

pach_token authenticates the caller with Pachyderm (if you want to perform Pachyderm operations after auth has been activated as themselves, you must present this token along with your regular request)

class DeactivateRequest

DeactivateRequest()

Expand source code
@dataclass(eq=False, repr=False)
class DeactivateRequest(betterproto.Message):
    pass

Ancestors

  • betterproto.Message
  • abc.ABC
class DeactivateResponse

DeactivateResponse()

Expand source code
@dataclass(eq=False, repr=False)
class DeactivateResponse(betterproto.Message):
    pass

Ancestors

  • betterproto.Message
  • abc.ABC
class RotateRootTokenRequest (root_token: str = None)

RotateRootTokenRequest(root_token: str = None)

Expand source code
@dataclass(eq=False, repr=False)
class RotateRootTokenRequest(betterproto.Message):
    root_token: str = betterproto.string_field(1)
    """
    root_token is used as the new root token value. If it's unset, then a token
    will be auto-generated.
    """

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var root_token : str

root_token is used as the new root token value. If it's unset, then a token will be auto-generated.

class RotateRootTokenResponse (root_token: str = None)

RotateRootTokenResponse(root_token: str = None)

Expand source code
@dataclass(eq=False, repr=False)
class RotateRootTokenResponse(betterproto.Message):
    root_token: str = betterproto.string_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var root_token : str
class OidcConfig (issuer: str = None, client_id: str = None, client_secret: str = None, redirect_uri: str = None, scopes: List[str] = None, require_email_verified: bool = None, localhost_issuer: bool = None, user_accessible_issuer_host: str = None)

Configure Pachyderm's auth system with an OIDC provider

Expand source code
@dataclass(eq=False, repr=False)
class OidcConfig(betterproto.Message):
    """Configure Pachyderm's auth system with an OIDC provider"""

    issuer: str = betterproto.string_field(1)
    client_id: str = betterproto.string_field(2)
    client_secret: str = betterproto.string_field(3)
    redirect_uri: str = betterproto.string_field(4)
    scopes: List[str] = betterproto.string_field(5)
    require_email_verified: bool = betterproto.bool_field(6)
    localhost_issuer: bool = betterproto.bool_field(7)
    """
    localhost_issuer ignores the contents of the issuer claim and makes all
    OIDC requests to the embedded OIDC provider. This is necessary to support
    some network configurations like Minikube.
    """

    user_accessible_issuer_host: str = betterproto.string_field(8)
    """
    user_accessible_issuer_host can be set to override the host used in the
    OAuth2 authorization URL in case the OIDC issuer isn't accessible outside
    the cluster. This requires a fully formed URL with scheme of either http or
    https. This is necessary to support some configurations like Minikube.
    """

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var issuer : str
var client_id : str
var client_secret : str
var redirect_uri : str
var scopes : List[str]
var require_email_verified : bool
var localhost_issuer : bool

localhost_issuer ignores the contents of the issuer claim and makes all OIDC requests to the embedded OIDC provider. This is necessary to support some network configurations like Minikube.

var user_accessible_issuer_host : str

user_accessible_issuer_host can be set to override the host used in the OAuth2 authorization URL in case the OIDC issuer isn't accessible outside the cluster. This requires a fully formed URL with scheme of either http or https. This is necessary to support some configurations like Minikube.

class GetConfigurationRequest

GetConfigurationRequest()

Expand source code
@dataclass(eq=False, repr=False)
class GetConfigurationRequest(betterproto.Message):
    pass

Ancestors

  • betterproto.Message
  • abc.ABC
class GetConfigurationResponse (configuration: OidcConfig = None)

GetConfigurationResponse(configuration: 'OidcConfig' = None)

Expand source code
@dataclass(eq=False, repr=False)
class GetConfigurationResponse(betterproto.Message):
    configuration: "OidcConfig" = betterproto.message_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var configurationOidcConfig
class SetConfigurationRequest (configuration: OidcConfig = None)

SetConfigurationRequest(configuration: 'OidcConfig' = None)

Expand source code
@dataclass(eq=False, repr=False)
class SetConfigurationRequest(betterproto.Message):
    configuration: "OidcConfig" = betterproto.message_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var configurationOidcConfig
class SetConfigurationResponse

SetConfigurationResponse()

Expand source code
@dataclass(eq=False, repr=False)
class SetConfigurationResponse(betterproto.Message):
    pass

Ancestors

  • betterproto.Message
  • abc.ABC
class TokenInfo (subject: str = None, expiration: datetime.datetime = None, hashed_token: str = None)

TokenInfo is the 'value' of an auth token 'key' in the 'tokens' collection

Expand source code
@dataclass(eq=False, repr=False)
class TokenInfo(betterproto.Message):
    """
    TokenInfo is the 'value' of an auth token 'key' in the 'tokens' collection
    """

    subject: str = betterproto.string_field(1)
    """
    Subject (i.e. Pachyderm account) that a given token authorizes. See the
    note at the top of the doc for an explanation of subject structure.
    """

    expiration: datetime = betterproto.message_field(2)
    hashed_token: str = betterproto.string_field(3)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var subject : str

Subject (i.e. Pachyderm account) that a given token authorizes. See the note at the top of the doc for an explanation of subject structure.

var expiration : datetime.datetime
var hashed_token : str
class AuthenticateRequest (oidc_state: str = None, id_token: str = None)

AuthenticateRequest(oidc_state: str = None, id_token: str = None)

Expand source code
@dataclass(eq=False, repr=False)
class AuthenticateRequest(betterproto.Message):
    oidc_state: str = betterproto.string_field(1)
    """
    This is the session state that Pachyderm creates in order to keep track of
    information related to the current OIDC session.
    """

    id_token: str = betterproto.string_field(2)
    """This is an ID Token issued by the OIDC provider."""

