vault events

Author: vivekkhimani

src/workos/types/events/__init__.py

@@ -13,3 +13,4 @@
 from .organization_domain_verification_failed_payload import *
 from .previous_attributes import *
 from .session_payload import *
+from .vault_payload import *

src/workos/types/events/event.py

@@ -53,6 +53,15 @@
     SessionCreatedPayload,
     SessionRevokedPayload,
 )
+from workos.types.events.vault_payload import (
+    VaultDataCreatedPayload,
+    VaultDataDeletedPayload,
+    VaultDataReadPayload,
+    VaultDekDecryptedPayload,
+    VaultDekReadPayload,
+    VaultKekCreatedPayload,
+    VaultNamesListedPayload,
+)
 from workos.types.organizations.organization_common import OrganizationCommon
 from workos.types.organization_domains import OrganizationDomain
 from workos.types.roles.role import EventRole
@@ -372,6 +381,42 @@ class UserUpdatedEvent(EventModel[User]):
     event: Literal["user.updated"]
 
 
+class VaultDataCreatedEvent(EventModel[VaultDataCreatedPayload]):
+    event: Literal["vault.data.created"]
+
+
+class VaultDataDeletedEvent(EventModel[VaultDataDeletedPayload]):
+    event: Literal["vault.data.deleted"]
+
+
+class VaultDataReadEvent(EventModel[VaultDataReadPayload]):
+    event: Literal["vault.data.read"]
+
+
+class VaultDataUpdatedEvent(EventModel[VaultDataCreatedPayload]):
+    event: Literal["vault.data.updated"]
+
+
+class VaultDekDecryptedEvent(EventModel[VaultDekDecryptedPayload]):
+    event: Literal["vault.dek.decrypted"]
+
+
+class VaultDekReadEvent(EventModel[VaultDekReadPayload]):
+    event: Literal["vault.dek.read"]
+
+
+class VaultKekCreatedEvent(EventModel[VaultKekCreatedPayload]):
+    event: Literal["vault.kek.created"]
+
+
+class VaultMetadataReadEvent(EventModel[VaultDataDeletedPayload]):
+    event: Literal["vault.metadata.read"]
+
+
+class VaultNamesListedEvent(EventModel[VaultNamesListedPayload]):
+    event: Literal["vault.names.listed"]
+
+
 Event = Annotated[
     Union[
         ApiKeyCreatedEvent,
@@ -443,6 +488,15 @@ class UserUpdatedEvent(EventModel[User]):
         UserCreatedEvent,
         UserDeletedEvent,
         UserUpdatedEvent,
+        VaultDataCreatedEvent,
+        VaultDataDeletedEvent,
+        VaultDataReadEvent,
+        VaultDataUpdatedEvent,
+        VaultDekDecryptedEvent,
+        VaultDekReadEvent,
+        VaultKekCreatedEvent,
+        VaultMetadataReadEvent,
+        VaultNamesListedEvent,
     ],
     Field(..., discriminator="event"),
 ]

src/workos/types/events/event_model.py

@@ -50,6 +50,15 @@
     SessionCreatedPayload,
     SessionRevokedPayload,
 )
+from workos.types.events.vault_payload import (
+    VaultDataCreatedPayload,
+    VaultDataDeletedPayload,
+    VaultDataReadPayload,
+    VaultDekDecryptedPayload,
+    VaultDekReadPayload,
+    VaultKekCreatedPayload,
+    VaultNamesListedPayload,
+)
 from workos.types.organizations.organization_common import OrganizationCommon
 from workos.types.organization_domains import OrganizationDomain
 from workos.types.authorization.organization_role import OrganizationRoleEvent
@@ -110,6 +119,13 @@
     SessionCreatedPayload,
     SessionRevokedPayload,
     User,
+    VaultDataCreatedPayload,
+    VaultDataDeletedPayload,
+    VaultDataReadPayload,
+    VaultDekDecryptedPayload,
+    VaultDekReadPayload,
+    VaultKekCreatedPayload,
+    VaultNamesListedPayload,
 )
 
 

src/workos/types/events/event_type.py

@@ -74,6 +74,15 @@
     "user.created",
     "user.deleted",
     "user.updated",
+    "vault.data.created",
+    "vault.data.deleted",
+    "vault.data.read",
+    "vault.data.updated",
+    "vault.dek.decrypted",
+    "vault.dek.read",
+    "vault.kek.created",
+    "vault.metadata.read",
+    "vault.names.listed",
 ]
 
 EventTypeDiscriminator = TypeVar("EventTypeDiscriminator", bound=EventType)

