diff --git a/.flake8 b/.flake8 index 3dc07bd2..6ff61ce3 100644 --- a/.flake8 +++ b/.flake8 @@ -12,4 +12,4 @@ ignore = E402 statistics = True doctests = True -exclude = pyspiffe/src/pyspiffe/proto +exclude = spiffe/src/spiffe/proto diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b6a17624..726ad3b2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,11 +1,11 @@ version: 2 updates: - package-ecosystem: "pip" - directory: "/pyspiffe" + directory: "/spiffe" schedule: interval: "daily" - package-ecosystem: "pip" - directory: "/pyspiffe-tls" + directory: "/spiffe-tls" schedule: interval: "daily" diff --git a/Makefile b/Makefile index b365f8e1..202f99df 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ -# Root Makefile for managing pyspiffe modules +# Root Makefile for managing spiffe modules # Define module directories -CORE_DIR=./pyspiffe -TLS_DIR=./pyspiffe-tls +CORE_DIR=./spiffe +TLS_DIR=./spiffe-tls .DEFAULT_GOAL := help diff --git a/README.md b/README.md index 3f2967c7..990da1f4 100644 --- a/README.md +++ b/README.md @@ -7,20 +7,19 @@ structured into two main modules: ## Modules -### [pyspiffe](pyspiffe/README.md) +### [spiffe](spiffe/README.md) -`pyspiffe` is the foundational module of the `py-spiffe` library, offering key functionalities around SPIFFE -specification, including the Workload API client implementation, and handling of SVIDs (SPIFFE Verifiable Identity -Documents). +The `spiffe` module is the core of the `py-spiffe` library, implementing the SPIFFE specification. It provides +functionality for managing SPIFFE identities, including the Workload API client and automatic handling of X.509 and +JWT SVIDs. This module simplifies working with SPIFFE identities by automating SVID fetching and renewal. -### [pyspiffe-tls (In Development)](pyspiffe-tls/README.md) +### [spiffe-tls (In Development)](spiffe-tls/README.md) -The `pyspiffe-tls` module, currently in development, is planned to provide TLS utilities that facilitate the easy -integration of SPIFFE identities into the TLS workflows of Python applications. This module will offer features such as -mutual TLS (mTLS) support, certificate validation, and automatic SVID fetching and renewal, aimed at simplifying secure -service-to-service communication using SPIFFE identities. +The `spiffe-tls` module, currently in development, will offer TLS utilities for Python applications. It aims to simplify +the use of SPIFFE identities in TLS contexts, including mutual TLS support and certificate validation. This module will +enhance secure communication by leveraging SPIFFE identities for authentication. ## Contributing -Contributions to both `pyspiffe` and the `pyspiffe-tls` modules are welcome! Please see +Contributions to both `spiffe` and the `spiffe-tls` modules are welcome! Please see our [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines on how to contribute to the project. diff --git a/pyspiffe/src/pyspiffe/proto/workload_pb2.py b/pyspiffe/src/pyspiffe/proto/workload_pb2.py deleted file mode 100644 index afbb55b8..00000000 --- a/pyspiffe/src/pyspiffe/proto/workload_pb2.py +++ /dev/null @@ -1,63 +0,0 @@ -# -*- coding: utf-8 -*- -# Generated by the protocol buffer compiler. DO NOT EDIT! -# source: workload.proto -# Protobuf Python Version: 4.25.1 -"""Generated protocol buffer code.""" -from google.protobuf import descriptor as _descriptor -from google.protobuf import descriptor_pool as _descriptor_pool -from google.protobuf import symbol_database as _symbol_database -from google.protobuf.internal import builder as _builder -# @@protoc_insertion_point(imports) - -_sym_db = _symbol_database.Default() - - -from google.protobuf import struct_pb2 as google_dot_protobuf_dot_struct__pb2 - - -DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x0eworkload.proto\x1a\x1cgoogle/protobuf/struct.proto\"\x11\n\x0fX509SVIDRequest\"\xb6\x01\n\x10X509SVIDResponse\x12\x18\n\x05svids\x18\x01 \x03(\x0b\x32\t.X509SVID\x12\x0b\n\x03\x63rl\x18\x02 \x03(\x0c\x12\x42\n\x11\x66\x65\x64\x65rated_bundles\x18\x03 \x03(\x0b\x32\'.X509SVIDResponse.FederatedBundlesEntry\x1a\x37\n\x15\x46\x65\x64\x65ratedBundlesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"e\n\x08X509SVID\x12\x11\n\tspiffe_id\x18\x01 \x01(\t\x12\x11\n\tx509_svid\x18\x02 \x01(\x0c\x12\x15\n\rx509_svid_key\x18\x03 \x01(\x0c\x12\x0e\n\x06\x62undle\x18\x04 \x01(\x0c\x12\x0c\n\x04hint\x18\x05 \x01(\t\"\x14\n\x12X509BundlesRequest\"\x86\x01\n\x13X509BundlesResponse\x12\x0b\n\x03\x63rl\x18\x01 \x03(\x0c\x12\x32\n\x07\x62undles\x18\x02 \x03(\x0b\x32!.X509BundlesResponse.BundlesEntry\x1a.\n\x0c\x42undlesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"5\n\x0eJWTSVIDRequest\x12\x10\n\x08\x61udience\x18\x01 \x03(\t\x12\x11\n\tspiffe_id\x18\x02 \x01(\t\"*\n\x0fJWTSVIDResponse\x12\x17\n\x05svids\x18\x01 \x03(\x0b\x32\x08.JWTSVID\"8\n\x07JWTSVID\x12\x11\n\tspiffe_id\x18\x01 \x01(\t\x12\x0c\n\x04svid\x18\x02 \x01(\t\x12\x0c\n\x04hint\x18\x03 \x01(\t\"\x13\n\x11JWTBundlesRequest\"w\n\x12JWTBundlesResponse\x12\x31\n\x07\x62undles\x18\x01 \x03(\x0b\x32 .JWTBundlesResponse.BundlesEntry\x1a.\n\x0c\x42undlesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"8\n\x16ValidateJWTSVIDRequest\x12\x10\n\x08\x61udience\x18\x01 \x01(\t\x12\x0c\n\x04svid\x18\x02 \x01(\t\"U\n\x17ValidateJWTSVIDResponse\x12\x11\n\tspiffe_id\x18\x01 \x01(\t\x12\'\n\x06\x63laims\x18\x02 \x01(\x0b\x32\x17.google.protobuf.Struct2\xc3\x02\n\x11SpiffeWorkloadAPI\x12\x36\n\rFetchX509SVID\x12\x10.X509SVIDRequest\x1a\x11.X509SVIDResponse0\x01\x12?\n\x10\x46\x65tchX509Bundles\x12\x13.X509BundlesRequest\x1a\x14.X509BundlesResponse0\x01\x12\x31\n\x0c\x46\x65tchJWTSVID\x12\x0f.JWTSVIDRequest\x1a\x10.JWTSVIDResponse\x12<\n\x0f\x46\x65tchJWTBundles\x12\x12.JWTBundlesRequest\x1a\x13.JWTBundlesResponse0\x01\x12\x44\n\x0fValidateJWTSVID\x12\x17.ValidateJWTSVIDRequest\x1a\x18.ValidateJWTSVIDResponseb\x06proto3') - -_globals = globals() -_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) -_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'workload_pb2', _globals) -if _descriptor._USE_C_DESCRIPTORS == False: - DESCRIPTOR._options = None - _globals['_X509SVIDRESPONSE_FEDERATEDBUNDLESENTRY']._options = None - _globals['_X509SVIDRESPONSE_FEDERATEDBUNDLESENTRY']._serialized_options = b'8\001' - _globals['_X509BUNDLESRESPONSE_BUNDLESENTRY']._options = None - _globals['_X509BUNDLESRESPONSE_BUNDLESENTRY']._serialized_options = b'8\001' - _globals['_JWTBUNDLESRESPONSE_BUNDLESENTRY']._options = None - _globals['_JWTBUNDLESRESPONSE_BUNDLESENTRY']._serialized_options = b'8\001' - _globals['_X509SVIDREQUEST']._serialized_start=48 - _globals['_X509SVIDREQUEST']._serialized_end=65 - _globals['_X509SVIDRESPONSE']._serialized_start=68 - _globals['_X509SVIDRESPONSE']._serialized_end=250 - _globals['_X509SVIDRESPONSE_FEDERATEDBUNDLESENTRY']._serialized_start=195 - _globals['_X509SVIDRESPONSE_FEDERATEDBUNDLESENTRY']._serialized_end=250 - _globals['_X509SVID']._serialized_start=252 - _globals['_X509SVID']._serialized_end=353 - _globals['_X509BUNDLESREQUEST']._serialized_start=355 - _globals['_X509BUNDLESREQUEST']._serialized_end=375 - _globals['_X509BUNDLESRESPONSE']._serialized_start=378 - _globals['_X509BUNDLESRESPONSE']._serialized_end=512 - _globals['_X509BUNDLESRESPONSE_BUNDLESENTRY']._serialized_start=466 - _globals['_X509BUNDLESRESPONSE_BUNDLESENTRY']._serialized_end=512 - _globals['_JWTSVIDREQUEST']._serialized_start=514 - _globals['_JWTSVIDREQUEST']._serialized_end=567 - _globals['_JWTSVIDRESPONSE']._serialized_start=569 - _globals['_JWTSVIDRESPONSE']._serialized_end=611 - _globals['_JWTSVID']._serialized_start=613 - _globals['_JWTSVID']._serialized_end=669 - _globals['_JWTBUNDLESREQUEST']._serialized_start=671 - _globals['_JWTBUNDLESREQUEST']._serialized_end=690 - _globals['_JWTBUNDLESRESPONSE']._serialized_start=692 - _globals['_JWTBUNDLESRESPONSE']._serialized_end=811 - _globals['_JWTBUNDLESRESPONSE_BUNDLESENTRY']._serialized_start=466 - _globals['_JWTBUNDLESRESPONSE_BUNDLESENTRY']._serialized_end=512 - _globals['_VALIDATEJWTSVIDREQUEST']._serialized_start=813 - _globals['_VALIDATEJWTSVIDREQUEST']._serialized_end=869 - _globals['_VALIDATEJWTSVIDRESPONSE']._serialized_start=871 - _globals['_VALIDATEJWTSVIDRESPONSE']._serialized_end=956 - _globals['_SPIFFEWORKLOADAPI']._serialized_start=959 - _globals['_SPIFFEWORKLOADAPI']._serialized_end=1282 -# @@protoc_insertion_point(module_scope) diff --git a/pyspiffe/src/pyspiffe/proto/workload_pb2_grpc.py b/pyspiffe/src/pyspiffe/proto/workload_pb2_grpc.py deleted file mode 100644 index 4f57696c..00000000 --- a/pyspiffe/src/pyspiffe/proto/workload_pb2_grpc.py +++ /dev/null @@ -1,227 +0,0 @@ -# Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT! -"""Client and server classes corresponding to protobuf-defined services.""" -import grpc - -from . import workload_pb2 as workload__pb2 - - -class SpiffeWorkloadAPIStub(object): - """/////////////////////////////////////////////////////////////////////// - X509-SVID Profile - /////////////////////////////////////////////////////////////////////// - """ - - def __init__(self, channel): - """Constructor. - - Args: - channel: A grpc.Channel. - """ - self.FetchX509SVID = channel.unary_stream( - '/SpiffeWorkloadAPI/FetchX509SVID', - request_serializer=workload__pb2.X509SVIDRequest.SerializeToString, - response_deserializer=workload__pb2.X509SVIDResponse.FromString, - ) - self.FetchX509Bundles = channel.unary_stream( - '/SpiffeWorkloadAPI/FetchX509Bundles', - request_serializer=workload__pb2.X509BundlesRequest.SerializeToString, - response_deserializer=workload__pb2.X509BundlesResponse.FromString, - ) - self.FetchJWTSVID = channel.unary_unary( - '/SpiffeWorkloadAPI/FetchJWTSVID', - request_serializer=workload__pb2.JWTSVIDRequest.SerializeToString, - response_deserializer=workload__pb2.JWTSVIDResponse.FromString, - ) - self.FetchJWTBundles = channel.unary_stream( - '/SpiffeWorkloadAPI/FetchJWTBundles', - request_serializer=workload__pb2.JWTBundlesRequest.SerializeToString, - response_deserializer=workload__pb2.JWTBundlesResponse.FromString, - ) - self.ValidateJWTSVID = channel.unary_unary( - '/SpiffeWorkloadAPI/ValidateJWTSVID', - request_serializer=workload__pb2.ValidateJWTSVIDRequest.SerializeToString, - response_deserializer=workload__pb2.ValidateJWTSVIDResponse.FromString, - ) - - -class SpiffeWorkloadAPIServicer(object): - """/////////////////////////////////////////////////////////////////////// - X509-SVID Profile - /////////////////////////////////////////////////////////////////////// - """ - - def FetchX509SVID(self, request, context): - """Fetch X.509-SVIDs for all SPIFFE identities the workload is entitled to, - as well as related information like trust bundles and CRLs. As this - information changes, subsequent messages will be streamed from the - server. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details('Method not implemented!') - raise NotImplementedError('Method not implemented!') - - def FetchX509Bundles(self, request, context): - """Fetch trust bundles and CRLs. Useful for clients that only need to - validate SVIDs without obtaining an SVID for themself. As this - information changes, subsequent messages will be streamed from the - server. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details('Method not implemented!') - raise NotImplementedError('Method not implemented!') - - def FetchJWTSVID(self, request, context): - """/////////////////////////////////////////////////////////////////////// - JWT-SVID Profile - /////////////////////////////////////////////////////////////////////// - - Fetch JWT-SVIDs for all SPIFFE identities the workload is entitled to, - for the requested audience. If an optional SPIFFE ID is requested, only - the JWT-SVID for that SPIFFE ID is returned. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details('Method not implemented!') - raise NotImplementedError('Method not implemented!') - - def FetchJWTBundles(self, request, context): - """Fetches the JWT bundles, formatted as JWKS documents, keyed by the - SPIFFE ID of the trust domain. As this information changes, subsequent - messages will be streamed from the server. