Support Descoper methods

Author: ckiee

descope/__init__.py

@@ -19,6 +19,12 @@
 )
 from descope.management.common import (
     AssociatedTenant,
+    DescoperAttributes,
+    DescoperCreate,
+    DescoperProjectRole,
+    DescoperRBAC,
+    DescoperRole,
+    DescoperTagRole,
     SAMLIDPAttributeMappingInfo,
     SAMLIDPGroupsMappingInfo,
     SAMLIDPRoleGroupMappingInfo,

descope/http_client.py

@@ -113,6 +113,26 @@ def post(
         self._raise_from_response(response)
         return response
 
+    def put(
+        self,
+        uri: str,
+        *,
+        body: Optional[Union[dict, list[dict], list[str]]] = None,
+        params=None,
+        pswd: Optional[str] = None,
+    ) -> requests.Response:
+        response = requests.put(
+            f"{self.base_url}{uri}",
+            headers=self._get_default_headers(pswd),
+            json=body,
+            allow_redirects=False,
+            verify=self.secure,
+            params=params,
+            timeout=self.timeout_seconds,
+        )
+        self._raise_from_response(response)
+        return response
+
     def patch(
         self,
         uri: str,

descope/management/common.py

@@ -258,6 +258,13 @@ class MgmtV1:
     project_import = "/v1/mgmt/project/import"
     project_list_projects = "/v1/mgmt/projects/list"
 
+    # Descoper
+    descoper_create_path = "/v1/mgmt/descoper"
+    descoper_update_path = "/v1/mgmt/descoper"
+    descoper_load_path = "/v1/mgmt/descoper"
+    descoper_delete_path = "/v1/mgmt/descoper"
+    descoper_list_path = "/v1/mgmt/descoper/list"
+
 
 class MgmtSignUpOptions:
     def __init__(
@@ -468,3 +475,128 @@ def sort_to_dict(sort: List[Sort]) -> list:
                 }
             )
     return sort_list
+
+
+class DescoperRole(Enum):
+    """Represents a Descoper role."""
+
+    ADMIN = "admin"
+    DEVELOPER = "developer"
+    SUPPORT = "support"
+    AUDITOR = "auditor"
+
+
+class DescoperAttributes:
+    """
+    Represents Descoper attributes, such as name and email/phone.
+    """
+
+    def __init__(
+        self,
+        display_name: Optional[str] = None,
+        email: Optional[str] = None,
+        phone: Optional[str] = None,
+    ):
+        self.display_name = display_name
+        self.email = email
+        self.phone = phone
+
+    def to_dict(self) -> dict:
+        return {
+            "displayName": self.display_name,
+            "email": self.email,
+            "phone": self.phone,
+        }
+
+
+class DescoperTagRole:
+    """
+    Represents a Descoper tags to role mapping.
+    """
+
+    def __init__(
+        self,
+        tags: Optional[List[str]] = None,
+        role: Optional[DescoperRole] = None,
+    ):
+        self.tags = tags if tags is not None else []
+        self.role = role
+
+    def to_dict(self) -> dict:
+        return {
+            "tags": self.tags,
+            "role": self.role.value if self.role else None,
+        }
+
+
+class DescoperProjectRole:
+    """
+    Represents a Descoper projects to role mapping.
+    """
+
+    def __init__(
+        self,
+        project_ids: Optional[List[str]] = None,
+        role: Optional[DescoperRole] = None,
+    ):
+        self.project_ids = project_ids if project_ids is not None else []
+        self.role = role
+
+    def to_dict(self) -> dict:
+        return {
+            "projectIds": self.project_ids,
+            "role": self.role.value if self.role else None,
+        }
+
+
+class DescoperRBAC:
+    """
+    Represents Descoper RBAC configuration.
+    """
+
+    def __init__(
+        self,
+        is_company_admin: bool = False,
+        tags: Optional[List[DescoperTagRole]] = None,
+        projects: Optional[List[DescoperProjectRole]] = None,
+    ):
+        self.is_company_admin = is_company_admin
+        self.tags = tags if tags is not None else []
+        self.projects = projects if projects is not None else []
+
+    def to_dict(self) -> dict:
+        return {
+            "isCompanyAdmin": self.is_company_admin,
+            "tags": [t.to_dict() for t in self.tags],
+            "projects": [p.to_dict() for p in self.projects],
+        }
+
+
+class DescoperCreate:
+    """
+    Represents a Descoper to be created.
+    """
+
+    def __init__(
+        self,
+        login_id: str,
+        attributes: Optional[DescoperAttributes] = None,
+        send_invite: bool = False,
+        rbac: Optional[DescoperRBAC] = None,
+    ):
+        self.login_id = login_id
+        self.attributes = attributes
+        self.send_invite = send_invite
+        self.rbac = rbac
+
+    def to_dict(self) -> dict:
+        return {
+            "loginId": self.login_id,
+            "attributes": self.attributes.to_dict() if self.attributes else None,
+            "sendInvite": self.send_invite,
+            "rbac": self.rbac.to_dict() if self.rbac else None,
+        }
+
+
+def descopers_to_dict(descopers: List[DescoperCreate]) -> list:
+    return [d.to_dict() for d in descopers]

