Option to bind access key to user (#342)

aviadl · web-flow · commit f5f85b77a312 · 2024-01-30T19:25:45.000+02:00
* Option to bind access key to user related to descope/etc#4312 * Try to fix build
diff --git a/README.md b/README.md
@@ -688,6 +688,7 @@ You can create, update, delete or load access keys, as well as search according
 # An access key must have a name and expiration, other fields are optional.
 # Roles should be set directly if no tenants exist, otherwise set
 # on a per-tenant basis.
+# If user_id is supplied, then authorization would be ignored, and access key would be bound to the users authorization
 create_resp = descope_client.mgmt.access_key.create(
     name="name",
     expire_time=1677844931,
diff --git a/descope/management/access_key.py b/descope/management/access_key.py
@@ -15,6 +15,7 @@ def create(
         expire_time: int = 0,
         role_names: Optional[List[str]] = None,
         key_tenants: Optional[List[AssociatedTenant]] = None,
+        user_id: Optional[str] = None,
     ) -> dict:
         """
         Create a new access key.
@@ -26,6 +27,8 @@ def create(
             mutually exclusive with the `key_tenant` roles, which take precedence over them.
         key_tenants (List[AssociatedTenant]): An optional list of the access key's tenants, and optionally, their roles per tenant. These roles are
             mutually exclusive with the general `role_names`, and take precedence over them.
+        user_id (str): Bind access key to this user id
+            If user_id is supplied, then authorization would be ignored, and access key would be bound to the users authorization
 
         Return value (dict):
         Return dict in the format
@@ -44,7 +47,9 @@ def create(
 
         response = self._auth.do_post(
             MgmtV1.access_key_create_path,
-            AccessKey._compose_create_body(name, expire_time, role_names, key_tenants),
+            AccessKey._compose_create_body(
+                name, expire_time, role_names, key_tenants, user_id
+            ),
             pswd=self._auth.management_key,
         )
         return response.json()
@@ -188,10 +193,12 @@ def _compose_create_body(
         expire_time: int,
         role_names: List[str],
         key_tenants: List[AssociatedTenant],
+        user_id: Optional[str] = None,
     ) -> dict:
         return {
             "name": name,
             "expireTime": expire_time,
             "roleNames": role_names,
             "keyTenants": associated_tenants_to_dict(key_tenants),
+            "userId": user_id,
         }
diff --git a/tests/management/test_access_key.py b/tests/management/test_access_key.py
@@ -56,6 +56,7 @@ def test_create(self):
                     AssociatedTenant("tenant1"),
                     AssociatedTenant("tenant2", ["role1", "role2"]),
                 ],
+                user_id="userid",
             )
             access_key = resp["key"]
             self.assertEqual(access_key["id"], "ak1")
@@ -74,6 +75,7 @@ def test_create(self):
                         {"tenantId": "tenant1", "roleNames": []},
                         {"tenantId": "tenant2", "roleNames": ["role1", "role2"]},
                     ],
+                    "userId": "userid",
                 },
                 allow_redirects=False,
                 verify=True,