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details('Method not implemented!') - raise NotImplementedError('Method not implemented!') - - def ValidateJWTSVID(self, request, context): - """Validates a JWT-SVID against the requested audience. Returns the SPIFFE - ID of the JWT-SVID and JWT claims. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details('Method not implemented!') - raise NotImplementedError('Method not implemented!') - - -def add_SpiffeWorkloadAPIServicer_to_server(servicer, server): - rpc_method_handlers = { - 'FetchX509SVID': grpc.unary_stream_rpc_method_handler( - servicer.FetchX509SVID, - request_deserializer=workload__pb2.X509SVIDRequest.FromString, - response_serializer=workload__pb2.X509SVIDResponse.SerializeToString, - ), - 'FetchX509Bundles': grpc.unary_stream_rpc_method_handler( - servicer.FetchX509Bundles, - request_deserializer=workload__pb2.X509BundlesRequest.FromString, - response_serializer=workload__pb2.X509BundlesResponse.SerializeToString, - ), - 'FetchJWTSVID': grpc.unary_unary_rpc_method_handler( - servicer.FetchJWTSVID, - request_deserializer=workload__pb2.JWTSVIDRequest.FromString, - response_serializer=workload__pb2.JWTSVIDResponse.SerializeToString, - ), - 'FetchJWTBundles': grpc.unary_stream_rpc_method_handler( - servicer.FetchJWTBundles, - request_deserializer=workload__pb2.JWTBundlesRequest.FromString, - response_serializer=workload__pb2.JWTBundlesResponse.SerializeToString, - ), - 'ValidateJWTSVID': grpc.unary_unary_rpc_method_handler( - servicer.ValidateJWTSVID, - request_deserializer=workload__pb2.ValidateJWTSVIDRequest.FromString, - response_serializer=workload__pb2.ValidateJWTSVIDResponse.SerializeToString, - ), - } - generic_handler = grpc.method_handlers_generic_handler( - 'SpiffeWorkloadAPI', rpc_method_handlers) - server.add_generic_rpc_handlers((generic_handler,)) - - - # This class is part of an EXPERIMENTAL API. -class SpiffeWorkloadAPI(object): - """/////////////////////////////////////////////////////////////////////// - X509-SVID Profile - /////////////////////////////////////////////////////////////////////// - """ - - @staticmethod - def FetchX509SVID(request, - target, - options=(), - channel_credentials=None, - call_credentials=None, - insecure=False, - compression=None, - wait_for_ready=None, - timeout=None, - metadata=None): - return grpc.experimental.unary_stream(request, target, '/SpiffeWorkloadAPI/FetchX509SVID', - workload__pb2.X509SVIDRequest.SerializeToString, - workload__pb2.X509SVIDResponse.FromString, - options, channel_credentials, - insecure, call_credentials, compression, wait_for_ready, timeout, metadata) - - @staticmethod - def FetchX509Bundles(request, - target, - options=(), - channel_credentials=None, - call_credentials=None, - insecure=False, - compression=None, - wait_for_ready=None, - timeout=None, - metadata=None): - return grpc.experimental.unary_stream(request, target, '/SpiffeWorkloadAPI/FetchX509Bundles', - workload__pb2.X509BundlesRequest.SerializeToString, - workload__pb2.X509BundlesResponse.FromString, - options, channel_credentials, - insecure, call_credentials, compression, wait_for_ready, timeout, metadata) - - @staticmethod - def FetchJWTSVID(request, - target, - options=(), - channel_credentials=None, - call_credentials=None, - insecure=False, - compression=None, - wait_for_ready=None, - timeout=None, - metadata=None): - return grpc.experimental.unary_unary(request, target, '/SpiffeWorkloadAPI/FetchJWTSVID', - workload__pb2.JWTSVIDRequest.SerializeToString, - workload__pb2.JWTSVIDResponse.FromString, - options, channel_credentials, - insecure, call_credentials, compression, wait_for_ready, timeout, metadata) - - @staticmethod - def FetchJWTBundles(request, - target, - options=(), - channel_credentials=None, - call_credentials=None, - insecure=False, - compression=None, - wait_for_ready=None, - timeout=None, - metadata=None): - return grpc.experimental.unary_stream(request, target, '/SpiffeWorkloadAPI/FetchJWTBundles', - workload__pb2.JWTBundlesRequest.SerializeToString, - workload__pb2.JWTBundlesResponse.FromString, - options, channel_credentials, - insecure, call_credentials, compression, wait_for_ready, timeout, metadata) - - @staticmethod - def ValidateJWTSVID(request, - target, - options=(), - channel_credentials=None, - call_credentials=None, - insecure=False, - compression=None, - wait_for_ready=None, - timeout=None, - metadata=None): - return grpc.experimental.unary_unary(request, target, '/SpiffeWorkloadAPI/ValidateJWTSVID', - workload__pb2.ValidateJWTSVIDRequest.SerializeToString, - workload__pb2.ValidateJWTSVIDResponse.FromString, - options, channel_credentials, - insecure, call_credentials, compression, wait_for_ready, timeout, metadata) diff --git a/scripts/lock-dependencies.sh b/scripts/lock-dependencies.sh index 4ccfae20..b0e1960b 100755 --- a/scripts/lock-dependencies.sh +++ b/scripts/lock-dependencies.sh @@ -1,6 +1,6 @@ #!/bin/bash -modules=("pyspiffe" "pyspiffe-tls") +modules=("spiffe" "spiffe-tls") # Check if pyproject.toml is in the list of staged changes if git diff --cached --name-only | grep -q 'pyproject.toml'; then diff --git a/pyspiffe-tls/LICENSE b/spiffe-tls/LICENSE similarity index 100% rename from pyspiffe-tls/LICENSE rename to spiffe-tls/LICENSE diff --git a/pyspiffe-tls/Makefile b/spiffe-tls/Makefile similarity index 100% rename from pyspiffe-tls/Makefile rename to spiffe-tls/Makefile diff --git a/pyspiffe-tls/README.md b/spiffe-tls/README.md similarity index 63% rename from pyspiffe-tls/README.md rename to spiffe-tls/README.md index 1863c0b7..6fef774e 100644 --- a/pyspiffe-tls/README.md +++ b/spiffe-tls/README.md @@ -1,3 +1,3 @@ -# pyspiffe-tls +# spiffe-tls **Module in Development** \ No newline at end of file diff --git a/pyspiffe-tls/poetry.lock b/spiffe-tls/poetry.lock similarity index 99% rename from pyspiffe-tls/poetry.lock rename to spiffe-tls/poetry.lock index 6b259ff3..87a54ff5 100644 --- a/pyspiffe-tls/poetry.lock +++ b/spiffe-tls/poetry.lock @@ -823,30 +823,6 @@ cryptography = ">=41.0.5,<43" docs = ["sphinx (!=5.2.0,!=5.2.0.post0,!=7.2.5)", "sphinx-rtd-theme"] test = ["pretend", "pytest (>=3.0.1)", "pytest-rerunfailures"] -[[package]] -name = "pyspiffe" -version = "0.1.0" -description = "Python library for SPIFFE support" -optional = false -python-versions = "^3.9" -files = [] -develop = true - -[package.dependencies] -cryptography = "~42.0.5" -grpcio = "~1.62.1" -grpcio-tools = "~1.62.1" -pem = "~23.1.0" -pyasn1 = "~0.5.0" -pyasn1-modules = "~0.3.0" -pyjwt = {version = "~2.8.0", extras = ["crypto"]} -python-json-logger = "~2.0.6" -requests = "~2.31.0" - -[package.source] -type = "directory" -url = "../pyspiffe" - [[package]] name = "pytest" version = "8.1.1" @@ -994,6 +970,30 @@ docs = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "pygments testing = ["build[virtualenv]", "filelock (>=3.4.0)", "importlib-metadata", "ini2toml[lite] (>=0.9)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "mypy (==1.9)", "packaging (>=23.2)", "pip (>=19.1)", "pytest (>=6)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=2.2)", "pytest-home (>=0.5)", "pytest-mypy (>=0.9.1)", "pytest-perf", "pytest-ruff (>=0.2.1)", "pytest-timeout", "pytest-xdist (>=3)", "tomli", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel"] testing-integration = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "packaging (>=23.2)", "pytest", "pytest-enabler", "pytest-xdist", "tomli", "virtualenv (>=13.0.0)", "wheel"] +[[package]] +name = "spiffe" +version = "0.1.0" +description = "Python library for SPIFFE support" +optional = false +python-versions = "^3.9" +files = [] +develop = true + +[package.dependencies] +cryptography = "~42.0.5" +grpcio = "~1.62.1" +grpcio-tools = "~1.62.1" +pem = "~23.1.0" +pyasn1 = "~0.5.0" +pyasn1-modules = "~0.3.0" +pyjwt = {version = "~2.8.0", extras = ["crypto"]} +python-json-logger = "~2.0.6" +requests = "~2.31.0" + +[package.source] +type = "directory" +url = "../spiffe" + [[package]] name = "tomli" version = "2.0.1" @@ -1056,4 +1056,4 @@ test = ["covdefaults (>=2.3)", "coverage (>=7.2.7)", "coverage-enable-subprocess [metadata] lock-version = "2.0" python-versions = "^3.9" -content-hash = "fa42d447f5e64136c5fa22edef189e30e7d04562d7bde3b7e14ac7649902f4e5" +content-hash = "b84992a7fd8054d030806bf74bf16578f458daf092d86c05470d4a63864591cc" diff --git a/pyspiffe-tls/pyproject.toml b/spiffe-tls/pyproject.toml similarity index 86% rename from pyspiffe-tls/pyproject.toml rename to spiffe-tls/pyproject.toml index 4fdf90f0..4b25d162 100644 --- a/pyspiffe-tls/pyproject.toml +++ b/spiffe-tls/pyproject.toml @@ -1,5 +1,5 @@ [tool.poetry] -name = "pyspiffe-tls" +name = "spiffe-tls" version = "0.1.0" description = "TLS Support using SPIFFE" authors = ["Max Lambrecht "] @@ -7,12 +7,12 @@ readme = "README.md" license = "Apache-2.0" packages = [ - { include = "pyspiffetls", from = "src" }, + { include = "spiffetls", from = "src" }, ] [tool.poetry.dependencies] python = "^3.9" -pyspiffe = { path = "../pyspiffe", develop = true } +spiffe = { path = "../spiffe", develop = true } pyOpenSSL = "^24.0" [tool.poetry.dev-dependencies] diff --git a/pyspiffe-tls/src/pyspiffetls/__init__.py b/spiffe-tls/src/spiffetls/__init__.py similarity index 100% rename from pyspiffe-tls/src/pyspiffetls/__init__.py rename to spiffe-tls/src/spiffetls/__init__.py diff --git a/pyspiffe-tls/tests/conftest.py b/spiffe-tls/tests/conftest.py similarity index 100% rename from pyspiffe-tls/tests/conftest.py rename to spiffe-tls/tests/conftest.py diff --git a/pyspiffe-tls/tests/tls/test_one.py b/spiffe-tls/tests/tls/test_one.py similarity index 100% rename from pyspiffe-tls/tests/tls/test_one.py rename to spiffe-tls/tests/tls/test_one.py diff --git a/pyspiffe/LICENSE b/spiffe/LICENSE similarity index 100% rename from pyspiffe/LICENSE rename to spiffe/LICENSE diff --git a/pyspiffe/Makefile b/spiffe/Makefile similarity index 97% rename from pyspiffe/Makefile rename to spiffe/Makefile index 0771738c..bc7bf156 100644 --- a/pyspiffe/Makefile +++ b/spiffe/Makefile @@ -2,7 +2,7 @@ POETRY_CMD=poetry ROOT_DIR=$(shell pwd) -PROTO_DIR=$(ROOT_DIR)/src/pyspiffe/proto +PROTO_DIR=$(ROOT_DIR)/src/spiffe/proto .PHONY: all all: lint build test ## Runs lint, build, and test targets sequentially. diff --git a/pyspiffe/README.md b/spiffe/README.md similarity index 82% rename from pyspiffe/README.md rename to spiffe/README.md index 83a36154..3ec58a14 100644 --- a/pyspiffe/README.md +++ b/spiffe/README.md @@ -1,21 +1,21 @@ -# pyspiffe +# spiffe ## Overview -`pyspiffe` is a Python library designed for interacting with the SPIFFE Workload API. It offers robust mechanisms +`spiffe` is a Python library designed for interacting with the SPIFFE Workload API. It offers robust mechanisms for managing and validating SPIFFE IDs and SVIDs, both X.509 and JWT SPIFFE Verifiable Identity Documents (SVIDs), ensuring secure and scalable handling of identity documents within your applications. ## Usage -Below are concise examples demonstrating how to leverage the core functionalities provided by `pyspiffe`. +Below are concise examples demonstrating how to leverage the core functionalities provided by `spiffe`. ### WorkloadApiClient Facilitates fetching X.509 and JWT SVIDs from the SPIFFE Workload API. ```python -from pyspiffe import WorkloadApiClient +from spiffe import WorkloadApiClient # Interacting with the Workload API to fetch X.509 SVID with WorkloadApiClient() as client: @@ -35,8 +35,8 @@ with WorkloadApiClient() as client: Automatically fetches and updates X.509 SVIDs from the Workload API. ```python -from pyspiffe import X509Source -from pyspiffe import TrustDomain +from spiffe import X509Source +from spiffe import TrustDomain # Automatically manage and update X.509 SVIDs with X509Source() as source: @@ -51,9 +51,9 @@ with X509Source() as source: Fetches JWT SVIDs and Bundles. ```python -from pyspiffe import JwtSource -from pyspiffe import TrustDomain -from pyspiffe import JwtSvid +from spiffe import JwtSource +from spiffe import TrustDomain +from spiffe import JwtSvid # Fetch and validate JWT SVIDs for secure authentication with JwtSource() as source: diff --git a/pyspiffe/poetry.lock b/spiffe/poetry.lock similarity index 100% rename from pyspiffe/poetry.lock rename to