diff --git a/services/authorization/src/stackit/authorization/__init__.py b/services/authorization/src/stackit/authorization/__init__.py index 0f852744..d40de2a5 100644 --- a/services/authorization/src/stackit/authorization/__init__.py +++ b/services/authorization/src/stackit/authorization/__init__.py @@ -28,10 +28,14 @@ "ApiKeyError", "ApiAttributeError", "ApiException", + "AddCustomRoleResponse", "AddMembersPayload", + "AddRolePayload", "AssignableSubject", + "DeleteRoleResponse", "ErrorResponse", "ExistingPermission", + "GetRoleResponse", "ListAssignableSubjectsResponse", "ListMembersResponse", "ListPermissionsResponse", @@ -40,9 +44,12 @@ "Member", "MembersResponse", "Permission", + "PermissionRequest", "RemoveMembersPayload", "Role", "RolesResponse", + "UpdateRolePayload", + "UpdateRoleResponse", "UserMembership", "UserPermission", "Zookie", @@ -63,16 +70,28 @@ from stackit.authorization.exceptions import OpenApiException as OpenApiException # import models into sdk package +from stackit.authorization.models.add_custom_role_response import ( + AddCustomRoleResponse as AddCustomRoleResponse, +) from stackit.authorization.models.add_members_payload import ( AddMembersPayload as AddMembersPayload, ) +from stackit.authorization.models.add_role_payload import ( + AddRolePayload as AddRolePayload, +) from stackit.authorization.models.assignable_subject import ( AssignableSubject as AssignableSubject, ) +from stackit.authorization.models.delete_role_response import ( + DeleteRoleResponse as DeleteRoleResponse, +) from stackit.authorization.models.error_response import ErrorResponse as ErrorResponse from stackit.authorization.models.existing_permission import ( ExistingPermission as ExistingPermission, ) +from stackit.authorization.models.get_role_response import ( + GetRoleResponse as GetRoleResponse, +) from stackit.authorization.models.list_assignable_subjects_response import ( ListAssignableSubjectsResponse as ListAssignableSubjectsResponse, ) @@ -93,11 +112,20 @@ MembersResponse as MembersResponse, ) from stackit.authorization.models.permission import Permission as Permission +from stackit.authorization.models.permission_request import ( + PermissionRequest as PermissionRequest, +) from stackit.authorization.models.remove_members_payload import ( RemoveMembersPayload as RemoveMembersPayload, ) from stackit.authorization.models.role import Role as Role from stackit.authorization.models.roles_response import RolesResponse as RolesResponse +from stackit.authorization.models.update_role_payload import ( + UpdateRolePayload as UpdateRolePayload, +) +from stackit.authorization.models.update_role_response import ( + UpdateRoleResponse as UpdateRoleResponse, +) from stackit.authorization.models.user_membership import ( UserMembership as UserMembership, ) diff --git a/services/authorization/src/stackit/authorization/api/default_api.py b/services/authorization/src/stackit/authorization/api/default_api.py index 8dd2361f..a7f021b2 100644 --- a/services/authorization/src/stackit/authorization/api/default_api.py +++ b/services/authorization/src/stackit/authorization/api/default_api.py @@ -19,7 +19,11 @@ from stackit.authorization.api_client import ApiClient, RequestSerialized from stackit.authorization.api_response import ApiResponse +from stackit.authorization.models.add_custom_role_response import AddCustomRoleResponse from stackit.authorization.models.add_members_payload import AddMembersPayload +from stackit.authorization.models.add_role_payload import AddRolePayload +from stackit.authorization.models.delete_role_response import DeleteRoleResponse +from stackit.authorization.models.get_role_response import GetRoleResponse from stackit.authorization.models.list_assignable_subjects_response import ( ListAssignableSubjectsResponse, ) @@ -36,6 +40,8 @@ from stackit.authorization.models.members_response import MembersResponse from stackit.authorization.models.remove_members_payload import RemoveMembersPayload from stackit.authorization.models.roles_response import RolesResponse +from stackit.authorization.models.update_role_payload import UpdateRolePayload +from stackit.authorization.models.update_role_response import UpdateRoleResponse from stackit.authorization.rest import RESTResponseType @@ -310,6 +316,561 @@ def _add_members_serialize( _request_auth=_request_auth, ) + @validate_call + def add_role( + self, + resource_type: StrictStr, + resource_id: StrictStr, + add_role_payload: AddRolePayload, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[Annotated[StrictFloat, Field(gt=0)], Annotated[StrictFloat, Field(gt=0)]], + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> AddCustomRoleResponse: + """Add a new role + + Add new, user specified roles to a resource, and bind permissions to them. Permissions are predefined. + + :param resource_type: (required) + :type resource_type: str + :param resource_id: (required) + :type resource_id: str + :param add_role_payload: (required) + :type add_role_payload: AddRolePayload + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._add_role_serialize( + resource_type=resource_type, + resource_id=resource_id, + add_role_payload=add_role_payload, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index, + ) + + _response_types_map: Dict[str, Optional[str]] = { + "200": "AddCustomRoleResponse", + "400": "ErrorResponse", + "401": "ErrorResponse", + "403": "ErrorResponse", + } + response_data = self.api_client.call_api(*_param, _request_timeout=_request_timeout) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + @validate_call + def add_role_with_http_info( + self, + resource_type: StrictStr, + resource_id: StrictStr, + add_role_payload: AddRolePayload, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[Annotated[StrictFloat, Field(gt=0)], Annotated[StrictFloat, Field(gt=0)]], + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[AddCustomRoleResponse]: + """Add a new role + + Add new, user specified roles to a resource, and bind permissions to them. Permissions are predefined. + + :param resource_type: (required) + :type resource_type: str + :param resource_id: (required) + :type resource_id: str + :param add_role_payload: (required) + :type add_role_payload: AddRolePayload + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._add_role_serialize( + resource_type=resource_type, + resource_id=resource_id, + add_role_payload=add_role_payload, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index, + ) + + _response_types_map: Dict[str, Optional[str]] = { + "200": "AddCustomRoleResponse", + "400": "ErrorResponse", + "401": "ErrorResponse", + "403": "ErrorResponse", + } + response_data = self.api_client.call_api(*_param, _request_timeout=_request_timeout) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + @validate_call + def add_role_without_preload_content( + self, + resource_type: StrictStr, + resource_id: StrictStr, + add_role_payload: AddRolePayload, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[Annotated[StrictFloat, Field(gt=0)], Annotated[StrictFloat, Field(gt=0)]], + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """Add a new role + + Add new, user specified roles to a resource, and bind permissions to them. Permissions are predefined. + + :param resource_type: (required) + :type resource_type: str + :param resource_id: (required) + :type resource_id: str + :param add_role_payload: (required) + :type add_role_payload: AddRolePayload + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._add_role_serialize( + resource_type=resource_type, + resource_id=resource_id, + add_role_payload=add_role_payload, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index, + ) + + _response_types_map: Dict[str, Optional[str]] = { + "200": "AddCustomRoleResponse", + "400": "ErrorResponse", + "401": "ErrorResponse", + "403": "ErrorResponse", + } + response_data = self.api_client.call_api(*_param, _request_timeout=_request_timeout) + return response_data.response + + def _add_role_serialize( + self, + resource_type, + resource_id, + add_role_payload, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = {} + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]]] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + if resource_type is not None: + _path_params["resourceType"] = resource_type + if resource_id is not None: + _path_params["resourceId"] = resource_id + # process the query parameters + # process the header parameters + # process the form parameters + # process the body parameter + if add_role_payload is not None: + _body_params = add_role_payload + + # set the HTTP header `Accept` + if "Accept" not in _header_params: + _header_params["Accept"] = self.api_client.select_header_accept(["application/json"]) + + # set the HTTP header `Content-Type` + if _content_type: + _header_params["Content-Type"] = _content_type + else: + _default_content_type = self.api_client.select_header_content_type(["application/json"]) + if _default_content_type is not None: + _header_params["Content-Type"] = _default_content_type + + # authentication setting + _auth_settings: List[str] = [] + + return self.api_client.param_serialize( + method="POST", + resource_path="/v2/{resourceType}/{resourceId}/roles", + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth, + ) + + @validate_call + def delete_role( + self, + resource_type: StrictStr, + resource_id: StrictStr, + role_id: StrictStr, + etag: Optional[StrictStr] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[Annotated[StrictFloat, Field(gt=0)], Annotated[StrictFloat, Field(gt=0)]], + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> DeleteRoleResponse: + """Delete an existing role + + Delete a custom role by ID. + + :param resource_type: (required) + :type resource_type: str + :param resource_id: (required) + :type resource_id: str + :param role_id: (required) + :type role_id: str + :param etag: + :type etag: str + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._delete_role_serialize( + resource_type=resource_type, + resource_id=resource_id, + role_id=role_id, + etag=etag, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index, + ) + + _response_types_map: Dict[str, Optional[str]] = { + "200": "DeleteRoleResponse", + "400": "ErrorResponse", + "401": "ErrorResponse", + "403": "ErrorResponse", + } + response_data = self.api_client.call_api(*_param, _request_timeout=_request_timeout) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + @validate_call + def delete_role_with_http_info( + self, + resource_type: StrictStr, + resource_id: StrictStr, + role_id: StrictStr, + etag: Optional[StrictStr] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[Annotated[StrictFloat, Field(gt=0)], Annotated[StrictFloat, Field(gt=0)]], + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[DeleteRoleResponse]: + """Delete an existing role + + Delete a custom role by ID. + + :param resource_type: (required) + :type resource_type: str + :param resource_id: (required) + :type resource_id: str + :param role_id: (required) + :type role_id: str + :param etag: + :type etag: str + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._delete_role_serialize( + resource_type=resource_type, + resource_id=resource_id, + role_id=role_id, + etag=etag, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index, + ) + + _response_types_map: Dict[str, Optional[str]] = { + "200": "DeleteRoleResponse", + "400": "ErrorResponse", + "401": "ErrorResponse", + "403": "ErrorResponse", + } + response_data = self.api_client.call_api(*_param, _request_timeout=_request_timeout) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + @validate_call + def delete_role_without_preload_content( + self, + resource_type: StrictStr, + resource_id: StrictStr, + role_id: StrictStr, + etag: Optional[StrictStr] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[Annotated[StrictFloat, Field(gt=0)], Annotated[StrictFloat, Field(gt=0)]], + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """Delete an existing role + + Delete a custom role by ID. + + :param resource_type: (required) + :type resource_type: str + :param resource_id: (required) + :type resource_id: str + :param role_id: (required) + :type role_id: str + :param etag: + :type etag: str + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._delete_role_serialize( + resource_type=resource_type, + resource_id=resource_id, + role_id=role_id, + etag=etag, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index, + ) + + _response_types_map: Dict[str, Optional[str]] = { + "200": "DeleteRoleResponse", + "400": "ErrorResponse", + "401": "ErrorResponse", + "403": "ErrorResponse", + } + response_data = self.api_client.call_api(*_param, _request_timeout=_request_timeout) + return response_data.response + + def _delete_role_serialize( + self, + resource_type, + resource_id, + role_id, + etag, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = {} + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]]] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + if resource_type is not None: + _path_params["resourceType"] = resource_type + if resource_id is not None: + _path_params["resourceId"] = resource_id + if role_id is not None: + _path_params["roleId"] = role_id + # process the query parameters + if etag is not None: + + _query_params.append(("etag", etag)) + + # process the header parameters + # process the form parameters + # process the body parameter + + # set the HTTP header `Accept` + if "Accept" not in _header_params: + _header_params["Accept"] = self.api_client.select_header_accept(["application/json"]) + + # authentication setting + _auth_settings: List[str] = [] + + return self.api_client.param_serialize( + method="DELETE", + resource_path="/v2/{resourceType}/{resourceId}/roles/{roleId}", + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth, + ) + @validate_call def get_assignable_subjects( self, @@ -432,7 +993,274 @@ def get_assignable_subjects_with_http_info( _param = self._get_assignable_subjects_serialize( resource_type=resource_type, resource_id=resource_id, - subject=subject, + subject=subject, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index, + ) + + _response_types_map: Dict[str, Optional[str]] = { + "200": "ListAssignableSubjectsResponse", + "400": "ErrorResponse", + "401": "ErrorResponse", + "403": "ErrorResponse", + } + response_data = self.api_client.call_api(*_param, _request_timeout=_request_timeout) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + @validate_call + def get_assignable_subjects_without_preload_content( + self, + resource_type: StrictStr, + resource_id: StrictStr, + subject: Optional[StrictStr] = None, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[Annotated[StrictFloat, Field(gt=0)], Annotated[StrictFloat, Field(gt=0)]], + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """Get subjects assignable to a resource + + BFF endpoint for portal. List subjects assignable to a given resource. + + :param resource_type: (required) + :type resource_type: str + :param resource_id: (required) + :type resource_id: str + :param subject: + :type subject: str + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_assignable_subjects_serialize( + resource_type=resource_type, + resource_id=resource_id, + subject=subject, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index, + ) + + _response_types_map: Dict[str, Optional[str]] = { + "200": "ListAssignableSubjectsResponse", + "400": "ErrorResponse", + "401": "ErrorResponse", + "403": "ErrorResponse", + } + response_data = self.api_client.call_api(*_param, _request_timeout=_request_timeout) + return response_data.response + + def _get_assignable_subjects_serialize( + self, + resource_type, + resource_id, + subject, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = {} + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]]] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + if resource_type is not None: + _path_params["resourceType"] = resource_type + if resource_id is not None: + _path_params["resourceId"] = resource_id + # process the query parameters + if subject is not None: + + _query_params.append(("subject", subject)) + + # process the header parameters + # process the form parameters + # process the body parameter + + # set the HTTP header `Accept` + if "Accept" not in _header_params: + _header_params["Accept"] = self.api_client.select_header_accept(["application/json"]) + + # authentication setting + _auth_settings: List[str] = [] + + return self.api_client.param_serialize( + method="GET", + resource_path="/v2/bff/{resourceType}/{resourceId}/assignableSubjects", + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth, + ) + + @validate_call + def get_role( + self, + resource_type: StrictStr, + resource_id: StrictStr, + role_id: StrictStr, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[Annotated[StrictFloat, Field(gt=0)], Annotated[StrictFloat, Field(gt=0)]], + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> GetRoleResponse: + """Get an existing role + + Get a custom role by ID. + + :param resource_type: (required) + :type resource_type: str + :param resource_id: (required) + :type resource_id: str + :param role_id: (required) + :type role_id: str + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_role_serialize( + resource_type=resource_type, + resource_id=resource_id, + role_id=role_id, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index, + ) + + _response_types_map: Dict[str, Optional[str]] = { + "200": "GetRoleResponse", + "400": "ErrorResponse", + "401": "ErrorResponse", + "403": "ErrorResponse", + } + response_data = self.api_client.call_api(*_param, _request_timeout=_request_timeout) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + @validate_call + def get_role_with_http_info( + self, + resource_type: StrictStr, + resource_id: StrictStr, + role_id: StrictStr, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[Annotated[StrictFloat, Field(gt=0)], Annotated[StrictFloat, Field(gt=0)]], + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[GetRoleResponse]: + """Get an existing role + + Get a custom role by ID. + + :param resource_type: (required) + :type resource_type: str + :param resource_id: (required) + :type resource_id: str + :param role_id: (required) + :type role_id: str + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._get_role_serialize( + resource_type=resource_type, + resource_id=resource_id, + role_id=role_id, _request_auth=_request_auth, _content_type=_content_type, _headers=_headers, @@ -440,7 +1268,7 @@ def get_assignable_subjects_with_http_info( ) _response_types_map: Dict[str, Optional[str]] = { - "200": "ListAssignableSubjectsResponse", + "200": "GetRoleResponse", "400": "ErrorResponse", "401": "ErrorResponse", "403": "ErrorResponse", @@ -453,11 +1281,11 @@ def get_assignable_subjects_with_http_info( ) @validate_call - def get_assignable_subjects_without_preload_content( + def get_role_without_preload_content( self, resource_type: StrictStr, resource_id: StrictStr, - subject: Optional[StrictStr] = None, + role_id: StrictStr, _request_timeout: Union[ None, Annotated[StrictFloat, Field(gt=0)], @@ -468,16 +1296,16 @@ def get_assignable_subjects_without_preload_content( _headers: Optional[Dict[StrictStr, Any]] = None, _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, ) -> RESTResponseType: - """Get subjects assignable to a resource + """Get an existing role - BFF endpoint for portal. List subjects assignable to a given resource. + Get a custom role by ID. :param resource_type: (required) :type resource_type: str :param resource_id: (required) :type resource_id: str - :param subject: - :type subject: str + :param role_id: (required) + :type role_id: str :param _request_timeout: timeout setting for this request. If one number provided, it will be total request timeout. It can also be a pair (tuple) of @@ -500,10 +1328,10 @@ def get_assignable_subjects_without_preload_content( :return: Returns the result object. """ # noqa: E501 - _param = self._get_assignable_subjects_serialize( + _param = self._get_role_serialize( resource_type=resource_type, resource_id=resource_id, - subject=subject, + role_id=role_id, _request_auth=_request_auth, _content_type=_content_type, _headers=_headers, @@ -511,7 +1339,7 @@ def get_assignable_subjects_without_preload_content( ) _response_types_map: Dict[str, Optional[str]] = { - "200": "ListAssignableSubjectsResponse", + "200": "GetRoleResponse", "400": "ErrorResponse", "401": "ErrorResponse", "403": "ErrorResponse", @@ -519,11 +1347,11 @@ def get_assignable_subjects_without_preload_content( response_data = self.api_client.call_api(*_param, _request_timeout=_request_timeout) return response_data.response - def _get_assignable_subjects_serialize( + def _get_role_serialize( self, resource_type, resource_id, - subject, + role_id, _request_auth, _content_type, _headers, @@ -546,11 +1374,9 @@ def _get_assignable_subjects_serialize( _path_params["resourceType"] = resource_type if resource_id is not None: _path_params["resourceId"] = resource_id + if role_id is not None: + _path_params["roleId"] = role_id # process the query parameters - if subject is not None: - - _query_params.append(("subject", subject)) - # process the header parameters # process the form parameters # process the body parameter @@ -564,7 +1390,7 @@ def _get_assignable_subjects_serialize( return self.api_client.param_serialize( method="GET", - resource_path="/v2/bff/{resourceType}/{resourceId}/assignableSubjects", + resource_path="/v2/{resourceType}/{resourceId}/roles/{roleId}", path_params=_path_params, query_params=_query_params, header_params=_header_params, @@ -2162,3 +2988,291 @@ def _remove_members_serialize( _host=_host, _request_auth=_request_auth, ) + + @validate_call + def update_role( + self, + resource_type: StrictStr, + resource_id: StrictStr, + role_id: StrictStr, + update_role_payload: UpdateRolePayload, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[Annotated[StrictFloat, Field(gt=0)], Annotated[StrictFloat, Field(gt=0)]], + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> UpdateRoleResponse: + """Update an existing role + + Update a custom role by ID. + + :param resource_type: (required) + :type resource_type: str + :param resource_id: (required) + :type resource_id: str + :param role_id: (required) + :type role_id: str + :param update_role_payload: (required) + :type update_role_payload: UpdateRolePayload + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._update_role_serialize( + resource_type=resource_type, + resource_id=resource_id, + role_id=role_id, + update_role_payload=update_role_payload, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index, + ) + + _response_types_map: Dict[str, Optional[str]] = { + "200": "UpdateRoleResponse", + "400": "ErrorResponse", + "401": "ErrorResponse", + "403": "ErrorResponse", + } + response_data = self.api_client.call_api(*_param, _request_timeout=_request_timeout) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ).data + + @validate_call + def update_role_with_http_info( + self, + resource_type: StrictStr, + resource_id: StrictStr, + role_id: StrictStr, + update_role_payload: UpdateRolePayload, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[Annotated[StrictFloat, Field(gt=0)], Annotated[StrictFloat, Field(gt=0)]], + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> ApiResponse[UpdateRoleResponse]: + """Update an existing role + + Update a custom role by ID. + + :param resource_type: (required) + :type resource_type: str + :param resource_id: (required) + :type resource_id: str + :param role_id: (required) + :type role_id: str + :param update_role_payload: (required) + :type update_role_payload: UpdateRolePayload + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._update_role_serialize( + resource_type=resource_type, + resource_id=resource_id, + role_id=role_id, + update_role_payload=update_role_payload, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index, + ) + + _response_types_map: Dict[str, Optional[str]] = { + "200": "UpdateRoleResponse", + "400": "ErrorResponse", + "401": "ErrorResponse", + "403": "ErrorResponse", + } + response_data = self.api_client.call_api(*_param, _request_timeout=_request_timeout) + response_data.read() + return self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + + @validate_call + def update_role_without_preload_content( + self, + resource_type: StrictStr, + resource_id: StrictStr, + role_id: StrictStr, + update_role_payload: UpdateRolePayload, + _request_timeout: Union[ + None, + Annotated[StrictFloat, Field(gt=0)], + Tuple[Annotated[StrictFloat, Field(gt=0)], Annotated[StrictFloat, Field(gt=0)]], + ] = None, + _request_auth: Optional[Dict[StrictStr, Any]] = None, + _content_type: Optional[StrictStr] = None, + _headers: Optional[Dict[StrictStr, Any]] = None, + _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0, + ) -> RESTResponseType: + """Update an existing role + + Update a custom role by ID. + + :param resource_type: (required) + :type resource_type: str + :param resource_id: (required) + :type resource_id: str + :param role_id: (required) + :type role_id: str + :param update_role_payload: (required) + :type update_role_payload: UpdateRolePayload + :param _request_timeout: timeout setting for this request. If one + number provided, it will be total request + timeout. It can also be a pair (tuple) of + (connection, read) timeouts. + :type _request_timeout: int, tuple(int, int), optional + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the + authentication in the spec for a single request. + :type _request_auth: dict, optional + :param _content_type: force content-type for the request. + :type _content_type: str, Optional + :param _headers: set to override the headers for a single + request; this effectively ignores the headers + in the spec for a single request. + :type _headers: dict, optional + :param _host_index: set to override the host_index for a single + request; this effectively ignores the host_index + in the spec for a single request. + :type _host_index: int, optional + :return: Returns the result object. + """ # noqa: E501 + + _param = self._update_role_serialize( + resource_type=resource_type, + resource_id=resource_id, + role_id=role_id, + update_role_payload=update_role_payload, + _request_auth=_request_auth, + _content_type=_content_type, + _headers=_headers, + _host_index=_host_index, + ) + + _response_types_map: Dict[str, Optional[str]] = { + "200": "UpdateRoleResponse", + "400": "ErrorResponse", + "401": "ErrorResponse", + "403": "ErrorResponse", + } + response_data = self.api_client.call_api(*_param, _request_timeout=_request_timeout) + return response_data.response + + def _update_role_serialize( + self, + resource_type, + resource_id, + role_id, + update_role_payload, + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + _host = None + + _collection_formats: Dict[str, str] = {} + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]]] = {} + _body_params: Optional[bytes] = None + + # process the path parameters + if resource_type is not None: + _path_params["resourceType"] = resource_type + if resource_id is not None: + _path_params["resourceId"] = resource_id + if role_id is not None: + _path_params["roleId"] = role_id + # process the query parameters + # process the header parameters + # process the form parameters + # process the body parameter + if update_role_payload is not None: + _body_params = update_role_payload + + # set the HTTP header `Accept` + if "Accept" not in _header_params: + _header_params["Accept"] = self.api_client.select_header_accept(["application/json"]) + + # set the HTTP header `Content-Type` + if _content_type: + _header_params["Content-Type"] = _content_type + else: + _default_content_type = self.api_client.select_header_content_type(["application/json"]) + if _default_content_type is not None: + _header_params["Content-Type"] = _default_content_type + + # authentication setting + _auth_settings: List[str] = [] + + return self.api_client.param_serialize( + method="PUT", + resource_path="/v2/{resourceType}/{resourceId}/roles/{roleId}", + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth, + ) diff --git a/services/authorization/src/stackit/authorization/models/__init__.py b/services/authorization/src/stackit/authorization/models/__init__.py index 0b207a04..3ca762f1 100644 --- a/services/authorization/src/stackit/authorization/models/__init__.py +++ b/services/authorization/src/stackit/authorization/models/__init__.py @@ -14,10 +14,14 @@ # import models into model package +from stackit.authorization.models.add_custom_role_response import AddCustomRoleResponse from stackit.authorization.models.add_members_payload import AddMembersPayload +from stackit.authorization.models.add_role_payload import AddRolePayload from stackit.authorization.models.assignable_subject import AssignableSubject +from stackit.authorization.models.delete_role_response import DeleteRoleResponse from stackit.authorization.models.error_response import ErrorResponse from stackit.authorization.models.existing_permission import ExistingPermission +from stackit.authorization.models.get_role_response import GetRoleResponse from stackit.authorization.models.list_assignable_subjects_response import ( ListAssignableSubjectsResponse, ) @@ -34,9 +38,12 @@ from stackit.authorization.models.member import Member from stackit.authorization.models.members_response import MembersResponse from stackit.authorization.models.permission