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var oidc_state : str

This is the session state that Pachyderm creates in order to keep track of information related to the current OIDC session.

var id_token : str

This is an ID Token issued by the OIDC provider.

class AuthenticateResponse (pach_token: str = None)

AuthenticateResponse(pach_token: str = None)

Expand source code
@dataclass(eq=False, repr=False)
class AuthenticateResponse(betterproto.Message):
    pach_token: str = betterproto.string_field(1)
    """
    pach_token authenticates the caller with Pachyderm (if you want to perform
    Pachyderm operations after auth has been activated as themselves, you must
    present this token along with your regular request)
    """

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var pach_token : str

pach_token authenticates the caller with Pachyderm (if you want to perform Pachyderm operations after auth has been activated as themselves, you must present this token along with your regular request)

class WhoAmIRequest

WhoAmIRequest()

Expand source code
@dataclass(eq=False, repr=False)
class WhoAmIRequest(betterproto.Message):
    pass

Ancestors

  • betterproto.Message
  • abc.ABC
class WhoAmIResponse (username: str = None, expiration: datetime.datetime = None)

WhoAmIResponse(username: str = None, expiration: datetime.datetime = None)

Expand source code
@dataclass(eq=False, repr=False)
class WhoAmIResponse(betterproto.Message):
    username: str = betterproto.string_field(1)
    expiration: datetime = betterproto.message_field(2)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var username : str
var expiration : datetime.datetime
class GetRolesForPermissionRequest (permission: Permission = None)

GetRolesForPermissionRequest(permission: 'Permission' = None)

Expand source code
@dataclass(eq=False, repr=False)
class GetRolesForPermissionRequest(betterproto.Message):
    permission: "Permission" = betterproto.enum_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var permissionPermission
class GetRolesForPermissionResponse (roles: List[ForwardRef('Role')] = None)

GetRolesForPermissionResponse(roles: List[ForwardRef('Role')] = None)

Expand source code
@dataclass(eq=False, repr=False)
class GetRolesForPermissionResponse(betterproto.Message):
    roles: List["Role"] = betterproto.message_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var roles : List[Role]
class Roles (roles: Dict[str, bool] = None)

Roles represents the set of roles a principal has

Expand source code
@dataclass(eq=False, repr=False)
class Roles(betterproto.Message):
    """Roles represents the set of roles a principal has"""

    roles: Dict[str, bool] = betterproto.map_field(
        1, betterproto.TYPE_STRING, betterproto.TYPE_BOOL
    )

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var roles : Dict[str, bool]
class RoleBinding (entries: Dict[str, ForwardRef('Roles')] = None)

RoleBinding represents the set of roles principals have on a given Resource

Expand source code
@dataclass(eq=False, repr=False)
class RoleBinding(betterproto.Message):
    """
    RoleBinding represents the set of roles principals have on a given Resource
    """

    entries: Dict[str, "Roles"] = betterproto.map_field(
        1, betterproto.TYPE_STRING, betterproto.TYPE_MESSAGE
    )
    """
    principal -> roles. All principal names include the structured prefix
    indicating their type.
    """

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var entries : Dict[str, Roles]

principal -> roles. All principal names include the structured prefix indicating their type.

class Resource (type: ResourceType = None, name: str = None)

Resource represents any resource that has role-bindings in the system

Expand source code
@dataclass(eq=False, repr=False)
class Resource(betterproto.Message):
    """
    Resource represents any resource that has role-bindings in the system
    """

    type: "ResourceType" = betterproto.enum_field(1)
    name: str = betterproto.string_field(2)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var typeResourceType
var name : str
class Users (usernames: Dict[str, bool] = None)

Users(usernames: Dict[str, bool] = None)

Expand source code
@dataclass(eq=False, repr=False)
class Users(betterproto.Message):
    usernames: Dict[str, bool] = betterproto.map_field(
        1, betterproto.TYPE_STRING, betterproto.TYPE_BOOL
    )

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var usernames : Dict[str, bool]
class Groups (groups: Dict[str, bool] = None)

Groups(groups: Dict[str, bool] = None)

Expand source code
@dataclass(eq=False, repr=False)
class Groups(betterproto.Message):
    groups: Dict[str, bool] = betterproto.map_field(
        1, betterproto.TYPE_STRING, betterproto.TYPE_BOOL
    )

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var groups : Dict[str, bool]
class Role (name: str = None, permissions: List[ForwardRef('Permission')] = None, can_be_bound_to: List[ForwardRef('ResourceType')] = None, returned_for: List[ForwardRef('ResourceType')] = None)

Role(name: str = None, permissions: List[ForwardRef('Permission')] = None, can_be_bound_to: List[ForwardRef('ResourceType')] = None, returned_for: List[ForwardRef('ResourceType')] = None)

Expand source code
@dataclass(eq=False, repr=False)
class Role(betterproto.Message):
    name: str = betterproto.string_field(1)
    permissions: List["Permission"] = betterproto.enum_field(2)
    can_be_bound_to: List["ResourceType"] = betterproto.enum_field(3)
    """
    Resources this role can be bound to.  For example, you can't apply
    clusterAdmin to a repo, so REPO would not be listed here.
    """

    returned_for: List["ResourceType"] = betterproto.enum_field(4)
    """
    Resources this role is returned for.  For example, a principal might have
    clusterAdmin permissions on the cluster, and this is what allows them to
    write to a repo.  So, clusterAdmin is returned for the repo, even though it
    cannot be bound to a repo.
    """

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var name : str
var permissions : List[Permission]
var can_be_bound_to : List[ResourceType]

Resources this role can be bound to. For example, you can't apply clusterAdmin to a repo, so REPO would not be listed here.

var returned_for : List[ResourceType]

Resources this role is returned for. For example, a principal might have clusterAdmin permissions on the cluster, and this is what allows them to write to a repo. So, clusterAdmin is returned for the repo, even though it cannot be bound to a repo.

class AuthorizeRequest (resource: Resource = None, permissions: List[ForwardRef('Permission')] = None)

AuthorizeRequest(resource: 'Resource' = None, permissions: List[ForwardRef('Permission')] = None)

Expand source code
@dataclass(eq=False, repr=False)
class AuthorizeRequest(betterproto.Message):
    resource: "Resource" = betterproto.message_field(1)
    permissions: List["Permission"] = betterproto.enum_field(2)
    """permissions are the operations the caller is attempting to perform"""

