feat: add JWTAuth (#1219)

* feat: add JWTAuth, add repr using qualname
* chore: mark Credentials class and methods as abstract

Author: jorwoods

tableauserverclient/models/tableau_auth.py

@@ -1,13 +1,18 @@
-class Credentials:
+import abc
+
+
+class Credentials(abc.ABC):
     def __init__(self, site_id=None, user_id_to_impersonate=None):
         self.site_id = site_id or ""
         self.user_id_to_impersonate = user_id_to_impersonate or None
 
     @property
+    @abc.abstractmethod
     def credentials(self):
         credentials = "Credentials can be username/password, Personal Access Token, or JWT"
         +"This method returns values to set as an attribute on the credentials element of the request"
 
+    @abc.abstractmethod
     def __repr__(self):
         return "All Credentials types must have a debug display that does not print secrets"
 
@@ -52,10 +57,10 @@ def site(self, value):
 
 
 class PersonalAccessTokenAuth(Credentials):
-    def __init__(self, token_name, personal_access_token, site_id=None):
+    def __init__(self, token_name, personal_access_token, site_id=None, user_id_to_impersonate=None):
         if personal_access_token is None or token_name is None:
             raise TabError("Must provide a token and token name when using PAT authentication")
-        super().__init__(site_id=site_id)
+        super().__init__(site_id=site_id, user_id_to_impersonate=user_id_to_impersonate)
         self.token_name = token_name
         self.personal_access_token = personal_access_token
 
@@ -70,3 +75,22 @@ def __repr__(self):
         return "<PersonalAccessToken name={} token={}>(site={})".format(
             self.token_name, self.personal_access_token[:2] + "...", self.site_id
         )
+
+
+class JWTAuth(Credentials):
+    def __init__(self, jwt=None, site_id=None, user_id_to_impersonate=None):
+        if jwt is None:
+            raise TabError("Must provide a JWT token when using JWT authentication")
+        super().__init__(site_id, user_id_to_impersonate)
+        self.jwt = jwt
+
+    @property
+    def credentials(self):
+        return {"jwt": self.jwt}
+
+    def __repr__(self):
+        if self.user_id_to_impersonate:
+            uid = f", user_id_to_impersonate=f{self.user_id_to_impersonate}"
+        else:
+            uid = ""
+        return f"<{self.__class__.__qualname__}(jwt={self.jwt[:5]}..., site_id={self.site_id}{uid})>"

tableauserverclient/server/endpoint/auth_endpoint.py

@@ -1,4 +1,6 @@
 import logging
+from typing import TYPE_CHECKING
+import warnings
 
 from defusedxml.ElementTree import fromstring
 
@@ -8,6 +10,10 @@
 
 from tableauserverclient.helpers.logging import logger
 
+if TYPE_CHECKING:
+    from tableauserverclient.models.site_item import SiteItem
+    from tableauserverclient.models.tableau_auth import Credentials
+
 
 class Auth(Endpoint):
     class contextmgr(object):
@@ -21,11 +27,21 @@ def __exit__(self, exc_type, exc_val, exc_tb):
             self._callback()
 
     @property
-    def baseurl(self):
+    def baseurl(self) -> str:
         return "{0}/auth".format(self.parent_srv.baseurl)
 
     @api(version="2.0")
-    def sign_in(self, auth_req):
+    def sign_in(self, auth_req: "Credentials") -> contextmgr:
+        """
+        Sign in to a Tableau Server or Tableau Online using a credentials object.
+
+        The credentials object can either be a TableauAuth object, a
+        PersonalAccessTokenAuth object, or a JWTAuth object. This method now
+        accepts them all. The object should be populated with the site_id and
+        optionally a user_id to impersonate.
+
+        Creates a context manager that will sign out of the server upon exit.
+        """
         url = "{0}/{1}".format(self.baseurl, "signin")
         signin_req = RequestFactory.Auth.signin_req(auth_req)
         server_response = self.parent_srv.session.post(
@@ -51,12 +67,12 @@ def sign_in(self, auth_req):
         return Auth.contextmgr(self.sign_out)
 
     @api(version="3.6")
-    def sign_in_with_personal_access_token(self, auth_req):
+    def sign_in_with_personal_access_token(self, auth_req: "Credentials") -> contextmgr:
         # We use the same request that username/password login uses.
         return self.sign_in(auth_req)
 
     @api(version="2.0")
-    def sign_out(self):
+    def sign_out(self) -> None:
         url = "{0}/{1}".format(self.baseurl, "signout")
         # If there are no auth tokens you're already signed out. No-op
         if not self.parent_srv.is_signed_in():
@@ -66,7 +82,7 @@ def sign_out(self):
         logger.info("Signed out")
 
     @api(version="2.6")
-    def switch_site(self, site_item):
+    def switch_site(self, site_item: "SiteItem") -> contextmgr:
         url = "{0}/{1}".format(self.baseurl, "switchSite")
         switch_req = RequestFactory.Auth.switch_req(site_item.content_url)
         try:
@@ -87,7 +103,7 @@ def switch_site(self, site_item):
         return Auth.contextmgr(self.sign_out)
 
     @api(version="3.10")
-    def revoke_all_server_admin_tokens(self):
+    def revoke_all_server_admin_tokens(self) -> None:
         url = "{0}/{1}".format(self.baseurl, "revokeAllServerAdminTokens")
         self.post_request(url, "")
         logger.info("Revoked all tokens for all server admins")