Skip to content

Commit

Permalink
feat: handle allowedIPs parameters in CK building
Browse files Browse the repository at this point in the history
Signed-off-by: Adrien Barreau <adrien.barreau@ovhcloud.com>
  • Loading branch information
deathiop committed Jun 7, 2024
1 parent 1bffec6 commit 4b0ee2e
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 10 deletions.
20 changes: 14 additions & 6 deletions ovh/client.py
Original file line number Diff line number Diff line change
Expand Up @@ -228,14 +228,15 @@ def new_consumer_key_request(self):
""" # noqa:E501
return ConsumerKeyRequest(self)

def request_consumerkey(self, access_rules, redirect_url=None):
def request_consumerkey(self, access_rules, redirect_url=None, allowedIPs=None):
"""
Create a new "consumer key" identifying this application's end user. API
will return a ``consumerKey`` and a ``validationUrl``. The end user must
visit the ``validationUrl``, authenticate and validate the requested
``access_rules`` to link his account to the ``consumerKey``. Once this
is done, he may optionally be redirected to ``redirect_url`` and the
application can start using the ``consumerKey``.
application can start using the ``consumerKey``. If adding an ``allowedIPs``
parameter, the generated credentials will only be usable from these IPs.
The new ``consumerKey`` is automatically loaded into
``self._consumer_key`` and is ready to used as soon as validated.
Expand Down Expand Up @@ -270,7 +271,7 @@ def request_consumerkey(self, access_rules, redirect_url=None):
]
# Request token
validation = client.request_consumerkey(access_rules)
validation = client.request_consumerkey(access_rules, redirect_url="https://optional-redirect-url.example.org", allowedIPs=["127.0.0.1/32"])
print("Please visit", validation['validationUrl'], "to authenticate")
input("and press Enter to continue...")
Expand All @@ -280,12 +281,19 @@ def request_consumerkey(self, access_rules, redirect_url=None):
:param list access_rules: Mapping specifying requested privileges.
:param str redirect_url: Where to redirect end user upon validation.
:param str redirect_url: Where to redirect end user upon validation (optional).
:param list allowedIPs: CIDRs that will be allowed to use these credentials (optional).
:raises APIError: When ``self.call`` fails.
:returns: dict with ``consumerKey`` and ``validationUrl`` keys
:rtype: dict
"""
res = self.post("/auth/credential", _need_auth=False, accessRules=access_rules, redirection=redirect_url)
""" # noqa:E501
res = self.post(
"/auth/credential",
_need_auth=False,
accessRules=access_rules,
redirection=redirect_url,
allowedIPs=allowedIPs,
)
self._consumer_key = res["consumerKey"]
return res

Expand Down
4 changes: 2 additions & 2 deletions ovh/consumer_key.py
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ def __init__(self, client):
self._client = client
self._access_rules = []

def request(self, redirect_url=None):
def request(self, redirect_url=None, allowedIPs=None):
"""
Create the consumer key with the configures autorizations. The user will
need to validate it before it can be used with the API
Expand All @@ -73,7 +73,7 @@ def request(self, redirect_url=None):
'validationUrl': 'https://eu.api.ovh.com/auth/?credentialToken=now2OOAVO4Wp6t7bemyN9DMWIobhGjFNZSHmixtVJM4S7mzjkN2L5VBfG96Iy1i0'
}
""" # noqa: E501
return self._client.request_consumerkey(self._access_rules, redirect_url)
return self._client.request_consumerkey(self._access_rules, redirect_url, allowedIPs)

def add_rule(self, method, path):
"""
Expand Down
3 changes: 2 additions & 1 deletion tests/test_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -77,14 +77,15 @@ def test_time_delta(self, m_call, m_time):
@mock.patch.object(Client, "call", return_value={"consumerKey": "CK"})
def test_request_consumerkey(self, m_call):
api = Client("ovh-eu")
ret = api.request_consumerkey([{"method": "GET", "path": "/"}], "https://example.com")
ret = api.request_consumerkey([{"method": "GET", "path": "/"}], "https://example.com", ["127.0.0.1/32"])

m_call.assert_called_once_with(
"POST",
"/auth/credential",
{
"redirection": "https://example.com",
"accessRules": [{"method": "GET", "path": "/"}],
"allowedIPs": ["127.0.0.1/32"],
},
False,
)
Expand Down
2 changes: 1 addition & 1 deletion tests/test_consumer_key.py
Original file line number Diff line number Diff line change
Expand Up @@ -86,4 +86,4 @@ def test_add_rules(self):
ck._access_rules = []
ck.add_recursive_rules(ovh.API_READ_WRITE, "/")
assert ck.request() is m_client.request_consumerkey.return_value
m_client.request_consumerkey.assert_called_once_with(ck._access_rules, None)
m_client.request_consumerkey.assert_called_once_with(ck._access_rules, None, None)

0 comments on commit 4b0ee2e

Please sign in to comment.