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var resourceResource
var permissions : List[Permission]

permissions are the operations the caller is attempting to perform

class AuthorizeResponse (authorized: bool = None, satisfied: List[ForwardRef('Permission')] = None, missing: List[ForwardRef('Permission')] = None, principal: str = None)

AuthorizeResponse(authorized: bool = None, satisfied: List[ForwardRef('Permission')] = None, missing: List[ForwardRef('Permission')] = None, principal: str = None)

Expand source code
@dataclass(eq=False, repr=False)
class AuthorizeResponse(betterproto.Message):
    authorized: bool = betterproto.bool_field(1)
    """authorized is true if the caller has the require permissions"""

    satisfied: List["Permission"] = betterproto.enum_field(2)
    """satisfied is the set of permission that the principal has"""

    missing: List["Permission"] = betterproto.enum_field(3)
    """missing is the set of permissions that the principal lacks"""

    principal: str = betterproto.string_field(4)
    """principal is the principal the request was evaluated for"""

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var authorized : bool

authorized is true if the caller has the require permissions

var satisfied : List[Permission]

satisfied is the set of permission that the principal has

var missing : List[Permission]

missing is the set of permissions that the principal lacks

var principal : str

principal is the principal the request was evaluated for

class GetPermissionsRequest (resource: Resource = None)

GetPermissions evaluates the current user's permissions on a resource

Expand source code
@dataclass(eq=False, repr=False)
class GetPermissionsRequest(betterproto.Message):
    """
    GetPermissions evaluates the current user's permissions on a resource
    """

    resource: "Resource" = betterproto.message_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var resourceResource
class GetPermissionsForPrincipalRequest (resource: Resource = None, principal: str = None)

GetPermissionsForPrincipal evaluates an arbitrary principal's permissions on a resource

Expand source code
@dataclass(eq=False, repr=False)
class GetPermissionsForPrincipalRequest(betterproto.Message):
    """
    GetPermissionsForPrincipal evaluates an arbitrary principal's permissions
    on a resource
    """

    resource: "Resource" = betterproto.message_field(1)
    principal: str = betterproto.string_field(2)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var resourceResource
var principal : str
class GetPermissionsResponse (permissions: List[ForwardRef('Permission')] = None, roles: List[str] = None)

GetPermissionsResponse(permissions: List[ForwardRef('Permission')] = None, roles: List[str] = None)

Expand source code
@dataclass(eq=False, repr=False)
class GetPermissionsResponse(betterproto.Message):
    permissions: List["Permission"] = betterproto.enum_field(1)
    """permissions is the set of permissions the principal has"""

    roles: List[str] = betterproto.string_field(2)
    """roles is the set of roles the principal has"""

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var permissions : List[Permission]

permissions is the set of permissions the principal has

var roles : List[str]

roles is the set of roles the principal has

class ModifyRoleBindingRequest (resource: Resource = None, principal: str = None, roles: List[str] = None)

ModifyRoleBindingRequest(resource: 'Resource' = None, principal: str = None, roles: List[str] = None)

Expand source code
@dataclass(eq=False, repr=False)
class ModifyRoleBindingRequest(betterproto.Message):
    resource: "Resource" = betterproto.message_field(1)
    """resource is the resource to modify the role bindings on"""

    principal: str = betterproto.string_field(2)
    """principal is the principal to modify the roles binding for"""

    roles: List[str] = betterproto.string_field(3)
    """
    roles is the set of roles for principal - an empty list removes all role
    bindings
    """

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var resourceResource

resource is the resource to modify the role bindings on

var principal : str

principal is the principal to modify the roles binding for

var roles : List[str]

roles is the set of roles for principal - an empty list removes all role bindings

class ModifyRoleBindingResponse

ModifyRoleBindingResponse()

Expand source code
@dataclass(eq=False, repr=False)
class ModifyRoleBindingResponse(betterproto.Message):
    pass

Ancestors

  • betterproto.Message
  • abc.ABC
class GetRoleBindingRequest (resource: Resource = None)

GetRoleBindingRequest(resource: 'Resource' = None)

Expand source code
@dataclass(eq=False, repr=False)
class GetRoleBindingRequest(betterproto.Message):
    resource: "Resource" = betterproto.message_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var resourceResource
class GetRoleBindingResponse (binding: RoleBinding = None)

GetRoleBindingResponse(binding: 'RoleBinding' = None)

Expand source code
@dataclass(eq=False, repr=False)
class GetRoleBindingResponse(betterproto.Message):
    binding: "RoleBinding" = betterproto.message_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var bindingRoleBinding
class SessionInfo (nonce: str = None, email: str = None, conversion_err: bool = None)

SessionInfo stores information associated with one OIDC authentication session (i.e. a single instance of a single user logging in). Sessions are short-lived and stored in the 'oidc-authns' collection, keyed by the OIDC 'state' token (30-character CSPRNG-generated string). 'GetOIDCLogin' generates and inserts entries, then /authorization-code/callback retrieves an access token from the ID provider and uses it to retrive the caller's email and store it in 'email', and finally Authorize() returns a Pachyderm token identified with that email address as a subject in Pachyderm.

Expand source code
@dataclass(eq=False, repr=False)
class SessionInfo(betterproto.Message):
    """
    SessionInfo stores information associated with one OIDC authentication
    session (i.e. a single instance of a single user logging in). Sessions are
    short-lived and stored in the 'oidc-authns' collection, keyed by the OIDC
    'state' token (30-character CSPRNG-generated string). 'GetOIDCLogin'
    generates and inserts entries, then /authorization-code/callback retrieves
    an access token from the ID provider and uses it to retrive the caller's
    email and store it in 'email', and finally Authorize() returns a Pachyderm
    token identified with that email address as a subject in Pachyderm.
    """

    nonce: str = betterproto.string_field(1)
    """
    nonce is used by /authorization-code/callback to validate session
    continuity with the IdP after a user has arrived there from GetOIDCLogin().
    This is a 30-character CSPRNG-generated string.
    """

    email: str = betterproto.string_field(2)
    """
    email contains the email adddress associated with a user in their OIDC ID
    provider. Currently users are identified with their email address rather
    than their OIDC subject identifier to make switching between OIDC ID
    providers easier for users, and to make user identities more easily
    comprehensible in Pachyderm. The OIDC spec doesn't require that users'
    emails be present or unique, but we think this will be preferable in
    practice.
    """

    conversion_err: bool = betterproto.bool_field(3)
    """
    conversion_err indicates whether an error was encountered while exchanging
    an auth code for an access token, or while obtaining a user's email (in
    /authorization-code/callback). Storing the error state here allows any
    sibling calls to Authenticate() (i.e. using the same OIDC state token) to
    notify their caller that an error has occurred. We avoid passing the caller
    any details of the error (which are logged by Pachyderm) to avoid giving
    information to a user who has network access to Pachyderm but not an
    account in the OIDC provider.
    """

