Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added create service method #619

Merged
merged 11 commits into from
Dec 13, 2023
Prev Previous commit
Next Next commit
add service account from context
  • Loading branch information
Thomas Morris committed Dec 12, 2023
commit 367fdb74b1aca811a15e4b09f6f120b14d832adb
23 changes: 23 additions & 0 deletions tiled/_tests/test_authentication.py
Original file line number Diff line number Diff line change
@@ -554,6 +554,29 @@ def test_admin_api_key_any_principal(
context.http_client.get(resource).raise_for_status()


def test_admin_create_service_principal(enter_password, principals_context):
"""
Admin can create service accounts with API keys.
"""
with principals_context["context"] as context:
# Log in as Alice, create and use API key after logout
with enter_password("secret1"):
context.authenticate(username="alice")

assert context.whoami()["type"] == "user"

principal_info = context.admin.create_service_principal(role="user")
danielballan marked this conversation as resolved.
Show resolved Hide resolved
principal_uuid = principal_info["uuid"]

service_api_key_info = context.admin.create_api_key_other_principal(
principal_uuid
)
context.logout()

context.api_key = service_api_key_info["secret"]
assert context.whoami()["type"] == "service"


def test_admin_api_key_any_principal_exceeds_scopes(enter_password, principals_context):
"""
Admin cannot create API key that exceeds scopes for another principal.
20 changes: 20 additions & 0 deletions tiled/client/context.py
Original file line number Diff line number Diff line change
@@ -793,6 +793,26 @@ def create_api_key_other_principal(
)
).json()

def create_service_principal(
self,
role,
):
"""
Generate a new service principal.

Parameters
----------
role : str
Specify the role (e.g. user or admin)
"""
return handle_error(
self.context.http_client.post(
f"{self.base_url}/auth/principal",
headers={"Accept": MSGPACK_MIME_TYPE},
params={"role": role},
)
).json()


class CannotPrompt(Exception):
pass