Factory¶
- class gafaelfawr.factory.Factory(context, session, logger)¶
Bases:
object
Build Gafaelfawr components.
Uses the contents of a
ProcessContext
to construct the components of the application on demand.- Parameters:
context (
ProcessContext
) – Shared process context.session (
async_scoped_session
) – Database session.logger (
BoundLogger
) – Logger to use for errors.
Attributes Summary
Underlying Redis connection pool, mainly for tests.
Methods Summary
aclose
()Shut down the factory.
create
(config, engine, *[, check_db])Create a component factory outside of a request.
Create a new manager object for token administrators.
Create the Firestore service layer.
Create the Firestore storage layer.
Create a service for performing health checks.
create_kubernetes_ingress_service
(api_client)Create a service for managing Kubernetes ingresses.
create_kubernetes_token_service
(api_client)Create a service for managing tokens stored in Kubernetes.
Create a minimalist OpenID Connect server.
Create a JWT token verifier for OpenID Connect tokens.
Create an authentication provider.
Create a client for sending messages to Slack.
Create a token cache.
Create a token Redis store.
Create a TokenService.
Create a user information service.
set_context
(context)Replace the process context.
set_logger
(logger)Replace the internal logger.
standalone
(cls, config, engine, *[, check_db])Async context manager for Gafaelfawr components.
Attributes Documentation
- redis¶
Underlying Redis connection pool, mainly for tests.
Methods Documentation
- async aclose()¶
Shut down the factory.
After this method is called, the factory object is no longer valid and must not be used.
- Return type:
- async classmethod create(config, engine, *, check_db=False)¶
Create a component factory outside of a request.
Intended for long-running daemons other than the FastAPI web application, such as the Kubernetes operator. This class method should only be used in situations where an async context manager cannot be used. Do not use this factory inside the web application or anywhere that may use the default
Factory
, since they will interfere with each other’s Redis pools.If an async context manager can be used, call
standalone
rather than this method.- Parameters:
config (
Config
) – Gafaelfawr configuration.engine (
AsyncEngine
) – Database engine to use for connections.check_db (
bool
, default:False
) – If set toTrue
, check database connectivity before returning by doing a simple query.
- Returns:
Newly-created factory. The caller must call
aclose
on the returned object during shutdown.- Return type:
- create_admin_service()¶
Create a new manager object for token administrators.
- Returns:
The new token administrator manager.
- Return type:
- create_firestore_service()¶
Create the Firestore service layer.
- Returns:
Newly-created Firestore service.
- Return type:
- create_firestore_storage()¶
Create the Firestore storage layer.
Primarily for use internally and in tests.
- Returns:
Newly-created Firestore storage.
- Return type:
- create_health_check_service()¶
Create a service for performing health checks.
- Returns:
Newly-created health check service.
- Return type:
- create_kubernetes_ingress_service(api_client)¶
Create a service for managing Kubernetes ingresses.
- Parameters:
api_client (
ApiClient
) – The Kubernetes client.- Returns:
Newly-created Kubernetes service.
- Return type:
- create_kubernetes_token_service(api_client)¶
Create a service for managing tokens stored in Kubernetes.
- Parameters:
api_client (
ApiClient
) – The Kubernetes client.- Returns:
Newly-created Kubernetes service.
- Return type:
- create_oidc_service()¶
Create a minimalist OpenID Connect server.
- Returns:
A new OpenID Connect server.
- Return type:
- create_oidc_token_verifier()¶
Create a JWT token verifier for OpenID Connect tokens.
This is normally used only as an implementation detail of the OpenID Connect authentication provider, but can be created directly to facilitate testing.
- Returns:
A new JWT token verifier.
- Return type:
- create_provider()¶
Create an authentication provider.
Create a provider object for the configured external authentication provider.
- Returns:
A new Provider.
- Return type:
- Raises:
NotImplementedError – Raised if none of the authentication providers are configured.
- create_slack_client()¶
Create a client for sending messages to Slack.
- Returns:
Configured Slack client if a Slack webhook was configured, otherwise
None
.- Return type:
- create_token_cache_service()¶
Create a token cache.
- Returns:
A new token cache.
- Return type:
- create_token_redis_store()¶
Create a token Redis store.
- Returns:
New token database store.
- Return type:
- create_token_service()¶
Create a TokenService.
- Returns:
The new token manager.
- Return type:
- create_user_info_service()¶
Create a user information service.
This service retrieves metadata about the user, such as their UID, groups, and GIDs. This is the generic service that acts on Gafaelfawr tokens, without support for the additional authentication-time methods used by authentication providers.
- Returns:
Newly created service.
- Return type:
- set_context(context)¶
Replace the process context.
Used by the test suite when it reconfigures Gafaelfawr on the fly after a factory was already created.
- Parameters:
context (
ProcessContext
) – New process context.- Return type:
- set_logger(logger)¶
Replace the internal logger.
Used by the context dependency to update the logger for all newly-created components when it’s rebound with additional context.
- Parameters:
logger (
BoundLogger
) – New logger.- Return type:
- classmethod standalone(cls, config, engine, *, check_db=False)¶
Async context manager for Gafaelfawr components.
Intended for background jobs. Uses the non-request default values for the dependencies of
Factory
. Do not use this factory inside the web application or anywhere that may use the defaultFactory
, since they will interfere with each other’s Redis pools.- Parameters:
config (
Config
) – Gafaelfawr configuration.engine (
AsyncEngine
) – Database engine to use for connections.check_db (
bool
, default:False
) – If set toTrue
, check database connectivity before returning by doing a simple query.
- Yields:
Factory – The factory. Must be used as an async context manager.
- Return type:
AsyncIterator
[Self
]
Examples
async with Factory.standalone(config, engine) as factory: token_service = factory.create_token_service() alerts = await token_service.audit(fix=fix)