spiffe/poetry.lock diff --git a/pyspiffe/pyproject.toml b/spiffe/pyproject.toml similarity index 96% rename from pyspiffe/pyproject.toml rename to spiffe/pyproject.toml index a37caba9..6a53281d 100644 --- a/pyspiffe/pyproject.toml +++ b/spiffe/pyproject.toml @@ -1,5 +1,5 @@ [tool.poetry] -name = "pyspiffe" +name = "spiffe" version = "0.1.0" description = "Python library for SPIFFE support" authors = ["Max Lambrecht "] @@ -38,7 +38,7 @@ skip-string-normalization = true target-version = ['py39'] exclude = ''' /( - src/pyspiffe/proto + src/spiffe/proto )/ ''' diff --git a/pyspiffe/src/pyspiffe/__init__.py b/spiffe/src/spiffe/__init__.py similarity index 100% rename from pyspiffe/src/pyspiffe/__init__.py rename to spiffe/src/spiffe/__init__.py diff --git a/pyspiffe/src/pyspiffe/bundle/__init__.py b/spiffe/src/spiffe/bundle/__init__.py similarity index 100% rename from pyspiffe/src/pyspiffe/bundle/__init__.py rename to spiffe/src/spiffe/bundle/__init__.py diff --git a/pyspiffe/src/pyspiffe/bundle/jwt_bundle/__init__.py b/spiffe/src/spiffe/bundle/jwt_bundle/__init__.py similarity index 100% rename from pyspiffe/src/pyspiffe/bundle/jwt_bundle/__init__.py rename to spiffe/src/spiffe/bundle/jwt_bundle/__init__.py diff --git a/pyspiffe/src/pyspiffe/bundle/jwt_bundle/exceptions.py b/spiffe/src/spiffe/bundle/jwt_bundle/exceptions.py similarity index 97% rename from pyspiffe/src/pyspiffe/bundle/jwt_bundle/exceptions.py rename to spiffe/src/spiffe/bundle/jwt_bundle/exceptions.py index 673213b9..6961f3d3 100644 --- a/pyspiffe/src/pyspiffe/bundle/jwt_bundle/exceptions.py +++ b/spiffe/src/spiffe/bundle/jwt_bundle/exceptions.py @@ -18,7 +18,7 @@ This module handles JWT bundle exceptions. """ -from pyspiffe.exceptions import PySpiffeError +from spiffe.exceptions import PySpiffeError class JwtBundleError(PySpiffeError): diff --git a/pyspiffe/src/pyspiffe/bundle/jwt_bundle/jwt_bundle.py b/spiffe/src/spiffe/bundle/jwt_bundle/jwt_bundle.py similarity index 96% rename from pyspiffe/src/pyspiffe/bundle/jwt_bundle/jwt_bundle.py rename to spiffe/src/spiffe/bundle/jwt_bundle/jwt_bundle.py index dce7163c..0248037f 100644 --- a/pyspiffe/src/pyspiffe/bundle/jwt_bundle/jwt_bundle.py +++ b/spiffe/src/spiffe/bundle/jwt_bundle/jwt_bundle.py @@ -25,9 +25,9 @@ from typing import Dict, Union, Optional from cryptography.hazmat.primitives.asymmetric import ec, rsa, dsa, ed25519, ed448 -from pyspiffe.spiffe_id.spiffe_id import TrustDomain -from pyspiffe.bundle.jwt_bundle.exceptions import JwtBundleError, ParseJWTBundleError -from pyspiffe.exceptions import ArgumentError +from spiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.bundle.jwt_bundle.exceptions import JwtBundleError, ParseJWTBundleError +from spiffe.exceptions import ArgumentError _PUBLIC_KEY_TYPES = Union[ dsa.DSAPublicKey, diff --git a/pyspiffe/src/pyspiffe/bundle/jwt_bundle/jwt_bundle_set.py b/spiffe/src/spiffe/bundle/jwt_bundle/jwt_bundle_set.py similarity index 96% rename from pyspiffe/src/pyspiffe/bundle/jwt_bundle/jwt_bundle_set.py rename to spiffe/src/spiffe/bundle/jwt_bundle/jwt_bundle_set.py index 290bc17b..49b262a3 100644 --- a/pyspiffe/src/pyspiffe/bundle/jwt_bundle/jwt_bundle_set.py +++ b/spiffe/src/spiffe/bundle/jwt_bundle/jwt_bundle_set.py @@ -20,8 +20,8 @@ import threading from typing import Dict, Optional, List, Set -from pyspiffe.bundle.jwt_bundle.jwt_bundle import JwtBundle -from pyspiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.bundle.jwt_bundle.jwt_bundle import JwtBundle +from spiffe.spiffe_id.spiffe_id import TrustDomain __all__ = ['JwtBundleSet'] diff --git a/pyspiffe/src/pyspiffe/bundle/x509_bundle/__init__.py b/spiffe/src/spiffe/bundle/x509_bundle/__init__.py similarity index 100% rename from pyspiffe/src/pyspiffe/bundle/x509_bundle/__init__.py rename to spiffe/src/spiffe/bundle/x509_bundle/__init__.py diff --git a/pyspiffe/src/pyspiffe/bundle/x509_bundle/exceptions.py b/spiffe/src/spiffe/bundle/x509_bundle/exceptions.py similarity index 98% rename from pyspiffe/src/pyspiffe/bundle/x509_bundle/exceptions.py rename to spiffe/src/spiffe/bundle/x509_bundle/exceptions.py index 8a937608..9414fcac 100644 --- a/pyspiffe/src/pyspiffe/bundle/x509_bundle/exceptions.py +++ b/spiffe/src/spiffe/bundle/x509_bundle/exceptions.py @@ -18,7 +18,7 @@ This module defines X.509 Bundle exceptions. """ -from pyspiffe.exceptions import PySpiffeError +from spiffe.exceptions import PySpiffeError class X509BundleError(PySpiffeError): diff --git a/pyspiffe/src/pyspiffe/bundle/x509_bundle/x509_bundle.py b/spiffe/src/spiffe/bundle/x509_bundle/x509_bundle.py similarity index 97% rename from pyspiffe/src/pyspiffe/bundle/x509_bundle/x509_bundle.py rename to spiffe/src/spiffe/bundle/x509_bundle/x509_bundle.py index 68cd5b5b..efab71fe 100644 --- a/pyspiffe/src/pyspiffe/bundle/x509_bundle/x509_bundle.py +++ b/spiffe/src/spiffe/bundle/x509_bundle/x509_bundle.py @@ -23,15 +23,15 @@ from cryptography.hazmat.primitives import serialization from cryptography.x509 import Certificate -from pyspiffe.exceptions import ArgumentError -from pyspiffe.bundle.x509_bundle.exceptions import ( +from spiffe.exceptions import ArgumentError +from spiffe.bundle.x509_bundle.exceptions import ( X509BundleError, SaveX509BundleError, ParseX509BundleError, LoadX509BundleError, ) -from pyspiffe.spiffe_id.spiffe_id import TrustDomain -from pyspiffe.utils.certificate_utils import ( +from spiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.utils.certificate_utils import ( parse_pem_certificates, parse_der_certificates, load_certificates_bytes_from_file, diff --git a/pyspiffe/src/pyspiffe/bundle/x509_bundle/x509_bundle_set.py b/spiffe/src/spiffe/bundle/x509_bundle/x509_bundle_set.py similarity index 96% rename from pyspiffe/src/pyspiffe/bundle/x509_bundle/x509_bundle_set.py rename to spiffe/src/spiffe/bundle/x509_bundle/x509_bundle_set.py index 838f9a72..cd73f0c8 100644 --- a/pyspiffe/src/pyspiffe/bundle/x509_bundle/x509_bundle_set.py +++ b/spiffe/src/spiffe/bundle/x509_bundle/x509_bundle_set.py @@ -21,8 +21,8 @@ import threading from typing import List, Optional, Dict, Set -from pyspiffe.bundle.x509_bundle.x509_bundle import X509Bundle -from pyspiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.bundle.x509_bundle.x509_bundle import X509Bundle +from spiffe.spiffe_id.spiffe_id import TrustDomain __all__ = ['X509BundleSet'] diff --git a/pyspiffe/src/pyspiffe/config.py b/spiffe/src/spiffe/config.py similarity index 99% rename from pyspiffe/src/pyspiffe/config.py rename to spiffe/src/spiffe/config.py index 374b6b8a..d9b73587 100644 --- a/pyspiffe/src/pyspiffe/config.py +++ b/spiffe/src/spiffe/config.py @@ -21,7 +21,7 @@ import ipaddress from urllib.parse import ParseResult, urlparse from typing import List, Optional, Tuple, Dict, cast -from pyspiffe.exceptions import ArgumentError +from spiffe.exceptions import ArgumentError _SPIFFE_ENDPOINT_SOCKET = 'SPIFFE_ENDPOINT_SOCKET' diff --git a/pyspiffe/src/pyspiffe/exceptions.py b/spiffe/src/spiffe/exceptions.py similarity index 100% rename from pyspiffe/src/pyspiffe/exceptions.py rename to spiffe/src/spiffe/exceptions.py diff --git a/pyspiffe/src/pyspiffe/proto/__init__.py b/spiffe/src/spiffe/proto/__init__.py similarity index 100% rename from pyspiffe/src/pyspiffe/proto/__init__.py rename to spiffe/src/spiffe/proto/__init__.py diff --git a/pyspiffe/src/pyspiffe/proto/workload.proto b/spiffe/src/spiffe/proto/workload.proto similarity index 100% rename from pyspiffe/src/pyspiffe/proto/workload.proto rename to spiffe/src/spiffe/proto/workload.proto diff --git a/spiffe/src/spiffe/proto/workload_pb2.py b/spiffe/src/spiffe/proto/workload_pb2.py new file mode 100644 index 00000000..0451d893 --- /dev/null +++ b/spiffe/src/spiffe/proto/workload_pb2.py @@ -0,0 +1,66 @@ +# -*- coding: utf-8 -*- +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: workload.proto +# Protobuf Python Version: 4.25.1 +"""Generated protocol buffer code.""" +from google.protobuf import descriptor as _descriptor +from google.protobuf import descriptor_pool as _descriptor_pool +from google.protobuf import symbol_database as _symbol_database +from google.protobuf.internal import builder as _builder + +# @@protoc_insertion_point(imports) + +_sym_db = _symbol_database.Default() + + +from google.protobuf import struct_pb2 as google_dot_protobuf_dot_struct__pb2 + + +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile( + b'\n\x0eworkload.proto\x1a\x1cgoogle/protobuf/struct.proto\"\x11\n\x0fX509SVIDRequest\"\xb6\x01\n\x10X509SVIDResponse\x12\x18\n\x05svids\x18\x01 \x03(\x0b\x32\t.X509SVID\x12\x0b\n\x03\x63rl\x18\x02 \x03(\x0c\x12\x42\n\x11\x66\x65\x64\x65rated_bundles\x18\x03 \x03(\x0b\x32\'.X509SVIDResponse.FederatedBundlesEntry\x1a\x37\n\x15\x46\x65\x64\x65ratedBundlesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"e\n\x08X509SVID\x12\x11\n\tspiffe_id\x18\x01 \x01(\t\x12\x11\n\tx509_svid\x18\x02 \x01(\x0c\x12\x15\n\rx509_svid_key\x18\x03 \x01(\x0c\x12\x0e\n\x06\x62undle\x18\x04 \x01(\x0c\x12\x0c\n\x04hint\x18\x05 \x01(\t\"\x14\n\x12X509BundlesRequest\"\x86\x01\n\x13X509BundlesResponse\x12\x0b\n\x03\x63rl\x18\x01 \x03(\x0c\x12\x32\n\x07\x62undles\x18\x02 \x03(\x0b\x32!.X509BundlesResponse.BundlesEntry\x1a.\n\x0c\x42undlesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"5\n\x0eJWTSVIDRequest\x12\x10\n\x08\x61udience\x18\x01 \x03(\t\x12\x11\n\tspiffe_id\x18\x02 \x01(\t\"*\n\x0fJWTSVIDResponse\x12\x17\n\x05svids\x18\x01 \x03(\x0b\x32\x08.JWTSVID\"8\n\x07JWTSVID\x12\x11\n\tspiffe_id\x18\x01 \x01(\t\x12\x0c\n\x04svid\x18\x02 \x01(\t\x12\x0c\n\x04hint\x18\x03 \x01(\t\"\x13\n\x11JWTBundlesRequest\"w\n\x12JWTBundlesResponse\x12\x31\n\x07\x62undles\x18\x01 \x03(\x0b\x32 .JWTBundlesResponse.BundlesEntry\x1a.\n\x0c\x42undlesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"8\n\x16ValidateJWTSVIDRequest\x12\x10\n\x08\x61udience\x18\x01 \x01(\t\x12\x0c\n\x04svid\x18\x02 \x01(\t\"U\n\x17ValidateJWTSVIDResponse\x12\x11\n\tspiffe_id\x18\x01 \x01(\t\x12\'\n\x06\x63laims\x18\x02 \x01(\x0b\x32\x17.google.protobuf.Struct2\xc3\x02\n\x11SpiffeWorkloadAPI\x12\x36\n\rFetchX509SVID\x12\x10.X509SVIDRequest\x1a\x11.X509SVIDResponse0\x01\x12?\n\x10\x46\x65tchX509Bundles\x12\x13.X509BundlesRequest\x1a\x14.X509BundlesResponse0\x01\x12\x31\n\x0c\x46\x65tchJWTSVID\x12\x0f.JWTSVIDRequest\x1a\x10.JWTSVIDResponse\x12<\n\x0f\x46\x65tchJWTBundles\x12\x12.JWTBundlesRequest\x1a\x13.JWTBundlesResponse0\x01\x12\x44\n\x0fValidateJWTSVID\x12\x17.ValidateJWTSVIDRequest\x1a\x18.ValidateJWTSVIDResponseb\x06proto3' +) + +_globals = globals() +_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals) +_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'workload_pb2', _globals) +if _descriptor._USE_C_DESCRIPTORS == False: + DESCRIPTOR._options = None + _globals['_X509SVIDRESPONSE_FEDERATEDBUNDLESENTRY']._options = None + _globals['_X509SVIDRESPONSE_FEDERATEDBUNDLESENTRY']._serialized_options = b'8\001' + _globals['_X509BUNDLESRESPONSE_BUNDLESENTRY']._options = None + _globals['_X509BUNDLESRESPONSE_BUNDLESENTRY']._serialized_options = b'8\001' + _globals['_JWTBUNDLESRESPONSE_BUNDLESENTRY']._options = None + _globals['_JWTBUNDLESRESPONSE_BUNDLESENTRY']._serialized_options = b'8\001' + _globals['_X509SVIDREQUEST']._serialized_start = 48 + _globals['_X509SVIDREQUEST']._serialized_end = 65 + _globals['_X509SVIDRESPONSE']._serialized_start = 68 + _globals['_X509SVIDRESPONSE']._serialized_end = 250 + _globals['_X509SVIDRESPONSE_FEDERATEDBUNDLESENTRY']._serialized_start = 195 + _globals['_X509SVIDRESPONSE_FEDERATEDBUNDLESENTRY']._serialized_end = 250 + _globals['_X509SVID']._serialized_start = 252 + _globals['_X509SVID']._serialized_end = 353 + _globals['_X509BUNDLESREQUEST']._serialized_start = 355 + _globals['_X509BUNDLESREQUEST']._serialized_end = 375 + _globals['_X509BUNDLESRESPONSE']._serialized_start = 378 + _globals['_X509BUNDLESRESPONSE']._serialized_end = 512 + _globals['_X509BUNDLESRESPONSE_BUNDLESENTRY']._serialized_start = 466 + _globals['_X509BUNDLESRESPONSE_BUNDLESENTRY']._serialized_end = 512 + _globals['_JWTSVIDREQUEST']._serialized_start = 514 + _globals['_JWTSVIDREQUEST']._serialized_end = 567 + _globals['_JWTSVIDRESPONSE']._serialized_start = 569 + _globals['_JWTSVIDRESPONSE']._serialized_end = 611 + _globals['_JWTSVID']._serialized_start = 613 + _globals['_JWTSVID']._serialized_end = 669 + _globals['_JWTBUNDLESREQUEST']._serialized_start = 671 + _globals['_JWTBUNDLESREQUEST']._serialized_end = 690 + _globals['_JWTBUNDLESRESPONSE']._serialized_start = 692 + _globals['_JWTBUNDLESRESPONSE']._serialized_end = 811 + _globals['_JWTBUNDLESRESPONSE_BUNDLESENTRY']._serialized_start = 466 + _globals['_JWTBUNDLESRESPONSE_BUNDLESENTRY']._serialized_end = 512 + _globals['_VALIDATEJWTSVIDREQUEST']._serialized_start = 813 + _globals['_VALIDATEJWTSVIDREQUEST']._serialized_end = 869 + _globals['_VALIDATEJWTSVIDRESPONSE']._serialized_start = 871 + _globals['_VALIDATEJWTSVIDRESPONSE']._serialized_end = 956 + _globals['_SPIFFEWORKLOADAPI']._serialized_start = 959 + _globals['_SPIFFEWORKLOADAPI']._serialized_end = 1282 +# @@protoc_insertion_point(module_scope) diff --git a/pyspiffe/src/pyspiffe/proto/workload_pb2.pyi b/spiffe/src/spiffe/proto/workload_pb2.pyi similarity index 75% rename from pyspiffe/src/pyspiffe/proto/workload_pb2.pyi rename to spiffe/src/spiffe/proto/workload_pb2.pyi index 2d63c378..20b32695 100644 --- a/pyspiffe/src/pyspiffe/proto/workload_pb2.pyi +++ b/spiffe/src/spiffe/proto/workload_pb2.pyi @@ -2,6 +2,7 @@ @generated by mypy-protobuf. Do not edit manually! isort:skip_file """ + import builtins import collections.abc import google.protobuf.descriptor @@ -54,33 +55,56 @@ class X509SVIDResponse(google.protobuf.message.Message): key: builtins.str = ..., value: builtins.bytes = ..., ) -> None: ... - def ClearField(self, field_name: typing_extensions.Literal["key", b"key", "value", b"value"]) -> None: ... + def ClearField( + self, + field_name: typing_extensions.Literal["key", b"key", "value", b"value"], + ) -> None: ... SVIDS_FIELD_NUMBER: builtins.int CRL_FIELD_NUMBER: builtins.int FEDERATED_BUNDLES_FIELD_NUMBER: builtins.int @property - def svids(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___X509SVID]: + def svids( + self, + ) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[ + global___X509SVID + ]: """Required. A list of X509SVID messages, each of which includes a single X.509-SVID, its private key, and the bundle for the trust domain. """ + @property - def crl(self) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[builtins.bytes]: + def crl( + self, + ) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[ + builtins.bytes + ]: """Optional. ASN.1 DER encoded certificate revocation lists.""" + @property - def federated_bundles(self) -> google.protobuf.internal.containers.ScalarMap[builtins.str, builtins.bytes]: + def federated_bundles( + self, + ) -> google.protobuf.internal.containers.ScalarMap[builtins.str, builtins.bytes]: """Optional. CA certificate bundles belonging to foreign trust domains that the workload should trust, keyed by the SPIFFE ID of the foreign trust domain. Bundles are ASN.1 DER encoded. """ + def __init__( self, *, svids: collections.abc.Iterable[global___X509SVID] | None = ..., crl: collections.abc.Iterable[builtins.bytes] | None = ..., - federated_bundles: collections.abc.Mapping[builtins.str, builtins.bytes] | None = ..., + federated_bundles: ( + collections.abc.Mapping[builtins.str, builtins.bytes] | None + ) = ..., + ) -> None: ... + def ClearField( + self, + field_name: typing_extensions.Literal[ + "crl", b"crl", "federated_bundles", b"federated_bundles", "svids", b"svids" + ], ) -> None: ... - def ClearField(self, field_name: typing_extensions.Literal["crl", b"crl", "federated_bundles", b"federated_bundles", "svids", b"svids"]) -> None: ... global___X509SVIDResponse = X509SVIDResponse @@ -114,7 +138,19 @@ class X509SVID(google.protobuf.message.Message): x509_svid_key: builtins.bytes = ..., bundle: builtins.bytes = ..., ) -> None: ... - def ClearField(self, field_name: typing_extensions.Literal["bundle", b"bundle", "spiffe_id", b"spiffe_id", "x509_svid", b"x509_svid", "x509_svid_key", b"x509_svid_key"]) -> None: ... + def ClearField( + self, + field_name: typing_extensions.Literal[ + "bundle", + b"bundle", + "spiffe_id", + b"spiffe_id", + "x509_svid", + b"x509_svid", + "x509_svid_key", + b"x509_svid_key", + ], + ) -> None: ... global___X509SVID = X509SVID @@ -154,26 +190,40 @@ class X509BundlesResponse(google.protobuf.message.Message): key: builtins.str = ..., value: builtins.bytes = ..., ) -> None: ... - def ClearField(self, field_name: typing_extensions.Literal["key", b"key", "value", b"value"]) -> None: ... + def ClearField( + self, + field_name: typing_extensions.Literal["key", b"key", "value", b"value"], + ) -> None: ... CRL_FIELD_NUMBER: builtins.int BUNDLES_FIELD_NUMBER: builtins.int @property - def crl(self) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[builtins.bytes]: + def crl( + self, + ) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[ + builtins.bytes + ]: """Optional. ASN.1 DER encoded certificate revocation lists.""" + @property - def bundles(self) -> google.protobuf.internal.containers.ScalarMap[builtins.str, builtins.bytes]: + def bundles( + self, + ) -> google.protobuf.internal.containers.ScalarMap[builtins.str, builtins.bytes]: """Required. CA certificate bundles belonging to trust domains that the workload should trust, keyed by the SPIFFE ID of the trust domain. Bundles are ASN.1 DER encoded. """ + def __init__( self, *, crl: collections.abc.Iterable[builtins.bytes] | None = ..., bundles: collections.abc.Mapping[builtins.str, builtins.bytes] | None = ..., ) -> None: ... - def ClearField(self, field_name: typing_extensions.Literal["bundles", b"bundles", "crl", b"crl"]) -> None: ... + def ClearField( + self, + field_name: typing_extensions.Literal["bundles", b"bundles", "crl", b"crl"], + ) -> None: ... global___X509BundlesResponse = X509BundlesResponse @@ -184,7 +234,9 @@ class JWTSVIDRequest(google.protobuf.message.Message): AUDIENCE_FIELD_NUMBER: builtins.int SPIFFE_ID_FIELD_NUMBER: builtins.int @property - def audience(self) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[builtins.str]: + def audience( + self, + ) -> google.protobuf.internal.containers.RepeatedScalarFieldContainer[builtins.str]: """Required. The audience(s) the workload intends to authenticate against.""" spiffe_id: builtins.str """Optional. The requested SPIFFE ID for the JWT-SVID. If unset, all @@ -196,7 +248,12 @@ class JWTSVIDRequest(google.protobuf.message.Message): audience: collections.abc.Iterable[builtins.str] | None = ..., spiffe_id: builtins.str = ..., ) -> None: ... - def ClearField(self, field_name: typing_extensions.Literal["audience", b"audience", "spiffe_id", b"spiffe_id"]) -> None: ... + def ClearField( + self, + field_name: typing_extensions.Literal[ + "audience", b"audience", "spiffe_id", b"spiffe_id" + ], + ) -> None: ... global___JWTSVIDRequest = JWTSVIDRequest @@ -208,14 +265,21 @@ class JWTSVIDResponse(google.protobuf.message.Message): SVIDS_FIELD_NUMBER: builtins.int @property - def svids(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___JWTSVID]: + def svids( + self, + ) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[ + global___JWTSVID + ]: """Required. The list of returned JWT-SVIDs.""" + def __init__( self, *, svids: collections.abc.Iterable[global___JWTSVID] | None = ..., ) -> None: ... - def ClearField(self, field_name: typing_extensions.Literal["svids", b"svids"]) -> None: ... + def ClearField( + self, field_name: typing_extensions.Literal["svids", b"svids"] + ) -> None: ... global___JWTSVIDResponse = JWTSVIDResponse @@ -237,7 +301,12 @@ class JWTSVID(google.protobuf.message.Message): spiffe_id: builtins.str = ..., svid: builtins.str = ..., ) -> None: ... - def ClearField(self, field_name: typing_extensions.Literal["spiffe_id", b"spiffe_id", "svid", b"svid"]) -> None: ... + def ClearField( + self, + field_name: typing_extensions.Literal[ + "spiffe_id", b"spiffe_id", "svid", b"svid" + ], + ) -> None: ... global___JWTSVID = JWTSVID @@ -275,20 +344,28 @@ class JWTBundlesResponse(google.protobuf.message.Message): key: builtins.str = ..., value: builtins.bytes = ..., ) -> None: ... - def ClearField(self, field_name: typing_extensions.Literal["key", b"key", "value", b"value"]) -> None: ... + def ClearField( + self, + field_name: typing_extensions.Literal["key", b"key", "value", b"value"], + ) -> None: ... BUNDLES_FIELD_NUMBER: builtins.int @property - def bundles(self) -> google.protobuf.internal.containers.ScalarMap[builtins.str, builtins.bytes]: + def bundles( + self, + ) -> google.protobuf.internal.containers.ScalarMap[builtins.str, builtins.bytes]: """Required. JWK encoded JWT bundles, keyed by the SPIFFE ID of the trust domain. """ + def __init__( self, *, bundles: collections.abc.Mapping[builtins.str, builtins.bytes] | None = ..., ) -> None: ... - def ClearField(self, field_name: typing_extensions.Literal["bundles", b"bundles"]) -> None: ... + def ClearField( + self, field_name: typing_extensions.Literal["bundles", b"bundles"] + ) -> None: ... global___JWTBundlesResponse = JWTBundlesResponse @@ -317,7 +394,10 @@ class ValidateJWTSVIDRequest(google.protobuf.message.Message): audience: builtins.str = ..., svid: builtins.str = ..., ) -> None: ... - def ClearField(self, field_name: typing_extensions.Literal["audience", b"audience", "svid", b"svid"]) -> None: ... + def ClearField( + self, + field_name: typing_extensions.Literal["audience", b"audience", "svid", b"svid"], + ) -> None: ... global___ValidateJWTSVIDRequest = ValidateJWTSVIDRequest @@ -336,13 +416,21 @@ class ValidateJWTSVIDResponse(google.protobuf.message.Message): """Optional. Arbitrary claims contained within the payload of the validated JWT-SVID. """ + def __init__( self, *, spiffe_id: builtins.str = ..., claims: google.protobuf.struct_pb2.Struct | None = ..., ) -> None: ... - def HasField(self, field_name: typing_extensions.Literal["claims", b"claims"]) -> builtins.bool: ... - def ClearField(self, field_name: typing_extensions.Literal["claims", b"claims", "spiffe_id", b"spiffe_id"]) -> None: ... + def HasField( + self, field_name: typing_extensions.Literal["claims", b"claims"] + ) -> builtins.bool: ... + def ClearField( + self, + field_name: typing_extensions.Literal[ + "claims", b"claims", "spiffe_id", b"spiffe_id" + ], + ) -> None: ... global___ValidateJWTSVIDResponse = ValidateJWTSVIDResponse diff --git a/spiffe/src/spiffe/proto/workload_pb2_grpc.py b/spiffe/src/spiffe/proto/workload_pb2_grpc.py new file mode 100644 index 00000000..79ee1853 --- /dev/null +++ b/spiffe/src/spiffe/proto/workload_pb2_grpc.py @@ -0,0 +1,288 @@ +# Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT! +"""Client and server classes corresponding to protobuf-defined services.""" +import grpc + +from . import workload_pb2 as workload__pb2 + + +class SpiffeWorkloadAPIStub(object): + """/////////////////////////////////////////////////////////////////////// + X509-SVID Profile + /////////////////////////////////////////////////////////////////////// + """ + + def __init__(self, channel): + """Constructor. + + Args: + channel: A grpc.Channel. + """ + self.FetchX509SVID = channel.unary_stream( + '/SpiffeWorkloadAPI/FetchX509SVID', + request_serializer=workload__pb2.X509SVIDRequest.SerializeToString, + response_deserializer=workload__pb2.X509SVIDResponse.FromString, + ) + self.FetchX509Bundles = channel.unary_stream( + '/SpiffeWorkloadAPI/FetchX509Bundles', + request_serializer=workload__pb2.X509BundlesRequest.SerializeToString, + response_deserializer=workload__pb2.X509BundlesResponse.FromString, + ) + self.FetchJWTSVID = channel.unary_unary( + '/SpiffeWorkloadAPI/FetchJWTSVID', + request_serializer=workload__pb2.JWTSVIDRequest.SerializeToString, + response_deserializer=workload__pb2.JWTSVIDResponse.FromString, + ) + self.FetchJWTBundles = channel.unary_stream( + '/SpiffeWorkloadAPI/FetchJWTBundles', + request_serializer=workload__pb2.JWTBundlesRequest.SerializeToString, + response_deserializer=workload__pb2.JWTBundlesResponse.FromString, + ) + self.ValidateJWTSVID = channel.unary_unary( + '/SpiffeWorkloadAPI/ValidateJWTSVID', + request_serializer=workload__pb2.ValidateJWTSVIDRequest.SerializeToString, + response_deserializer=workload__pb2.ValidateJWTSVIDResponse.FromString, + ) + + +class SpiffeWorkloadAPIServicer(object): + """/////////////////////////////////////////////////////////////////////// + X509-SVID Profile + /////////////////////////////////////////////////////////////////////// + """ + + def FetchX509SVID(self, request, context): + """Fetch X.509-SVIDs for all SPIFFE identities the workload is entitled to, + as well as related information like trust bundles and CRLs. As this + information changes, subsequent messages will be streamed from the + server. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def FetchX509Bundles(self, request, context): + """Fetch trust bundles and CRLs. Useful for clients that only need to + validate SVIDs without obtaining an SVID for themself. As this + information changes, subsequent messages will be streamed from the + server. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def FetchJWTSVID(self, request, context): + """/////////////////////////////////////////////////////////////////////// + JWT-SVID Profile + /////////////////////////////////////////////////////////////////////// + + Fetch JWT-SVIDs for all SPIFFE identities the workload is entitled to, + for the requested audience. If an optional SPIFFE ID is requested, only + the JWT-SVID for that SPIFFE ID is returned. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def FetchJWTBundles(self, request, context): + """Fetches the JWT bundles, formatted as JWKS documents, keyed by the + SPIFFE ID of the trust domain. As this information changes, subsequent + messages will be streamed from the server. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def ValidateJWTSVID(self, request, context): + """Validates a JWT-SVID against the requested audience. Returns the SPIFFE + ID of the JWT-SVID and JWT claims. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + +def add_SpiffeWorkloadAPIServicer_to_server(servicer, server): + rpc_method_handlers = { + 'FetchX509SVID': grpc.unary_stream_rpc_method_handler( + servicer.FetchX509SVID, + request_deserializer=workload__pb2.X509SVIDRequest.FromString, + response_serializer=workload__pb2.X509SVIDResponse.SerializeToString, + ), + 'FetchX509Bundles': grpc.unary_stream_rpc_method_handler( + servicer.FetchX509Bundles, + request_deserializer=workload__pb2.X509BundlesRequest.FromString, + response_serializer=workload__pb2.X509BundlesResponse.SerializeToString, + ), + 'FetchJWTSVID': grpc.unary_unary_rpc_method_handler( + servicer.FetchJWTSVID, + request_deserializer=workload__pb2.JWTSVIDRequest.FromString, + response_serializer=workload__pb2.JWTSVIDResponse.SerializeToString, + ), + 'FetchJWTBundles': grpc.unary_stream_rpc_method_handler( + servicer.FetchJWTBundles, + request_deserializer=workload__pb2.JWTBundlesRequest.FromString, + response_serializer=workload__pb2.JWTBundlesResponse.SerializeToString, + ), + 'ValidateJWTSVID': grpc.unary_unary_rpc_method_handler( + servicer.ValidateJWTSVID, + request_deserializer=workload__pb2.ValidateJWTSVIDRequest.FromString, + response_serializer=workload__pb2.ValidateJWTSVIDResponse.SerializeToString, + ), + } + generic_handler = grpc.method_handlers_generic_handler( + 'SpiffeWorkloadAPI', rpc_method_handlers + ) + server.add_generic_rpc_handlers((generic_handler,)) + + +# This class is part of an EXPERIMENTAL API. +class SpiffeWorkloadAPI(object): + """/////////////////////////////////////////////////////////////////////// + X509-SVID Profile + /////////////////////////////////////////////////////////////////////// + """ + + @staticmethod + def FetchX509SVID( + request, + target, + options=(), + channel_credentials=None, + call_credentials=None, + insecure=False, + compression=None, + wait_for_ready=None, + timeout=None, + metadata=None, + ): + return grpc.experimental.unary_stream( + request, + target, + '/SpiffeWorkloadAPI/FetchX509SVID', + workload__pb2.X509SVIDRequest.SerializeToString, + workload__pb2.X509SVIDResponse.FromString, + options, + channel_credentials, + insecure, + call_credentials, + compression, + wait_for_ready, + timeout, + metadata, + ) + + @staticmethod + def FetchX509Bundles( + request, + target, + options=(), + channel_credentials=None, + call_credentials=None, + insecure=False, + compression=None, + wait_for_ready=None, + timeout=None, + metadata=None, + ): + return grpc.experimental.unary_stream( + request, + target, + '/SpiffeWorkloadAPI/FetchX509Bundles', + workload__pb2.X509BundlesRequest.SerializeToString, + workload__pb2.X509BundlesResponse.FromString, + options, + channel_credentials, + insecure, + call_credentials, + compression, + wait_for_ready, + timeout, + metadata, + ) + + @staticmethod + def FetchJWTSVID( + request, + target, + options=(), + channel_credentials=None, + call_credentials=None, + insecure=False, + compression=None, + wait_for_ready=None, + timeout=None, + metadata=None, + ): + return grpc.experimental.unary_unary( + request, + target, + '/SpiffeWorkloadAPI/FetchJWTSVID', + workload__pb2.JWTSVIDRequest.SerializeToString, + workload__pb2.JWTSVIDResponse.FromString, + options, + channel_credentials, + insecure, + call_credentials, + compression, + wait_for_ready, + timeout, + metadata, + ) + + @staticmethod + def FetchJWTBundles( + request, + target, + options=(), + channel_credentials=None, + call_credentials=None, + insecure=False, + compression=None, + wait_for_ready=None, + timeout=None, + metadata=None, + ): + return grpc.experimental.unary_stream( + request, + target, + '/SpiffeWorkloadAPI/FetchJWTBundles', + workload__pb2.JWTBundlesRequest.SerializeToString, + workload__pb2.JWTBundlesResponse.FromString, + options, + channel_credentials, + insecure, + call_credentials, + compression, + wait_for_ready, + timeout, + metadata, + ) + + @staticmethod + def ValidateJWTSVID( + request, + target, + options=(), + channel_credentials=None, + call_credentials=None, + insecure=False, + compression=None, + wait_for_ready=None, + timeout=None, + metadata=None, + ): + return grpc.experimental.unary_unary( + request, + target, + '/SpiffeWorkloadAPI/ValidateJWTSVID', + workload__pb2.ValidateJWTSVIDRequest.SerializeToString, + workload__pb2.ValidateJWTSVIDResponse.FromString, + options, + channel_credentials, + insecure, + call_credentials, + compression, + wait_for_ready, + timeout, + metadata, + ) diff --git a/pyspiffe/src/pyspiffe/spiffe_id/__init__.py b/spiffe/src/spiffe/spiffe_id/__init__.py similarity index 100% rename from pyspiffe/src/pyspiffe/spiffe_id/__init__.py rename to spiffe/src/spiffe/spiffe_id/__init__.py diff --git a/pyspiffe/src/pyspiffe/spiffe_id/spiffe_id.py b/spiffe/src/spiffe/spiffe_id/spiffe_id.py similarity index 100% rename from pyspiffe/src/pyspiffe/spiffe_id/spiffe_id.py rename to spiffe/src/spiffe/spiffe_id/spiffe_id.py diff --git a/pyspiffe/src/pyspiffe/svid/__init__.py b/spiffe/src/spiffe/svid/__init__.py similarity index 100% rename from pyspiffe/src/pyspiffe/svid/__init__.py rename to spiffe/src/spiffe/svid/__init__.py diff --git a/pyspiffe/src/pyspiffe/svid/exceptions.py b/spiffe/src/spiffe/svid/exceptions.py similarity index 99% rename from pyspiffe/src/pyspiffe/svid/exceptions.py rename to spiffe/src/spiffe/svid/exceptions.py index 49476fc4..294fac9e 100644 --- a/pyspiffe/src/pyspiffe/svid/exceptions.py +++ b/spiffe/src/spiffe/svid/exceptions.py @@ -18,7 +18,7 @@ This module defines SVID exceptions. """ -from pyspiffe.exceptions import PySpiffeError +from spiffe.exceptions import PySpiffeError INVALID_VALUE_ERROR = '{} is not supported.' """str: not supported error message.""" diff --git a/pyspiffe/src/pyspiffe/svid/jwt_svid.py b/spiffe/src/spiffe/svid/jwt_svid.py similarity index 94% rename from pyspiffe/src/pyspiffe/svid/jwt_svid.py rename to spiffe/src/spiffe/svid/jwt_svid.py index 0d791256..2ed84b77 100644 --- a/pyspiffe/src/pyspiffe/svid/jwt_svid.py +++ b/spiffe/src/spiffe/svid/jwt_svid.py @@ -21,14 +21,14 @@ import jwt from jwt import PyJWTError from typing import Dict, Set -from pyspiffe.svid import INVALID_INPUT_ERROR -from pyspiffe.exceptions import ArgumentError +from spiffe.svid import INVALID_INPUT_ERROR +from spiffe.exceptions import ArgumentError from cryptography.hazmat.primitives import serialization -from pyspiffe.spiffe_id.spiffe_id import SpiffeId, SpiffeIdError -from pyspiffe.bundle.jwt_bundle.jwt_bundle import JwtBundle -from pyspiffe.bundle.jwt_bundle.exceptions import AuthorityNotFoundError -from pyspiffe.svid.jwt_svid_validator import JwtSvidValidator -from pyspiffe.svid.exceptions import InvalidTokenError +from spiffe.spiffe_id.spiffe_id import SpiffeId, SpiffeIdError +from spiffe.bundle.jwt_bundle.jwt_bundle import JwtBundle +from spiffe.bundle.jwt_bundle.exceptions import AuthorityNotFoundError +from spiffe.svid.jwt_svid_validator import JwtSvidValidator +from spiffe.svid.exceptions import InvalidTokenError class JwtSvid(object): diff --git a/pyspiffe/src/pyspiffe/svid/jwt_svid_validator.py b/spiffe/src/spiffe/svid/jwt_svid_validator.py similarity index 97% rename from pyspiffe/src/pyspiffe/svid/jwt_svid_validator.py rename to spiffe/src/spiffe/svid/jwt_svid_validator.py index 7e60cc9b..726ac071 100644 --- a/pyspiffe/src/pyspiffe/svid/jwt_svid_validator.py +++ b/spiffe/src/spiffe/svid/jwt_svid_validator.py @@ -21,9 +21,9 @@ import datetime from typing import Dict, Any, Set -from pyspiffe.svid import INVALID_INPUT_ERROR -from pyspiffe.exceptions import ArgumentError -from pyspiffe.svid.exceptions import ( +from spiffe.svid import INVALID_INPUT_ERROR +from spiffe.exceptions import ArgumentError +from spiffe.svid.exceptions import ( TokenExpiredError, InvalidClaimError, InvalidAlgorithmError, diff --git a/pyspiffe/src/pyspiffe/svid/x509_svid.py b/spiffe/src/spiffe/svid/x509_svid.py similarity index 98% rename from pyspiffe/src/pyspiffe/svid/x509_svid.py rename to spiffe/src/spiffe/svid/x509_svid.py index ff758d3c..17bb9308 100644 --- a/pyspiffe/src/pyspiffe/svid/x509_svid.py +++ b/spiffe/src/spiffe/svid/x509_svid.py @@ -23,13 +23,13 @@ from cryptography import x509 from cryptography.hazmat.primitives import serialization from cryptography.x509 import Certificate -from pyspiffe.exceptions import ArgumentError -from pyspiffe.spiffe_id.spiffe_id import SpiffeId -from pyspiffe.svid.exceptions import ( +from spiffe.exceptions import ArgumentError +from spiffe.spiffe_id.spiffe_id import SpiffeId +from spiffe.svid.exceptions import ( InvalidLeafCertificateError, InvalidIntermediateCertificateError, ) -from pyspiffe.utils.certificate_utils import ( +from spiffe.utils.certificate_utils import ( parse_der_certificates, parse_pem_certificates, load_certificates_bytes_from_file, diff --git a/pyspiffe/src/pyspiffe/utils/__init__.py b/spiffe/src/spiffe/utils/__init__.py similarity index 100% rename from pyspiffe/src/pyspiffe/utils/__init__.py rename to spiffe/src/spiffe/utils/__init__.py diff --git a/pyspiffe/src/pyspiffe/utils/certificate_utils.py b/spiffe/src/spiffe/utils/certificate_utils.py similarity index 99% rename from pyspiffe/src/pyspiffe/utils/certificate_utils.py rename to spiffe/src/spiffe/utils/certificate_utils.py index df91ab05..527c23e5 100644 --- a/pyspiffe/src/pyspiffe/utils/certificate_utils.py +++ b/spiffe/src/spiffe/utils/certificate_utils.py @@ -39,7 +39,7 @@ from pyasn1.codec.der.decoder import decode from pyasn1.codec.der.encoder import encode from pyasn1_modules.rfc5280 import Certificate as Pyasn1Certificate -from pyspiffe.utils.exceptions import ( +from spiffe.utils.exceptions import ( X509CertificateError, ParseCertificateError, LoadCertificateError, diff --git a/pyspiffe/src/pyspiffe/utils/exceptions.py b/spiffe/src/spiffe/utils/exceptions.py similarity index 98% rename from pyspiffe/src/pyspiffe/utils/exceptions.py rename to spiffe/src/spiffe/utils/exceptions.py index e42af5c5..cddf9ecf 100644 --- a/pyspiffe/src/pyspiffe/utils/exceptions.py +++ b/spiffe/src/spiffe/utils/exceptions.py @@ -14,7 +14,7 @@ under the License. """ -from pyspiffe.exceptions import PySpiffeError +from spiffe.exceptions import PySpiffeError class X509CertificateError(PySpiffeError): diff --git a/pyspiffe/src/pyspiffe/workloadapi/__init__.py b/spiffe/src/spiffe/workloadapi/__init__.py similarity index 100% rename from pyspiffe/src/pyspiffe/workloadapi/__init__.py rename to spiffe/src/spiffe/workloadapi/__init__.py diff --git