Factory¶

class gafaelfawr.factory.Factory(context, session, logger)¶

Bases: object

Build Gafaelfawr components.

Uses the contents of a ProcessContext to construct the components of the application on demand.

Parameters:

context (ProcessContext) – Shared process context.
session (async_scoped_session) – Database session.
logger (BoundLogger) – Logger to use for errors.

Attributes Summary

redis

Underlying Redis connection pool, mainly for tests.

Methods Summary

`aclose`()	Shut down the factory.
`create`(config, engine, *[, check_db])	Create a component factory outside of a request.
`create_admin_service`()	Create a new manager object for token administrators.
`create_firestore_service`()	Create the Firestore service layer.
`create_firestore_storage`()	Create the Firestore storage layer.
`create_health_check_service`()	Create a service for performing health checks.
`create_kubernetes_ingress_service`(api_client)	Create a service for managing Kubernetes ingresses.
`create_kubernetes_token_service`(api_client)	Create a service for managing tokens stored in Kubernetes.
`create_oidc_service`()	Create a minimalist OpenID Connect server.
`create_oidc_token_verifier`()	Create a JWT token verifier for OpenID Connect tokens.
`create_oidc_user_info_service`()	Create a user information service for OpenID Connect providers.
`create_provider`()	Create an authentication provider.
`create_slack_client`()	Create a client for sending messages to Slack.
`create_token_cache_service`()	Create a token cache.
`create_token_redis_store`()	Create a token Redis store.
`create_token_service`()	Create a TokenService.
`create_user_info_service`()	Create a user information service.
`set_context`(context)	Replace the process context.
`set_logger`(logger)	Replace the internal logger.
`standalone`(cls, config, engine, *[, check_db])	Async context manager for Gafaelfawr components.

Attributes Documentation

redis¶: Underlying Redis connection pool, mainly for tests.

Methods Documentation

async aclose()¶

Shut down the factory.

After this method is called, the factory object is no longer valid and must not be used.

Return type:: None

async classmethod create(config, engine, *, check_db=False)¶

Create a component factory outside of a request.

Intended for long-running daemons other than the FastAPI web application, such as the Kubernetes operator. This class method should only be used in situations where an async context manager cannot be used. Do not use this factory inside the web application or anywhere that may use the default Factory, since they will interfere with each other’s Redis pools.

If an async context manager can be used, call standalone rather than this method.

Parameters:

config (Config) – Gafaelfawr configuration.
engine (AsyncEngine) – Database engine to use for connections.
check_db (bool, default: False) – If set to True, check database connectivity before returning by doing a simple query.

Returns:

Newly-created factory. The caller must call aclose on the returned object during shutdown.

Return type:

Factory

create_admin_service()¶

Create a new manager object for token administrators.

Returns:: The new token administrator manager.
Return type:: AdminService

create_firestore_service()¶

Create the Firestore service layer.

Returns:: Newly-created Firestore service.
Return type:: FirestoreService

create_firestore_storage()¶

Create the Firestore storage layer.

Primarily for use internally and in tests.

Returns:: Newly-created Firestore storage.
Return type:: FirestoreStorage

create_health_check_service()¶

Create a service for performing health checks.

Returns:: Newly-created health check service.
Return type:: HealthCheckService

create_kubernetes_ingress_service(api_client)¶

Create a service for managing Kubernetes ingresses.

Parameters:: api_client (ApiClient) – The Kubernetes client.
Returns:: Newly-created Kubernetes service.
Return type:: KubernetesIngressService

create_kubernetes_token_service(api_client)¶

Create a service for managing tokens stored in Kubernetes.

Parameters:: api_client (ApiClient) – The Kubernetes client.
Returns:: Newly-created Kubernetes service.
Return type:: KubernetesTokenService

create_oidc_service()¶

Create a minimalist OpenID Connect server.

Returns:: A new OpenID Connect server.
Return type:: OIDCService

create_oidc_token_verifier()¶

Create a JWT token verifier for OpenID Connect tokens.

This is normally used only as an implementation detail of the OpenID Connect authentication provider, but can be created directly to facilitate testing.

Returns:: A new JWT token verifier.
Return type:: OIDCTokenVerifier

create_oidc_user_info_service()¶

Create a user information service for OpenID Connect providers.

This is a user information service specialized for using an OpenID Connect authentication provider. It understands how to parse information out of the token claims.

Returns:: A new user information service.
Return type:: OIDCUserInfoService
Raises:: NotConfiguredError – Raised if the configured authentication provider is not OpenID Connect.

create_provider()¶

Create an authentication provider.

Create a provider object for the configured external authentication provider.

Returns:: A new Provider.
Return type:: Provider
Raises:: NotImplementedError – Raised if none of the authentication providers are configured.

create_slack_client()¶

Create a client for sending messages to Slack.

Returns:: Configured Slack client if a Slack webhook was configured, otherwise None.
Return type:: safir.slack.webhook.SlackWebhookClient or None

create_token_cache_service()¶

Create a token cache.

Returns:: A new token cache.
Return type:: TokenCacheService

create_token_redis_store()¶

Create a token Redis store.

Returns:: New token database store.
Return type:: TokenRedisStore

create_token_service()¶

Create a TokenService.

Returns:: The new token manager.
Return type:: TokenService

create_user_info_service()¶

Create a user information service.

This service retrieves metadata about the user, such as their UID, groups, and GIDs. This is the generic service that acts on Gafaelfawr tokens, without support for the additional authentication-time methods used by authentication providers.

Returns:: Newly created service.
Return type:: UserInfoService

set_context(context)¶

Replace the process context.

Used by the test suite when it reconfigures Gafaelfawr on the fly after a factory was already created.

Parameters:: context (ProcessContext) – New process context.
Return type:: None

set_logger(logger)¶

Replace the internal logger.

Used by the context dependency to update the logger for all newly-created components when it’s rebound with additional context.

Parameters:: logger (BoundLogger) – New logger.
Return type:: None

classmethod standalone(cls, config, engine, *, check_db=False)¶

Async context manager for Gafaelfawr components.

Intended for background jobs. Uses the non-request default values for the dependencies of Factory. Do not use this factory inside the web application or anywhere that may use the default Factory, since they will interfere with each other’s Redis pools.

Parameters:

config (Config) – Gafaelfawr configuration.
engine (AsyncEngine) – Database engine to use for connections.
check_db (bool, default: False) – If set to True, check database connectivity before returning by doing a simple query.

Yields:

Factory – The factory. Must be used as an async context manager.

Return type:

AsyncIterator[Self]

Examples

async with Factory.standalone(config, engine) as factory:
    token_service = factory.create_token_service()
    async with factory.session.begin():
        alerts = await token_service.audit(fix=fix)