Factory#
- class gafaelfawr.factory.Factory(context, session, logger)#
Bases:
object
Build Gafaelfawr components.
Uses the contents of a
ProcessContext
to construct the components of the application on demand.- Parameters:
context (
ProcessContext
) – Shared process context.session (
async_scoped_session
) – Database session.logger (
BoundLogger
) – Logger to use for errors.
Attributes Summary
Underlying Redis connection pool, mainly for tests.
Methods Summary
aclose
()Shut down the factory.
create
(config, engine, *[, check_db])Create a component factory outside of a request.
Create a new manager object for token administrators.
Create the Firestore service layer.
Create the Firestore storage layer.
create_kubernetes_ingress_service
(api_client)Create a service for managing Kubernetes ingresses.
create_kubernetes_token_service
(api_client)Create a service for managing tokens stored in Kubernetes.
Create a minimalist OpenID Connect server.
Create a JWT token verifier for OpenID Connect tokens.
Create a user information service for OpenID Connect providers.
Create an authentication provider.
Create a client for sending messages to Slack.
Create a token cache.
Create a TokenService.
Create a user information service.
set_context
(context)Replace the process context.
set_logger
(logger)Replace the internal logger.
standalone
(cls, config, engine, *[, check_db])Async context manager for Gafaelfawr components.
Attributes Documentation
- redis#
Underlying Redis connection pool, mainly for tests.
Methods Documentation
- async aclose()#
Shut down the factory.
After this method is called, the factory object is no longer valid and must not be used.
- Return type:
- async classmethod create(config, engine, *, check_db=False)#
Create a component factory outside of a request.
Intended for long-running daemons other than the FastAPI web application, such as the Kubernetes operator. This class method should only be used in situations where an async context manager cannot be used. Do not use this factory inside the web application or anywhere that may use the default Factory, since they will interfere with each other’s Redis pools.
If an async context manager can be used, call standalone rather than this method.
- Parameters:
config (
Config
) – Gafaelfawr configuration.engine (
AsyncEngine
) – Database engine to use for connections.check_db (
bool
, default:False
) – If set to True, check database connectivity before returning by doing a simple query.
- Returns:
Newly-created factory. The caller must call aclose on the returned object during shutdown.
- Return type:
- create_admin_service()#
Create a new manager object for token administrators.
- Returns:
The new token administrator manager.
- Return type:
- create_firestore_service()#
Create the Firestore service layer.
- Returns:
Newly-created Firestore service.
- Return type:
- create_firestore_storage()#
Create the Firestore storage layer.
Primarily for use internally and in tests.
- Returns:
Newly-created Firestore storage.
- Return type:
- create_kubernetes_ingress_service(api_client)#
Create a service for managing Kubernetes ingresses.
- Parameters:
api_client (
ApiClient
) – The Kubernetes client.- Returns:
Newly-created Kubernetes service.
- Return type:
- create_kubernetes_token_service(api_client)#
Create a service for managing tokens stored in Kubernetes.
- Parameters:
api_client (
ApiClient
) – The Kubernetes client.- Returns:
Newly-created Kubernetes service.
- Return type:
- create_oidc_service()#
Create a minimalist OpenID Connect server.
- Returns:
A new OpenID Connect server.
- Return type:
- create_oidc_token_verifier()#
Create a JWT token verifier for OpenID Connect tokens.
This is normally used only as an implementation detail of the OpenID Connect authentication provider, but can be created directly to facilitate testing.
- Returns:
A new JWT token verifier.
- Return type:
- create_oidc_user_info_service()#
Create a user information service for OpenID Connect providers.
This is a user information service specialized for using an OpenID Connect authentication provider. It understands how to parse information out of the token claims.
- Returns:
A new user information service.
- Return type:
- Raises:
NotConfiguredError – Raised if the configured authentication provider is not OpenID Connect.
- create_provider()#
Create an authentication provider.
Create a provider object for the configured external authentication provider.
- Returns:
A new Provider.
- Return type:
- Raises:
NotImplementedError – Raised if none of the authentication providers are configured.
- create_slack_client()#
Create a client for sending messages to Slack.
- Returns:
Configured Slack client if a Slack webhook was configured, otherwise None.
- Return type:
- create_token_cache_service()#
Create a token cache.
- Returns:
A new token cache.
- Return type:
- create_token_service()#
Create a TokenService.
- Returns:
The new token manager.
- Return type:
- create_user_info_service()#
Create a user information service.
This service retrieves metadata about the user, such as their UID, groups, and GIDs. This is the generic service that acts on Gafaelfawr tokens, without support for the additional authentication-time methods used by authentication providers.
- Returns:
Newly created service.
- Return type:
- set_context(context)#
Replace the process context.
Used by the test suite when it reconfigures Gafaelfawr on the fly after a factory was already created.
- Parameters:
context (
ProcessContext
) – New process context.- Return type:
- set_logger(logger)#
Replace the internal logger.
Used by the context dependency to update the logger for all newly-created components when it’s rebound with additional context.
- Parameters:
logger (
BoundLogger
) – New logger.- Return type:
- classmethod standalone(cls, config, engine, *, check_db=False)#
Async context manager for Gafaelfawr components.
Intended for background jobs. Uses the non-request default values for the dependencies of Factory. Do not use this factory inside the web application or anywhere that may use the default Factory, since they will interfere with each other’s Redis pools.
- Parameters:
config (
Config
) – Gafaelfawr configuration.engine (
AsyncEngine
) – Database engine to use for connections.check_db (
bool
, default:False
) – If set to True, check database connectivity before returning by doing a simple query.
- Yields:
Factory – The factory. Must be used as an async context manager.
- Return type:
AsyncIterator
[Self
]
Examples
async with Factory.standalone(config, engine) as factory: token_service = factory.create_token_service() async with factory.session.begin(): alerts = await token_service.audit(fix=fix)