From 8b4a5a943d3d831ce42433ff9f55a3f1d2682b6b Mon Sep 17 00:00:00 2001 From: Excavator Bot <33266368+svc-excavator-bot@users.noreply.github.com> Date: Fri, 31 Jan 2025 08:21:25 -0800 Subject: [PATCH] Excavator: Upgrade API Version (#113) --- README.md | 19 ++ docs/v2/Admin/Marking.md | 82 +++++++ docs/v2/Admin/MarkingCategory.md | 6 + docs/v2/Admin/User.md | 2 + .../connectivity/models/BasicCredentials.md | 12 + .../models/BasicCredentialsDict.md | 12 + ...ionRequestS3ConnectionConfigurationDict.md | 12 + docs/v2/connectivity/models/Protocol.md | 11 + docs/v2/connectivity/models/Region.md | 12 + .../models/S3ConnectionConfiguration.md | 12 + .../models/S3ConnectionConfigurationDict.md | 12 + .../connectivity/models/S3KmsConfiguration.md | 12 + .../models/S3KmsConfigurationDict.md | 12 + .../models/S3ProxyConfiguration.md | 15 ++ .../models/S3ProxyConfigurationDict.md | 15 ++ .../models/StsRoleConfiguration.md | 15 ++ .../models/StsRoleConfigurationDict.md | 15 ++ foundry/_versions.py | 2 +- foundry/v2/admin/errors/__init__.py | 12 + ...eate_marking_missing_initial_admin_role.py | 40 ++++ ...marking_name_in_category_already_exists.py | 45 ++++ .../_create_marking_permission_denied.py | 40 ++++ foundry/v2/admin/marking.py | 209 ++++++++++++++++++ foundry/v2/cli.py | 47 ++++ foundry/v2/connectivity/models/__init__.py | 24 ++ .../connectivity/models/_basic_credentials.py | 37 ++++ .../models/_basic_credentials_dict.py | 30 +++ ...equest_s3_connection_configuration_dict.py | 79 +++++++ foundry/v2/connectivity/models/_protocol.py | 21 ++ foundry/v2/connectivity/models/_region.py | 19 ++ .../models/_s3_connection_configuration.py | 103 +++++++++ .../_s3_connection_configuration_dict.py | 79 +++++++ .../models/_s3_kms_configuration.py | 48 ++++ .../models/_s3_kms_configuration_dict.py | 39 ++++ .../models/_s3_proxy_configuration.py | 57 +++++ .../models/_s3_proxy_configuration_dict.py | 46 ++++ .../models/_sts_role_configuration.py | 75 +++++++ .../models/_sts_role_configuration_dict.py | 59 +++++ pyproject.toml | 8 +- 39 files changed, 1390 insertions(+), 5 deletions(-) create mode 100644 docs/v2/connectivity/models/BasicCredentials.md create mode 100644 docs/v2/connectivity/models/BasicCredentialsDict.md create mode 100644 docs/v2/connectivity/models/Protocol.md create mode 100644 docs/v2/connectivity/models/Region.md create mode 100644 docs/v2/connectivity/models/S3KmsConfiguration.md create mode 100644 docs/v2/connectivity/models/S3KmsConfigurationDict.md create mode 100644 docs/v2/connectivity/models/S3ProxyConfiguration.md create mode 100644 docs/v2/connectivity/models/S3ProxyConfigurationDict.md create mode 100644 docs/v2/connectivity/models/StsRoleConfiguration.md create mode 100644 docs/v2/connectivity/models/StsRoleConfigurationDict.md create mode 100644 foundry/v2/admin/errors/_create_marking_missing_initial_admin_role.py create mode 100644 foundry/v2/admin/errors/_create_marking_name_in_category_already_exists.py create mode 100644 foundry/v2/admin/errors/_create_marking_permission_denied.py create mode 100644 foundry/v2/connectivity/models/_basic_credentials.py create mode 100644 foundry/v2/connectivity/models/_basic_credentials_dict.py create mode 100644 foundry/v2/connectivity/models/_protocol.py create mode 100644 foundry/v2/connectivity/models/_region.py create mode 100644 foundry/v2/connectivity/models/_s3_kms_configuration.py create mode 100644 foundry/v2/connectivity/models/_s3_kms_configuration_dict.py create mode 100644 foundry/v2/connectivity/models/_s3_proxy_configuration.py create mode 100644 foundry/v2/connectivity/models/_s3_proxy_configuration_dict.py create mode 100644 foundry/v2/connectivity/models/_sts_role_configuration.py create mode 100644 foundry/v2/connectivity/models/_sts_role_configuration_dict.py diff --git a/README.md b/README.md index 4a728a80..9e9b1ba0 100644 --- a/README.md +++ b/README.md @@ -410,6 +410,14 @@ Namespace | Resource | Operation | HTTP request | **Admin** | GroupMember | [**remove**](docs/v2/Admin/GroupMember.md#remove) | **POST** /v2/admin/groups/{groupId}/groupMembers/remove | **Admin** | GroupMembership | [**list**](docs/v2/Admin/GroupMembership.md#list) | **GET** /v2/admin/users/{userId}/groupMemberships | **Admin** | GroupMembership | [**page**](docs/v2/Admin/GroupMembership.md#page) | **GET** /v2/admin/users/{userId}/groupMemberships | +**Admin** | Marking | [**create**](docs/v2/Admin/Marking.md#create) | **POST** /v2/admin/markings | +**Admin** | Marking | [**get**](docs/v2/Admin/Marking.md#get) | **GET** /v2/admin/markings/{markingId} | +**Admin** | Marking | [**get_batch**](docs/v2/Admin/Marking.md#get_batch) | **POST** /v2/admin/markings/getBatch | +**Admin** | Marking | [**list**](docs/v2/Admin/Marking.md#list) | **GET** /v2/admin/markings | +**Admin** | Marking | [**page**](docs/v2/Admin/Marking.md#page) | **GET** /v2/admin/markings | +**Admin** | MarkingCategory | [**get**](docs/v2/Admin/MarkingCategory.md#get) | **GET** /v2/admin/markingCategories/{markingCategoryId} | +**Admin** | MarkingCategory | [**list**](docs/v2/Admin/MarkingCategory.md#list) | **GET** /v2/admin/markingCategories | +**Admin** | MarkingCategory | [**page**](docs/v2/Admin/MarkingCategory.md#page) | **GET** /v2/admin/markingCategories | **Admin** | MarkingMember | [**add**](docs/v2/Admin/MarkingMember.md#add) | **POST** /v2/admin/markings/{markingId}/markingMembers/add | **Admin** | MarkingMember | [**list**](docs/v2/Admin/MarkingMember.md#list) | **GET** /v2/admin/markings/{markingId}/markingMembers | **Admin** | MarkingMember | [**page**](docs/v2/Admin/MarkingMember.md#page) | **GET** /v2/admin/markings/{markingId}/markingMembers | @@ -422,6 +430,7 @@ Namespace | Resource | Operation | HTTP request | **Admin** | User | [**get**](docs/v2/Admin/User.md#get) | **GET** /v2/admin/users/{userId} | **Admin** | User | [**get_batch**](docs/v2/Admin/User.md#get_batch) | **POST** /v2/admin/users/getBatch | **Admin** | User | [**get_current**](docs/v2/Admin/User.md#get_current) | **GET** /v2/admin/users/getCurrent | +**Admin** | User | [**get_markings**](docs/v2/Admin/User.md#get_markings) | **GET** /v2/admin/users/{userId}/getMarkings | **Admin** | User | [**list**](docs/v2/Admin/User.md#list) | **GET** /v2/admin/users | **Admin** | User | [**page**](docs/v2/Admin/User.md#page) | **GET** /v2/admin/users | **Admin** | User | [**profile_picture**](docs/v2/Admin/User.md#profile_picture) | **GET** /v2/admin/users/{userId}/profilePicture | @@ -739,6 +748,8 @@ Namespace | Resource | Operation | HTTP request | - [AsSecretNameDict](docs/v2/models/AsSecretNameDict.md) - [AwsAccessKey](docs/v2/models/AwsAccessKey.md) - [AwsAccessKeyDict](docs/v2/models/AwsAccessKeyDict.md) +- [BasicCredentials](docs/v2/models/BasicCredentials.md) +- [BasicCredentialsDict](docs/v2/models/BasicCredentialsDict.md) - [CloudIdentity](docs/v2/models/CloudIdentity.md) - [CloudIdentityDict](docs/v2/models/CloudIdentityDict.md) - [CloudIdentityRid](docs/v2/models/CloudIdentityRid.md) @@ -808,13 +819,21 @@ Namespace | Resource | Operation | HTTP request | - [PlaintextValue](docs/v2/models/PlaintextValue.md) - [PostgreSqlImportConfig](docs/v2/models/PostgreSqlImportConfig.md) - [PostgreSqlImportConfigDict](docs/v2/models/PostgreSqlImportConfigDict.md) +- [Protocol](docs/v2/models/Protocol.md) +- [Region](docs/v2/models/Region.md) - [RuntimePlatform](docs/v2/models/RuntimePlatform.md) - [RuntimePlatformDict](docs/v2/models/RuntimePlatformDict.md) - [S3AuthenticationMode](docs/v2/models/S3AuthenticationMode.md) - [S3AuthenticationModeDict](docs/v2/models/S3AuthenticationModeDict.md) - [S3ConnectionConfiguration](docs/v2/models/S3ConnectionConfiguration.md) - [S3ConnectionConfigurationDict](docs/v2/models/S3ConnectionConfigurationDict.md) +- [S3KmsConfiguration](docs/v2/models/S3KmsConfiguration.md) +- [S3KmsConfigurationDict](docs/v2/models/S3KmsConfigurationDict.md) +- [S3ProxyConfiguration](docs/v2/models/S3ProxyConfiguration.md) +- [S3ProxyConfigurationDict](docs/v2/models/S3ProxyConfigurationDict.md) - [SecretName](docs/v2/models/SecretName.md) +- [StsRoleConfiguration](docs/v2/models/StsRoleConfiguration.md) +- [StsRoleConfigurationDict](docs/v2/models/StsRoleConfigurationDict.md) - [TableImport](docs/v2/models/TableImport.md) - [TableImportAllowSchemaChanges](docs/v2/models/TableImportAllowSchemaChanges.md) - [TableImportConfig](docs/v2/models/TableImportConfig.md) diff --git a/docs/v2/Admin/Marking.md b/docs/v2/Admin/Marking.md index e0bbb655..a6e5e6fb 100644 --- a/docs/v2/Admin/Marking.md +++ b/docs/v2/Admin/Marking.md @@ -2,7 +2,86 @@ Method | HTTP request | ------------- | ------------- | +[**create**](#create) | **POST** /v2/admin/markings | +[**get**](#get) | **GET** /v2/admin/markings/{markingId} | +[**get_batch**](#get_batch) | **POST** /v2/admin/markings/getBatch | +[**list**](#list) | **GET** /v2/admin/markings | +[**page**](#page) | **GET** /v2/admin/markings | +# **create** +Creates a new Marking. + +### Parameters + +Name | Type | Description | Notes | +------------- | ------------- | ------------- | ------------- | +**category_id** | MarkingCategoryId | | | +**initial_members** | List[PrincipalId] | Users and Groups that will be able to view resources protected by this Marking. This can be changed later through the MarkingMember operations. | | +**initial_role_assignments** | List[MarkingRoleUpdateDict] | The initial roles that will be assigned when the Marking is created. At least one ADMIN role must be provided. This can be changed later through the MarkingRoleAssignment operations. WARNING: If you do not include your own principal ID or the ID of a Group that you are a member of, you will create a Marking that you cannot administer. | | +**name** | MarkingName | | | +**description** | Optional[str] | | [optional] | +**preview** | Optional[PreviewMode] | preview | [optional] | + +### Return type +**Marking** + +### Example + +```python +from foundry.v2 import FoundryClient +import foundry +from pprint import pprint + +foundry_client = FoundryClient( + auth=foundry.UserTokenAuth(...), hostname="example.palantirfoundry.com" +) + +# MarkingCategoryId | +category_id = "0950264e-01c8-4e83-81a9-1a6b7f77621a" +# List[PrincipalId] | Users and Groups that will be able to view resources protected by this Marking. This can be changed later