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var nonce : str

nonce is used by /authorization-code/callback to validate session continuity with the IdP after a user has arrived there from GetOIDCLogin(). This is a 30-character CSPRNG-generated string.

var email : str

email contains the email adddress associated with a user in their OIDC ID provider. Currently users are identified with their email address rather than their OIDC subject identifier to make switching between OIDC ID providers easier for users, and to make user identities more easily comprehensible in Pachyderm. The OIDC spec doesn't require that users' emails be present or unique, but we think this will be preferable in practice.

var conversion_err : bool

conversion_err indicates whether an error was encountered while exchanging an auth code for an access token, or while obtaining a user's email (in /authorization-code/callback). Storing the error state here allows any sibling calls to Authenticate() (i.e. using the same OIDC state token) to notify their caller that an error has occurred. We avoid passing the caller any details of the error (which are logged by Pachyderm) to avoid giving information to a user who has network access to Pachyderm but not an account in the OIDC provider.

class GetOidcLoginRequest

GetOidcLoginRequest()

Expand source code
@dataclass(eq=False, repr=False)
class GetOidcLoginRequest(betterproto.Message):
    pass

Ancestors

  • betterproto.Message
  • abc.ABC
class GetOidcLoginResponse (login_url: str = None, state: str = None)

GetOidcLoginResponse(login_url: str = None, state: str = None)

Expand source code
@dataclass(eq=False, repr=False)
class GetOidcLoginResponse(betterproto.Message):
    login_url: str = betterproto.string_field(1)
    """The login URL generated for the OIDC object"""

    state: str = betterproto.string_field(2)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var login_url : str

The login URL generated for the OIDC object

var state : str
class GetRobotTokenRequest (robot: str = None, ttl: int = None)

GetRobotTokenRequest(robot: str = None, ttl: int = None)

Expand source code
@dataclass(eq=False, repr=False)
class GetRobotTokenRequest(betterproto.Message):
    robot: str = betterproto.string_field(1)
    """
    The returned token will allow the caller to access resources as this robot
    user
    """

    ttl: int = betterproto.int64_field(2)
    """
    ttl indicates the requested (approximate) remaining lifetime of this token,
    in seconds
    """

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var robot : str

The returned token will allow the caller to access resources as this robot user

var ttl : int

ttl indicates the requested (approximate) remaining lifetime of this token, in seconds

class GetRobotTokenResponse (token: str = None)

GetRobotTokenResponse(token: str = None)

Expand source code
@dataclass(eq=False, repr=False)
class GetRobotTokenResponse(betterproto.Message):
    token: str = betterproto.string_field(1)
    """A new auth token for the requested robot"""

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var token : str

A new auth token for the requested robot

class RevokeAuthTokenRequest (token: str = None)

RevokeAuthTokenRequest(token: str = None)

Expand source code
@dataclass(eq=False, repr=False)
class RevokeAuthTokenRequest(betterproto.Message):
    token: str = betterproto.string_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var token : str
class RevokeAuthTokenResponse (number: int = None)

RevokeAuthTokenResponse(number: int = None)

Expand source code
@dataclass(eq=False, repr=False)
class RevokeAuthTokenResponse(betterproto.Message):
    number: int = betterproto.int64_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var number : int
class SetGroupsForUserRequest (username: str = None, groups: List[str] = None)

SetGroupsForUserRequest(username: str = None, groups: List[str] = None)

Expand source code
@dataclass(eq=False, repr=False)
class SetGroupsForUserRequest(betterproto.Message):
    username: str = betterproto.string_field(1)
    groups: List[str] = betterproto.string_field(2)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var username : str
var groups : List[str]
class SetGroupsForUserResponse

SetGroupsForUserResponse()

Expand source code
@dataclass(eq=False, repr=False)
class SetGroupsForUserResponse(betterproto.Message):
    pass

Ancestors

  • betterproto.Message
  • abc.ABC
class ModifyMembersRequest (group: str = None, add: List[str] = None, remove: List[str] = None)

ModifyMembersRequest(group: str = None, add: List[str] = None, remove: List[str] = None)

Expand source code
@dataclass(eq=False, repr=False)
class ModifyMembersRequest(betterproto.Message):
    group: str = betterproto.string_field(1)
    add: List[str] = betterproto.string_field(2)
    remove: List[str] = betterproto.string_field(3)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var group : str
var add : List[str]
var remove : List[str]
class ModifyMembersResponse

ModifyMembersResponse()

Expand source code
@dataclass(eq=False, repr=False)
class ModifyMembersResponse(betterproto.Message):
    pass

Ancestors

  • betterproto.Message
  • abc.ABC
class GetGroupsRequest

GetGroupsRequest()

Expand source code
@dataclass(eq=False, repr=False)
class GetGroupsRequest(betterproto.Message):
    pass

Ancestors

  • betterproto.Message
  • abc.ABC
class GetGroupsForPrincipalRequest (principal: str = None)

GetGroupsForPrincipalRequest(principal: str = None)

Expand source code
@dataclass(eq=False, repr=False)
class GetGroupsForPrincipalRequest(betterproto.Message):
    principal: str = betterproto.string_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var principal : str
class GetGroupsResponse (groups: List[str] = None)

GetGroupsResponse(groups: List[str] = None)

Expand source code
@dataclass(eq=False, repr=False)
class GetGroupsResponse(betterproto.Message):
    groups: List[str] = betterproto.string_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var groups : List[str]
class GetUsersRequest (group: str = None)

GetUsersRequest(group: str = None)

Expand source code
@dataclass(eq=False, repr=False)
class GetUsersRequest(betterproto.Message):
    group: str = betterproto.string_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var group : str
class GetUsersResponse (usernames: List[str] = None)

GetUsersResponse(usernames: List[str] = None)

Expand source code
@dataclass(eq=False, repr=False)
class GetUsersResponse(betterproto.Message):
    usernames: List[str] = betterproto.string_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var usernames : List[str]
class ExtractAuthTokensRequest

ExtractAuthTokens returns all the hashed robot tokens that have been issued. User tokens are not extracted as they can be recreated by logging in.

