feat: add ServiceAccount models and API methods for management

guptadev21 · guptadev21 · commit 8526b9d16afe · 2025-11-18T17:57:29.000+05:30
diff --git a/rapyuta_io_sdk_v2/__init__.py b/rapyuta_io_sdk_v2/__init__.py
@@ -36,6 +36,11 @@
     UserGroupCreate as UserGroupCreate,
     UserGroupList as UserGroupList,
     Daemon as Daemon,
+    ServiceAccountList as ServiceAccountList,
+    ServiceAccount as ServiceAccount,
+    ServiceAccountTokenList as ServiceAccountTokenList,
+    ServiceAccountToken as ServiceAccountToken,
+    ServiceAccountTokenInfo as ServiceAccountTokenInfo,
 )
 from rapyuta_io_sdk_v2.utils import walk_pages as walk_pages
 
diff --git a/rapyuta_io_sdk_v2/client.py b/rapyuta_io_sdk_v2/client.py
@@ -51,6 +51,13 @@
     BulkRoleBindingUpdate,
     RoleList,
     OAuth2UpdateURI,
+    ServiceAccountList,
+    ServiceAccount,
+)
+from rapyuta_io_sdk_v2.models.serviceaccount import (
+    ServiceAccountToken,
+    ServiceAccountTokenInfo,
+    ServiceAccountTokenList,
 )
 from rapyuta_io_sdk_v2.utils import handle_server_errors
 
@@ -2067,3 +2074,151 @@ def update_role_binding(
             return RoleBinding(**result.json())
         except Exception:
             return result.json()
+
+    # -------------------ServiceAccount-------------------
+
+    def list_service_accounts(
+        self,
+        cont: int = 0,
+        limit: int = 50,
+        label_selector: list[str] | None = None,
+        name: str | None = None,
+        regions: list[str] | None = None,
+        **kwargs,
+    ) -> ServiceAccountList:
+        parameters: dict[str, Any] = {
+            "continue": cont,
+            "limit": limit,
+        }
+        if label_selector:
+            parameters["labelSelector"] = label_selector
+        if name:
+            parameters["name"] = name
+        if regions:
+            parameters["regions"] = regions
+
+        result = self.c.get(
+            url=f"{self.v2api_host}/v2/serviceaccounts/",
+            headers=self.config.get_headers(with_project=False, **kwargs),
+            params=parameters,
+        )
+
+        handle_server_errors(result)
+
+        return ServiceAccountList(**result.json())
+
+    def get_service_account(
+        self,
+        name: str,
+        **kwargs,
+    ) -> ServiceAccount:
+        result = self.c.get(
+            url=f"{self.v2api_host}/v2/serviceaccounts/{name}/",
+            headers=self.config.get_headers(with_project=False, **kwargs),
+        )
+
+        handle_server_errors(result)
+        return ServiceAccount(**result.json())
+
+    def create_service_account(
+        self,
+        service_account: ServiceAccount | dict,
+        **kwargs,
+    ) -> ServiceAccount:
+        if isinstance(service_account, dict):
+            service_account = ServiceAccount.model_validate(service_account)
+        result = self.c.post(
+            url=f"{self.v2api_host}/v2/serviceaccounts/",
+            headers=self.config.get_headers(with_project=False, **kwargs),
+            json=service_account.model_dump(by_alias=True),
+        )
+
+        handle_server_errors(result)
+        return ServiceAccount(**result.json())
+
+    def update_service_account(
+        self,
+        service_account: ServiceAccount | dict,
+        name: str | None,
+        **kwargs,
+    ) -> ServiceAccount:
+        if isinstance(service_account, dict):
+            service_account = ServiceAccount.model_validate(service_account)
+        if not name:
+            name = service_account.metadata.name
+        result = self.c.put(
+            url=f"{self.v2api_host}/v2/serviceaccounts/{name}/",
+            headers=self.config.get_headers(with_project=False, **kwargs),
+            json=service_account.model_dump(by_alias=True),
+        )
+
+        handle_server_errors(result)
+        return ServiceAccount(**result.json())
+
+    def delete_service_account(
+        self,
+        name: str,
+        **kwargs,
+    ) -> None:
+        result = self.c.delete(
+            url=f"{self.v2api_host}/v2/serviceaccounts/{name}/",
+            headers=self.config.get_headers(with_project=False, **kwargs),
+        )
+
+        handle_server_errors(result)
+        return None
+
+    def list_service_account_tokens(
+        self, name: str, cont: int = 0, limit: int = 50, **kwargs
+    ) -> ServiceAccountTokenList:
+
+        result = self.c.get(
+            url=f"{self.v2api_host}/v2/serviceaccounts/{name}/token/",
+            headers=self.config.get_headers(with_project=False, **kwargs),
+        )
+
+        handle_server_errors(result)
+
+        return ServiceAccountTokenList(**result.json())
+
+    def create_service_account_token(
+        self, name: str, expiry_at: ServiceAccountToken | dict, **kwargs
+    ) -> ServiceAccountTokenInfo:
+        if isinstance(expiry_at, dict):
+            expiry_at = ServiceAccountToken.model_validate(expiry_at)
+
+        result = self.c.post(
+            url=f"{self.v2api_host}/v2/serviceaccounts/{name}/token/",
+            headers=self.config.get_headers(with_project=False, **kwargs),
+            json=expiry_at.model_dump(by_alias=True, mode="json"),
+        )
+
+        handle_server_errors(result)
+
+        return ServiceAccountTokenInfo(**result.json())
+
+    def refresh_service_account_token(
+        self, name: str, token_id: str, expiry_at: ServiceAccountToken | dict, **kwargs
+    ) -> ServiceAccountTokenInfo:
+        if isinstance(expiry_at, dict):
+            expiry_at = ServiceAccountToken.model_validate(expiry_at)
+
+        result = self.c.patch(
+            url=f"{self.v2api_host}/v2/serviceaccounts/{name}/token/{token_id}/",
+            headers=self.config.get_headers(with_project=False, **kwargs),
+            json=expiry_at.model_dump(by_alias=True, mode="json"),
+        )
+
+        handle_server_errors(result)
+
+        return ServiceAccountTokenInfo(**result.json())
+
+    def delete_service_account_token(self, name: str, token_id: str, **kwargs) -> None:
+        result = self.c.delete(
+            url=f"{self.v2api_host}/v2/serviceaccounts/{name}/token/{token_id}/",
+            headers=self.config.get_headers(with_project=False, **kwargs),
+        )
+
+        handle_server_errors(result)
+
+        return None
diff --git a/rapyuta_io_sdk_v2/models/__init__.py b/rapyuta_io_sdk_v2/models/__init__.py
@@ -94,3 +94,11 @@
 )
 