through the MarkingMember operations. +initial_members = ["f05f8da4-b84c-4fca-9c77-8af0b13d11de"] +# List[MarkingRoleUpdateDict] | The initial roles that will be assigned when the Marking is created. At least one ADMIN role must be provided. This can be changed later through the MarkingRoleAssignment operations. WARNING: If you do not include your own principal ID or the ID of a Group that you are a member of, you will create a Marking that you cannot administer. +initial_role_assignments = [ + {"role": "ADMINISTER", "principalId": "f05f8da4-b84c-4fca-9c77-8af0b13d11de"} +] +# MarkingName | +name = "PII" +# Optional[str] | +description = "Contains personally identifiable information about our customers" +# Optional[PreviewMode] | preview +preview = None + + +try: + api_response = foundry_client.admin.Marking.create( + category_id=category_id, + initial_members=initial_members, + initial_role_assignments=initial_role_assignments, + name=name, + description=description, + preview=preview, + ) + print("The create response:\n") + pprint(api_response) +except foundry.PalantirRPCException as e: + print("HTTP error when calling Marking.create: %s\n" % e) + +``` + + + +### Authorization + +See [README](../../../README.md#authorization) + +### HTTP response details +| Status Code | Type | Description | Content Type | +|-------------|-------------|-------------|------------------| +**200** | Marking | The created Marking | application/json | + +[[Back to top]](#) [[Back to API list]](../../../README.md#apis-v2-link) [[Back to Model list]](../../../README.md#models-v2-link) [[Back to README]](../../../README.md) + +# **get** Get the Marking with the specified id. ### Parameters @@ -57,6 +136,7 @@ See [README](../../../README.md#authorization) [[Back to top]](#) [[Back to API list]](../../../README.md#apis-v2-link) [[Back to Model list]](../../../README.md#models-v2-link) [[Back to README]](../../../README.md) +# **get_batch** Execute multiple get requests on Marking. The maximum batch size for this endpoint is 500. @@ -113,6 +193,7 @@ See [README](../../../README.md#authorization) [[Back to top]](#) [[Back to API list]](../../../README.md#apis-v2-link) [[Back to Model list]](../../../README.md#models-v2-link) [[Back to README]](../../../README.md) +# **list** Maximum page size 100. ### Parameters @@ -170,6 +251,7 @@ See [README](../../../README.md#authorization) [[Back to top]](#) [[Back to API list]](../../../README.md#apis-v2-link) [[Back to Model list]](../../../README.md#models-v2-link) [[Back to README]](../../../README.md) +# **page** Maximum page size 100. ### Parameters diff --git a/docs/v2/Admin/MarkingCategory.md b/docs/v2/Admin/MarkingCategory.md index 28c88b83..d06e268a 100644 --- a/docs/v2/Admin/MarkingCategory.md +++ b/docs/v2/Admin/MarkingCategory.md @@ -2,7 +2,11 @@ Method | HTTP request | ------------- | ------------- | +[**get**](#get) | **GET** /v2/admin/markingCategories/{markingCategoryId} | +[**list**](#list) | **GET** /v2/admin/markingCategories | +[**page**](#page) | **GET** /v2/admin/markingCategories | +# **get** Get the MarkingCategory with the specified id. ### Parameters @@ -57,6 +61,7 @@ See [README](../../../README.md#authorization) [[Back to top]](#) [[Back to API list]](../../../README.md#apis-v2-link) [[Back to Model list]](../../../README.md#models-v2-link) [[Back to README]](../../../README.md) +# **list** Maximum page size 100. ### Parameters @@ -114,6 +119,7 @@ See [README](../../../README.md#authorization) [[Back to top]](#) [[Back to API list]](../../../README.md#apis-v2-link) [[Back to Model list]](../../../README.md#models-v2-link) [[Back to README]](../../../README.md) +# **page** Maximum page size 100. ### Parameters diff --git a/docs/v2/Admin/User.md b/docs/v2/Admin/User.md index 20dbc6db..b202781b 100644 --- a/docs/v2/Admin/User.md +++ b/docs/v2/Admin/User.md @@ -6,6 +6,7 @@ Method | HTTP request | [**get**](#get) | **GET** /v2/admin/users/{userId} | [**get_batch**](#get_batch) | **POST** /v2/admin/users/getBatch | [**get_current**](#get_current) | **GET** /v2/admin/users/getCurrent | +[**get_markings**](#get_markings) | **GET** /v2/admin/users/{userId}/getMarkings | [**list**](#list) | **GET** /v2/admin/users | [**page**](#page) | **GET** /v2/admin/users | [**profile_picture**](#profile_picture) | **GET** /v2/admin/users/{userId}/profilePicture | @@ -211,6 +212,7 @@ See [README](../../../README.md#authorization) [[Back to top]](#) [[Back to API list]](../../../README.md#apis-v2-link) [[Back to Model list]](../../../README.md#models-v2-link) [[Back to README]](../../../README.md) +# **get_markings** Retrieve Markings that the user is currently a member of. ### Parameters diff --git a/docs/v2/connectivity/models/BasicCredentials.md b/docs/v2/connectivity/models/BasicCredentials.md new file mode 100644 index 00000000..f150fec8 --- /dev/null +++ b/docs/v2/connectivity/models/BasicCredentials.md @@ -0,0 +1,12 @@ +# BasicCredentials + +BasicCredentials + +## Properties +| Name | Type | Required | Description | +| ------------ | ------------- | ------------- | ------------- | +**username** | str | Yes | | +**password** | EncryptedProperty | Yes | | + + +[[Back to Model list]](../../../../README.md#models-v2-link) [[Back to API list]](../../../../README.md#apis-v2-link) [[Back to README]](../../../../README.md) diff --git a/docs/v2/connectivity/models/BasicCredentialsDict.md b/docs/v2/connectivity/models/BasicCredentialsDict.md new file mode 100644 index 00000000..9d6133bb --- /dev/null +++ b/docs/v2/connectivity/models/BasicCredentialsDict.md @@ -0,0 +1,12 @@ +# BasicCredentialsDict + +BasicCredentials + +## Properties +| Name | Type | Required | Description | +| ------------ | ------------- | ------------- | ------------- | +**username** | str | Yes | | +**password** | EncryptedPropertyDict | Yes | | + + +[[Back to Model list]](../../../../README.md#models-v2-link) [[Back to API list]](../../../../README.md#apis-v2-link) [[Back to README]](../../../../README.md) diff --git a/docs/v2/connectivity/models/CreateConnectionRequestS3ConnectionConfigurationDict.md b/docs/v2/connectivity/models/CreateConnectionRequestS3ConnectionConfigurationDict.md index ed57e89a..8af0796c 100644 --- a/docs/v2/connectivity/models/CreateConnectionRequestS3ConnectionConfigurationDict.md +++ b/docs/v2/connectivity/models/CreateConnectionRequestS3ConnectionConfigurationDict.md @@ -5,8 +5,20 @@ CreateConnectionRequestS3ConnectionConfiguration ## Properties | Name | Type | Required | Description | | ------------ | ------------- | ------------- | ------------- | +**connectionTimeoutMillis** | NotRequired[Long] | No | The amount of time (in milliseconds) to wait when initially establishing a connection before giving up and timing out. If not specified, defaults to 10000 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_CONNECTION_TIMEOUT). | +**maxErrorRetry** | NotRequired[int] | No | The maximum number of retry attempts for failed requests to the S3 service. If not specified, defaults to 3 as defined by the [AWS SDK default](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/retry-strategy.html#retry-strategies). | **bucketUrl** | str | Yes | The URL of the S3 bucket. The URL should contain a trailing slash. | +**clientKmsConfiguration** | NotRequired[S3KmsConfigurationDict] | No | The client-side KMS key to use for encryption and decryption of data in the S3 bucket. If not specified, the default KMS key for the bucket is used. | +**matchSubfolderExactly** | NotRequired[bool] | No | If true, only files in the subfolder specified in the bucket URL will be synced. If false, all files in the bucket will be synced. If not specified, defaults to false. | +**stsRoleConfiguration** | NotRequired[StsRoleConfigurationDict] | No | The configuration needed to assume a role to connect to the S3 external system. | +**s3Endpoint** | NotRequired[str] | No | The endpoint of the S3 service. This is used to connect to a custom S3 service that is not AWS S3. If not specified, defaults to the [AWS S3 endpoint](https://docs.aws.amazon.com/general/latest/gr/s3.html). Warning: Specifying a region and a custom endpoint containing a region can lead to unexpected behavior. | +**socketTimeoutMillis** | NotRequired[Long] | No | The amount of time (in milliseconds) to wait for data to be transferred over an established, open connection. If not specified, defaults to 50000 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_SOCKET_TIMEOUT). | +**enableRequesterPays** | NotRequired[bool] | No | Defaults to false, unless set and overwritten. If true, includes the [requester pays header](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in requests, allowing reads from requester pays buckets. | +**s3EndpointSigningRegion** | NotRequired[Region] | No | The region used when constructing the S3 client using a custom endpoint. This is often not required and would only be needed if you are using the S3 connector with an S3-compliant third-party API, and are also setting a custom endpoint that requires a non-default region. | +**region** | NotRequired[Region] | No | The region representing the location of the S3 bucket. Warning: Specifying a region and a custom endpoint containing a region can lead to unexpected behavior. | **authenticationMode** | NotRequired[S3AuthenticationModeDict] | No | The authentication mode to use to connect to the S3 external system. No authentication mode is required to connect to publicly accessible AWS S3 buckets. | +**proxyConfiguration** | NotRequired[S3ProxyConfigurationDict] | No | The configuration needed to connect to the S3 external system through a proxy. | +**maxConnections** | NotRequired[int] | No | The maximum number of HTTP connections to the S3 service per sync. If not specified, defaults to 50 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_MAX_CONNECTIONS). | **type** | Literal["s3"] | Yes | None | diff --git a/docs/v2/connectivity/models/Protocol.md b/docs/v2/connectivity/models/Protocol.md new file mode 100644 index 00000000..9f6b81d3 --- /dev/null +++ b/docs/v2/connectivity/models/Protocol.md @@ -0,0 +1,11 @@ +# Protocol + +Protocol to establish a connection with another system. + +| **Value** | +| --------- | +| `"HTTP"` | +| `"HTTPS"` | + + +[[Back to Model list]](../../../../README.md#models-v2-link) [[Back