Expand source code
@dataclass(eq=False, repr=False)
class ExtractAuthTokensRequest(betterproto.Message):
    """
    ExtractAuthTokens returns all the hashed robot tokens that have been
    issued. User tokens are not extracted as they can be recreated by logging
    in.
    """

    pass

Ancestors

  • betterproto.Message
  • abc.ABC
class ExtractAuthTokensResponse (tokens: List[ForwardRef('TokenInfo')] = None)

ExtractAuthTokensResponse(tokens: List[ForwardRef('TokenInfo')] = None)

Expand source code
@dataclass(eq=False, repr=False)
class ExtractAuthTokensResponse(betterproto.Message):
    tokens: List["TokenInfo"] = betterproto.message_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var tokens : List[TokenInfo]
class RestoreAuthTokenRequest (token: TokenInfo = None)

RestoreAuthToken inserts a hashed token that has previously been extracted.

Expand source code
@dataclass(eq=False, repr=False)
class RestoreAuthTokenRequest(betterproto.Message):
    """
    RestoreAuthToken inserts a hashed token that has previously been extracted.
    """

    token: "TokenInfo" = betterproto.message_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var tokenTokenInfo
class RestoreAuthTokenResponse

RestoreAuthTokenResponse()

Expand source code
@dataclass(eq=False, repr=False)
class RestoreAuthTokenResponse(betterproto.Message):
    pass

Ancestors

  • betterproto.Message
  • abc.ABC
class RevokeAuthTokensForUserRequest (username: str = None)

RevokeAuthTokensForUserRequest(username: str = None)

Expand source code
@dataclass(eq=False, repr=False)
class RevokeAuthTokensForUserRequest(betterproto.Message):
    username: str = betterproto.string_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var username : str
class RevokeAuthTokensForUserResponse (number: int = None)

RevokeAuthTokensForUserResponse(number: int = None)

Expand source code
@dataclass(eq=False, repr=False)
class RevokeAuthTokensForUserResponse(betterproto.Message):
    number: int = betterproto.int64_field(1)

Ancestors

  • betterproto.Message
  • abc.ABC

Class variables

var number : int
class DeleteExpiredAuthTokensRequest

DeleteExpiredAuthTokensRequest()

Expand source code
@dataclass(eq=False, repr=False)
class DeleteExpiredAuthTokensRequest(betterproto.Message):
    pass

Ancestors

  • betterproto.Message
  • abc.ABC
class DeleteExpiredAuthTokensResponse

DeleteExpiredAuthTokensResponse()

Expand source code
@dataclass(eq=False, repr=False)
class DeleteExpiredAuthTokensResponse(betterproto.Message):
    pass

Ancestors

  • betterproto.Message
  • abc.ABC
class ApiStub (channel: grpc.Channel)
Expand source code
class ApiStub:

