def update_tenant(self,
tenant_id,
display_name=None,
allow_password_sign_up=None,
enable_email_link_sign_in=None):
"""Updates the specified tenant with the given parameters."""
if not isinstance(tenant_id, str) or not tenant_id:
raise ValueError('Tenant ID must be a non-empty string.')
payload = {}
if display_name is not None:
payload['displayName'] = _validate_display_name(display_name)
if allow_password_sign_up is not None:
payload['allowPasswordSignup'] = _auth_utils.validate_boolean(
allow_password_sign_up, 'allowPasswordSignup')
if enable_email_link_sign_in is not None:
payload['enableEmailLinkSignin'] = _auth_utils.validate_boolean(
enable_email_link_sign_in, 'enableEmailLinkSignin')
if not payload:
raise ValueError(
'At least one parameter must be specified for update.')
url = '/tenants/{0}'.format(tenant_id)
update_mask = ','.join(_auth_utils.build_update_mask(payload))
params = 'updateMask={0}'.format(update_mask)
try:
body = self.client.body('patch', url, json=payload, params=params)
except requests.exceptions.RequestException as error:
raise _auth_utils.handle_auth_backend_error(error)
else:
return Tenant(body)
def update_oidc_provider_config(self,
provider_id,
client_id=None,
issuer=None,
display_name=None,
enabled=None,
client_secret=None,
id_token_response_type=None,
code_response_type=None):
"""Updates an existing OIDC provider config with the given parameters."""
_validate_oidc_provider_id(provider_id)
req = {}
if display_name is not None:
if display_name == _user_mgt.DELETE_ATTRIBUTE:
req['displayName'] = None
else:
req['displayName'] = _auth_utils.validate_string(
display_name, 'display_name')
if enabled is not None:
req['enabled'] = _auth_utils.validate_boolean(enabled, 'enabled')
if client_id:
req['clientId'] = _validate_non_empty_string(
client_id, 'client_id')
if issuer:
req['issuer'] = _validate_url(issuer, 'issuer')
response_type = {}
if id_token_response_type is False and code_response_type is False:
raise ValueError('At least one response type must be returned.')
if id_token_response_type is not None:
response_type['idToken'] = _auth_utils.validate_boolean(
id_token_response_type, 'id_token_response_type')
if code_response_type is not None:
response_type['code'] = _auth_utils.validate_boolean(
code_response_type, 'code_response_type')
if code_response_type:
req['clientSecret'] = _validate_non_empty_string(
client_secret, 'client_secret')
if response_type:
req['responseType'] = response_type
if not req:
raise ValueError(
'At least one parameter must be specified for update.')
update_mask = _auth_utils.build_update_mask(req)
params = 'updateMask={0}'.format(','.join(update_mask))
url = '/oauthIdpConfigs/{0}'.format(provider_id)
body = self._make_request('patch', url, json=req, params=params)
return OIDCProviderConfig(body)
def create_oidc_provider_config(self,
provider_id,
client_id,
issuer,
display_name=None,
enabled=None,
client_secret=None,
id_token_response_type=None,
code_response_type=None):
"""Creates a new OIDC provider config from the given parameters."""
_validate_oidc_provider_id(provider_id)
req = {
'clientId': _validate_non_empty_string(client_id, 'client_id'),
'issuer': _validate_url(issuer, 'issuer'),
}
if display_name is not None:
req['displayName'] = _auth_utils.validate_string(
display_name, 'display_name')
if enabled is not None:
req['enabled'] = _auth_utils.validate_boolean(enabled, 'enabled')
response_type = {}
if id_token_response_type is False and code_response_type is False:
raise ValueError('At least one response type must be returned.')
if id_token_response_type is not None:
response_type['idToken'] = _auth_utils.validate_boolean(
id_token_response_type, 'id_token_response_type')
if code_response_type is not None:
response_type['code'] = _auth_utils.validate_boolean(
code_response_type, 'code_response_type')
if code_response_type:
req['clientSecret'] = _validate_non_empty_string(
client_secret, 'client_secret')
if response_type:
req['responseType'] = response_type
params = 'oauthIdpConfigId={0}'.format(provider_id)
body = self._make_request('post',
'/oauthIdpConfigs',
json=req,
params=params)
return OIDCProviderConfig(body)
def create_tenant(self,
display_name,
allow_password_sign_up=None,
enable_email_link_sign_in=None):
"""Creates a new tenant from the given parameters."""