a/pyspiffe/src/pyspiffe/workloadapi/cancel_handler.py b/spiffe/src/spiffe/workloadapi/cancel_handler.py similarity index 100% rename from pyspiffe/src/pyspiffe/workloadapi/cancel_handler.py rename to spiffe/src/spiffe/workloadapi/cancel_handler.py diff --git a/pyspiffe/src/pyspiffe/workloadapi/exceptions.py b/spiffe/src/spiffe/workloadapi/exceptions.py similarity index 98% rename from pyspiffe/src/pyspiffe/workloadapi/exceptions.py rename to spiffe/src/spiffe/workloadapi/exceptions.py index a8526567..360dd386 100644 --- a/pyspiffe/src/pyspiffe/workloadapi/exceptions.py +++ b/spiffe/src/spiffe/workloadapi/exceptions.py @@ -18,7 +18,7 @@ This module defines Workload API exceptions. """ -from pyspiffe.exceptions import PySpiffeError +from spiffe.exceptions import PySpiffeError class WorkloadApiError(PySpiffeError): diff --git a/pyspiffe/src/pyspiffe/workloadapi/grpc/__init__.py b/spiffe/src/spiffe/workloadapi/grpc/__init__.py similarity index 100% rename from pyspiffe/src/pyspiffe/workloadapi/grpc/__init__.py rename to spiffe/src/spiffe/workloadapi/grpc/__init__.py diff --git a/pyspiffe/src/pyspiffe/workloadapi/grpc/generic_client_interceptor.py b/spiffe/src/spiffe/workloadapi/grpc/generic_client_interceptor.py similarity index 100% rename from pyspiffe/src/pyspiffe/workloadapi/grpc/generic_client_interceptor.py rename to spiffe/src/spiffe/workloadapi/grpc/generic_client_interceptor.py diff --git a/pyspiffe/src/pyspiffe/workloadapi/grpc/header_manipulator_client_interceptor.py b/spiffe/src/spiffe/workloadapi/grpc/header_manipulator_client_interceptor.py similarity index 96% rename from pyspiffe/src/pyspiffe/workloadapi/grpc/header_manipulator_client_interceptor.py rename to spiffe/src/spiffe/workloadapi/grpc/header_manipulator_client_interceptor.py index 5b7124b4..b421ccd8 100644 --- a/pyspiffe/src/pyspiffe/workloadapi/grpc/header_manipulator_client_interceptor.py +++ b/spiffe/src/spiffe/workloadapi/grpc/header_manipulator_client_interceptor.py @@ -20,7 +20,7 @@ import grpc -from pyspiffe.workloadapi.grpc import generic_client_interceptor +from spiffe.workloadapi.grpc import generic_client_interceptor class _ClientCallDetails( diff --git a/pyspiffe/src/pyspiffe/workloadapi/handle_error.py b/spiffe/src/spiffe/workloadapi/handle_error.py similarity index 92% rename from pyspiffe/src/pyspiffe/workloadapi/handle_error.py rename to spiffe/src/spiffe/workloadapi/handle_error.py index 7fcbd23e..1412f322 100644 --- a/pyspiffe/src/pyspiffe/workloadapi/handle_error.py +++ b/spiffe/src/spiffe/workloadapi/handle_error.py @@ -18,8 +18,8 @@ import grpc import functools -from pyspiffe.exceptions import PySpiffeError, ArgumentError -from pyspiffe.workloadapi.exceptions import WorkloadApiError +from spiffe.exceptions import PySpiffeError, ArgumentError +from spiffe.workloadapi.exceptions import WorkloadApiError DEFAULT_WL_API_ERROR_MESSAGE = 'Could not process response from the Workload API' diff --git a/pyspiffe/src/pyspiffe/workloadapi/jwt_source.py b/spiffe/src/spiffe/workloadapi/jwt_source.py similarity index 94% rename from pyspiffe/src/pyspiffe/workloadapi/jwt_source.py rename to spiffe/src/spiffe/workloadapi/jwt_source.py index bb8c41cd..46ad7911 100644 --- a/pyspiffe/src/pyspiffe/workloadapi/jwt_source.py +++ b/spiffe/src/spiffe/workloadapi/jwt_source.py @@ -18,14 +18,14 @@ import threading from typing import Optional, Set, Callable, List -from pyspiffe.spiffe_id.spiffe_id import SpiffeId -from pyspiffe.bundle.jwt_bundle.jwt_bundle import JwtBundle -from pyspiffe.bundle.jwt_bundle.jwt_bundle_set import JwtBundleSet -from pyspiffe.spiffe_id.spiffe_id import TrustDomain -from pyspiffe.svid.jwt_svid import JwtSvid -from pyspiffe.workloadapi.workload_api_client import WorkloadApiClient -from pyspiffe.workloadapi.exceptions import JwtSourceError -from pyspiffe.exceptions import ArgumentError +from spiffe.spiffe_id.spiffe_id import SpiffeId +from spiffe.bundle.jwt_bundle.jwt_bundle import JwtBundle +from spiffe.bundle.jwt_bundle.jwt_bundle_set import JwtBundleSet +from spiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.svid.jwt_svid import JwtSvid +from spiffe.workloadapi.workload_api_client import WorkloadApiClient +from spiffe.workloadapi.exceptions import JwtSourceError +from spiffe.exceptions import ArgumentError """ This module defines the default source implementation for JWT Bundles and SVIDs. diff --git a/pyspiffe/src/pyspiffe/workloadapi/workload_api_client.py b/spiffe/src/spiffe/workloadapi/workload_api_client.py similarity index 96% rename from pyspiffe/src/pyspiffe/workloadapi/workload_api_client.py rename to spiffe/src/spiffe/workloadapi/workload_api_client.py index 327bb558..b2275b69 100644 --- a/pyspiffe/src/pyspiffe/workloadapi/workload_api_client.py +++ b/spiffe/src/spiffe/workloadapi/workload_api_client.py @@ -22,31 +22,31 @@ from typing import Optional, List, Mapping, Iterator, Callable, Dict, Set import grpc -from pyspiffe.workloadapi.cancel_handler import CancelHandler -from pyspiffe.workloadapi.x509_context import X509Context -from pyspiffe.bundle.x509_bundle.x509_bundle import X509Bundle -from pyspiffe.bundle.x509_bundle.x509_bundle_set import X509BundleSet -from pyspiffe.bundle.jwt_bundle.jwt_bundle_set import JwtBundleSet -from pyspiffe.bundle.jwt_bundle.jwt_bundle import JwtBundle -from pyspiffe.config import ConfigSetter -from pyspiffe.exceptions import ArgumentError -from pyspiffe.proto import ( +from spiffe.workloadapi.cancel_handler import CancelHandler +from spiffe.workloadapi.x509_context import X509Context +from spiffe.bundle.x509_bundle.x509_bundle import X509Bundle +from spiffe.bundle.x509_bundle.x509_bundle_set import X509BundleSet +from spiffe.bundle.jwt_bundle.jwt_bundle_set import JwtBundleSet +from spiffe.bundle.jwt_bundle.jwt_bundle import JwtBundle +from spiffe.config import ConfigSetter +from spiffe.exceptions import ArgumentError +from spiffe.proto import ( workload_pb2, ) -from pyspiffe.proto import workload_pb2_grpc -from pyspiffe.spiffe_id.spiffe_id import TrustDomain -from pyspiffe.workloadapi.handle_error import handle_error -from pyspiffe.workloadapi.exceptions import ( +from spiffe.proto import workload_pb2_grpc +from spiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.workloadapi.handle_error import handle_error +from spiffe.workloadapi.exceptions import ( FetchX509SvidError, FetchX509BundleError, FetchJwtSvidError, FetchJwtBundleError, ValidateJwtSvidError, ) -from pyspiffe.workloadapi.grpc import header_manipulator_client_interceptor -from pyspiffe.svid.x509_svid import X509Svid -from pyspiffe.svid.jwt_svid import JwtSvid -from pyspiffe.spiffe_id.spiffe_id import SpiffeId +from spiffe.workloadapi.grpc import header_manipulator_client_interceptor +from spiffe.svid.x509_svid import X509Svid +from spiffe.svid.jwt_svid import JwtSvid +from spiffe.spiffe_id.spiffe_id import SpiffeId """ This module provides a Workload API client. diff --git a/pyspiffe/src/pyspiffe/workloadapi/x509_context.py b/spiffe/src/spiffe/workloadapi/x509_context.py similarity index 93% rename from pyspiffe/src/pyspiffe/workloadapi/x509_context.py rename to spiffe/src/spiffe/workloadapi/x509_context.py index e76142de..74350d24 100644 --- a/pyspiffe/src/pyspiffe/workloadapi/x509_context.py +++ b/spiffe/src/spiffe/workloadapi/x509_context.py @@ -20,9 +20,9 @@ from typing import List -from pyspiffe.bundle.x509_bundle.x509_bundle_set import X509BundleSet -from pyspiffe.exceptions import ArgumentError -from pyspiffe.svid.x509_svid import X509Svid +from spiffe.bundle.x509_bundle.x509_bundle_set import X509BundleSet +from spiffe.exceptions import ArgumentError +from spiffe.svid.x509_svid import X509Svid class X509Context(object): diff --git a/pyspiffe/src/pyspiffe/workloadapi/x509_source.py b/spiffe/src/spiffe/workloadapi/x509_source.py similarity index 95% rename from pyspiffe/src/pyspiffe/workloadapi/x509_source.py rename to spiffe/src/spiffe/workloadapi/x509_source.py index 660cd537..c2d43c05 100644 --- a/pyspiffe/src/pyspiffe/workloadapi/x509_source.py +++ b/spiffe/src/spiffe/workloadapi/x509_source.py @@ -18,12 +18,12 @@ import threading from typing import Optional, Callable, List, Set -from pyspiffe.bundle.x509_bundle.x509_bundle import X509Bundle -from pyspiffe.spiffe_id.spiffe_id import TrustDomain -from pyspiffe.svid.x509_svid import X509Svid -from pyspiffe.workloadapi.exceptions import X509SourceError -from pyspiffe.workloadapi.workload_api_client import WorkloadApiClient -from pyspiffe.workloadapi.x509_context import X509Context +from spiffe.bundle.x509_bundle.x509_bundle import X509Bundle +from spiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.svid.x509_svid import X509Svid +from spiffe.workloadapi.exceptions import X509SourceError +from spiffe.workloadapi.workload_api_client import WorkloadApiClient +from spiffe.workloadapi.x509_context import X509Context _logger = logging.getLogger(__name__) diff --git a/pyspiffe/tests/bundle/jwt_bundle/test_jwt_bundle.py b/spiffe/tests/bundle/jwt_bundle/test_jwt_bundle.py similarity index 93% rename from pyspiffe/tests/bundle/jwt_bundle/test_jwt_bundle.py rename to spiffe/tests/bundle/jwt_bundle/test_jwt_bundle.py index bb6a19db..bdf99f42 100644 --- a/pyspiffe/tests/bundle/jwt_bundle/test_jwt_bundle.py +++ b/spiffe/tests/bundle/jwt_bundle/test_jwt_bundle.py @@ -18,10 +18,10 @@ from cryptography.hazmat.primitives.asymmetric import rsa, ec from cryptography.hazmat.backends import default_backend from jwt.exceptions import InvalidKeyError -from pyspiffe.bundle.jwt_bundle.jwt_bundle import JwtBundle -from pyspiffe.bundle.jwt_bundle.exceptions import JwtBundleError, ParseJWTBundleError -from pyspiffe.exceptions import ArgumentError -from pyspiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.bundle.jwt_bundle.jwt_bundle import JwtBundle +from spiffe.bundle.jwt_bundle.exceptions import JwtBundleError, ParseJWTBundleError +from spiffe.exceptions import ArgumentError +from spiffe.spiffe_id.spiffe_id import TrustDomain from utils.jwt import ( JWKS_1_EC_KEY, JWKS_2_EC_1_RSA_KEYS, @@ -151,7 +151,7 @@ def test_parse_invalid_bytes(test_bytes): def test_parse_bundle_bytes_invalid_key(mocker): mocker.patch( - 'pyspiffe.bundle.jwt_bundle.jwt_bundle.PyJWKSet.from_json', + 'spiffe.bundle.jwt_bundle.jwt_bundle.PyJWKSet.from_json', side_effect=InvalidKeyError('Invalid Key'), autospec=True, ) diff --git a/pyspiffe/tests/bundle/jwt_bundle/test_jwt_bundle_set.py b/spiffe/tests/bundle/jwt_bundle/test_jwt_bundle_set.py similarity index 95% rename from pyspiffe/tests/bundle/jwt_bundle/test_jwt_bundle_set.py rename to spiffe/tests/bundle/jwt_bundle/test_jwt_bundle_set.py index b397a3c2..f42efec7 100644 --- a/pyspiffe/tests/bundle/jwt_bundle/test_jwt_bundle_set.py +++ b/spiffe/tests/bundle/jwt_bundle/test_jwt_bundle_set.py @@ -17,9 +17,9 @@ from cryptography.hazmat.primitives.asymmetric import rsa, ec from cryptography.hazmat.backends import default_backend -from pyspiffe.bundle.jwt_bundle.jwt_bundle import JwtBundle -from pyspiffe.bundle.jwt_bundle.jwt_bundle_set import JwtBundleSet -from pyspiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.bundle.jwt_bundle.jwt_bundle import JwtBundle +from spiffe.bundle.jwt_bundle.jwt_bundle_set import JwtBundleSet +from spiffe.spiffe_id.spiffe_id import TrustDomain trust_domain_1 = TrustDomain('domain.test') trust_domain_2 = TrustDomain('example.org') diff --git a/pyspiffe/tests/bundle/x509bundle/test_x509_bundle.py b/spiffe/tests/bundle/x509bundle/test_x509_bundle.py similarity index 97% rename from pyspiffe/tests/bundle/x509bundle/test_x509_bundle.py rename to spiffe/tests/bundle/x509bundle/test_x509_bundle.py index 6f0776f0..255b3c26 100644 --- a/pyspiffe/tests/bundle/x509bundle/test_x509_bundle.py +++ b/spiffe/tests/bundle/x509bundle/test_x509_bundle.py @@ -21,15 +21,15 @@ from cryptography.hazmat.primitives import serialization from cryptography.x509 import Certificate -from pyspiffe.bundle.x509_bundle.exceptions import ( +from spiffe.bundle.x509_bundle.exceptions import ( X509BundleError, ParseX509BundleError, LoadX509BundleError, SaveX509BundleError, ) -from pyspiffe.bundle.x509_bundle.x509_bundle import X509Bundle -from pyspiffe.spiffe_id.spiffe_id import TrustDomain -from pyspiffe.exceptions import