    def __init__(self, channel: "grpc.Channel"):
        self.__rpc_activate = channel.unary_unary(
            "/auth_v2.API/Activate",
            request_serializer=ActivateRequest.SerializeToString,
            response_deserializer=ActivateResponse.FromString,
        )
        self.__rpc_deactivate = channel.unary_unary(
            "/auth_v2.API/Deactivate",
            request_serializer=DeactivateRequest.SerializeToString,
            response_deserializer=DeactivateResponse.FromString,
        )
        self.__rpc_get_configuration = channel.unary_unary(
            "/auth_v2.API/GetConfiguration",
            request_serializer=GetConfigurationRequest.SerializeToString,
            response_deserializer=GetConfigurationResponse.FromString,
        )
        self.__rpc_set_configuration = channel.unary_unary(
            "/auth_v2.API/SetConfiguration",
            request_serializer=SetConfigurationRequest.SerializeToString,
            response_deserializer=SetConfigurationResponse.FromString,
        )
        self.__rpc_authenticate = channel.unary_unary(
            "/auth_v2.API/Authenticate",
            request_serializer=AuthenticateRequest.SerializeToString,
            response_deserializer=AuthenticateResponse.FromString,
        )
        self.__rpc_authorize = channel.unary_unary(
            "/auth_v2.API/Authorize",
            request_serializer=AuthorizeRequest.SerializeToString,
            response_deserializer=AuthorizeResponse.FromString,
        )
        self.__rpc_get_permissions = channel.unary_unary(
            "/auth_v2.API/GetPermissions",
            request_serializer=GetPermissionsRequest.SerializeToString,
            response_deserializer=GetPermissionsResponse.FromString,
        )
        self.__rpc_get_permissions_for_principal = channel.unary_unary(
            "/auth_v2.API/GetPermissionsForPrincipal",
            request_serializer=GetPermissionsForPrincipalRequest.SerializeToString,
            response_deserializer=GetPermissionsResponse.FromString,
        )
        self.__rpc_who_am_i = channel.unary_unary(
            "/auth_v2.API/WhoAmI",
            request_serializer=WhoAmIRequest.SerializeToString,
            response_deserializer=WhoAmIResponse.FromString,
        )
        self.__rpc_get_roles_for_permission = channel.unary_unary(
            "/auth_v2.API/GetRolesForPermission",
            request_serializer=GetRolesForPermissionRequest.SerializeToString,
            response_deserializer=GetRolesForPermissionResponse.FromString,
        )
        self.__rpc_modify_role_binding = channel.unary_unary(
            "/auth_v2.API/ModifyRoleBinding",
            request_serializer=ModifyRoleBindingRequest.SerializeToString,
            response_deserializer=ModifyRoleBindingResponse.FromString,
        )
        self.__rpc_get_role_binding = channel.unary_unary(
            "/auth_v2.API/GetRoleBinding",
            request_serializer=GetRoleBindingRequest.SerializeToString,
            response_deserializer=GetRoleBindingResponse.FromString,
        )
        self.__rpc_get_oidc_login = channel.unary_unary(
            "/auth_v2.API/GetOIDCLogin",
            request_serializer=GetOidcLoginRequest.SerializeToString,
            response_deserializer=GetOidcLoginResponse.FromString,
        )
        self.__rpc_get_robot_token = channel.unary_unary(
            "/auth_v2.API/GetRobotToken",
            request_serializer=GetRobotTokenRequest.SerializeToString,
            response_deserializer=GetRobotTokenResponse.FromString,
        )
        self.__rpc_revoke_auth_token = channel.unary_unary(
            "/auth_v2.API/RevokeAuthToken",
            request_serializer=RevokeAuthTokenRequest.SerializeToString,
            response_deserializer=RevokeAuthTokenResponse.FromString,
        )
        self.__rpc_revoke_auth_tokens_for_user = channel.unary_unary(
            "/auth_v2.API/RevokeAuthTokensForUser",
            request_serializer=RevokeAuthTokensForUserRequest.SerializeToString,
            response_deserializer=RevokeAuthTokensForUserResponse.FromString,
        )
        self.__rpc_set_groups_for_user = channel.unary_unary(
            "/auth_v2.API/SetGroupsForUser",
            request_serializer=SetGroupsForUserRequest.SerializeToString,
            response_deserializer=SetGroupsForUserResponse.FromString,
        )
        self.__rpc_modify_members = channel.unary_unary(
            "/auth_v2.API/ModifyMembers",
            request_serializer=ModifyMembersRequest.SerializeToString,
            response_deserializer=ModifyMembersResponse.FromString,
        )
        self.__rpc_get_groups = channel.unary_unary(
            "/auth_v2.API/GetGroups",
            request_serializer=GetGroupsRequest.SerializeToString,
            response_deserializer=GetGroupsResponse.FromString,
        )
        self.__rpc_get_groups_for_principal = channel.unary_unary(
            "/auth_v2.API/GetGroupsForPrincipal",
            request_serializer=GetGroupsForPrincipalRequest.SerializeToString,
            response_deserializer=GetGroupsResponse.FromString,
        )
        self.__rpc_get_users = channel.unary_unary(
            "/auth_v2.API/GetUsers",
            request_serializer=GetUsersRequest.SerializeToString,
            response_deserializer=GetUsersResponse.FromString,
        )
        self.__rpc_extract_auth_tokens = channel.unary_unary(
            "/auth_v2.API/ExtractAuthTokens",
            request_serializer=ExtractAuthTokensRequest.SerializeToString,
            response_deserializer=ExtractAuthTokensResponse.FromString,
        )
        self.__rpc_restore_auth_token = channel.unary_unary(
            "/auth_v2.API/RestoreAuthToken",
            request_serializer=RestoreAuthTokenRequest.SerializeToString,
            response_deserializer=RestoreAuthTokenResponse.FromString,
        )
        self.__rpc_delete_expired_auth_tokens = channel.unary_unary(
            "/auth_v2.API/DeleteExpiredAuthTokens",
            request_serializer=DeleteExpiredAuthTokensRequest.SerializeToString,
            response_deserializer=DeleteExpiredAuthTokensResponse.FromString,
        )
        self.__rpc_rotate_root_token = channel.unary_unary(
            "/auth_v2.API/RotateRootToken",
            request_serializer=RotateRootTokenRequest.SerializeToString,
            response_deserializer=RotateRootTokenResponse.FromString,
        )

    def activate(self, *, root_token: str = "") -> "ActivateResponse":

        request = ActivateRequest()
        request.root_token = root_token

        return self.__rpc_activate(request)

    def deactivate(self) -> "DeactivateResponse":

        request = DeactivateRequest()

        return self.__rpc_deactivate(request)

    def get_configuration(self) -> "GetConfigurationResponse":

        request = GetConfigurationRequest()

        return self.__rpc_get_configuration(request)

    def set_configuration(
        self, *, configuration: "OidcConfig" = None
    ) -> "SetConfigurationResponse":

        request = SetConfigurationRequest()
        if configuration is not None:
            request.configuration = configuration

        return self.__rpc_set_configuration(request)

    def authenticate(
        self, *, oidc_state: str = "", id_token: str = ""
    ) -> "AuthenticateResponse":

        request = AuthenticateRequest()
        request.oidc_state = oidc_state
        request.id_token = id_token

        return self.__rpc_authenticate(request)

    def authorize(
        self,
        *,
        resource: "Resource" = None,
        permissions: Optional[List["Permission"]] = None
    ) -> "AuthorizeResponse":
        permissions = permissions or []

        request = AuthorizeRequest()
        if resource is not None:
            request.resource = resource
        request.permissions = permissions

        return self.__rpc_authorize(request)

    def get_permissions(
        self, *, resource: "Resource" = None
    ) -> "GetPermissionsResponse":

        request = GetPermissionsRequest()
        if resource is not None:
            request.resource = resource

        return self.__rpc_get_permissions(request)

    def get_permissions_for_principal(
        self, *, resource: "Resource" = None, principal: str = ""
    ) -> "GetPermissionsResponse":

        request = GetPermissionsForPrincipalRequest()
        if resource is not None:
            request.resource = resource
        request.principal = principal

        return self.__rpc_get_permissions_for_principal(request)

    def who_am_i(self) -> "WhoAmIResponse":

        request = WhoAmIRequest()

        return self.__rpc_who_am_i(request)

    def get_roles_for_permission(
        self, *, permission: "Permission" = None
    ) -> "GetRolesForPermissionResponse":