to API list]](../../../../README.md#apis-v2-link) [[Back to README]](../../../../README.md) diff --git a/docs/v2/connectivity/models/Region.md b/docs/v2/connectivity/models/Region.md new file mode 100644 index 00000000..0fcd0c1c --- /dev/null +++ b/docs/v2/connectivity/models/Region.md @@ -0,0 +1,12 @@ +# Region + +The region of the external system. + + +## Type +```python +str +``` + + +[[Back to Model list]](../../../../README.md#models-v2-link) [[Back to API list]](../../../../README.md#apis-v2-link) [[Back to README]](../../../../README.md) diff --git a/docs/v2/connectivity/models/S3ConnectionConfiguration.md b/docs/v2/connectivity/models/S3ConnectionConfiguration.md index 601384f5..0f300e5a 100644 --- a/docs/v2/connectivity/models/S3ConnectionConfiguration.md +++ b/docs/v2/connectivity/models/S3ConnectionConfiguration.md @@ -8,7 +8,19 @@ implement the s3a protocol)](/docs/foundry/available-connectors/amazon-s3/#amazo | Name | Type | Required | Description | | ------------ | ------------- | ------------- | ------------- | **bucket_url** | str | Yes | The URL of the S3 bucket. The URL should contain a trailing slash. | +**s3_endpoint** | Optional[str] | No | The endpoint of the S3 service. This is used to connect to a custom S3 service that is not AWS S3. If not specified, defaults to the [AWS S3 endpoint](https://docs.aws.amazon.com/general/latest/gr/s3.html). Warning: Specifying a region and a custom endpoint containing a region can lead to unexpected behavior. | +**region** | Optional[Region] | No | The region representing the location of the S3 bucket. Warning: Specifying a region and a custom endpoint containing a region can lead to unexpected behavior. | **authentication_mode** | Optional[S3AuthenticationMode] | No | The authentication mode to use to connect to the S3 external system. No authentication mode is required to connect to publicly accessible AWS S3 buckets. | +**s3_endpoint_signing_region** | Optional[Region] | No | The region used when constructing the S3 client using a custom endpoint. This is often not required and would only be needed if you are using the S3 connector with an S3-compliant third-party API, and are also setting a custom endpoint that requires a non-default region. | +**client_kms_configuration** | Optional[S3KmsConfiguration] | No | The client-side KMS key to use for encryption and decryption of data in the S3 bucket. If not specified, the default KMS key for the bucket is used. | +**sts_role_configuration** | Optional[StsRoleConfiguration] | No | The configuration needed to assume a role to connect to the S3 external system. | +**proxy_configuration** | Optional[S3ProxyConfiguration] | No | The configuration needed to connect to the S3 external system through a proxy. | +**max_connections** | Optional[int] | No | The maximum number of HTTP connections to the S3 service per sync. If not specified, defaults to 50 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_MAX_CONNECTIONS). | +**connection_timeout_millis** | Optional[Long] | No | The amount of time (in milliseconds) to wait when initially establishing a connection before giving up and timing out. If not specified, defaults to 10000 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_CONNECTION_TIMEOUT). | +**socket_timeout_millis** | Optional[Long] | No | The amount of time (in milliseconds) to wait for data to be transferred over an established, open connection. If not specified, defaults to 50000 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_SOCKET_TIMEOUT). | +**max_error_retry** | Optional[int] | No | The maximum number of retry attempts for failed requests to the S3 service. If not specified, defaults to 3 as defined by the [AWS SDK default](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/retry-strategy.html#retry-strategies). | +**match_subfolder_exactly** | Optional[bool] | No | If true, only files in the subfolder specified in the bucket URL will be synced. If false, all files in the bucket will be synced. If not specified, defaults to false. | +**enable_requester_pays** | Optional[bool] | No | Defaults to false, unless set and overwritten. If true, includes the [requester pays header](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in requests, allowing reads from requester pays buckets. | **type** | Literal["s3"] | Yes | None | diff --git a/docs/v2/connectivity/models/S3ConnectionConfigurationDict.md b/docs/v2/connectivity/models/S3ConnectionConfigurationDict.md index fe892734..059d85f3 100644 --- a/docs/v2/connectivity/models/S3ConnectionConfigurationDict.md +++ b/docs/v2/connectivity/models/S3ConnectionConfigurationDict.md @@ -8,7 +8,19 @@ implement the s3a protocol)](/docs/foundry/available-connectors/amazon-s3/#amazo | Name | Type | Required | Description | | ------------ | ------------- | ------------- | ------------- | **bucketUrl** | str | Yes | The URL of the S3 bucket. The URL should contain a trailing slash. | +**s3Endpoint** | NotRequired[str] | No | The endpoint of the S3 service. This is used to connect to a custom S3 service that is not AWS S3. If not specified, defaults to the [AWS S3 endpoint](https://docs.aws.amazon.com/general/latest/gr/s3.html). Warning: Specifying a region and a custom endpoint containing a region can lead to unexpected behavior. | +**region** | NotRequired[Region] | No | The region representing the location of the S3 bucket. Warning: Specifying a region and a custom endpoint containing a region can lead to unexpected behavior. | **authenticationMode** | NotRequired[S3AuthenticationModeDict] | No | The authentication mode to use to connect to the S3 external system. No authentication mode is required to connect to publicly accessible AWS S3 buckets. | +**s3EndpointSigningRegion** | NotRequired[Region] | No | The region used when constructing the S3 client using a custom endpoint. This is often not required and would only be needed if you are using the S3 connector with an S3-compliant third-party API, and are also setting a custom endpoint that requires a non-default region. | +**clientKmsConfiguration** | NotRequired[S3KmsConfigurationDict] | No | The client-side KMS key to use for encryption and decryption of data in the S3 bucket. If not specified, the default KMS key for the bucket is used. | +**stsRoleConfiguration** | NotRequired[StsRoleConfigurationDict] | No | The configuration needed to assume a role to connect to the S3 external system. | +**proxyConfiguration** | NotRequired[S3ProxyConfigurationDict] | No | The configuration needed to connect to the S3 external system through a proxy. | +**maxConnections** | NotRequired[int] | No | The maximum number of HTTP connections to the S3 service per sync. If not specified, defaults to 50 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_MAX_CONNECTIONS). | +**connectionTimeoutMillis** | NotRequired[Long] | No | The amount of time (in milliseconds) to wait when initially establishing a connection before giving up and timing out. If not specified, defaults to 10000 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_CONNECTION_TIMEOUT). | +**socketTimeoutMillis** | NotRequired[Long] | No | The amount of time (in milliseconds) to wait for data to be transferred over an established, open connection. If not specified, defaults to 50000 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_SOCKET_TIMEOUT). | +**maxErrorRetry** | NotRequired[int] | No | The maximum number of retry attempts for failed requests to the S3 service. If not specified, defaults to 3 as defined by the [AWS SDK default](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/retry-strategy.html#retry-strategies). | +**matchSubfolderExactly** | NotRequired[bool] | No | If true, only files in the subfolder specified in the bucket URL will be synced. If false, all files in the bucket will be synced. If not specified, defaults to false. | +**enableRequesterPays** | NotRequired[bool] | No | Defaults to false, unless set and overwritten. If true, includes the [requester pays header](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) in requests, allowing reads from requester pays buckets. | **type** | Literal["s3"] | Yes | None | diff --git a/docs/v2/connectivity/models/S3KmsConfiguration.md b/docs/v2/connectivity/models/S3KmsConfiguration.md new file mode 100644 index 00000000..f89adb47 --- /dev/null +++ b/docs/v2/connectivity/models/S3KmsConfiguration.md @@ -0,0 +1,12 @@ +# S3KmsConfiguration + +S3KmsConfiguration + +## Properties +| Name | Type | Required | Description | +| ------------ | ------------- | ------------- | ------------- | +**kms_key** | str | Yes | The client-side KMS key to use for encryption and decryption of data in the S3 bucket. If not specified, the default KMS key for the bucket is used. | +**kms_region** | Optional[Region] | No | The region of the client-side KMS key to use for encryption and decryption of data in the S3 bucket. If not specified, the default KMS key region for the bucket is used. | + + +[[Back to Model list]](../../../../README.md#models-v2-link) [[Back to API list]](../../../../README.md#apis-v2-link) [[Back to README]](../../../../README.md) diff --git a/docs/v2/connectivity/models/S3KmsConfigurationDict.md b/docs/v2/connectivity/models/S3KmsConfigurationDict.md new file mode 100644 index 00000000..3c1df28c --- /dev/null +++ b/docs/v2/connectivity/models/S3KmsConfigurationDict.md @@ -0,0 +1,12 @@ +# S3KmsConfigurationDict + +S3KmsConfiguration + +## Properties +| Name | Type | Required | Description | +| ------------ | ------------- | ------------- | ------------- | +**kmsKey** | str | Yes | The client-side KMS key to use for encryption and decryption of data in the S3 bucket. If not specified, the default KMS key for the bucket is used. | +**kmsRegion** | NotRequired[Region] | No | The region of the client-side KMS key to use for encryption and decryption of data in the S3 bucket. If not specified, the default KMS key region for the bucket is used. | + + +[[Back to Model list]](../../../../README.md#models-v2-link) [[Back to API list]](../../../../README.md#apis-v2-link) [[Back to README]](../../../../README.md) diff --git a/docs/v2/connectivity/models/S3ProxyConfiguration.md b/docs/v2/connectivity/models/S3ProxyConfiguration.md new file mode 100644 index 00000000..fddc7fb8 --- /dev/null +++ b/docs/v2/connectivity/models/S3ProxyConfiguration.md @@ -0,0 +1,15 @@ +# S3ProxyConfiguration + +S3ProxyConfiguration + +## Properties +| Name | Type | Required | Description | +| ------------ | ------------- | ------------- | ------------- | +**host** | str | Yes | Domain name, IPv4, or IPv6 address. `protocol` and `port` must be specified separately. | +**port** | int | Yes | | +**non_proxy_hosts** | Optional[List[str]] | No | A list of hosts that can bypass the proxy, such as those used for STS Role. You can also use "*" wildcards. | +**protocol** | Optional[Protocol] | No | If defined, must be "HTTP" or "HTTPS". Defaults to "HTTPS". | +**credentials** | Optional[BasicCredentials] | No | | + + +[[Back to Model list]](../../../../README.md#models-v2-link) [[Back to API list]](../../../../README.md#apis-v2-link) [[Back to README]](../../../../README.md) diff --git a/docs/v2/connectivity/models/S3ProxyConfigurationDict.md b/docs/v2/connectivity/models/S3ProxyConfigurationDict.md new file mode 100644 index 00000000..29cd665b --- /dev/null +++ b/docs/v2/connectivity/models/S3ProxyConfigurationDict.md @@ -0,0 +1,15 @@ +# S3ProxyConfigurationDict + +S3ProxyConfiguration + +## Properties +| Name | Type | Required | Description | +| ------------ | ------------- | ------------- | ------------- | +**host** | str | Yes | Domain name, IPv4, or IPv6 address. `protocol` and `port` must be specified separately. | +**port** | int | Yes | | +**nonProxyHosts** | NotRequired[List[str]] | No | A list of hosts that can bypass the proxy, such as those used for STS Role. You can also use "*" wildcards. | +**protocol** | NotRequired[Protocol] | No | If defined, must be "HTTP" or "HTTPS". Defaults to "HTTPS". | +**credentials** | NotRequired[BasicCredentialsDict] | No | | + + +[[Back to Model list]](../../../../README.md#models-v2-link) [[Back to API list]](../../../../README.md#apis-v2-link) [[Back to README]](../../../../README.md) diff --git a/docs/v2/connectivity/models/StsRoleConfiguration.md b/docs/v2/connectivity/models/StsRoleConfiguration.md new file mode 100644 index 00000000..bdbaabaa --- /dev/null +++ b/docs/v2/connectivity/models/StsRoleConfiguration.md @@ -0,0 +1,15 @@ +# StsRoleConfiguration + +StsRoleConfiguration + +## Properties +| Name | Type | Required | Description | +| ------------ | ------------- | ------------- | ------------- | +**role_arn** | str | Yes | The Amazon Resource Name (ARN) of the role to assume. For more information, see the official [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-arn-format). | +**role_session_name** | str | Yes | An identifier for the assumed role session. The value can be any string that you assume will be unique within the AWS account. For more information, see the official [AWS documentation](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters). | +**role_session_duration** | Optional[Duration] | No | The duration of the role session. The value specified can range from 900 seconds (15 minutes) up to the maximum session duration set for the role. The maximum session duration setting can have a value from 1 hour to 12 hours. For more details see the official [AWS documentation](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters). | +**external_id** | Optional[str] | No | A unique identifier that is used by third parties when assuming roles in their customers' accounts. For more information, see the official [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html). | +**sts_endpoint** | Optional[str] | No | By default, the AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests go to a single endpoint at https://sts.amazonaws.com. AWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency, build in redundancy, and increase session token validity. | + + +[[Back to Model list]](../../../../README.md#models-v2-link) [[Back to API list]](../../../../README.md#apis-v2-link) [[Back to README]](../../../../README.md) diff --git a/docs/v2/connectivity/models/StsRoleConfigurationDict.md b/docs/v2/connectivity/models/StsRoleConfigurationDict.md new file mode 100644 index 00000000..3cf12aa9 --- /dev/null +++ b/docs/v2/connectivity/models/StsRoleConfigurationDict.md @@ -0,0 +1,15 @@ +# StsRoleConfigurationDict + +StsRoleConfiguration + +## Properties +| Name | Type | Required | Description | +| ------------ | ------------- | ------------- | ------------- | +**roleArn** | str | Yes | The Amazon Resource Name (ARN) of the role to assume. For more information, see the official [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-arn-format). | +**roleSessionName** | str | Yes | An identifier for the assumed role session. The value can be any string that you assume will be unique within the AWS account. For more information, see the official [AWS documentation](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters). | +**roleSessionDuration** | NotRequired[DurationDict] | No | The duration of the role session. The value specified can range from 900 seconds (15 minutes) up to the maximum session duration set for the role. The maximum session duration setting can have a value from 1 hour to 12 hours. For more details see the official [AWS documentation](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters). | +**externalId** | NotRequired[str] | No | A unique identifier that is used by third parties when assuming roles in their customers' accounts. For more information, see the official [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html). | +**stsEndpoint** | NotRequired[str] | No | By default, the AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests go to a single endpoint at https://sts.amazonaws.com. AWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency, build in redundancy, and increase session token validity. | + + +[[Back to Model list]](../../../../README.md#models-v2-link) [[Back to API list]](../../../../README.md#apis-v2-link) [[Back to README]](../../../../README.md) diff --git a/foundry/_versions.py b/foundry/_versions.py index 657a4d42..7a0d1683 100644 --- a/foundry/_versions.py +++ b/foundry/_versions.py @@ -17,4 +17,4 @@ # using the autorelease bot __version__ = "0.0.0" -__openapi_document_version__ = "1.1047.0" +__openapi_document_version__ = "1.1050.0" diff --git a/foundry/v2/admin/errors/__init__.py b/foundry/v2/admin/errors/__init__.py index afcec7d8..6154d54a 100644 --- a/foundry/v2/admin/errors/__init__.py +++ b/foundry/v2/admin/errors/__init__.py @@ -25,6 +25,15 @@ from foundry.v2.admin.errors._create_group_permission_denied import ( CreateGroupPermissionDenied, ) # NOQA +from foundry.v2.admin.errors._create_marking_missing_initial_admin_role import ( + CreateMarkingMissingInitialAdminRole, +) # NOQA +from foundry.v2.admin.errors._create_marking_name_in_category_already_exists import ( + CreateMarkingNameInCategoryAlreadyExists, +) # NOQA +from foundry.v2.admin.errors._create_marking_permission_denied import ( + CreateMarkingPermissionDenied, +) # NOQA from foundry.v2.admin.errors._delete_group_permission_denied import ( DeleteGroupPermissionDenied, ) # NOQA @@ -94,6 +103,9 @@ "AddMarkingMembersPermissionDenied", "AddMarkingRoleAssignmentsPermissionDenied", "CreateGroupPermissionDenied", + "CreateMarkingMissingInitialAdminRole", + "CreateMarkingNameInCategoryAlreadyExists", + "CreateMarkingPermissionDenied", "DeleteGroupPermissionDenied", "DeleteUserPermissionDenied", "EnrollmentNotFound", diff --git a/foundry/v2/admin/errors/_create_marking_missing_initial_admin_role.py b/foundry/v2/admin/errors/_create_marking_missing_initial_admin_role.py new file mode 100644 index 00000000..df6800a9 --- /dev/null +++ b/foundry/v2/admin/errors/_create_marking_missing_initial_admin_role.py @@ -0,0 +1,40 @@ +# Copyright 2024 Palantir Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import annotations + +from dataclasses import dataclass +from typing import Literal + +import pydantic +from typing_extensions import TypedDict + +from foundry._errors import PalantirRPCException + + +class CreateMarkingMissingInitialAdminRoleParameters(TypedDict): + """At least one ADMIN role assignment must be provided when creating a marking.""" + + __pydantic_config__ = {"extra": "allow"} # type: ignore + + +@dataclass +class CreateMarkingMissingInitialAdminRole(PalantirRPCException): + name: Literal["CreateMarkingMissingInitialAdminRole"] + parameters: CreateMarkingMissingInitialAdminRoleParameters + error_instance_id: str + + +__all__ = ["CreateMarkingMissingInitialAdminRole"] diff --git a/foundry/v2/admin/errors/_create_marking_name_in_category_already_exists.py b/foundry/v2/admin/errors/_create_marking_name_in_category_already_exists.py new file mode 100644 index 00000000..c99ff41e --- /dev/null +++ b/foundry/v2/admin/errors/_create_marking_name_in_category_already_exists.py @@ -0,0 +1,45 @@ +# Copyright 2024 Palantir Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import annotations + +from dataclasses import dataclass +from typing import Literal + +import pydantic +from typing_extensions import TypedDict + +from foundry._errors import PalantirRPCException +from foundry.v2.admin.models._marking_category_id import MarkingCategoryId + + +class CreateMarkingNameInCategoryAlreadyExistsParameters(TypedDict): + """A marking with the same name already exists in the category.""" + + __pydantic_config__ = {"extra": "allow"} # type: ignore + + displayName: str + + categoryId: MarkingCategoryId + + +@dataclass +class CreateMarkingNameInCategoryAlreadyExists(PalantirRPCException): + name: Literal["CreateMarkingNameInCategoryAlreadyExists"] + parameters: CreateMarkingNameInCategoryAlreadyExistsParameters + error_instance_id: str + + +__all__ = ["CreateMarkingNameInCategoryAlreadyExists"] diff --git a/foundry/v2/admin/errors/_create_marking_permission_denied.py b/foundry/v2/admin/errors/_create_marking_permission_denied.py new file mode 100644 index 00000000..ffc0bd65 --- /dev/null +++ b/foundry/v2/admin/errors/_create_marking_permission_denied.py @@ -0,0 +1,40 @@ +# Copyright 2024 Palantir Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import annotations + +from dataclasses import dataclass +from typing import Literal + +import pydantic +from typing_extensions import TypedDict + +from foundry._errors import PalantirRPCException + + +class CreateMarkingPermissionDeniedParameters(TypedDict): + """Could