From a6318d80ae00e76b1c38de423ee235c38a0d97eb Mon Sep 17 00:00:00 2001 From: Kara Mahan Date: Mon, 28 Oct 2024 09:39:28 -0400 Subject: [PATCH] add method to update Passport configuration via the AdminAPI --- duo_client/admin.py | 48 +++++++++++++++++++++++++++++++++++- tests/admin/test_passport.py | 12 +++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/duo_client/admin.py b/duo_client/admin.py index b47d574..95c1d40 100644 --- a/duo_client/admin.py +++ b/duo_client/admin.py @@ -3644,13 +3644,59 @@ def calculate_policy(self, integration_key, user_id): def get_passport_config(self): """ - Returns the current Passport configuration. + Retrieve the current Passport configuration. + + Returns (dict): + { + "enabled_status": string, + "enabled_groups": [ + { + "group_id": user group ID, + "group_name": descriptive user group name, + ... + }, + ... + ] + "disabled_groups": [ + { + "group_id": user group ID, + "group_name": descriptive user group name, + ... + }, + ... + ] + } """ path = "/admin/v2/passport/config" response = self.json_api_call("GET", path, {}) return response + def update_passport_config(self, enabled_status, enabled_groups=[], disabled_groups=[]): + """ + Update the current Passport configuration. + + Args: + enabled_status (str) - one of "disabled", "enabled", "enabled-for-groups", + or "enabled-with-exceptions" + enabled_groups (list[str]) - if enabled_status is "enabled-for-groups", a + list of user group IDs for whom Passport should be enabled + disabled_groups (list[str]) - if enabled_status is "enabled-with-exceptions", + a list of user group IDs for whom Passport should be disabled + """ + + path = "/admin/v2/passport/config" + response = self.json_api_call( + "POST", + path, + { + "enabled_status": enabled_status, + "enabled_groups": enabled_groups, + "disabled_groups": disabled_groups, + }, + ) + return response + class AccountAdmin(Admin): """AccountAdmin manages a child account using an Accounts API integration.""" diff --git a/tests/admin/test_passport.py b/tests/admin/test_passport.py index ef06b0d..d4c7591 100644 --- a/tests/admin/test_passport.py +++ b/tests/admin/test_passport.py @@ -1,3 +1,5 @@ +import json + from .base import TestAdmin from .. import util @@ -11,3 +13,13 @@ def test_get_passport(self): self.assertEqual(response['method'], 'GET') self.assertEqual(uri, '/admin/v2/passport/config') self.assertEqual(util.params_to_dict(args), {'account_id': [self.client.account_id]}) + + def test_update_passport(self): + """ Test update passport configuration + """ + response = self.client.update_passport_config(enabled_status="enabled-for-groups", enabled_groups=["passport-test-group"]) + self.assertEqual(response["uri"], "/admin/v2/passport/config") + body = json.loads(response["body"]) + self.assertEqual(body["enabled_status"], "enabled-for-groups") + self.assertEqual(body["enabled_groups"], ["passport-test-group"]) + self.assertEqual(body["disabled_groups"], [])