ArgumentError +from spiffe.bundle.x509_bundle.x509_bundle import X509Bundle +from spiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.exceptions import ArgumentError from utils.certs import TEST_BUNDLE_CERTS_DIR trust_domain = TrustDomain('domain.test') @@ -258,7 +258,7 @@ def test_save_error_writing_bundle_to_file(mocker): x509_bundle = X509Bundle.parse(trust_domain, bundle_bytes) mocker.patch( - 'pyspiffe.bundle.x509_bundle.x509_bundle.write_certificates_to_file', + 'spiffe.bundle.x509_bundle.x509_bundle.write_certificates_to_file', side_effect=Exception('Error msg'), autospec=True, ) diff --git a/pyspiffe/tests/bundle/x509bundle/test_x509_bundle_set.py b/spiffe/tests/bundle/x509bundle/test_x509_bundle_set.py similarity index 94% rename from pyspiffe/tests/bundle/x509bundle/test_x509_bundle_set.py rename to spiffe/tests/bundle/x509bundle/test_x509_bundle_set.py index 91307cb7..e6edc572 100644 --- a/pyspiffe/tests/bundle/x509bundle/test_x509_bundle_set.py +++ b/spiffe/tests/bundle/x509bundle/test_x509_bundle_set.py @@ -14,9 +14,9 @@ under the License. """ -from pyspiffe.bundle.x509_bundle.x509_bundle import X509Bundle -from pyspiffe.bundle.x509_bundle.x509_bundle_set import X509BundleSet -from pyspiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.bundle.x509_bundle.x509_bundle import X509Bundle +from spiffe.bundle.x509_bundle.x509_bundle_set import X509BundleSet +from spiffe.spiffe_id.spiffe_id import TrustDomain from utils.certs import TEST_BUNDLE_CERTS_DIR trust_domain_1 = TrustDomain('domain.test') diff --git a/pyspiffe/tests/conftest.py b/spiffe/tests/conftest.py similarity index 100% rename from pyspiffe/tests/conftest.py rename to spiffe/tests/conftest.py diff --git a/pyspiffe/tests/spiffe_id/test_spiffe_id.py b/spiffe/tests/spiffe_id/test_spiffe_id.py similarity index 97% rename from pyspiffe/tests/spiffe_id/test_spiffe_id.py rename to spiffe/tests/spiffe_id/test_spiffe_id.py index 2ff723b0..00dd0e8d 100644 --- a/pyspiffe/tests/spiffe_id/test_spiffe_id.py +++ b/spiffe/tests/spiffe_id/test_spiffe_id.py @@ -16,7 +16,7 @@ import pytest -from pyspiffe.spiffe_id.spiffe_id import SpiffeId, SpiffeIdError +from spiffe.spiffe_id.spiffe_id import SpiffeId, SpiffeIdError @pytest.mark.parametrize( diff --git a/pyspiffe/tests/spiffe_id/test_trust_domain.py b/spiffe/tests/spiffe_id/test_trust_domain.py similarity index 97% rename from pyspiffe/tests/spiffe_id/test_trust_domain.py rename to spiffe/tests/spiffe_id/test_trust_domain.py index def4c711..16769a55 100644 --- a/pyspiffe/tests/spiffe_id/test_trust_domain.py +++ b/spiffe/tests/spiffe_id/test_trust_domain.py @@ -16,7 +16,7 @@ import pytest -from pyspiffe.spiffe_id.spiffe_id import TrustDomain, TrustDomainError +from spiffe.spiffe_id.spiffe_id import TrustDomain, TrustDomainError @pytest.mark.parametrize( diff --git a/pyspiffe/tests/svid/jwtsvid/test_jwt_svid.py b/spiffe/tests/svid/jwtsvid/test_jwt_svid.py similarity index 97% rename from pyspiffe/tests/svid/jwtsvid/test_jwt_svid.py rename to spiffe/tests/svid/jwtsvid/test_jwt_svid.py index 8e7fbc9e..0c57f2c3 100644 --- a/pyspiffe/tests/svid/jwtsvid/test_jwt_svid.py +++ b/spiffe/tests/svid/jwtsvid/test_jwt_svid.py @@ -23,17 +23,17 @@ from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa, ec from cryptography.hazmat.backends import default_backend -from pyspiffe.svid import INVALID_INPUT_ERROR -from pyspiffe.svid.jwt_svid import JwtSvid -from pyspiffe.bundle.jwt_bundle.jwt_bundle import JwtBundle -from pyspiffe.exceptions import ArgumentError -from pyspiffe.svid.exceptions import ( +from spiffe.svid import INVALID_INPUT_ERROR +from spiffe.svid.jwt_svid import JwtSvid +from spiffe.bundle.jwt_bundle.jwt_bundle import JwtBundle +from spiffe.exceptions import ArgumentError +from spiffe.svid.exceptions import ( TokenExpiredError, JwtSvidError, InvalidTokenError, MissingClaimError, ) -from pyspiffe.bundle.jwt_bundle.exceptions import AuthorityNotFoundError +from spiffe.bundle.jwt_bundle.exceptions import AuthorityNotFoundError from utils.jwt import ( extract_key_pair_pems, generate_test_jwt_token, diff --git a/pyspiffe/tests/svid/jwtsvid/test_jwt_svid_validator.py b/spiffe/tests/svid/jwtsvid/test_jwt_svid_validator.py similarity index 98% rename from pyspiffe/tests/svid/jwtsvid/test_jwt_svid_validator.py rename to spiffe/tests/svid/jwtsvid/test_jwt_svid_validator.py index bf6a9b91..c2f3bf63 100644 --- a/pyspiffe/tests/svid/jwtsvid/test_jwt_svid_validator.py +++ b/spiffe/tests/svid/jwtsvid/test_jwt_svid_validator.py @@ -18,13 +18,13 @@ import datetime from calendar import timegm -from pyspiffe.svid.jwt_svid_validator import ( +from spiffe.svid.jwt_svid_validator import ( JwtSvidValidator, INVALID_INPUT_ERROR, AUDIENCE_NOT_MATCH_ERROR, ) -from pyspiffe.exceptions import ArgumentError -from pyspiffe.svid.exceptions import ( +from spiffe.exceptions import ArgumentError +from spiffe.svid.exceptions import ( TokenExpiredError, InvalidClaimError, InvalidAlgorithmError, diff --git a/pyspiffe/tests/svid/x509svid/test_x509_svid.py b/spiffe/tests/svid/x509svid/test_x509_svid.py similarity index 98% rename from pyspiffe/tests/svid/x509svid/test_x509_svid.py rename to spiffe/tests/svid/x509svid/test_x509_svid.py index d4ec550f..fa8e456e 100644 --- a/pyspiffe/tests/svid/x509svid/test_x509_svid.py +++ b/spiffe/tests/svid/x509svid/test_x509_svid.py @@ -20,13 +20,13 @@ from cryptography.hazmat.primitives import serialization from cryptography.x509 import Certificate -from pyspiffe.spiffe_id.spiffe_id import SpiffeId -from pyspiffe.exceptions import ArgumentError -from pyspiffe.svid.exceptions import ( +from spiffe.spiffe_id.spiffe_id import SpiffeId +from spiffe.exceptions import ArgumentError +from spiffe.svid.exceptions import ( InvalidLeafCertificateError, InvalidIntermediateCertificateError, ) -from pyspiffe.utils.exceptions import ( +from spiffe.utils.exceptions import ( LoadCertificateError, LoadPrivateKeyError, StoreCertificateError, @@ -34,7 +34,7 @@ ParseCertificateError, ParsePrivateKeyError, ) -from pyspiffe.svid.x509_svid import X509Svid, _extract_spiffe_id +from spiffe.svid.x509_svid import X509Svid, _extract_spiffe_id from cryptography.hazmat.primitives.asymmetric import ec, rsa from utils.certs import TEST_CERTS_DIR @@ -377,7 +377,7 @@ def test_load_non_existent_key_bytes(): def test_load_cannot_read_key_bytes(mocker): mocker.patch( - 'pyspiffe.svid.x509_svid.load_certificates_bytes_from_file', + 'spiffe.svid.x509_svid.load_certificates_bytes_from_file', return_value=b'bytes', autospec=True, ) diff --git a/pyspiffe/tests/utils/__init__.py b/spiffe/tests/utils/__init__.py similarity index 100% rename from pyspiffe/tests/utils/__init__.py rename to spiffe/tests/utils/__init__.py diff --git a/pyspiffe/tests/utils/certs.py b/spiffe/tests/utils/certs.py similarity index 100% rename from pyspiffe/tests/utils/certs.py rename to spiffe/tests/utils/certs.py diff --git a/pyspiffe/tests/utils/jwks/jwks_1_ec_key.json b/spiffe/tests/utils/jwks/jwks_1_ec_key.json similarity index 100% rename from pyspiffe/tests/utils/jwks/jwks_1_ec_key.json rename to spiffe/tests/utils/jwks/jwks_1_ec_key.json diff --git a/pyspiffe/tests/utils/jwks/jwks_3_keys.json b/spiffe/tests/utils/jwks/jwks_3_keys.json similarity index 100% rename from pyspiffe/tests/utils/jwks/jwks_3_keys.json rename to spiffe/tests/utils/jwks/jwks_3_keys.json diff --git a/pyspiffe/tests/utils/jwks/jwks_ec_missing_x.json b/spiffe/tests/utils/jwks/jwks_ec_missing_x.json similarity index 100% rename from pyspiffe/tests/utils/jwks/jwks_ec_missing_x.json rename to spiffe/tests/utils/jwks/jwks_ec_missing_x.json diff --git a/pyspiffe/tests/utils/jwks/jwks_missing_kid.json b/spiffe/tests/utils/jwks/jwks_missing_kid.json similarity index 100% rename from pyspiffe/tests/utils/jwks/jwks_missing_kid.json rename to spiffe/tests/utils/jwks/jwks_missing_kid.json diff --git a/pyspiffe/tests/utils/jwt.py b/spiffe/tests/utils/jwt.py similarity index 97% rename from pyspiffe/tests/utils/jwt.py rename to spiffe/tests/utils/jwt.py index 1ed0fd6e..6f4d5e68 100644 --- a/pyspiffe/tests/utils/jwt.py +++ b/spiffe/tests/utils/jwt.py @@ -28,8 +28,8 @@ import datetime from calendar import timegm from typing import Set -from pyspiffe.utils.certificate_utils import PRIVATE_KEY_TYPES -from pyspiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.utils.certificate_utils import PRIVATE_KEY_TYPES +from spiffe.spiffe_id.spiffe_id import TrustDomain from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa diff --git a/pyspiffe/tests/utils/utils.py b/spiffe/tests/utils/utils.py similarity index 100% rename from pyspiffe/tests/utils/utils.py rename to spiffe/tests/utils/utils.py diff --git a/pyspiffe/tests/utils/x509-bundle-certs/cert.der b/spiffe/tests/utils/x509-bundle-certs/cert.der similarity index 100% rename from pyspiffe/tests/utils/x509-bundle-certs/cert.der rename to spiffe/tests/utils/x509-bundle-certs/cert.der diff --git a/pyspiffe/tests/utils/x509-bundle-certs/cert.pem b/spiffe/tests/utils/x509-bundle-certs/cert.pem similarity index 100% rename from pyspiffe/tests/utils/x509-bundle-certs/cert.pem rename to spiffe/tests/utils/x509-bundle-certs/cert.pem diff --git a/pyspiffe/tests/utils/x509-bundle-certs/certs.der b/spiffe/tests/utils/x509-bundle-certs/certs.der similarity index 100% rename from pyspiffe/tests/utils/x509-bundle-certs/certs.der rename to spiffe/tests/utils/x509-bundle-certs/certs.der diff --git a/pyspiffe/tests/utils/x509-bundle-certs/certs.pem b/spiffe/tests/utils/x509-bundle-certs/certs.pem similarity index 100% rename from pyspiffe/tests/utils/x509-bundle-certs/certs.pem rename to spiffe/tests/utils/x509-bundle-certs/certs.pem diff --git a/pyspiffe/tests/utils/x509-bundle-certs/corrupted b/spiffe/tests/utils/x509-bundle-certs/corrupted similarity index 100% rename from pyspiffe/tests/utils/x509-bundle-certs/corrupted rename to spiffe/tests/utils/x509-bundle-certs/corrupted diff --git a/pyspiffe/tests/utils/x509-bundle-certs/empty.pem b/spiffe/tests/utils/x509-bundle-certs/empty.pem similarity index 100% rename from pyspiffe/tests/utils/x509-bundle-certs/empty.pem rename to spiffe/tests/utils/x509-bundle-certs/empty.pem diff --git a/pyspiffe/tests/utils/x509-bundle-certs/federated_bundle.der b/spiffe/tests/utils/x509-bundle-certs/federated_bundle.der similarity index 100% rename from pyspiffe/tests/utils/x509-bundle-certs/federated_bundle.der rename to spiffe/tests/utils/x509-bundle-certs/federated_bundle.der diff --git a/pyspiffe/tests/utils/x509-bundle-certs/key.pem b/spiffe/tests/utils/x509-bundle-certs/key.pem similarity index 100% rename from pyspiffe/tests/utils/x509-bundle-certs/key.pem rename to spiffe/tests/utils/x509-bundle-certs/key.pem diff --git a/pyspiffe/tests/utils/x509-bundle-certs/not-pem b/spiffe/tests/utils/x509-bundle-certs/not-pem similarity index 100% rename from pyspiffe/tests/utils/x509-bundle-certs/not-pem rename to spiffe/tests/utils/x509-bundle-certs/not-pem diff --git a/pyspiffe/tests/utils/x509-certs/1-chain.der b/spiffe/tests/utils/x509-certs/1-chain.der similarity index 100% rename from pyspiffe/tests/utils/x509-certs/1-chain.der rename to spiffe/tests/utils/x509-certs/1-chain.der diff --git a/pyspiffe/tests/utils/x509-certs/1-key.der b/spiffe/tests/utils/x509-certs/1-key.der similarity index 100% rename from pyspiffe/tests/utils/x509-certs/1-key.der rename to spiffe/tests/utils/x509-certs/1-key.der diff --git a/pyspiffe/tests/utils/x509-certs/2-chain.pem b/spiffe/tests/utils/x509-certs/2-chain.pem similarity index 100% rename from pyspiffe/tests/utils/x509-certs/2-chain.pem rename to spiffe/tests/utils/x509-certs/2-chain.pem diff --git a/pyspiffe/tests/utils/x509-certs/2-key.pem b/spiffe/tests/utils/x509-certs/2-key.pem similarity index 100% rename from pyspiffe/tests/utils/x509-certs/2-key.pem rename to spiffe/tests/utils/x509-certs/2-key.pem diff --git a/pyspiffe/tests/utils/x509-certs/3-good-leaf-only.pem b/spiffe/tests/utils/x509-certs/3-good-leaf-only.pem similarity index 100% rename from pyspiffe/tests/utils/x509-certs/3-good-leaf-only.pem rename to spiffe/tests/utils/x509-certs/3-good-leaf-only.pem diff --git a/pyspiffe/tests/utils/x509-certs/3-key-pkcs8-rsa.pem b/spiffe/tests/utils/x509-certs/3-key-pkcs8-rsa.pem