payload = {'displayName': _validate_display_name(display_name)}
if allow_password_sign_up is not None:
payload['allowPasswordSignup'] = _auth_utils.validate_boolean(
allow_password_sign_up, 'allowPasswordSignup')
if enable_email_link_sign_in is not None:
payload['enableEmailLinkSignin'] = _auth_utils.validate_boolean(
enable_email_link_sign_in, 'enableEmailLinkSignin')
try:
body = self.client.body('post', '/tenants', json=payload)
except requests.exceptions.RequestException as error:
raise _auth_utils.handle_auth_backend_error(error)
else:
return Tenant(body)
def update_saml_provider_config(self,
provider_id,
idp_entity_id=None,
sso_url=None,
x509_certificates=None,
rp_entity_id=None,
callback_url=None,
display_name=None,
enabled=None):
"""Updates an existing SAML provider config with the given parameters."""
_validate_saml_provider_id(provider_id)
idp_config = {}
if idp_entity_id is not None:
idp_config['idpEntityId'] = _validate_non_empty_string(
idp_entity_id, 'idp_entity_id')
if sso_url is not None:
idp_config['ssoUrl'] = _validate_url(sso_url, 'sso_url')
if x509_certificates is not None:
idp_config['idpCertificates'] = _validate_x509_certificates(
x509_certificates)
sp_config = {}
if rp_entity_id is not None:
sp_config['spEntityId'] = _validate_non_empty_string(
rp_entity_id, 'rp_entity_id')
if callback_url is not None:
sp_config['callbackUri'] = _validate_url(callback_url,
'callback_url')
req = {}
if display_name is not None:
if display_name == _user_mgt.DELETE_ATTRIBUTE:
req['displayName'] = None
else:
req['displayName'] = _auth_utils.validate_string(
display_name, 'display_name')
if enabled is not None:
req['enabled'] = _auth_utils.validate_boolean(enabled, 'enabled')
if idp_config:
req['idpConfig'] = idp_config
if sp_config:
req['spConfig'] = sp_config
if not req:
raise ValueError(
'At least one parameter must be specified for update.')
update_mask = _auth_utils.build_update_mask(req)
params = 'updateMask={0}'.format(','.join(update_mask))
url = '/inboundSamlConfigs/{0}'.format(provider_id)
body = self._make_request('patch', url, json=req, params=params)
return SAMLProviderConfig(body)
def create_oidc_provider_config(
self, provider_id, client_id, issuer, display_name=None, enabled=None):
"""Creates a new OIDC provider config from the given parameters."""
_validate_oidc_provider_id(provider_id)
req = {
'clientId': _validate_non_empty_string(client_id, 'client_id'),
'issuer': _validate_url(issuer, 'issuer'),
}
if display_name is not None:
req['displayName'] = _auth_utils.validate_string(display_name, 'display_name')
if enabled is not None:
req['enabled'] = _auth_utils.validate_boolean(enabled, 'enabled')
params = 'oauthIdpConfigId={0}'.format(provider_id)
body = self._make_request('post', '/oauthIdpConfigs', json=req, params=params)
return OIDCProviderConfig(body)
def create_saml_provider_config(self,
provider_id,
idp_entity_id,
sso_url,
x509_certificates,
rp_entity_id,
callback_url,
display_name=None,
enabled=None):
"""Creates a new SAML provider config from the given parameters."""
_validate_saml_provider_id(provider_id)
req = {
'idpConfig': {
'idpEntityId':
_validate_non_empty_string(idp_entity_id, 'idp_entity_id'),
'ssoUrl':
_validate_url(sso_url, 'sso_url'),
'idpCertificates':
_validate_x509_certificates(x509_certificates),
},
'spConfig': {
'spEntityId':
_validate_non_empty_string(rp_entity_id, 'rp_entity_id'),
'callbackUri':
_validate_url(callback_url, 'callback_url'),
},
}
if display_name is not None:
req['displayName'] = _auth_utils.validate_string(
display_name, 'display_name')
if enabled is not None:
req['enabled'] = _auth_utils.validate_boolean(enabled, 'enabled')
params = 'inboundSamlConfigId={0}'.format(provider_id)
body = self._make_request('post',
'/inboundSamlConfigs',
json=req,
params=params)
return SAMLProviderConfig(body)