src/workos/types/events/vault_payload.py

@@ -0,0 +1,57 @@
+from typing import List, Optional
+
+from workos.types.vault.key import KeyContext
+from workos.types.workos_model import WorkOSModel
+
+
+class VaultNamesListedPayload(WorkOSModel):
+    actor_id: str
+    actor_source: str
+    actor_name: Optional[str] = None
+
+
+class VaultDataDeletedPayload(WorkOSModel):
+    actor_id: str
+    actor_source: str
+    actor_name: Optional[str] = None
+    kv_name: str
+
+
+class VaultDekDecryptedPayload(WorkOSModel):
+    actor_id: str
+    actor_source: str
+    actor_name: Optional[str] = None
+    key_id: str
+
+
+class VaultDataReadPayload(WorkOSModel):
+    actor_id: str
+    actor_source: str
+    actor_name: Optional[str] = None
+    kv_name: str
+    key_id: str
+
+
+class VaultDataCreatedPayload(WorkOSModel):
+    actor_id: str
+    actor_source: str
+    actor_name: Optional[str] = None
+    kv_name: str
+    key_id: str
+    key_context: KeyContext
+
+
+class VaultDekReadPayload(WorkOSModel):
+    actor_id: str
+    actor_source: str
+    actor_name: Optional[str] = None
+    key_ids: List[str]
+    key_context: KeyContext
+
+
+class VaultKekCreatedPayload(WorkOSModel):
+    actor_id: str
+    actor_source: str
+    actor_name: Optional[str] = None
+    key_name: str
+    key_id: str

tests/test_events.py

@@ -5,6 +5,11 @@
 from tests.utils.syncify import syncify
 from workos.events import AsyncEvents, Events, EventsListResource
 from workos.types.events import OrganizationMembershipCreatedEvent
+from workos.types.events.event import (
+    VaultDataCreatedEvent,
+    VaultDekReadEvent,
+    VaultNamesListedEvent,
+)
 
 
 @pytest.mark.sync_and_async(Events, AsyncEvents)
@@ -86,3 +91,133 @@ def test_list_events_organization_membership_missing_custom_attributes(
         event = events.data[0]
         assert isinstance(event, OrganizationMembershipCreatedEvent)
         assert event.data.custom_attributes == {}
+
+    def test_list_events_vault_data_created(
+        self,
+        module_instance: Union[Events, AsyncEvents],
+        capture_and_mock_http_client_request,
+    ):
+        mock_response = {
+            "object": "list",
+            "data": [
+                {
+                    "object": "event",
+                    "id": "event_vault_01",
+                    "event": "vault.data.created",
+                    "data": {
+                        "actor_id": "user_01234",
+                        "actor_source": "dashboard",
+                        "actor_name": "Test User",
+                        "kv_name": "my-secret",
+                        "key_id": "key_01234",
+                        "key_context": {"env": "production"},
+                    },
+                    "created_at": "2024-01-01T00:00:00.000Z",
+                }
+            ],
+            "list_metadata": {
+                "after": None,
+            },
+        }
+
+        capture_and_mock_http_client_request(
+            http_client=module_instance._http_client,
+            status_code=200,
+            response_dict=mock_response,
+        )
+
+        events: EventsListResource = syncify(
+            module_instance.list_events(events=["vault.data.created"])
+        )
+
+        event = events.data[0]
+        assert isinstance(event, VaultDataCreatedEvent)
+        assert event.data.actor_id == "user_01234"
+        assert event.data.actor_source == "dashboard"
+        assert event.data.actor_name == "Test User"
+        assert event.data.kv_name == "my-secret"
+        assert event.data.key_id == "key_01234"
+        assert event.data.key_context.root == {"env": "production"}
+
+    def test_list_events_vault_dek_read(
+        self,
+        module_instance: Union[Events, AsyncEvents],
+        capture_and_mock_http_client_request,
+    ):
+        mock_response = {
+            "object": "list",
+            "data": [
+                {
+                    "object": "event",
+                    "id": "event_vault_02",
+                    "event": "vault.dek.read",
+                    "data": {
+                        "actor_id": "user_01234",
+                        "actor_source": "api",
+                        "key_ids": ["key_01", "key_02"],
+                        "key_context": {"tenant": "acme"},
+                    },
+                    "created_at": "2024-01-01T00:00:00.000Z",
+                }
+            ],
+            "list_metadata": {
+                "after": None,
+            },
+        }
+
+        capture_and_mock_http_client_request(
+            http_client=module_instance._http_client,
+            status_code=200,
+            response_dict=mock_response,
+        )
+
+        events: EventsListResource = syncify(
+            module_instance.list_events(events=["vault.dek.read"])
+        )
+
+        event = events.data[0]
+        assert isinstance(event, VaultDekReadEvent)
+        assert event.data.key_ids == ["key_01", "key_02"]
+        assert event.data.key_context.root == {"tenant": "acme"}
+        assert event.data.actor_name is None
+
+    def test_list_events_vault_names_listed(
+        self,
+        module_instance: Union[Events, AsyncEvents],
+        capture_and_mock_http_client_request,
+    ):
+        mock_response = {
+            "object": "list",
+            "data": [
+                {
+                    "object": "event",
+                    "id": "event_vault_03",
+                    "event": "vault.names.listed",
+                    "data": {
+                        "actor_id": "user_01234",
+                        "actor_source": "api",
+                        "actor_name": "Service Account",
+                    },
+                    "created_at": "2024-01-01T00:00:00.000Z",
+                }
+            ],
+            "list_metadata": {
+                "after": None,
+            },
+        }
+
+        capture_and_mock_http_client_request(
+            http_client=module_instance._http_client,
+            status_code=200,
+            response_dict=mock_response,
+        )
+
+        events: EventsListResource = syncify(
+            module_instance.list_events(events=["vault.names.listed"])
+        )
+
+        event = events.data[0]
+        assert isinstance(event, VaultNamesListedEvent)
+        assert event.data.actor_id == "user_01234"
+        assert event.data.actor_source == "api"
+        assert event.data.actor_name == "Service Account"