        request = GetRolesForPermissionRequest()
        request.permission = permission

        return self.__rpc_get_roles_for_permission(request)

    def modify_role_binding(
        self,
        *,
        resource: "Resource" = None,
        principal: str = "",
        roles: Optional[List[str]] = None
    ) -> "ModifyRoleBindingResponse":
        roles = roles or []

        request = ModifyRoleBindingRequest()
        if resource is not None:
            request.resource = resource
        request.principal = principal
        request.roles = roles

        return self.__rpc_modify_role_binding(request)

    def get_role_binding(
        self, *, resource: "Resource" = None
    ) -> "GetRoleBindingResponse":

        request = GetRoleBindingRequest()
        if resource is not None:
            request.resource = resource

        return self.__rpc_get_role_binding(request)

    def get_oidc_login(self) -> "GetOidcLoginResponse":

        request = GetOidcLoginRequest()

        return self.__rpc_get_oidc_login(request)

    def get_robot_token(
        self, *, robot: str = "", ttl: int = 0
    ) -> "GetRobotTokenResponse":

        request = GetRobotTokenRequest()
        request.robot = robot
        request.ttl = ttl

        return self.__rpc_get_robot_token(request)

    def revoke_auth_token(self, *, token: str = "") -> "RevokeAuthTokenResponse":

        request = RevokeAuthTokenRequest()
        request.token = token

        return self.__rpc_revoke_auth_token(request)

    def revoke_auth_tokens_for_user(
        self, *, username: str = ""
    ) -> "RevokeAuthTokensForUserResponse":

        request = RevokeAuthTokensForUserRequest()
        request.username = username

        return self.__rpc_revoke_auth_tokens_for_user(request)

    def set_groups_for_user(
        self, *, username: str = "", groups: Optional[List[str]] = None
    ) -> "SetGroupsForUserResponse":
        groups = groups or []

        request = SetGroupsForUserRequest()
        request.username = username
        request.groups = groups

        return self.__rpc_set_groups_for_user(request)

    def modify_members(
        self,
        *,
        group: str = "",
        add: Optional[List[str]] = None,
        remove: Optional[List[str]] = None
    ) -> "ModifyMembersResponse":
        add = add or []
        remove = remove or []

        request = ModifyMembersRequest()
        request.group = group
        request.add = add
        request.remove = remove

        return self.__rpc_modify_members(request)

    def get_groups(self) -> "GetGroupsResponse":

        request = GetGroupsRequest()

        return self.__rpc_get_groups(request)

    def get_groups_for_principal(self, *, principal: str = "") -> "GetGroupsResponse":

        request = GetGroupsForPrincipalRequest()
        request.principal = principal

        return self.__rpc_get_groups_for_principal(request)

    def get_users(self, *, group: str = "") -> "GetUsersResponse":

        request = GetUsersRequest()
        request.group = group

        return self.__rpc_get_users(request)

    def extract_auth_tokens(self) -> "ExtractAuthTokensResponse":

        request = ExtractAuthTokensRequest()

        return self.__rpc_extract_auth_tokens(request)

    def restore_auth_token(
        self, *, token: "TokenInfo" = None
    ) -> "RestoreAuthTokenResponse":

        request = RestoreAuthTokenRequest()
        if token is not None:
            request.token = token

        return self.__rpc_restore_auth_token(request)

    def delete_expired_auth_tokens(self) -> "DeleteExpiredAuthTokensResponse":

        request = DeleteExpiredAuthTokensRequest()

        return self.__rpc_delete_expired_auth_tokens(request)

    def rotate_root_token(self, *, root_token: str = "") -> "RotateRootTokenResponse":

        request = RotateRootTokenRequest()
        request.root_token = root_token

        return self.__rpc_rotate_root_token(request)

Methods

def activate(self, *, root_token: str = '') ‑> ActivateResponse
Expand source code
def activate(self, *, root_token: str = "") -> "ActivateResponse":

    request = ActivateRequest()
    request.root_token = root_token

    return self.__rpc_activate(request)
def deactivate(self) ‑> DeactivateResponse
Expand source code
def deactivate(self) -> "DeactivateResponse":

    request = DeactivateRequest()

    return self.__rpc_deactivate(request)
def get_configuration(self) ‑> GetConfigurationResponse
Expand source code
def get_configuration(self) -> "GetConfigurationResponse":

    request = GetConfigurationRequest()

    return self.__rpc_get_configuration(request)
def set_configuration(self, *, configuration: OidcConfig = None) ‑> SetConfigurationResponse
Expand source code
def set_configuration(
    self, *, configuration: "OidcConfig" = None
) -> "SetConfigurationResponse":

    request = SetConfigurationRequest()
    if configuration is not None:
        request.configuration = configuration

    return self.__rpc_set_configuration(request)
def authenticate(self, *, oidc_state: str = '', id_token: str = '') ‑> AuthenticateResponse
Expand source code
def authenticate(
    self, *, oidc_state: str = "", id_token: str = ""
) -> "AuthenticateResponse":

    request = AuthenticateRequest()
    request.oidc_state = oidc_state
    request.id_token = id_token

    return self.__rpc_authenticate(request)
def authorize(self, *, resource: Resource = None, permissions: Optional[List[ForwardRef('Permission')]] = None) ‑> AuthorizeResponse
Expand source code
def authorize(
    self,
    *,
    resource: "Resource" = None,
    permissions: Optional[List["Permission"]] = None
) -> "AuthorizeResponse":
    permissions = permissions or []

    request = AuthorizeRequest()
    if resource is not None:
        request.resource = resource
    request.permissions = permissions

    return self.__rpc_authorize(request)
def get_permissions(self, *, resource: Resource = None) ‑> GetPermissionsResponse
Expand source code
def get_permissions(
    self, *, resource: "Resource" = None
) -> "GetPermissionsResponse":

    request = GetPermissionsRequest()
    if resource is not None:
        request.resource = resource

    return self.__rpc_get_permissions(request)
def get_permissions_for_principal(self, *, resource: Resource = None, principal: str = '') ‑> GetPermissionsResponse
Expand source code
def get_permissions_for_principal(
    self, *, resource: "Resource" = None, principal: str = ""
) -> "GetPermissionsResponse":