import Permission +from stackit.authorization.models.permission_request import PermissionRequest from stackit.authorization.models.remove_members_payload import RemoveMembersPayload from stackit.authorization.models.role import Role from stackit.authorization.models.roles_response import RolesResponse +from stackit.authorization.models.update_role_payload import UpdateRolePayload +from stackit.authorization.models.update_role_response import UpdateRoleResponse from stackit.authorization.models.user_membership import UserMembership from stackit.authorization.models.user_permission import UserPermission from stackit.authorization.models.zookie import Zookie diff --git a/services/authorization/src/stackit/authorization/models/add_custom_role_response.py b/services/authorization/src/stackit/authorization/models/add_custom_role_response.py new file mode 100644 index 00000000..6c35d314 --- /dev/null +++ b/services/authorization/src/stackit/authorization/models/add_custom_role_response.py @@ -0,0 +1,109 @@ +# coding: utf-8 + +""" + STACKIT Membership API + + The Membership API is used to manage memberships, roles and permissions of STACKIT resources, like projects, folders, organizations and other resources. + + The version of the OpenAPI document: 2.0 + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + +from __future__ import annotations + +import json +import pprint +import re # noqa: F401 +from typing import Any, ClassVar, Dict, List, Optional, Set + +from pydantic import BaseModel, ConfigDict, Field, field_validator +from typing_extensions import Annotated, Self + +from stackit.authorization.models.role import Role + + +class AddCustomRoleResponse(BaseModel): + """ + AddCustomRoleResponse + """ # noqa: E501 + + resource_id: Annotated[str, Field(strict=True)] = Field(alias="resourceId") + resource_type: Annotated[str, Field(strict=True)] = Field(alias="resourceType") + role: Role + __properties: ClassVar[List[str]] = ["resourceId", "resourceType", "role"] + + @field_validator("resource_id") + def resource_id_validate_regular_expression(cls, value): + """Validates the regular expression""" + if not re.match(r"^([a-zA-Z0-9\/_|\-=+@.]{1,})$", value): + raise ValueError(r"must validate the regular expression /^([a-zA-Z0-9\/_|\-=+@.]{1,})$/") + return value + + @field_validator("resource_type") + def resource_type_validate_regular_expression(cls, value): + """Validates the regular expression""" + if not re.match(r"^[a-z](?:-?[a-z]){1,63}$", value): + raise ValueError(r"must validate the regular expression /^[a-z](?:-?[a-z]){1,63}$/") + return value + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of AddCustomRoleResponse from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + """ + excluded_fields: Set[str] = set([]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of role + if self.role: + _dict["role"] = self.role.to_dict() + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of AddCustomRoleResponse from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate( + { + "resourceId": obj.get("resourceId"), + "resourceType": obj.get("resourceType"), + "role": Role.from_dict(obj["role"]) if obj.get("role") is not None else None, + } + ) + return _obj diff --git a/services/authorization/src/stackit/authorization/models/add_role_payload.py b/services/authorization/src/stackit/authorization/models/add_role_payload.py new file mode 100644 index 00000000..e339f504 --- /dev/null +++ b/services/authorization/src/stackit/authorization/models/add_role_payload.py @@ -0,0 +1,110 @@ +# coding: utf-8 + +""" + STACKIT Membership API + + The Membership API is used to manage memberships, roles and permissions of STACKIT resources, like projects, folders, organizations and other resources. + + The version of the OpenAPI document: 2.0 + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + +from __future__ import annotations + +import json +import pprint +import re # noqa: F401 +from typing import Any, ClassVar, Dict, List, Optional, Set + +from pydantic import BaseModel, ConfigDict, Field, field_validator +from typing_extensions import Annotated, Self + +from stackit.authorization.models.permission_request import PermissionRequest + + +class AddRolePayload(BaseModel): + """ + AddRolePayload + """ # noqa: E501 + + description: Annotated[str, Field(min_length=1, strict=True, max_length=255)] + name: Annotated[str, Field(strict=True)] + permissions: List[PermissionRequest] + __properties: ClassVar[List[str]] = ["description", "name", "permissions"] + + @field_validator("name") + def name_validate_regular_expression(cls, value): + """Validates the regular expression""" + if not re.match(r"^[a-z](?:[-.]?[a-z]){1,63}$", value): + raise ValueError(r"must validate the regular expression /^[a-z](?:[-.]?[a-z]){1,63}$/") + return value + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of AddRolePayload from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + """ + excluded_fields: Set[str] = set([]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of each item in permissions (list) + _items = [] + if self.permissions: + for _item in self.permissions: + if _item: + _items.append(_item.to_dict()) + _dict["permissions"] = _items + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of AddRolePayload from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate( + { + "description": obj.get("description"), + "name": obj.get("name"), + "permissions": ( + [PermissionRequest.from_dict(_item) for _item in obj["permissions"]] + if obj.get("permissions") is not None + else None + ), + } + ) + return _obj diff --git a/services/authorization/src/stackit/authorization/models/delete_role_response.py b/services/authorization/src/stackit/authorization/models/delete_role_response.py new file mode 100644 index 00000000..e1b097ae --- /dev/null +++ b/services/authorization/src/stackit/authorization/models/delete_role_response.py @@ -0,0 +1,88 @@ +# coding: utf-8 + +""" + STACKIT Membership API + + The Membership API is used to manage memberships, roles and permissions of STACKIT resources, like projects, folders, organizations and other resources. + + The version of the OpenAPI document: 2.0 + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + +from __future__ import annotations + +import json +import pprint +from typing import Any, ClassVar, Dict, List, Optional, Set + +from pydantic import BaseModel, ConfigDict, Field +from typing_extensions import Self + +from stackit.authorization.models.zookie import Zookie + + +class DeleteRoleResponse(BaseModel): + """ + DeleteRoleResponse + """ # noqa: E501 + + written_at: Zookie = Field(alias="writtenAt") + __properties: ClassVar[List[str]] = ["writtenAt"] + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of DeleteRoleResponse from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + """ + excluded_fields: Set[str] = set([]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of written_at + if self.written_at: + _dict["writtenAt"] = self.written_at.to_dict() + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of DeleteRoleResponse from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate( + {"writtenAt": Zookie.from_dict(obj["writtenAt"]) if obj.get("writtenAt") is not None else None} + ) + return _obj diff --git a/services/authorization/src/stackit/authorization/models/get_role_response.py b/services/authorization/src/stackit/authorization/models/get_role_response.py new file mode 100644 index 00000000..e4b3bb38 --- /dev/null +++ b/services/authorization/src/stackit/authorization/models/get_role_response.py @@ -0,0 +1,109 @@ +# coding: utf-8 + +""" + STACKIT Membership API + + The Membership API is used to manage memberships, roles and permissions of STACKIT resources, like projects, folders, organizations and other resources. + + The version of the OpenAPI document: 2.0 + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + +from __future__ import annotations + +import json +import pprint +import re # noqa: F401 +from typing import Any, ClassVar, Dict, List, Optional, Set + +from pydantic import BaseModel, ConfigDict, Field, field_validator +from typing_extensions import Annotated, Self + +from stackit.authorization.models.role import Role + + +class GetRoleResponse(BaseModel): + """ + GetRoleResponse + """ # noqa: E501 + + resource_id: Annotated[str, Field(strict=True)] = Field(alias="resourceId") + resource_type: Annotated[str, Field(strict=True)] = Field(alias="resourceType") + role: Role + __properties: ClassVar[List[str]] = ["resourceId", "resourceType", "role"] + + @field_validator("resource_id") + def resource_id_validate_regular_expression(cls, value): + """Validates the regular expression""" + if not re.match(r"^([a-zA-Z0-9\/_|\-=+@.]{1,})$", value): + raise ValueError(r"must validate the regular expression /^([a-zA-Z0-9\/_|\-=+@.]{1,})$/") + return value + + @field_validator("resource_type") + def resource_type_validate_regular_expression(cls, value): + """Validates the regular expression""" + if not re.match(r"^[a-z](?:-?[a-z]){1,63}$", value): + raise ValueError(r"must validate the regular expression /^[a-z](?:-?[a-z]){1,63}$/") + return value + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of GetRoleResponse from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + """ + excluded_fields: Set[str] = set([]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of role + if self.role: + _dict["role"] = self.role.to_dict() + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of GetRoleResponse from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate( + { + "resourceId": obj.get("resourceId"), + "resourceType": obj.get("resourceType"), + "role": Role.from_dict(obj["role"]) if obj.get("role") is not None else None, + } + ) + return _obj diff --git a/services/authorization/src/stackit/authorization/models/permission_request.py b/services/authorization/src/stackit/authorization/models/permission_request.py new file mode 100644 index 00000000..2e3d910e --- /dev/null +++ b/services/authorization/src/stackit/authorization/models/permission_request.py @@ -0,0 +1,89 @@ +# coding: utf-8 + +""" + STACKIT Membership API + + The Membership API is used to manage memberships, roles and permissions of STACKIT resources, like projects, folders, organizations and other resources. + + The version of the OpenAPI document: 2.0 + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + +from __future__ import annotations + +import json +import pprint +import re # noqa: F401 +from typing import Any, ClassVar, Dict, List, Optional, Set + +from pydantic import BaseModel, ConfigDict, Field, field_validator +from typing_extensions import Annotated, Self + + +class PermissionRequest(BaseModel): + """ + PermissionRequest + """ # noqa: E501 + + name: Annotated[str, Field(strict=True, max_length=255)] + __properties: ClassVar[List[str]] = ["name"] + + @field_validator("name") + def name_validate_regular_expression(cls, value): + """Validates the regular expression""" + if not re.match(r"^[a-z](?:[-.]?[a-z]){1,63}$", value): + raise ValueError(r"must validate the regular expression /^[a-z](?:[-.]?