not create the Marking.""" + + __pydantic_config__ = {"extra": "allow"} # type: ignore + + +@dataclass +class CreateMarkingPermissionDenied(PalantirRPCException): + name: Literal["CreateMarkingPermissionDenied"] + parameters: CreateMarkingPermissionDeniedParameters + error_instance_id: str + + +__all__ = ["CreateMarkingPermissionDenied"] diff --git a/foundry/v2/admin/marking.py b/foundry/v2/admin/marking.py index 42b1cca2..0f2a8b81 100644 --- a/foundry/v2/admin/marking.py +++ b/foundry/v2/admin/marking.py @@ -24,6 +24,7 @@ import pydantic from annotated_types import Len from typing_extensions import Annotated +from typing_extensions import TypedDict from foundry._core import ApiClient from foundry._core import ApiResponse @@ -42,10 +43,14 @@ from foundry.v2.admin.models._get_markings_batch_response import GetMarkingsBatchResponse # NOQA from foundry.v2.admin.models._list_markings_response import ListMarkingsResponse from foundry.v2.admin.models._marking import Marking +from foundry.v2.admin.models._marking_category_id import MarkingCategoryId +from foundry.v2.admin.models._marking_name import MarkingName +from foundry.v2.admin.models._marking_role_update_dict import MarkingRoleUpdateDict from foundry.v2.core.models._marking_id import MarkingId from foundry.v2.core.models._page_size import PageSize from foundry.v2.core.models._page_token import PageToken from foundry.v2.core.models._preview_mode import PreviewMode +from foundry.v2.core.models._principal_id import PrincipalId class MarkingClient: @@ -73,6 +78,74 @@ def __init__( auth=auth, hostname=hostname, config=config ) + @maybe_ignore_preview + @pydantic.validate_call + @handle_unexpected + def create( + self, + *, + category_id: MarkingCategoryId, + initial_members: List[PrincipalId], + initial_role_assignments: List[MarkingRoleUpdateDict], + name: MarkingName, + description: Optional[str] = None, + preview: Optional[PreviewMode] = None, + request_timeout: Optional[Annotated[pydantic.StrictInt, pydantic.Field(gt=0)]] = None, + ) -> Marking: + """ + Creates a new Marking. + :param category_id: + :type category_id: MarkingCategoryId + :param initial_members: Users and Groups that will be able to view resources protected by this Marking. This can be changed later through the MarkingMember operations. + :type initial_members: List[PrincipalId] + :param initial_role_assignments: The initial roles that will be assigned when the Marking is created. At least one ADMIN role must be provided. This can be changed later through the MarkingRoleAssignment operations. WARNING: If you do not include your own principal ID or the ID of a Group that you are a member of, you will create a Marking that you cannot administer. + :type initial_role_assignments: List[MarkingRoleUpdateDict] + :param name: + :type name: MarkingName + :param description: + :type description: Optional[str] + :param preview: preview + :type preview: Optional[PreviewMode] + :param request_timeout: timeout setting for this request in seconds. + :type request_timeout: Optional[int] + :return: Returns the result object. + :rtype: Marking + """ + + return self._api_client.call_api( + RequestInfo( + method="POST", + resource_path="/v2/admin/markings", + query_params={ + "preview": preview, + }, + path_params={}, + header_params={ + "Content-Type": "application/json", + "Accept": "application/json", + }, + body={ + "initialRoleAssignments": initial_role_assignments, + "initialMembers": initial_members, + "name": name, + "description": description, + "categoryId": category_id, + }, + body_type=TypedDict( + "Body", + { # type: ignore + "initialRoleAssignments": List[MarkingRoleUpdateDict], + "initialMembers": List[PrincipalId], + "name": MarkingName, + "description": Optional[str], + "categoryId": MarkingCategoryId, + }, + ), + response_type=Marking, + request_timeout=request_timeout, + ), + ).decode() + @maybe_ignore_preview @pydantic.validate_call @handle_unexpected @@ -276,6 +349,74 @@ def __init__( ): self._api_client = ApiClient(auth=auth, hostname=hostname, config=config) + @maybe_ignore_preview + @pydantic.validate_call + @handle_unexpected + def create( + self, + *, + category_id: MarkingCategoryId, + initial_members: List[PrincipalId], + initial_role_assignments: List[MarkingRoleUpdateDict], + name: MarkingName, + description: Optional[str] = None, + preview: Optional[PreviewMode] = None, + request_timeout: Optional[Annotated[pydantic.StrictInt, pydantic.Field(gt=0)]] = None, + ) -> ApiResponse[Marking]: + """ + Creates a new Marking. + :param category_id: + :type category_id: MarkingCategoryId + :param initial_members: Users and Groups that will be able to view resources protected by this Marking. This can be changed later through the MarkingMember operations. + :type initial_members: List[PrincipalId] + :param initial_role_assignments: The initial roles that will be assigned when the Marking is created. At least one ADMIN role must be provided. This can be changed later through the MarkingRoleAssignment operations. WARNING: If you do not include your own principal ID or the ID of a Group that you are a member of, you will create a Marking that you cannot administer. + :type initial_role_assignments: List[MarkingRoleUpdateDict] + :param name: + :type name: MarkingName + :param description: + :type description: Optional[str] + :param preview: preview + :type preview: Optional[PreviewMode] + :param request_timeout: timeout setting for this request in seconds. + :type request_timeout: Optional[int] + :return: Returns the result object. + :rtype: ApiResponse[Marking] + """ + + return self._api_client.call_api( + RequestInfo( + method="POST", + resource_path="/v2/admin/markings", + query_params={ + "preview": preview, + }, + path_params={}, + header_params={ + "Content-Type": "application/json", + "Accept": "application/json", + }, + body={ + "initialRoleAssignments": initial_role_assignments, + "initialMembers": initial_members, + "name": name, + "description": description, + "categoryId": category_id, + }, + body_type=TypedDict( + "Body", + { # type: ignore + "initialRoleAssignments": List[MarkingRoleUpdateDict], + "initialMembers": List[PrincipalId], + "name": MarkingName, + "description": Optional[str], + "categoryId": MarkingCategoryId, + }, + ), + response_type=Marking, + request_timeout=request_timeout, + ), + ) + @maybe_ignore_preview @pydantic.validate_call @handle_unexpected @@ -479,6 +620,74 @@ def __init__( ): self._api_client = ApiClient(auth=auth, hostname=hostname, config=config) + @maybe_ignore_preview + @pydantic.validate_call + @handle_unexpected + def create( + self, + *, + category_id: MarkingCategoryId, + initial_members: List[PrincipalId], + initial_role_assignments: List[MarkingRoleUpdateDict], + name: MarkingName, + description: Optional[str] = None, + preview: Optional[PreviewMode] = None, + request_timeout: Optional[Annotated[pydantic.StrictInt, pydantic.Field(gt=0)]] = None, + ) -> StreamingContextManager[Marking]: + """ + Creates a new Marking. + :param category_id: + :type category_id: MarkingCategoryId + :param initial_members: Users and Groups that will be able to view resources protected by this Marking. This can be changed later through the MarkingMember operations. + :type initial_members: List[PrincipalId] + :param initial_role_assignments: The initial roles that will be assigned when the Marking is created. At least one ADMIN role must be provided. This can be changed later through the MarkingRoleAssignment operations. WARNING: If you do not include your own principal ID or the ID of a Group that you are a member of, you will create a Marking that you cannot administer. + :type initial_role_assignments: List[MarkingRoleUpdateDict] + :param name: + :type name: MarkingName + :param description: + :type description: Optional[str] + :param preview: preview + :type preview: Optional[PreviewMode] + :param request_timeout: timeout setting for this request in seconds. + :type request_timeout: Optional[int] + :return: Returns the result object. + :rtype: StreamingContextManager[Marking] + """ + + return self._api_client.stream_api( + RequestInfo( + method="POST", + resource_path="/v2/admin/markings", + query_params={ + "preview": preview, + }, + path_params={}, + header_params={ + "Content-Type": "application/json", + "Accept": "application/json", + }, + body={ + "initialRoleAssignments": initial_role_assignments, + "initialMembers": initial_members, + "name": name, + "description": description, + "categoryId": category_id, + }, + body_type=TypedDict( + "Body", + { # type: ignore + "initialRoleAssignments": List[MarkingRoleUpdateDict], + "initialMembers": List[PrincipalId], + "name": MarkingName, + "description": Optional[str], + "categoryId": MarkingCategoryId, + }, + ), + response_type=Marking, + request_timeout=request_timeout, + ), + ) + @maybe_ignore_preview @pydantic.validate_call @handle_unexpected diff --git a/foundry/v2/cli.py b/foundry/v2/cli.py index bdc6b669..d82ced77 100644 --- a/foundry/v2/cli.py +++ b/foundry/v2/cli.py @@ -358,6 +358,53 @@ def admin_marking(): pass +@admin_marking.command("create") +@click.option("--category_id", type=str, required=True, help="""""") +@click.option( + "--initial_members", + type=str, + required=True, + help="""Users and Groups that will be able to view resources protected by this Marking. This can be changed later through the MarkingMember operations. +""", +) +@click.option( + "--initial_role_assignments", + type=str, + required=True, + help="""The initial roles that will be assigned when the Marking is created. At least one ADMIN role must be +provided. This can be changed later through the MarkingRoleAssignment operations. + +WARNING: If you do not include your own principal ID or the ID of a Group that you are a member of, +you will create a Marking that you cannot administer. +""", +) +@click.option("--name", type=str, required=True, help="""""") +@click.option("--description", type=str, required=False, help="""""") +@click.option("--preview", type=bool, required=False, help="""preview""") +@click.pass_obj +def admin_marking_create( + client: foundry.v2.FoundryClient, + category_id: str, + initial_members: str, + initial_role_assignments: str, + name: str, + description: Optional[str], + preview: Optional[bool], +): + """ + Creates a