Metadata-Version: 2.1
Name: insightclient
Version: 0.3.9
Summary: Python client and CLI for Insight
Author: Johan
Author-email: johan@resolve.works
Requires-Python: >=3.11,<4.0
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Requires-Dist: click (>=8.1.7,<9.0.0)
Requires-Dist: keyring (>=25.5.0,<26.0.0)
Requires-Dist: minio (>=7.2.0,<8.0.0)
Requires-Dist: requests-oauthlib (>=2.0.0,<3.0.0)
Requires-Dist: tqdm (>=4.66.1,<5.0.0)
Description-Content-Type: text/markdown

# Insight client

Python client & command line interface for Insight

### Client Configuration

Before use, insight-client has to be configured. Configuration includes
information about the OIDC provider, insight API and S3 storage backend. When
you provide the client with a `oidc.client-secret`, the
client will assume it's being used with a Service Account Role OIDC
configuration. When no secret is provided it will try to authenticate using a
Device Authorization Grant.

```
insight configure --help
```

The insight configuration file can be found `$XDG_CONFIG_HOME/insight.conf` (default `~/.config/insight.conf`)

It is also possible to configure the client through environment variables:

```
INSIGHT_API_ENDPOINT
INSIGHT_OIDC_ENDPOINT
INSIGHT_OIDC_CLIENT_ID
INSIGHT_OIDC_CLIENT_SECRET
INSIGHT_STORAGE_STS_ENDPOINT
INSIGHT_STORAGE_IDENTITY_ROLE
INSIGHT_STORAGE_ENDPOINT
INSIGHT_STORAGE_BUCKET
INSIGHT_STORAGE_REGION
```

### Development

You can configure the CLI for the default development setup like so, this will
make use of the Device Authorization Grant:

```
poetry run insight configure \
    --api-endpoint=http://localhost:8080 \
    --oidc-endpoint=https://localhost:8000/realms/insight/protocol/openid-connect \
    --oidc-client-id=insight \
    --storage-sts-endpoint=http://localhost:9000 \
    --storage-endpoint=http://localhost:9000 \
    --storage-bucket=insight \
    --storage-region=insight
```

OAuth2Session does not trust our development certificates and doesn't connect to
insecure endpoints be default. We can overload that behaviour like so:

```
OAUTHLIB_INSECURE_TRANSPORT=1 REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt poetry run insight file list
```

