fix: add argument to disable IP whitelisting (#47) (#47)

Add `global_key` argument to TransIP client `__init()__` method
to allow disabling of IP whitelisting for access token

Fixes #46

Co-authored-by: Dan Peachey <[email protected]>
Co-authored-by: Roald Nefs <[email protected]>

Author: 3 people

CHANGELOG.md

@@ -6,6 +6,7 @@ All notable changes in **python-transip** are documented below.
 - The option to replace all existing nameservers of a single domain at once from the `transip.v6.objects.Domain.nameservers` service.
 - The option to list all colocations from the `transip.TransIP.colocations` service ([#24](https://github.com/roaldnefs/python-transip/issues/24)).
 - The option to retrieve a single colocation by name from the `transip.TransIP.colocations` service ([#24](https://github.com/roaldnefs/python-transip/issues/24)).
+- The option to allow the access token to be used from all IP-addresses instead of only the whitelisted ones ([#46](https://github.com/roaldnefs/python-transip/issues/46)).
 
 ## [0.4.0] (2021-01-24)
 ### Added

transip/__init__.py

@@ -54,6 +54,8 @@ class TransIP:
             TransIP API
         private_key_file (str): Path to the private key for accessing the
             TransIP API
+        global_key (bool): Allow the access token to be used from all
+            IP-addresses instead of only the whitelisted ones.
     """
 
     def __init__(
@@ -63,6 +65,7 @@ def __init__(
         access_token: Optional[str] = None,
         private_key: Optional[str] = None,
         private_key_file: Optional[str] = None,
+        global_key: bool = False,
     ) -> None:
         self._api_version: str = api_version
         self._url: str = f"https://api.transip.nl/v{api_version}"
@@ -80,6 +83,7 @@ def __init__(
         self._access_token: Optional[str] = access_token
         self._private_key: Optional[str] = private_key
         self._private_key_file: Optional[str] = private_key_file
+        self._global_key: Optional[bool] = global_key
         self._set_auth_info()
 
         # Dynamically import the services for the specified API version
@@ -154,9 +158,7 @@ def _request_access_token(self) -> str:
             # TODO(roaldnefs): Allow a custom label to be specified when
             # generating a new access token
             # "label": "python-transip",
-            # TODO(roaldnefs): Allow the access token to only be use from
-            # whitelisted IP-addresses
-            "global_key": False
+            "global_key": self._global_key
         }
 
         headers: Dict[str, str] = self.headers.copy()

transip/utils.py

@@ -41,10 +41,16 @@ def load_rsa_private_key(key: Union[bytes, str]) -> RSAPrivateKey:
     if isinstance(key, str):
         key = key.encode()
 
-    return serialization.load_pem_private_key(
+    private_key = serialization.load_pem_private_key(
         key, password=None, backend=default_backend()
     )
 
+    # Check type of the loaded private key
+    if not isinstance(private_key, RSAPrivateKey):
+        raise ValueError('The supplied key must be a RSA private key')
+
+    return private_key
+
 
 def generate_message_signature(
     message: Union[str, bytes],
@@ -63,11 +69,11 @@ def generate_message_signature(
     if isinstance(message, str):
         message = message.encode()
 
-    # Convert the private key content to a RSAPrivateKey object
+    # Convert the private key content to an asymmetric private key type
     if isinstance(private_key, str):
         private_key = load_rsa_private_key(private_key)
 
-    # Sign the message using the RSAPrivateKey object
+    # Sign the message using the private key
     signature: bytes = private_key.sign(message, PKCS1v15(), SHA512())
 
     # Return the BASE64 encoded SHA512 signature