 from rapyuta_io_sdk_v2.models.daemons import Daemon as Daemon
+
+from rapyuta_io_sdk_v2.models.serviceaccount import (
+    ServiceAccount as ServiceAccount,
+    ServiceAccountList as ServiceAccountList,
+    ServiceAccountTokenList as ServiceAccountTokenList,
+    ServiceAccountToken as ServiceAccountToken,
+    ServiceAccountTokenInfo as ServiceAccountTokenInfo,
+)
diff --git a/rapyuta_io_sdk_v2/models/serviceaccount.py b/rapyuta_io_sdk_v2/models/serviceaccount.py
@@ -0,0 +1,84 @@
+"""
+Pydantic models for ServiceAccount resource validation.
+
+This module mirrors the Go `ServiceAccount` and related types from the
+`package extensions` snippet provided by the user.
+"""
+
+from typing import Literal, override
+from datetime import datetime
+
+from pydantic import BaseModel, Field
+
+from rapyuta_io_sdk_v2.models.utils import (
+    BaseList,
+    BaseMetadata,
+    BaseObject,
+    Domain,
+)
+
+
+class ServiceAccountBinding(BaseModel):
+    domain: Domain
+    role_names: list[str] = Field(default_factory=list, alias="roleNames")
+
+
+class ServiceAccountSpec(BaseModel):
+    description: str | None = None
+    roles: list[ServiceAccountBinding] | None = None
+
+
+class ServiceAccount(BaseObject):
+    """ServiceAccount model."""
+
+    kind: Literal["ServiceAccount"] | None = "ServiceAccount"
+    metadata: BaseMetadata
+    spec: ServiceAccountSpec | None = None
+
+    @override
+    def list_dependencies(self) -> list[str] | None:
+        dependencies: list[str] = []
+
+        # Process service account roles and their domains
+        if self.spec and self.spec.roles is not None:
+            for role_binding in self.spec.roles:
+                # Add domain dependency
+                if (
+                    role_binding.domain.kind is not None
+                    and role_binding.domain.name is not None
+                ):
+                    domain = (
+                        f"{role_binding.domain.kind.lower()}:{role_binding.domain.name}"
+                    )
+                    dependencies.append(domain)
+
+                # Add role dependencies
+                if role_binding.role_names is not None:
+                    for role in role_binding.role_names:
+                        dependencies.append(f"role:{role}")
+
+        return dependencies
+
+
+class ServiceAccountList(BaseList[ServiceAccount]):
+    """List of service accounts using BaseList."""
+
+    pass
+
+
+class ServiceAccountTokenInfo(BaseModel):
+    id: int | None = None
+    token: str | None = None
+    expiry_at: datetime | None = Field(default=None, alias="expiry_at")
+
+
+class ServiceAccountTokenList(BaseList[ServiceAccountTokenInfo]):
+    """List of service account tokens."""
+
+    pass
+
+
+class ServiceAccountToken(BaseModel):
+    owner: str | None = None
+    expiry_at: datetime | None = Field(default=None, alias="expiry_at")
+