    request = GetPermissionsForPrincipalRequest()
    if resource is not None:
        request.resource = resource
    request.principal = principal

    return self.__rpc_get_permissions_for_principal(request)
def who_am_i(self) ‑> WhoAmIResponse
Expand source code
def who_am_i(self) -> "WhoAmIResponse":

    request = WhoAmIRequest()

    return self.__rpc_who_am_i(request)
def get_roles_for_permission(self, *, permission: Permission = None) ‑> GetRolesForPermissionResponse
Expand source code
def get_roles_for_permission(
    self, *, permission: "Permission" = None
) -> "GetRolesForPermissionResponse":

    request = GetRolesForPermissionRequest()
    request.permission = permission

    return self.__rpc_get_roles_for_permission(request)
def modify_role_binding(self, *, resource: Resource = None, principal: str = '', roles: Optional[List[str]] = None) ‑> ModifyRoleBindingResponse
Expand source code
def modify_role_binding(
    self,
    *,
    resource: "Resource" = None,
    principal: str = "",
    roles: Optional[List[str]] = None
) -> "ModifyRoleBindingResponse":
    roles = roles or []

    request = ModifyRoleBindingRequest()
    if resource is not None:
        request.resource = resource
    request.principal = principal
    request.roles = roles

    return self.__rpc_modify_role_binding(request)
def get_role_binding(self, *, resource: Resource = None) ‑> GetRoleBindingResponse
Expand source code
def get_role_binding(
    self, *, resource: "Resource" = None
) -> "GetRoleBindingResponse":

    request = GetRoleBindingRequest()
    if resource is not None:
        request.resource = resource

    return self.__rpc_get_role_binding(request)
def get_oidc_login(self) ‑> GetOidcLoginResponse
Expand source code
def get_oidc_login(self) -> "GetOidcLoginResponse":

    request = GetOidcLoginRequest()

    return self.__rpc_get_oidc_login(request)
def get_robot_token(self, *, robot: str = '', ttl: int = 0) ‑> GetRobotTokenResponse
Expand source code
def get_robot_token(
    self, *, robot: str = "", ttl: int = 0
) -> "GetRobotTokenResponse":

    request = GetRobotTokenRequest()
    request.robot = robot
    request.ttl = ttl

    return self.__rpc_get_robot_token(request)
def revoke_auth_token(self, *, token: str = '') ‑> RevokeAuthTokenResponse
Expand source code
def revoke_auth_token(self, *, token: str = "") -> "RevokeAuthTokenResponse":

    request = RevokeAuthTokenRequest()
    request.token = token

    return self.__rpc_revoke_auth_token(request)
def revoke_auth_tokens_for_user(self, *, username: str = '') ‑> RevokeAuthTokensForUserResponse
Expand source code
def revoke_auth_tokens_for_user(
    self, *, username: str = ""
) -> "RevokeAuthTokensForUserResponse":

    request = RevokeAuthTokensForUserRequest()
    request.username = username

    return self.__rpc_revoke_auth_tokens_for_user(request)
def set_groups_for_user(self, *, username: str = '', groups: Optional[List[str]] = None) ‑> SetGroupsForUserResponse
Expand source code
def set_groups_for_user(
    self, *, username: str = "", groups: Optional[List[str]] = None
) -> "SetGroupsForUserResponse":
    groups = groups or []

    request = SetGroupsForUserRequest()
    request.username = username
    request.groups = groups

    return self.__rpc_set_groups_for_user(request)
def modify_members(self, *, group: str = '', add: Optional[List[str]] = None, remove: Optional[List[str]] = None) ‑> ModifyMembersResponse
Expand source code
def modify_members(
    self,
    *,
    group: str = "",
    add: Optional[List[str]] = None,
    remove: Optional[List[str]] = None
) -> "ModifyMembersResponse":
    add = add or []
    remove = remove or []

    request = ModifyMembersRequest()
    request.group = group
    request.add = add
    request.remove = remove

    return self.__rpc_modify_members(request)
def get_groups(self) ‑> GetGroupsResponse
Expand source code
def get_groups(self) -> "GetGroupsResponse":

    request = GetGroupsRequest()

    return self.__rpc_get_groups(request)
def get_groups_for_principal(self, *, principal: str = '') ‑> GetGroupsResponse
Expand source code
def get_groups_for_principal(self, *, principal: str = "") -> "GetGroupsResponse":

    request = GetGroupsForPrincipalRequest()
    request.principal = principal

    return self.__rpc_get_groups_for_principal(request)
def get_users(self, *, group: str = '') ‑> GetUsersResponse
Expand source code
def get_users(self, *, group: str = "") -> "GetUsersResponse":

    request = GetUsersRequest()
    request.group = group

    return self.__rpc_get_users(request)
def extract_auth_tokens(self) ‑> ExtractAuthTokensResponse
Expand source code
def extract_auth_tokens(self) -> "ExtractAuthTokensResponse":

    request = ExtractAuthTokensRequest()

    return self.__rpc_extract_auth_tokens(request)
def restore_auth_token(self, *, token: TokenInfo = None) ‑> RestoreAuthTokenResponse
Expand source code
def restore_auth_token(
    self, *, token: "TokenInfo" = None
) -> "RestoreAuthTokenResponse":

    request = RestoreAuthTokenRequest()
    if token is not None:
        request.token = token

    return self.__rpc_restore_auth_token(request)
def delete_expired_auth_tokens(self) ‑> DeleteExpiredAuthTokensResponse
Expand source code
def delete_expired_auth_tokens(self) -> "DeleteExpiredAuthTokensResponse":

    request = DeleteExpiredAuthTokensRequest()

    return self.__rpc_delete_expired_auth_tokens(request)
def rotate_root_token(self, *, root_token: str = '') ‑> RotateRootTokenResponse
Expand source code
def rotate_root_token(self, *, root_token: str = "") -> "RotateRootTokenResponse":

    request = RotateRootTokenRequest()
    request.root_token = root_token

    return self.__rpc_rotate_root_token(request)