descope/management/descoper.py

@@ -0,0 +1,153 @@
+from typing import List, Optional
+
+from descope._http_base import HTTPBase
+from descope.management.common import (
+    DescoperAttributes,
+    DescoperCreate,
+    DescoperRBAC,
+    MgmtV1,
+    descopers_to_dict,
+)
+
+
+class Descoper(HTTPBase):
+    def create(
+        self,
+        descopers: List[DescoperCreate],
+    ) -> dict:
+        """
+        Create new Descopers.
+
+        Args:
+        descopers (List[DescoperCreate]): List of Descopers to create.
+            Note that tags are referred to by name, without the company ID prefix.
+
+        Return value (dict):
+        Return dict in the format
+            {
+                "descopers": [...],
+                "total": <int>
+            }
+
+        Raise:
+        AuthException: raised if create operation fails
+        """
+        if not descopers:
+            raise ValueError("descopers list cannot be empty")
+
+        response = self._http.put(
+            MgmtV1.descoper_create_path,
+            body={"descopers": descopers_to_dict(descopers)},
+        )
+        return response.json()
+
+    def update(
+        self,
+        id: str,
+        attributes: Optional[DescoperAttributes] = None,
+        rbac: Optional[DescoperRBAC] = None,
+    ) -> dict:
+        """
+        Update an existing Descoper's RBAC and/or Attributes.
+
+        IMPORTANT: All parameter *fields*, if set, will override whatever values are currently set
+        in the existing Descoper. Use carefully.
+
+        Args:
+        id (str): The id of the Descoper to update.
+        attributes (DescoperAttributes): Optional attributes to update.
+        rbac (DescoperRBAC): Optional RBAC configuration to update.
+
+        Return value (dict):
+        Return dict in the format
+             {"descoper": {...}}
+        Containing the updated Descoper information.
+
+        Raise:
+        AuthException: raised if update operation fails
+        """
+        if not id:
+            raise ValueError("id cannot be empty")
+
+        body = {"id": id}
+        if attributes is not None:
+            body["attributes"] = attributes.to_dict()
+        if rbac is not None:
+            body["rbac"] = rbac.to_dict()
+
+        response = self._http.patch(
+            MgmtV1.descoper_update_path,
+            body=body,
+        )
+        return response.json()
+
+    def load(
+        self,
+        id: str,
+    ) -> dict:
+        """
+        Load an existing Descoper by ID.
+
+        Args:
+        id (str): The id of the Descoper to load.
+
+        Return value (dict):
+        Return dict in the format
+             {"descoper": {...}}
+        Containing the loaded Descoper information.
+
+        Raise:
+        AuthException: raised if load operation fails
+        """
+        if not id:
+            raise ValueError("id cannot be empty")
+
+        response = self._http.get(
+            uri=MgmtV1.descoper_load_path,
+            params={"id": id},
+        )
+        return response.json()
+
+    def delete(
+        self,
+        id: str,
+    ):
+        """
+        Delete an existing Descoper. IMPORTANT: This action is irreversible. Use carefully.
+
+        Args:
+        id (str): The id of the Descoper to delete.
+
+        Raise:
+        AuthException: raised if delete operation fails
+        """
+        if not id:
+            raise ValueError("id cannot be empty")
+
+        self._http.delete(
+            uri=MgmtV1.descoper_delete_path,
+            params={"id": id},
+        )
+
+    def list(
+        self,
+    ) -> dict:
+        """
+        List all Descopers.
+
+        Return value (dict):
+        Return dict in the format
+            {
+                "descopers": [...],
+                "total": <int>
+            }
+        Containing all Descopers and the total count.
+
+        Raise:
+        AuthException: raised if list operation fails
+        """
+        response = self._http.post(
+            MgmtV1.descoper_list_path,
+            body={},
+        )
+        return response.json()

descope/mgmt.py

@@ -6,6 +6,7 @@
 from descope.management.access_key import AccessKey
 from descope.management.audit import Audit
 from descope.management.authz import Authz
+from descope.management.descoper import Descoper
 from descope.management.fga import FGA
 from descope.management.flow import Flow
 from descope.management.group import Group
@@ -40,6 +41,7 @@ def __init__(
         self._access_key = AccessKey(http_client)
         self._audit = Audit(http_client)
         self._authz = Authz(http_client)
+        self._descoper = Descoper(http_client)
         self._fga = FGA(http_client, fga_cache_url=fga_cache_url)
         self._flow = Flow(http_client)
         self._group = Group(http_client)
@@ -141,3 +143,8 @@ def outbound_application(self):
     def outbound_application_by_token(self):
         # No management key check for outbound_app_token (as authentication for those methods is done by inbound app token)
         return self._outbound_application_by_token
+
+    @property
+    def descoper(self):
+        self._ensure_management_key("descoper")
+        return self._descoper