new Marking. + """ + result = client.admin.Marking.create( + category_id=category_id, + initial_members=json.loads(initial_members), + initial_role_assignments=json.loads(initial_role_assignments), + name=name, + description=description, + preview=preview, + ) + click.echo(repr(result)) + + @admin_marking.command("get") @click.argument("marking_id", type=str, required=True) @click.option("--preview", type=bool, required=False, help="""preview""") diff --git a/foundry/v2/connectivity/models/__init__.py b/foundry/v2/connectivity/models/__init__.py index e12a07c2..4020a801 100644 --- a/foundry/v2/connectivity/models/__init__.py +++ b/foundry/v2/connectivity/models/__init__.py @@ -24,6 +24,8 @@ from foundry.v2.connectivity.models._as_secret_name_dict import AsSecretNameDict from foundry.v2.connectivity.models._aws_access_key import AwsAccessKey from foundry.v2.connectivity.models._aws_access_key_dict import AwsAccessKeyDict +from foundry.v2.connectivity.models._basic_credentials import BasicCredentials +from foundry.v2.connectivity.models._basic_credentials_dict import BasicCredentialsDict from foundry.v2.connectivity.models._cloud_identity import CloudIdentity from foundry.v2.connectivity.models._cloud_identity_dict import CloudIdentityDict from foundry.v2.connectivity.models._cloud_identity_rid import CloudIdentityRid @@ -167,6 +169,8 @@ from foundry.v2.connectivity.models._postgre_sql_import_config_dict import ( PostgreSqlImportConfigDict, ) # NOQA +from foundry.v2.connectivity.models._protocol import Protocol +from foundry.v2.connectivity.models._region import Region from foundry.v2.connectivity.models._runtime_platform import RuntimePlatform from foundry.v2.connectivity.models._runtime_platform_dict import RuntimePlatformDict from foundry.v2.connectivity.models._s3_authentication_mode import S3AuthenticationMode @@ -179,7 +183,17 @@ from foundry.v2.connectivity.models._s3_connection_configuration_dict import ( S3ConnectionConfigurationDict, ) # NOQA +from foundry.v2.connectivity.models._s3_kms_configuration import S3KmsConfiguration +from foundry.v2.connectivity.models._s3_kms_configuration_dict import S3KmsConfigurationDict # NOQA +from foundry.v2.connectivity.models._s3_proxy_configuration import S3ProxyConfiguration +from foundry.v2.connectivity.models._s3_proxy_configuration_dict import ( + S3ProxyConfigurationDict, +) # NOQA from foundry.v2.connectivity.models._secret_name import SecretName +from foundry.v2.connectivity.models._sts_role_configuration import StsRoleConfiguration +from foundry.v2.connectivity.models._sts_role_configuration_dict import ( + StsRoleConfigurationDict, +) # NOQA from foundry.v2.connectivity.models._table_import import TableImport from foundry.v2.connectivity.models._table_import_allow_schema_changes import ( TableImportAllowSchemaChanges, @@ -203,6 +217,8 @@ "AsSecretNameDict", "AwsAccessKey", "AwsAccessKeyDict", + "BasicCredentials", + "BasicCredentialsDict", "CloudIdentity", "CloudIdentityDict", "CloudIdentityRid", @@ -272,13 +288,21 @@ "PlaintextValue", "PostgreSqlImportConfig", "PostgreSqlImportConfigDict", + "Protocol", + "Region", "RuntimePlatform", "RuntimePlatformDict", "S3AuthenticationMode", "S3AuthenticationModeDict", "S3ConnectionConfiguration", "S3ConnectionConfigurationDict", + "S3KmsConfiguration", + "S3KmsConfigurationDict", + "S3ProxyConfiguration", + "S3ProxyConfigurationDict", "SecretName", + "StsRoleConfiguration", + "StsRoleConfigurationDict", "TableImport", "TableImportAllowSchemaChanges", "TableImportConfig", diff --git a/foundry/v2/connectivity/models/_basic_credentials.py b/foundry/v2/connectivity/models/_basic_credentials.py new file mode 100644 index 00000000..4a1c5e98 --- /dev/null +++ b/foundry/v2/connectivity/models/_basic_credentials.py @@ -0,0 +1,37 @@ +# Copyright 2024 Palantir Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import annotations + +from typing import cast + +import pydantic + +from foundry.v2.connectivity.models._basic_credentials_dict import BasicCredentialsDict +from foundry.v2.connectivity.models._encrypted_property import EncryptedProperty + + +class BasicCredentials(pydantic.BaseModel): + """BasicCredentials""" + + username: str + + password: EncryptedProperty + + model_config = {"extra": "allow"} + + def to_dict(self) -> BasicCredentialsDict: + """Return the dictionary representation of the model using the field aliases.""" + return cast(BasicCredentialsDict, self.model_dump(by_alias=True, exclude_unset=True)) diff --git a/foundry/v2/connectivity/models/_basic_credentials_dict.py b/foundry/v2/connectivity/models/_basic_credentials_dict.py new file mode 100644 index 00000000..1237fb6b --- /dev/null +++ b/foundry/v2/connectivity/models/_basic_credentials_dict.py @@ -0,0 +1,30 @@ +# Copyright 2024 Palantir Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import annotations + +from typing_extensions import TypedDict + +from foundry.v2.connectivity.models._encrypted_property_dict import EncryptedPropertyDict # NOQA + + +class BasicCredentialsDict(TypedDict): + """BasicCredentials""" + + __pydantic_config__ = {"extra": "allow"} # type: ignore + + username: str + + password: EncryptedPropertyDict diff --git a/foundry/v2/connectivity/models/_create_connection_request_s3_connection_configuration_dict.py b/foundry/v2/connectivity/models/_create_connection_request_s3_connection_configuration_dict.py index f386b52f..7b834979 100644 --- a/foundry/v2/connectivity/models/_create_connection_request_s3_connection_configuration_dict.py +++ b/foundry/v2/connectivity/models/_create_connection_request_s3_connection_configuration_dict.py @@ -20,9 +20,18 @@ from typing_extensions import NotRequired from typing_extensions import TypedDict +from foundry._core.utils import Long +from foundry.v2.connectivity.models._region import Region from foundry.v2.connectivity.models._s3_authentication_mode_dict import ( S3AuthenticationModeDict, ) # NOQA +from foundry.v2.connectivity.models._s3_kms_configuration_dict import S3KmsConfigurationDict # NOQA +from foundry.v2.connectivity.models._s3_proxy_configuration_dict import ( + S3ProxyConfigurationDict, +) # NOQA +from foundry.v2.connectivity.models._sts_role_configuration_dict import ( + StsRoleConfigurationDict, +) # NOQA class CreateConnectionRequestS3ConnectionConfigurationDict(TypedDict): @@ -30,13 +39,83 @@ class CreateConnectionRequestS3ConnectionConfigurationDict(TypedDict): __pydantic_config__ = {"extra": "allow"} # type: ignore + connectionTimeoutMillis: NotRequired[Long] + """ + The amount of time (in milliseconds) to wait when initially establishing a connection before giving up and timing out. + If not specified, defaults to 10000 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_CONNECTION_TIMEOUT). + """ + + maxErrorRetry: NotRequired[int] + """ + The maximum number of retry attempts for failed requests to the S3 service. + If not specified, defaults to 3 as defined by the [AWS SDK default](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/retry-strategy.html#retry-strategies). + """ + bucketUrl: str """The URL of the S3 bucket. The URL should contain a trailing slash.""" + clientKmsConfiguration: NotRequired[S3KmsConfigurationDict] + """ + The client-side KMS key to use for encryption and decryption of data in the S3 bucket. + If not specified, the default KMS key for the bucket is used. + """ + + matchSubfolderExactly: NotRequired[bool] + """ + If true, only files in the subfolder specified in the bucket URL will be synced. + If false, all files in the bucket will be synced. + If not specified, defaults to false. + """ + + stsRoleConfiguration: NotRequired[StsRoleConfigurationDict] + """The configuration needed to assume a role to connect to the S3 external system.""" + + s3Endpoint: NotRequired[str] + """ + The endpoint of the S3 service. This is used to connect to a custom S3 service that is not AWS S3. + If not specified, defaults to the [AWS S3 endpoint](https://docs.aws.amazon.com/general/latest/gr/s3.html). + Warning: Specifying a region and a custom endpoint containing a region can lead to unexpected behavior. + """ + + socketTimeoutMillis: NotRequired[Long] + """ + The amount of time (in milliseconds) to wait for data to be transferred over an established, open connection. + If not specified, defaults to 50000 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_SOCKET_TIMEOUT). + """ + + enableRequesterPays: NotRequired[bool] + """ + Defaults to false, unless set and overwritten. + If true, includes the [requester pays header](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) + in requests, allowing reads from requester pays buckets. + """ + + s3EndpointSigningRegion: NotRequired[Region] + """ + The region used when constructing the S3 client using a custom endpoint. + This is often not required and would only be needed if you are using the S3 connector with an S3-compliant third-party API, + and are also setting a custom endpoint that requires a non-default region. + """ + + region: NotRequired[Region] + """ + The region representing the location of the S3 bucket. + Warning: Specifying a region and a custom endpoint containing a region can lead to unexpected behavior. + """ + authenticationMode: NotRequired[S3AuthenticationModeDict] """ The authentication mode to use to connect to the S3 external system. No authentication mode is required to connect to publicly accessible AWS S3 buckets. """ + proxyConfiguration: NotRequired[S3ProxyConfigurationDict] + """The configuration needed to connect to the S3 external system through a proxy.""" + + maxConnections: NotRequired[int] + """ + The maximum number of HTTP connections to the S3 service per sync. + If not specified, defaults to 50 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_MAX_CONNECTIONS). + """ + type: Literal["s3"] diff --git a/foundry/v2/connectivity/models/_protocol.py b/foundry/v2/connectivity/models/_protocol.py new file mode 100644 index 00000000..106ad460 --- /dev/null +++ b/foundry/v2/connectivity/models/_protocol.py @@ -0,0 +1,21 @@ +# Copyright 2024 Palantir Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import annotations + +from typing import Literal + +Protocol = Literal["HTTP", "HTTPS"] +"""Protocol to establish a connection with another system.""" diff --git a/foundry/v2/connectivity/models/_region.py