diff --git a/descope/management/tenant.py b/descope/management/tenant.py index cb9adaf2..aa2bbb5e 100644 --- a/descope/management/tenant.py +++ b/descope/management/tenant.py @@ -11,6 +11,8 @@ def create( id: Optional[str] = None, self_provisioning_domains: Optional[List[str]] = None, custom_attributes: Optional[dict] = None, + enforce_sso: Optional[bool] = False, + disabled: Optional[bool] = False, ) -> dict: """ Create a new tenant with the given name. Tenant IDs are provisioned automatically, but can be provided @@ -22,6 +24,8 @@ def create( self_provisioning_domains (List[str]): An optional list of domain that are associated with this tenant. Users authenticating from these domains will be associated with this tenant. custom_attributes (dict): Optional, set the different custom attributes values of the keys that were previously configured in Descope console app + enforce_sso (bool): Optional, login to the tenant is possible only using the configured sso + disabled (bool): Optional, login to the tenant will be disabled Return value (dict): Return dict in the format @@ -38,7 +42,7 @@ def create( response = self._auth.do_post( uri, Tenant._compose_create_update_body( - name, id, self_provisioning_domains, custom_attributes + name, id, self_provisioning_domains, custom_attributes, enforce_sso, disabled ), pswd=self._auth.management_key, ) @@ -50,6 +54,8 @@ def update( name: str, self_provisioning_domains: Optional[List[str]] = None, custom_attributes: Optional[dict] = None, + enforce_sso: Optional[bool] = False, + disabled: Optional[bool] = False, ): """ Update an existing tenant with the given name and domains. IMPORTANT: All parameters are used as overrides @@ -61,6 +67,8 @@ def update( self_provisioning_domains (List[str]): An optional list of domain that are associated with this tenant. Users authenticating from these domains will be associated with this tenant. custom_attributes (dict): Optional, set the different custom attributes values of the keys that were previously configured in Descope console app + enforce_sso (bool): Optional, login to the tenant is possible only using the configured sso + disabled (bool): Optional, login to the tenant will be disabled Raise: AuthException: raised if creation operation fails @@ -73,7 +81,7 @@ def update( self._auth.do_post( uri, Tenant._compose_create_update_body( - name, id, self_provisioning_domains, custom_attributes + name, id, self_provisioning_domains, custom_attributes, enforce_sso, disabled ), pswd=self._auth.management_key, ) @@ -184,11 +192,15 @@ def _compose_create_update_body( id: Optional[str], self_provisioning_domains: List[str], custom_attributes: Optional[dict] = None, + enforce_sso: Optional[bool] = False, + disabled: Optional[bool] = False, ) -> dict: body: dict[str, Any] = { "name": name, "id": id, "selfProvisioningDomains": self_provisioning_domains, + "enforceSSO": enforce_sso, + "disabled": disabled } if custom_attributes is not None: body["customAttributes"] = custom_attributes diff --git a/tests/management/test_tenant.py b/tests/management/test_tenant.py index 325b8dae..19141d7e 100644 --- a/tests/management/test_tenant.py +++ b/tests/management/test_tenant.py @@ -61,19 +61,21 @@ def test_create(self): "name": "name", "id": "t1", "selfProvisioningDomains": ["domain.com"], + "enforceSSO": False, + "disabled": False, }, allow_redirects=False, verify=True, timeout=DEFAULT_TIMEOUT_SECONDS, ) - # Test success flow with custom attributes + # Test success flow with custom attributes, enforce_sso, disabled with patch("requests.post") as mock_post: network_resp = mock.Mock() network_resp.ok = True network_resp.json.return_value = json.loads("""{"id": "t1"}""") mock_post.return_value = network_resp - resp = client.mgmt.tenant.create("name", "t1", ["domain.com"], {"k1": "v1"}) + resp = client.mgmt.tenant.create("name", "t1", ["domain.com"], {"k1": "v1"}, enforce_sso=True, disabled=True) self.assertEqual(resp["id"], "t1") mock_post.assert_called_with( f"{common.DEFAULT_BASE_URL}{MgmtV1.tenant_create_path}", @@ -88,6 +90,8 @@ def test_create(self): "id": "t1", "selfProvisioningDomains": ["domain.com"], "customAttributes": {"k1": "v1"}, + "enforceSSO": True, + "disabled": True, }, allow_redirects=False, verify=True, @@ -116,7 +120,7 @@ def test_update(self): with patch("requests.post") as mock_post: mock_post.return_value.ok = True self.assertIsNone( - client.mgmt.tenant.update("t1", "new-name", ["domain.com"]) + client.mgmt.tenant.update("t1", "new-name", ["domain.com"], enforce_sso=True, disabled=True) ) mock_post.assert_called_with( f"{common.DEFAULT_BASE_URL}{MgmtV1.tenant_update_path}", @@ -130,18 +134,20 @@ def test_update(self): "name": "new-name", "id": "t1", "selfProvisioningDomains": ["domain.com"], + "enforceSSO": True, + "disabled": True, }, allow_redirects=False, verify=True, timeout=DEFAULT_TIMEOUT_SECONDS, ) - # Test success flow with custom attributes + # Test success flow with custom attributes, enforce_sso, disabled with patch("requests.post") as mock_post: mock_post.return_value.ok = True self.assertIsNone( client.mgmt.tenant.update( - "t1", "new-name", ["domain.com"], {"k1": "v1"} + "t1", "new-name", ["domain.com"], {"k1": "v1"}, enforce_sso=True, disabled=True ) ) mock_post.assert_called_with( @@ -157,6 +163,8 @@ def test_update(self): "id": "t1", "selfProvisioningDomains": ["domain.com"], "customAttributes": {"k1": "v1"}, + "enforceSSO": True, + "disabled": True, }, allow_redirects=False, verify=True,