[a-z]){1,63}$/") + return value + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of PermissionRequest from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + """ + excluded_fields: Set[str] = set([]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of PermissionRequest from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate({"name": obj.get("name")}) + return _obj diff --git a/services/authorization/src/stackit/authorization/models/update_role_payload.py b/services/authorization/src/stackit/authorization/models/update_role_payload.py new file mode 100644 index 00000000..59c70f28 --- /dev/null +++ b/services/authorization/src/stackit/authorization/models/update_role_payload.py @@ -0,0 +1,112 @@ +# coding: utf-8 + +""" + STACKIT Membership API + + The Membership API is used to manage memberships, roles and permissions of STACKIT resources, like projects, folders, organizations and other resources. + + The version of the OpenAPI document: 2.0 + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + +from __future__ import annotations + +import json +import pprint +import re # noqa: F401 +from typing import Any, ClassVar, Dict, List, Optional, Set + +from pydantic import BaseModel, ConfigDict, Field, StrictStr, field_validator +from typing_extensions import Annotated, Self + +from stackit.authorization.models.permission_request import PermissionRequest + + +class UpdateRolePayload(BaseModel): + """ + UpdateRolePayload + """ # noqa: E501 + + description: Annotated[str, Field(min_length=1, strict=True, max_length=255)] + etag: Optional[StrictStr] = None + name: Annotated[str, Field(strict=True)] + permissions: List[PermissionRequest] + __properties: ClassVar[List[str]] = ["description", "etag", "name", "permissions"] + + @field_validator("name") + def name_validate_regular_expression(cls, value): + """Validates the regular expression""" + if not re.match(r"^[a-z](?:[-.]?[a-z]){1,63}$", value): + raise ValueError(r"must validate the regular expression /^[a-z](?:[-.]?[a-z]){1,63}$/") + return value + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of UpdateRolePayload from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + """ + excluded_fields: Set[str] = set([]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of each item in permissions (list) + _items = [] + if self.permissions: + for _item in self.permissions: + if _item: + _items.append(_item.to_dict()) + _dict["permissions"] = _items + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of UpdateRolePayload from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate( + { + "description": obj.get("description"), + "etag": obj.get("etag"), + "name": obj.get("name"), + "permissions": ( + [PermissionRequest.from_dict(_item) for _item in obj["permissions"]] + if obj.get("permissions") is not None + else None + ), + } + ) + return _obj diff --git a/services/authorization/src/stackit/authorization/models/update_role_response.py b/services/authorization/src/stackit/authorization/models/update_role_response.py new file mode 100644 index 00000000..72331a0a --- /dev/null +++ b/services/authorization/src/stackit/authorization/models/update_role_response.py @@ -0,0 +1,109 @@ +# coding: utf-8 + +""" + STACKIT Membership API + + The Membership API is used to manage memberships, roles and permissions of STACKIT resources, like projects, folders, organizations and other resources. + + The version of the OpenAPI document: 2.0 + Generated by OpenAPI Generator (https://openapi-generator.tech) + + Do not edit the class manually. +""" # noqa: E501 + +from __future__ import annotations + +import json +import pprint +import re # noqa: F401 +from typing import Any, ClassVar, Dict, List, Optional, Set + +from pydantic import BaseModel, ConfigDict, Field, field_validator +from typing_extensions import Annotated, Self + +from stackit.authorization.models.role import Role + + +class UpdateRoleResponse(BaseModel): + """ + UpdateRoleResponse + """ # noqa: E501 + + resource_id: Annotated[str, Field(strict=True)] = Field(alias="resourceId") + resource_type: Annotated[str, Field(strict=True)] = Field(alias="resourceType") + role: Role + __properties: ClassVar[List[str]] = ["resourceId", "resourceType", "role"] + + @field_validator("resource_id") + def resource_id_validate_regular_expression(cls, value): + """Validates the regular expression""" + if not re.match(r"^([a-zA-Z0-9\/_|\-=+@.]{1,})$", value): + raise ValueError(r"must validate the regular expression /^([a-zA-Z0-9\/_|\-=+@.]{1,})$/") + return value + + @field_validator("resource_type") + def resource_type_validate_regular_expression(cls, value): + """Validates the regular expression""" + if not re.match(r"^[a-z](?:-?[a-z]){1,63}$", value): + raise ValueError(r"must validate the regular expression /^[a-z](?:-?[a-z]){1,63}$/") + return value + + model_config = ConfigDict( + populate_by_name=True, + validate_assignment=True, + protected_namespaces=(), + ) + + def to_str(self) -> str: + """Returns the string representation of the model using alias""" + return pprint.pformat(self.model_dump(by_alias=True)) + + def to_json(self) -> str: + """Returns the JSON representation of the model using alias""" + # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead + return json.dumps(self.to_dict()) + + @classmethod + def from_json(cls, json_str: str) -> Optional[Self]: + """Create an instance of UpdateRoleResponse from a JSON string""" + return cls.from_dict(json.loads(json_str)) + + def to_dict(self) -> Dict[str, Any]: + """Return the dictionary representation of the model using alias. + + This has the following differences from calling pydantic's + `self.model_dump(by_alias=True)`: + + * `None` is only added to the output dict for nullable fields that + were set at model initialization. Other fields with value `None` + are ignored. + """ + excluded_fields: Set[str] = set([]) + + _dict = self.model_dump( + by_alias=True, + exclude=excluded_fields, + exclude_none=True, + ) + # override the default output from pydantic by calling `to_dict()` of role + if self.role: + _dict["role"] = self.role.to_dict() + return _dict + + @classmethod + def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]: + """Create an instance of UpdateRoleResponse from a dict""" + if obj is None: + return None + + if not isinstance(obj, dict): + return cls.model_validate(obj) + + _obj = cls.model_validate( + { + "resourceId": obj.get("resourceId"), + "resourceType": obj.get("resourceType"), + "role": Role.from_dict(obj["role"]) if obj.get("role") is not None else None, + } + ) + return _obj