b/foundry/v2/connectivity/models/_region.py new file mode 100644 index 00000000..451f23f3 --- /dev/null +++ b/foundry/v2/connectivity/models/_region.py @@ -0,0 +1,19 @@ +# Copyright 2024 Palantir Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import annotations + +Region = str +"""The region of the external system.""" diff --git a/foundry/v2/connectivity/models/_s3_connection_configuration.py b/foundry/v2/connectivity/models/_s3_connection_configuration.py index af301749..cb0c3f90 100644 --- a/foundry/v2/connectivity/models/_s3_connection_configuration.py +++ b/foundry/v2/connectivity/models/_s3_connection_configuration.py @@ -21,10 +21,15 @@ import pydantic +from foundry._core.utils import Long +from foundry.v2.connectivity.models._region import Region from foundry.v2.connectivity.models._s3_authentication_mode import S3AuthenticationMode from foundry.v2.connectivity.models._s3_connection_configuration_dict import ( S3ConnectionConfigurationDict, ) # NOQA +from foundry.v2.connectivity.models._s3_kms_configuration import S3KmsConfiguration +from foundry.v2.connectivity.models._s3_proxy_configuration import S3ProxyConfiguration +from foundry.v2.connectivity.models._sts_role_configuration import StsRoleConfiguration class S3ConnectionConfiguration(pydantic.BaseModel): @@ -37,6 +42,21 @@ class S3ConnectionConfiguration(pydantic.BaseModel): """The URL of the S3 bucket. The URL should contain a trailing slash.""" + s3_endpoint: Optional[str] = pydantic.Field(alias="s3Endpoint", default=None) + + """ + The endpoint of the S3 service. This is used to connect to a custom S3 service that is not AWS S3. + If not specified, defaults to the [AWS S3 endpoint](https://docs.aws.amazon.com/general/latest/gr/s3.html). + Warning: Specifying a region and a custom endpoint containing a region can lead to unexpected behavior. + """ + + region: Optional[Region] = None + + """ + The region representing the location of the S3 bucket. + Warning: Specifying a region and a custom endpoint containing a region can lead to unexpected behavior. + """ + authentication_mode: Optional[S3AuthenticationMode] = pydantic.Field( alias="authenticationMode", default=None ) @@ -46,6 +66,89 @@ class S3ConnectionConfiguration(pydantic.BaseModel): to connect to publicly accessible AWS S3 buckets. """ + s3_endpoint_signing_region: Optional[Region] = pydantic.Field( + alias="s3EndpointSigningRegion", default=None + ) + + """ + The region used when constructing the S3 client using a custom endpoint. + This is often not required and would only be needed if you are using the S3 connector with an S3-compliant third-party API, + and are also setting a custom endpoint that requires a non-default region. + """ + + client_kms_configuration: Optional[S3KmsConfiguration] = pydantic.Field( + alias="clientKmsConfiguration", default=None + ) + + """ + The client-side KMS key to use for encryption and decryption of data in the S3 bucket. + If not specified, the default KMS key for the bucket is used. + """ + + sts_role_configuration: Optional[StsRoleConfiguration] = pydantic.Field( + alias="stsRoleConfiguration", default=None + ) + + """The configuration needed to assume a role to connect to the S3 external system.""" + + proxy_configuration: Optional[S3ProxyConfiguration] = pydantic.Field( + alias="proxyConfiguration", default=None + ) + + """The configuration needed to connect to the S3 external system through a proxy.""" + + max_connections: Optional[int] = pydantic.Field(alias="maxConnections", default=None) + + """ + The maximum number of HTTP connections to the S3 service per sync. + If not specified, defaults to 50 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_MAX_CONNECTIONS). + """ + + connection_timeout_millis: Optional[Long] = pydantic.Field( + alias="connectionTimeoutMillis", default=None + ) + + """ + The amount of time (in milliseconds) to wait when initially establishing a connection before giving up and timing out. + If not specified, defaults to 10000 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_CONNECTION_TIMEOUT). + """ + + socket_timeout_millis: Optional[Long] = pydantic.Field( + alias="socketTimeoutMillis", default=None + ) + + """ + The amount of time (in milliseconds) to wait for data to be transferred over an established, open connection. + If not specified, defaults to 50000 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_SOCKET_TIMEOUT). + """ + + max_error_retry: Optional[int] = pydantic.Field(alias="maxErrorRetry", default=None) + + """ + The maximum number of retry attempts for failed requests to the S3 service. + If not specified, defaults to 3 as defined by the [AWS SDK default](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/retry-strategy.html#retry-strategies). + """ + + match_subfolder_exactly: Optional[bool] = pydantic.Field( + alias="matchSubfolderExactly", default=None + ) + + """ + If true, only files in the subfolder specified in the bucket URL will be synced. + If false, all files in the bucket will be synced. + If not specified, defaults to false. + """ + + enable_requester_pays: Optional[bool] = pydantic.Field( + alias="enableRequesterPays", default=None + ) + + """ + Defaults to false, unless set and overwritten. + If true, includes the [requester pays header](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) + in requests, allowing reads from requester pays buckets. + """ + type: Literal["s3"] = "s3" model_config = {"extra": "allow"} diff --git a/foundry/v2/connectivity/models/_s3_connection_configuration_dict.py b/foundry/v2/connectivity/models/_s3_connection_configuration_dict.py index 7d347835..0e545ece 100644 --- a/foundry/v2/connectivity/models/_s3_connection_configuration_dict.py +++ b/foundry/v2/connectivity/models/_s3_connection_configuration_dict.py @@ -20,9 +20,18 @@ from typing_extensions import NotRequired from typing_extensions import TypedDict +from foundry._core.utils import Long +from foundry.v2.connectivity.models._region import Region from foundry.v2.connectivity.models._s3_authentication_mode_dict import ( S3AuthenticationModeDict, ) # NOQA +from foundry.v2.connectivity.models._s3_kms_configuration_dict import S3KmsConfigurationDict # NOQA +from foundry.v2.connectivity.models._s3_proxy_configuration_dict import ( + S3ProxyConfigurationDict, +) # NOQA +from foundry.v2.connectivity.models._sts_role_configuration_dict import ( + StsRoleConfigurationDict, +) # NOQA class S3ConnectionConfigurationDict(TypedDict): @@ -36,10 +45,80 @@ class S3ConnectionConfigurationDict(TypedDict): bucketUrl: str """The URL of the S3 bucket. The URL should contain a trailing slash.""" + s3Endpoint: NotRequired[str] + """ + The endpoint of the S3 service. This is used to connect to a custom S3 service that is not AWS S3. + If not specified, defaults to the [AWS S3 endpoint](https://docs.aws.amazon.com/general/latest/gr/s3.html). + Warning: Specifying a region and a custom endpoint containing a region can lead to unexpected behavior. + """ + + region: NotRequired[Region] + """ + The region representing the location of the S3 bucket. + Warning: Specifying a region and a custom endpoint containing a region can lead to unexpected behavior. + """ + authenticationMode: NotRequired[S3AuthenticationModeDict] """ The authentication mode to use to connect to the S3 external system. No authentication mode is required to connect to publicly accessible AWS S3 buckets. """ + s3EndpointSigningRegion: NotRequired[Region] + """ + The region used when constructing the S3 client using a custom endpoint. + This is often not required and would only be needed if you are using the S3 connector with an S3-compliant third-party API, + and are also setting a custom endpoint that requires a non-default region. + """ + + clientKmsConfiguration: NotRequired[S3KmsConfigurationDict] + """ + The client-side KMS key to use for encryption and decryption of data in the S3 bucket. + If not specified, the default KMS key for the bucket is used. + """ + + stsRoleConfiguration: NotRequired[StsRoleConfigurationDict] + """The configuration needed to assume a role to connect to the S3 external system.""" + + proxyConfiguration: NotRequired[S3ProxyConfigurationDict] + """The configuration needed to connect to the S3 external system through a proxy.""" + + maxConnections: NotRequired[int] + """ + The maximum number of HTTP connections to the S3 service per sync. + If not specified, defaults to 50 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_MAX_CONNECTIONS). + """ + + connectionTimeoutMillis: NotRequired[Long] + """ + The amount of time (in milliseconds) to wait when initially establishing a connection before giving up and timing out. + If not specified, defaults to 10000 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_CONNECTION_TIMEOUT). + """ + + socketTimeoutMillis: NotRequired[Long] + """ + The amount of time (in milliseconds) to wait for data to be transferred over an established, open connection. + If not specified, defaults to 50000 as defined by the [AWS SDK default](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#DEFAULT_SOCKET_TIMEOUT). + """ + + maxErrorRetry: NotRequired[int] + """ + The maximum number of retry attempts for failed requests to the S3 service. + If not specified, defaults to 3 as defined by the [AWS SDK default](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/retry-strategy.html#retry-strategies). + """ + + matchSubfolderExactly: NotRequired[bool] + """ + If true, only files in the subfolder specified in the bucket URL will be synced. + If false, all files in the bucket will be synced. + If not specified, defaults to false. + """ + + enableRequesterPays: NotRequired[bool] + """ + Defaults to false, unless set and overwritten. + If true, includes the [requester pays header](https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html) + in requests, allowing reads from requester pays buckets. + """ + type: Literal["s3"] diff --git a/foundry/v2/connectivity/models/_s3_kms_configuration.py b/foundry/v2/connectivity/models/_s3_kms_configuration.py new file mode 100644 index 00000000..26c7b421 --- /dev/null +++ b/foundry/v2/connectivity/models/_s3_kms_configuration.py @@ -0,0 +1,48 @@ +# Copyright 2024 Palantir Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import annotations + +from typing import Optional +from