From 7275ba327792fbfa29633a1b54de83f1c8846523 Mon Sep 17 00:00:00 2001 From: Wenchong Hu Date: Mon, 17 Mar 2025 09:03:05 -0700 Subject: [PATCH 1/5] Add create jwt function to get_jwt --- confidant_client/__init__.py | 5 ++++- confidant_client/cli.py | 8 +++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/confidant_client/__init__.py b/confidant_client/__init__.py index 469408a..1a93ce9 100644 --- a/confidant_client/__init__.py +++ b/confidant_client/__init__.py @@ -504,11 +504,14 @@ def update_credential( ret['result'] = True return ret - def get_jwt(self, environment, resource_id): + def get_jwt(self, environment, resource_id, expiry): ret = {'result': False} url = '{0}/v1/jwks/token'.format(self.config['url']) if resource_id: url += '/{0}'.format(resource_id) + + if expiry: + url += '/{0}'.format(expiry) try: response = self._execute_request( diff --git a/confidant_client/cli.py b/confidant_client/cli.py index 4e68b4e..2382b4a 100644 --- a/confidant_client/cli.py +++ b/confidant_client/cli.py @@ -598,6 +598,12 @@ def _parse_args(): dest='resource_id', default=None, ) + get_jwt.add_argument( + '--expiry', + type=int, + dest='expiry', + default=None, + ) return parser.parse_args() @@ -795,7 +801,7 @@ def main(): logging.exception('An unexpected general error occurred.') elif args.subcommand == 'get_jwt': try: - ret = client.get_jwt(args.environment, args.resource_id) + ret = client.get_jwt(args.environment, args.resource_id, args.expiry) except Exception: logging.exception('An unexpected general error occurred.') From 0f5e5785449151b45e990b2f2c33a40c0c481e5a Mon Sep 17 00:00:00 2001 From: Wenchong Hu Date: Mon, 17 Mar 2025 09:04:47 -0700 Subject: [PATCH 2/5] Update README.md --- README.md | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/README.md b/README.md index c25a367..9d3b772 100644 --- a/README.md +++ b/README.md @@ -10,28 +10,3 @@ Docs * [Configuration](https://lyft.github.io/confidant/configuration) * [Usage](https://lyft.github.io/confidant/using_confidant) * [Contribution](https://lyft.github.io/confidant/contributing) - -Reporting security vulnerabilities ----------------------------------- - -If you've found a vulnerability or a potential vulnerability in Confidant -please let us know at security@lyft.com. We'll send a confirmation email to -acknowledge your report, and we'll send an additional email when we've -identified the issue positively or negatively. - -Getting support or asking questions ------------------------------------ - -We have a mailing list for discussion, and a low volume list for announcements: - -* https://groups.google.com/forum/#!forum/confidant-users -* https://groups.google.com/forum/#!forum/confidant-announce - -We also have an IRC channel on freenode and a Gitter channel: - -* [#confidant](http://webchat.freenode.net/?channels=confidant) -* [lyft/confidant on Gitter](https://gitter.im/lyft/confidant) - -Feel free to drop into either Gitter or the IRC channel for any reason, even -if just to chat. It doesn't matter which one you join, the messages are sync'd -between the two. From 771a8f61f8e69b741287f7ea0bc22063030e8a4a Mon Sep 17 00:00:00 2001 From: Wenchong Hu Date: Mon, 17 Mar 2025 09:06:17 -0700 Subject: [PATCH 3/5] Update release version --- CHANGELOG.md | 4 ++++ setup.py | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 71fc8db..2a65795 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.6.4 + +* add create jwt function to get_jwt + ## 2.5.4 * add 403 as a valid response code for get_service call diff --git a/setup.py b/setup.py index 6312b59..29ecb89 100644 --- a/setup.py +++ b/setup.py @@ -18,7 +18,7 @@ setup( name="confidant-client", - version="2.5.4", + version="2.6.4", packages=find_packages(exclude=["test*"]), install_requires=[ # Boto3 is the Amazon Web Services (AWS) Software Development Kit (SDK) From e9ae70d0de596e65acf78516f7e30024c413fd39 Mon Sep 17 00:00:00 2001 From: Wenchong Hu Date: Mon, 17 Mar 2025 09:33:07 -0700 Subject: [PATCH 4/5] Fix test and lint --- confidant_client/__init__.py | 2 +- confidant_client/cli.py | 3 ++- tests/unit/confidant_client/client_test.py | 29 ++++++++++++++++++++-- 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/confidant_client/__init__.py b/confidant_client/__init__.py index 1a93ce9..f5640a2 100644 --- a/confidant_client/__init__.py +++ b/confidant_client/__init__.py @@ -509,7 +509,7 @@ def get_jwt(self, environment, resource_id, expiry): url = '{0}/v1/jwks/token'.format(self.config['url']) if resource_id: url += '/{0}'.format(resource_id) - + if expiry: url += '/{0}'.format(expiry) diff --git a/confidant_client/cli.py b/confidant_client/cli.py index 2382b4a..55783cf 100644 --- a/confidant_client/cli.py +++ b/confidant_client/cli.py @@ -801,7 +801,8 @@ def main(): logging.exception('An unexpected general error occurred.') elif args.subcommand == 'get_jwt': try: - ret = client.get_jwt(args.environment, args.resource_id, args.expiry) + ret = client.get_jwt(args.environment, args.resource_id, + args.expiry) except Exception: logging.exception('An unexpected general error occurred.') diff --git a/tests/unit/confidant_client/client_test.py b/tests/unit/confidant_client/client_test.py index 2612e39..49cd2be 100644 --- a/tests/unit/confidant_client/client_test.py +++ b/tests/unit/confidant_client/client_test.py @@ -876,7 +876,7 @@ def test_get_jwt_no_resource(self): client.request_session.request = mock_200 self.assertEqual( - client.get_jwt('development', None), + client.get_jwt('development', None, None), {'result': True} ) client.request_session.request.assert_called_with( @@ -901,7 +901,7 @@ def test_get_jwt(self): client.request_session.request = mock_200 self.assertEqual( - client.get_jwt('development', 'test-resource'), + client.get_jwt('development', 'test-resource', None), {'result': True} ) client.request_session.request.assert_called_with( @@ -912,3 +912,28 @@ def test_get_jwt(self): timeout=5, params={'environment': 'development'}, ) + + def test_get_jwt_creation(self): + client = confidant_client.ConfidantClient( + 'http://localhost', + 'alias/authnz-testing', + {'from': 'confidant-unittest', + 'to': 'test', + 'user_type': 'service'}, + ) + token_mock = MagicMock() + client._get_token = token_mock + client.request_session.request = mock_200 + + self.assertEqual( + client.get_jwt('development', 'test-resource', 3600), + {'result': True} + ) + client.request_session.request.assert_called_with( + 'GET', + 'http://localhost/v1/jwks/token/test-resource/3600', + auth=('2/service/confidant-unittest', token_mock()), + allow_redirects=False, + timeout=5, + params={'environment': 'development'}, + ) From 546c4a1b6a24f5808e3de25b239a0b90fd0c0f82 Mon Sep 17 00:00:00 2001 From: Wenchong Hu Date: Mon, 17 Mar 2025 12:22:55 -0700 Subject: [PATCH 5/5] Add a help to get_jwt expiry argument --- confidant_client/cli.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/confidant_client/cli.py b/confidant_client/cli.py index 55783cf..57ab1bf 100644 --- a/confidant_client/cli.py +++ b/confidant_client/cli.py @@ -597,12 +597,14 @@ def _parse_args(): type=str, dest='resource_id', default=None, + help='The actual name of the resource to generate a JWT for', ) get_jwt.add_argument( '--expiry', type=int, dest='expiry', default=None, + help='The expiry of the JWT in seconds', ) return parser.parse_args()