quiltdata · sir-sigurd · Aug 13, 2024 · Jul 25, 2024 · Aug 1, 2024 · Aug 1, 2024
diff --git a/api/python/quilt3-admin/queries.graphql b/api/python/quilt3-admin/queries.graphql
@@ -187,3 +187,27 @@ mutation usersRemoveRoles($name: String!, $roles: [String!]!, $fallback: String)
     }
   }
 }
+
+query ssoConfigGet {
+  admin {
+    ssoConfig {
+      text
+      timestamp
+      uploader {
+        ...UserSelection
+      }
+    }
+  }
+}
+
+mutation ssoConfigSet($config: String) {
+  admin {
+    setSsoConfig(config: $config) {
+      ... on Ok {
+        _
+      }
+      ...InvalidInputSelection
+      ...OperationErrorSelection
+    }
+  }
+}
diff --git a/api/python/quilt3/admin/__init__.py b/api/python/quilt3/admin/__init__.py
@@ -4,6 +4,6 @@
 
 # This wraps code generated by aridne-codegen to provide a more user-friendly API.
 
-from . import roles, users
+from . import roles, sso_config, users
 from .exceptions import Quilt3AdminError, UserNotFoundError
-from .types import ManagedRole, UnmanagedRole, User
+from .types import ManagedRole, SSOConfig, UnmanagedRole, User
diff --git a/api/python/quilt3/admin/_graphql_client/__init__.py b/api/python/quilt3/admin/_graphql_client/__init__.py
diff --git a/api/python/quilt3/admin/_graphql_client/client.py b/api/python/quilt3/admin/_graphql_client/client.py
diff --git a/api/python/quilt3/admin/_graphql_client/sso_config_get.py b/api/python/quilt3/admin/_graphql_client/sso_config_get.py
diff --git a/api/python/quilt3/admin/_graphql_client/sso_config_set.py b/api/python/quilt3/admin/_graphql_client/sso_config_set.py
diff --git a/api/python/quilt3/admin/sso_config.py b/api/python/quilt3/admin/sso_config.py
@@ -0,0 +1,18 @@
+import typing as T
+
+from . import types, util
+
+
+def get() -> T.Optional[types.SSOConfig]:
+    """
+    Get the current SSO configuration.
+    """
+    result = util.get_client().sso_config_get()
+    return None if result is None else types.SSOConfig(**result.model_dump())
+
+
+def set(config: T.Optional[str]) -> None:
+    """
+    Set the SSO configuration.
+    """
+    util.handle_errors(util.get_client().sso_config_set(config))
diff --git a/api/python/quilt3/admin/types.py b/api/python/quilt3/admin/types.py
@@ -37,3 +37,10 @@ class User:
     is_service: bool
     role: Optional[AnnotatedRole]
     extra_roles: List[AnnotatedRole]
+
+
+@pydantic.dataclasses.dataclass
+class SSOConfig:
+    text: str
+    timestamp: datetime
+    uploader: User
diff --git a/api/python/tests/test_admin_api.py b/api/python/tests/test_admin_api.py
@@ -7,6 +7,10 @@
 from quilt3 import admin
 from quilt3.admin import _graphql_client
 
+OK = {
+    "__typename": "Ok",
+    "_": None,
+}
 UNMANAGED_ROLE = {
     "__typename": "UnmanagedRole",
     "id": "d7d15bef-c482-4086-ae6b-d0372b6145d2",
@@ -32,6 +36,12 @@
     "role": UNMANAGED_ROLE,
     "extraRoles": [MANAGED_ROLE],
 }
+SSO_CONFIG = {
+    "__typename": "SsoConfig",
+    "text": "",
+    "timestamp": datetime.datetime(2024, 6, 14, 11, 42, 27, 857128, tzinfo=datetime.timezone.utc),
+    "uploader": USER,
+}
 MUTATION_ERRORS = (
     (
         {
@@ -324,3 +334,31 @@ def test_remove_roles(data, result):
                 admin.users.remove_roles("test", ["ManagedRole"], fallback="UnamanagedRole")
         else:
             assert admin.users.remove_roles("test", ["ManagedRole"], fallback="UnamanagedRole") == result
+
+
+@pytest.mark.parametrize(
+    "data,result",
+    [
+        (SSO_CONFIG, admin.SSOConfig(**_as_dataclass_kwargs(SSO_CONFIG))),
+        (None, None),
+    ],
+)
+def test_sso_config_get(data, result):
+    with mock_client(_make_nested_dict("admin.sso_config", data), "ssoConfigGet"):
+        assert admin.sso_config.get() == result
+
+
+@pytest.mark.parametrize(
+    "data,result",
+    [
+        (OK, None),
+        *MUTATION_ERRORS,
+    ],
+)
+def test_sso_config_set(data, result):
+    with mock_client(_make_nested_dict("admin.set_sso_config", data), "ssoConfigSet", variables={"config": ""}):
+        if isinstance(result, type) and issubclass(result, Exception):
+            with pytest.raises(result):
+                admin.sso_config.set("")
+        else:
+            assert admin.sso_config.set("") == result
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -18,6 +18,8 @@ Entries inside each section should be ordered by type:
 # unreleased - YYYY-MM-DD
 ## Python API
 
+* [Added] New `quilt3.admin.sso_config` sub-module for management of SSO configuration ([#4065](https://github.com/quiltdata/quilt/pull/4065))
+
 ## CLI
 
 ## Catalog, Lambdas

diff --git a/docs/api-reference/Admin.md b/docs/api-reference/Admin.md
@@ -11,6 +11,9 @@
 ## User(name: str, email: str, date\_joined: datetime.datetime, last\_login: datetime.datetime, is\_active: bool, is\_admin: bool, is\_sso\_only: bool, is\_service: bool, role: Optional[Annotated[Union[quilt3.admin.types.ManagedRole, quilt3.admin.types.UnmanagedRole], FieldInfo(annotation=NoneType, required=True, discriminator='typename\_\_')]], extra\_roles: List[Annotated[Union[quilt3.admin.types.ManagedRole, quilt3.admin.types.UnmanagedRole], FieldInfo(annotation=NoneType, required=True, discriminator='typename\_\_')]]) -> None  {#User}
 
 
+## SSOConfig(text: str, timestamp: datetime.datetime, uploader: quilt3.admin.types.User) -> None  {#SSOConfig}
+
+
 # quilt3.admin.roles
 
 
@@ -128,3 +131,16 @@ __Arguments__
 * __roles__:  Roles to remove from the user.
 * __fallback__:  If set, the role to assign to the user if the active role is removed.
 
+
+# quilt3.admin.sso_config
+
+
+## get() -> Optional[quilt3.admin.types.SSOConfig]  {#get}
+
+Get the current SSO configuration.
+
+
+## set(config: Optional[str]) -> None  {#set}
+
+Set the SSO configuration.
+
diff --git a/gendocs/pydocmd.yml b/gendocs/pydocmd.yml
@@ -34,6 +34,7 @@ generate:
   - quilt3.admin.types+
   - quilt3.admin.roles+
   - quilt3.admin.users+
+  - quilt3.admin.sso_config+
 
 # MkDocs pages configuration. The `<<` operator is sugar added by pydocmd
 # that allows you to use an external Markdown file (eg. your project's README)