typing import cast + +import pydantic + +from foundry.v2.connectivity.models._region import Region +from foundry.v2.connectivity.models._s3_kms_configuration_dict import S3KmsConfigurationDict # NOQA + + +class S3KmsConfiguration(pydantic.BaseModel): + """S3KmsConfiguration""" + + kms_key: str = pydantic.Field(alias="kmsKey") + + """ + The client-side KMS key to use for encryption and decryption of data in the S3 bucket. + If not specified, the default KMS key for the bucket is used. + """ + + kms_region: Optional[Region] = pydantic.Field(alias="kmsRegion", default=None) + + """ + The region of the client-side KMS key to use for encryption and decryption of data in the S3 bucket. + If not specified, the default KMS key region for the bucket is used. + """ + + model_config = {"extra": "allow"} + + def to_dict(self) -> S3KmsConfigurationDict: + """Return the dictionary representation of the model using the field aliases.""" + return cast(S3KmsConfigurationDict, self.model_dump(by_alias=True, exclude_unset=True)) diff --git a/foundry/v2/connectivity/models/_s3_kms_configuration_dict.py b/foundry/v2/connectivity/models/_s3_kms_configuration_dict.py new file mode 100644 index 00000000..cc04ae57 --- /dev/null +++ b/foundry/v2/connectivity/models/_s3_kms_configuration_dict.py @@ -0,0 +1,39 @@ +# Copyright 2024 Palantir Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import annotations + +from typing_extensions import NotRequired +from typing_extensions import TypedDict + +from foundry.v2.connectivity.models._region import Region + + +class S3KmsConfigurationDict(TypedDict): + """S3KmsConfiguration""" + + __pydantic_config__ = {"extra": "allow"} # type: ignore + + kmsKey: str + """ + The client-side KMS key to use for encryption and decryption of data in the S3 bucket. + If not specified, the default KMS key for the bucket is used. + """ + + kmsRegion: NotRequired[Region] + """ + The region of the client-side KMS key to use for encryption and decryption of data in the S3 bucket. + If not specified, the default KMS key region for the bucket is used. + """ diff --git a/foundry/v2/connectivity/models/_s3_proxy_configuration.py b/foundry/v2/connectivity/models/_s3_proxy_configuration.py new file mode 100644 index 00000000..8c716b04 --- /dev/null +++ b/foundry/v2/connectivity/models/_s3_proxy_configuration.py @@ -0,0 +1,57 @@ +# Copyright 2024 Palantir Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import annotations + +from typing import List +from typing import Optional +from typing import cast + +import pydantic + +from foundry.v2.connectivity.models._basic_credentials import BasicCredentials +from foundry.v2.connectivity.models._protocol import Protocol +from foundry.v2.connectivity.models._s3_proxy_configuration_dict import ( + S3ProxyConfigurationDict, +) # NOQA + + +class S3ProxyConfiguration(pydantic.BaseModel): + """S3ProxyConfiguration""" + + host: str + + """ + Domain name, IPv4, or IPv6 address. + `protocol` and `port` must be specified separately. + """ + + port: int + + non_proxy_hosts: Optional[List[str]] = pydantic.Field(alias="nonProxyHosts", default=None) + + """A list of hosts that can bypass the proxy, such as those used for STS Role. You can also use "*" wildcards.""" + + protocol: Optional[Protocol] = None + + """If defined, must be "HTTP" or "HTTPS". Defaults to "HTTPS".""" + + credentials: Optional[BasicCredentials] = None + + model_config = {"extra": "allow"} + + def to_dict(self) -> S3ProxyConfigurationDict: + """Return the dictionary representation of the model using the field aliases.""" + return cast(S3ProxyConfigurationDict, self.model_dump(by_alias=True, exclude_unset=True)) diff --git a/foundry/v2/connectivity/models/_s3_proxy_configuration_dict.py b/foundry/v2/connectivity/models/_s3_proxy_configuration_dict.py new file mode 100644 index 00000000..f7924578 --- /dev/null +++ b/foundry/v2/connectivity/models/_s3_proxy_configuration_dict.py @@ -0,0 +1,46 @@ +# Copyright 2024 Palantir Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import annotations + +from typing import List + +from typing_extensions import NotRequired +from typing_extensions import TypedDict + +from foundry.v2.connectivity.models._basic_credentials_dict import BasicCredentialsDict +from foundry.v2.connectivity.models._protocol import Protocol + + +class S3ProxyConfigurationDict(TypedDict): + """S3ProxyConfiguration""" + + __pydantic_config__ = {"extra": "allow"} # type: ignore + + host: str + """ + Domain name, IPv4, or IPv6 address. + `protocol` and `port` must be specified separately. + """ + + port: int + + nonProxyHosts: NotRequired[List[str]] + """A list of hosts that can bypass the proxy, such as those used for STS Role. You can also use "*" wildcards.""" + + protocol: NotRequired[Protocol] + """If defined, must be "HTTP" or "HTTPS". Defaults to "HTTPS".""" + + credentials: NotRequired[BasicCredentialsDict] diff --git a/foundry/v2/connectivity/models/_sts_role_configuration.py b/foundry/v2/connectivity/models/_sts_role_configuration.py new file mode 100644 index 00000000..5d65eca8 --- /dev/null +++ b/foundry/v2/connectivity/models/_sts_role_configuration.py @@ -0,0 +1,75 @@ +# Copyright 2024 Palantir Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import annotations + +from typing import Optional +from typing import cast + +import pydantic + +from foundry.v2.connectivity.models._sts_role_configuration_dict import ( + StsRoleConfigurationDict, +) # NOQA +from foundry.v2.core.models._duration import Duration + + +class StsRoleConfiguration(pydantic.BaseModel): + """StsRoleConfiguration""" + + role_arn: str = pydantic.Field(alias="roleArn") + + """ + The Amazon Resource Name (ARN) of the role to assume. + For more information, see the official [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-arn-format). + """ + + role_session_name: str = pydantic.Field(alias="roleSessionName") + + """ + An identifier for the assumed role session. + The value can be any string that you assume will be unique within the AWS account. + For more information, see the official [AWS documentation](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters). + """ + + role_session_duration: Optional[Duration] = pydantic.Field( + alias="roleSessionDuration", default=None + ) + + """ + The duration of the role session. + The value specified can range from 900 seconds (15 minutes) up to the maximum session duration set for the role. + The maximum session duration setting can have a value from 1 hour to 12 hours. For more details see the official [AWS documentation](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters). + """ + + external_id: Optional[str] = pydantic.Field(alias="externalId", default=None) + + """ + A unique identifier that is used by third parties when assuming roles in their customers' accounts. + For more information, see the official [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html). + """ + + sts_endpoint: Optional[str] = pydantic.Field(alias="stsEndpoint", default=None) + + """ + By default, the AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests go to a single endpoint at https://sts.amazonaws.com. + AWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency, build in redundancy, and increase session token validity. + """ + + model_config = {"extra": "allow"} + + def to_dict(self) -> StsRoleConfigurationDict: + """Return the dictionary representation of the model using the field aliases.""" + return cast(StsRoleConfigurationDict, self.model_dump(by_alias=True, exclude_unset=True)) diff --git a/foundry/v2/connectivity/models/_sts_role_configuration_dict.py b/foundry/v2/connectivity/models/_sts_role_configuration_dict.py new file mode 100644 index 00000000..33b44f5b --- /dev/null +++ b/foundry/v2/connectivity/models/_sts_role_configuration_dict.py @@ -0,0 +1,59 @@ +# Copyright 2024 Palantir Technologies, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from __future__ import annotations + +from typing_extensions import NotRequired +from typing_extensions import TypedDict + +from foundry.v2.core.models._duration_dict import DurationDict + + +class StsRoleConfigurationDict(TypedDict): + """StsRoleConfiguration""" + + __pydantic_config__ = {"extra": "allow"} # type: ignore + + roleArn: str + """ + The Amazon Resource Name (ARN) of the role to assume. + For more information, see the official [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-arn-format). + """ + + roleSessionName: str + """ + An identifier for the assumed role session. + The value can be any string that you assume will be unique within the AWS account. + For more information, see the official [AWS documentation](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters). + """ + + roleSessionDuration: NotRequired[DurationDict] + """ + The duration of the role session. + The value specified can range from 900 seconds (15 minutes) up to the maximum session duration set for the role. + The maximum session duration setting can have a value from 1 hour to 12 hours. For more details see the official [AWS documentation](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters). + """ + + externalId: NotRequired[str] + """ + A unique identifier that is used by third parties when assuming roles in their customers' accounts. + For more information, see the official [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html). + """ + + stsEndpoint: NotRequired[str] + """ + By default, the AWS Security Token Service (AWS STS) is available as a global service, and all AWS STS requests go to a single endpoint at https://sts.amazonaws.com. + AWS recommends using Regional AWS STS endpoints instead of the global endpoint to reduce latency, build in redundancy, and increase session token validity. + """ diff --git a/pyproject.toml b/pyproject.toml index 574fd23a..d14fbcb0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,11 +10,11 @@ keywords = ["Palantir", "Foundry", "SDK", "Client", "API"] packages = [{ include = "foundry" }] [tool.poetry.dependencies] -annotated-types = ">=0.7.0" -pydantic = "^2.1.0" +annotated-types = ">=0.7.0, <1.0.0" +pydantic = ">=2.1.0, <3.0.0" python = "^3.9" -httpx = "^0.24.0" -typing-extensions = ">=4.7.1" +httpx = ">=0.24.0, <1.0.0" +typing-extensions = ">=4.7.1, <5.0.0" [tool.poetry.group.test.dependencies] expects = ">=0.9.0"