similarity index 100% rename from pyspiffe/tests/utils/x509-certs/3-key-pkcs8-rsa.pem rename to spiffe/tests/utils/x509-certs/3-key-pkcs8-rsa.pem diff --git a/pyspiffe/tests/utils/x509-certs/4-cert.der b/spiffe/tests/utils/x509-certs/4-cert.der similarity index 100% rename from pyspiffe/tests/utils/x509-certs/4-cert.der rename to spiffe/tests/utils/x509-certs/4-cert.der diff --git a/pyspiffe/tests/utils/x509-certs/4-key.der b/spiffe/tests/utils/x509-certs/4-key.der similarity index 100% rename from pyspiffe/tests/utils/x509-certs/4-key.der rename to spiffe/tests/utils/x509-certs/4-key.der diff --git a/pyspiffe/tests/utils/x509-certs/corrupted b/spiffe/tests/utils/x509-certs/corrupted similarity index 100% rename from pyspiffe/tests/utils/x509-certs/corrupted rename to spiffe/tests/utils/x509-certs/corrupted diff --git a/pyspiffe/tests/utils/x509-certs/wrong-empty-spiffe-id.pem b/spiffe/tests/utils/x509-certs/wrong-empty-spiffe-id.pem similarity index 100% rename from pyspiffe/tests/utils/x509-certs/wrong-empty-spiffe-id.pem rename to spiffe/tests/utils/x509-certs/wrong-empty-spiffe-id.pem diff --git a/pyspiffe/tests/utils/x509-certs/wrong-intermediate-no-ca.pem b/spiffe/tests/utils/x509-certs/wrong-intermediate-no-ca.pem similarity index 100% rename from pyspiffe/tests/utils/x509-certs/wrong-intermediate-no-ca.pem rename to spiffe/tests/utils/x509-certs/wrong-intermediate-no-ca.pem diff --git a/pyspiffe/tests/utils/x509-certs/wrong-intermediate-no-key-cert-sign.pem b/spiffe/tests/utils/x509-certs/wrong-intermediate-no-key-cert-sign.pem similarity index 100% rename from pyspiffe/tests/utils/x509-certs/wrong-intermediate-no-key-cert-sign.pem rename to spiffe/tests/utils/x509-certs/wrong-intermediate-no-key-cert-sign.pem diff --git a/pyspiffe/tests/utils/x509-certs/wrong-leaf-ca-true.pem b/spiffe/tests/utils/x509-certs/wrong-leaf-ca-true.pem similarity index 100% rename from pyspiffe/tests/utils/x509-certs/wrong-leaf-ca-true.pem rename to spiffe/tests/utils/x509-certs/wrong-leaf-ca-true.pem diff --git a/pyspiffe/tests/utils/x509-certs/wrong-leaf-cert-sign.pem b/spiffe/tests/utils/x509-certs/wrong-leaf-cert-sign.pem similarity index 100% rename from pyspiffe/tests/utils/x509-certs/wrong-leaf-cert-sign.pem rename to spiffe/tests/utils/x509-certs/wrong-leaf-cert-sign.pem diff --git a/pyspiffe/tests/utils/x509-certs/wrong-leaf-crl-sign.pem b/spiffe/tests/utils/x509-certs/wrong-leaf-crl-sign.pem similarity index 100% rename from pyspiffe/tests/utils/x509-certs/wrong-leaf-crl-sign.pem rename to spiffe/tests/utils/x509-certs/wrong-leaf-crl-sign.pem diff --git a/pyspiffe/tests/utils/x509-certs/wrong-leaf-no-digital-signature.pem b/spiffe/tests/utils/x509-certs/wrong-leaf-no-digital-signature.pem similarity index 100% rename from pyspiffe/tests/utils/x509-certs/wrong-leaf-no-digital-signature.pem rename to spiffe/tests/utils/x509-certs/wrong-leaf-no-digital-signature.pem diff --git a/pyspiffe/tests/workloadapi/test_cancel_handler.py b/spiffe/tests/workloadapi/test_cancel_handler.py similarity index 95% rename from pyspiffe/tests/workloadapi/test_cancel_handler.py rename to spiffe/tests/workloadapi/test_cancel_handler.py index f7e7c108..7335f1ac 100644 --- a/pyspiffe/tests/workloadapi/test_cancel_handler.py +++ b/spiffe/tests/workloadapi/test_cancel_handler.py @@ -14,7 +14,7 @@ under the License. """ -from pyspiffe.workloadapi.cancel_handler import CancelHandler +from spiffe.workloadapi.cancel_handler import CancelHandler class Observer: diff --git a/pyspiffe/tests/workloadapi/test_config.py b/spiffe/tests/workloadapi/test_config.py similarity index 97% rename from pyspiffe/tests/workloadapi/test_config.py rename to spiffe/tests/workloadapi/test_config.py index e1d0c44d..b1062abb 100644 --- a/pyspiffe/tests/workloadapi/test_config.py +++ b/spiffe/tests/workloadapi/test_config.py @@ -16,8 +16,8 @@ import os import pytest -from pyspiffe.config import ConfigSetter, _SPIFFE_ENDPOINT_SOCKET -from pyspiffe.exceptions import ArgumentError +from spiffe.config import ConfigSetter, _SPIFFE_ENDPOINT_SOCKET +from spiffe.exceptions import ArgumentError @pytest.fixture(autouse=True) diff --git a/pyspiffe/tests/workloadapi/test_handle_error.py b/spiffe/tests/workloadapi/test_handle_error.py similarity index 93% rename from pyspiffe/tests/workloadapi/test_handle_error.py rename to spiffe/tests/workloadapi/test_handle_error.py index 2d23292f..6734a174 100644 --- a/pyspiffe/tests/workloadapi/test_handle_error.py +++ b/spiffe/tests/workloadapi/test_handle_error.py @@ -16,9 +16,9 @@ import pytest import grpc -from pyspiffe.workloadapi.handle_error import handle_error -from pyspiffe.exceptions import PySpiffeError, ArgumentError -from pyspiffe.workloadapi.exceptions import WorkloadApiError +from spiffe.workloadapi.handle_error import handle_error +from spiffe.exceptions import PySpiffeError, ArgumentError +from spiffe.workloadapi.exceptions import WorkloadApiError from utils.utils import FakeCall diff --git a/pyspiffe/tests/workloadapi/test_jwt_source.py b/spiffe/tests/workloadapi/test_jwt_source.py similarity index 92% rename from pyspiffe/tests/workloadapi/test_jwt_source.py rename to spiffe/tests/workloadapi/test_jwt_source.py index 39d775df..3fb4c362 100644 --- a/pyspiffe/tests/workloadapi/test_jwt_source.py +++ b/spiffe/tests/workloadapi/test_jwt_source.py @@ -19,13 +19,13 @@ import pytest from bundle.jwt_bundle.test_jwt_bundle import JWKS_1_EC_KEY, JWKS_2_EC_1_RSA_KEYS -from pyspiffe.proto import workload_pb2 -from pyspiffe.workloadapi.jwt_source import JwtSource -from pyspiffe.workloadapi.workload_api_client import WorkloadApiClient -from pyspiffe.spiffe_id.spiffe_id import TrustDomain -from pyspiffe.spiffe_id.spiffe_id import SpiffeId -from pyspiffe.workloadapi.exceptions import JwtSourceError, FetchJwtSvidError -from pyspiffe.exceptions import ArgumentError +from spiffe.proto import workload_pb2 +from spiffe.workloadapi.jwt_source import JwtSource +from spiffe.workloadapi.workload_api_client import WorkloadApiClient +from spiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.spiffe_id.spiffe_id import SpiffeId +from spiffe.workloadapi.exceptions import JwtSourceError, FetchJwtSvidError +from spiffe.exceptions import ArgumentError from utils.jwt import generate_test_jwt_token, TEST_AUDIENCE SPIFFE_ID = SpiffeId('spiffe://domain.test/my_service') diff --git a/pyspiffe/tests/workloadapi/test_retry_handler.py b/spiffe/tests/workloadapi/test_retry_handler.py similarity index 97% rename from pyspiffe/tests/workloadapi/test_retry_handler.py rename to spiffe/tests/workloadapi/test_retry_handler.py index 3b682638..d03af57d 100644 --- a/pyspiffe/tests/workloadapi/test_retry_handler.py +++ b/spiffe/tests/workloadapi/test_retry_handler.py @@ -14,7 +14,7 @@ under the License. """ -from pyspiffe.workloadapi.workload_api_client import RetryHandler +from spiffe.workloadapi.workload_api_client import RetryHandler class Observer: diff --git a/pyspiffe/tests/workloadapi/test_workload_api_client.py b/spiffe/tests/workloadapi/test_workload_api_client.py similarity index 95% rename from pyspiffe/tests/workloadapi/test_workload_api_client.py rename to spiffe/tests/workloadapi/test_workload_api_client.py index 5b01c4ac..a8b0118c 100644 --- a/pyspiffe/tests/workloadapi/test_workload_api_client.py +++ b/spiffe/tests/workloadapi/test_workload_api_client.py @@ -19,8 +19,8 @@ import pytest -from pyspiffe.exceptions import ArgumentError -from pyspiffe.workloadapi.workload_api_client import WorkloadApiClient +from spiffe.exceptions import ArgumentError +from spiffe.workloadapi.workload_api_client import WorkloadApiClient SPIFFE_SOCKET_ENV = 'SPIFFE_ENDPOINT_SOCKET' diff --git a/pyspiffe/tests/workloadapi/test_workload_api_client_fetch_x509.py b/spiffe/tests/workloadapi/test_workload_api_client_fetch_x509.py similarity index 98% rename from pyspiffe/tests/workloadapi/test_workload_api_client_fetch_x509.py rename to spiffe/tests/workloadapi/test_workload_api_client_fetch_x509.py index f7f9a5b1..cf48c2c9 100644 --- a/pyspiffe/tests/workloadapi/test_workload_api_client_fetch_x509.py +++ b/spiffe/tests/workloadapi/test_workload_api_client_fetch_x509.py @@ -22,11 +22,11 @@ from cryptography.hazmat.primitives.asymmetric import ec from cryptography.x509 import Certificate -from pyspiffe.proto import workload_pb2 -from pyspiffe.spiffe_id.spiffe_id import SpiffeId -from pyspiffe.spiffe_id.spiffe_id import TrustDomain -from pyspiffe.workloadapi.exceptions import FetchX509SvidError, FetchX509BundleError -from pyspiffe.workloadapi.workload_api_client import WorkloadApiClient +from spiffe.proto import workload_pb2 +from spiffe.spiffe_id.spiffe_id import SpiffeId +from spiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.workloadapi.exceptions import FetchX509SvidError, FetchX509BundleError +from spiffe.workloadapi.workload_api_client import WorkloadApiClient from utils.utils import ( FakeCall, ResponseHolder, diff --git a/pyspiffe/tests/workloadapi/test_workload_api_client_jwt.py b/spiffe/tests/workloadapi/test_workload_api_client_jwt.py similarity index 98% rename from pyspiffe/tests/workloadapi/test_workload_api_client_jwt.py rename to spiffe/tests/workloadapi/test_workload_api_client_jwt.py index abf26880..1dc3e8a1 100644 --- a/pyspiffe/tests/workloadapi/test_workload_api_client_jwt.py +++ b/spiffe/tests/workloadapi/test_workload_api_client_jwt.py @@ -28,13 +28,13 @@ JWKS_2_EC_1_RSA_KEYS, JWKS_MISSING_KEY_ID, ) -from pyspiffe.proto import workload_pb2 -from pyspiffe.workloadapi.workload_api_client import WorkloadApiClient +from spiffe.proto import workload_pb2 +from spiffe.workloadapi.workload_api_client import WorkloadApiClient from utils.jwt import generate_test_jwt_token, TEST_AUDIENCE -from pyspiffe.spiffe_id.spiffe_id import TrustDomain -from pyspiffe.spiffe_id.spiffe_id import SpiffeId -from pyspiffe.exceptions import ArgumentError -from pyspiffe.workloadapi.exceptions import ( +from spiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.spiffe_id.spiffe_id import SpiffeId +from spiffe.exceptions import ArgumentError +from spiffe.workloadapi.exceptions import ( FetchJwtSvidError, ValidateJwtSvidError, FetchJwtBundleError, diff --git a/pyspiffe/tests/workloadapi/test_x509_context.py b/spiffe/tests/workloadapi/test_x509_context.py similarity index 86% rename from pyspiffe/tests/workloadapi/test_x509_context.py rename to spiffe/tests/workloadapi/test_x509_context.py index 8865502d..ee48d91c 100644 --- a/pyspiffe/tests/workloadapi/test_x509_context.py +++ b/spiffe/tests/workloadapi/test_x509_context.py @@ -16,10 +16,10 @@ import pytest -from pyspiffe.bundle.x509_bundle.x509_bundle_set import X509BundleSet -from pyspiffe.exceptions import ArgumentError -from pyspiffe.svid.x509_svid import X509Svid -from pyspiffe.workloadapi.x509_context import X509Context +from spiffe.bundle.x509_bundle.x509_bundle_set import X509BundleSet +from spiffe.exceptions import ArgumentError +from spiffe.svid.x509_svid import X509Svid +from spiffe.workloadapi.x509_context import X509Context from utils.certs import KEY1, CHAIN1, CHAIN2, KEY2 _SVID1 = X509Svid.parse_raw(CHAIN1, KEY1) diff --git a/pyspiffe/tests/workloadapi/test_x509_source.py b/spiffe/tests/workloadapi/test_x509_source.py similarity index 93% rename from pyspiffe/tests/workloadapi/test_x509_source.py rename to spiffe/tests/workloadapi/test_x509_source.py index e6225891..887a2079 100644 --- a/pyspiffe/tests/workloadapi/test_x509_source.py +++ b/spiffe/tests/workloadapi/test_x509_source.py @@ -18,13 +18,13 @@ import pytest -from pyspiffe.proto import workload_pb2 -from pyspiffe.spiffe_id.spiffe_id import SpiffeId -from pyspiffe.spiffe_id.spiffe_id import TrustDomain -from pyspiffe.workloadapi.exceptions import X509SourceError -from pyspiffe.workloadapi.x509_source import X509Source +from spiffe.proto import workload_pb2 +from spiffe.spiffe_id.spiffe_id import SpiffeId +from spiffe.spiffe_id.spiffe_id import TrustDomain +from spiffe.workloadapi.exceptions import X509SourceError +from spiffe.workloadapi.x509_source import X509Source -from pyspiffe.workloadapi.workload_api_client import ( +from spiffe.workloadapi.workload_api_client import ( WorkloadApiClient, ) from utils.certs import (