1 files changed, 72 insertions, 0 deletions

diff --git a/macaroonbakery/bakery/_bakery.py b/macaroonbakery/bakery/_bakery.py
new file mode 100644
index 0000000..8fac9ce
--- /dev/null
+++ b/macaroonbakery/bakery/_bakery.py
@@ -0,0 +1,72 @@
+# Copyright 2017 Canonical Ltd.
+# Licensed under the LGPLv3, see LICENCE file for details.
+
+from ._authorizer import ClosedAuthorizer
+from ._checker import Checker
+import macaroonbakery.checkers as checkers
+from ._oven import Oven
+
+
+class Bakery(object):
+    '''Convenience class that contains both an Oven and a Checker.
+    '''
+    def __init__(self, location=None, locator=None, ops_store=None, key=None,
+                 identity_client=None, checker=None, root_key_store=None,
+                 authorizer=ClosedAuthorizer()):
+        '''Returns a new Bakery instance which combines an Oven with a
+        Checker for the convenience of callers that wish to use both
+        together.
+        @param checker holds the checker used to check first party caveats.
+        If this is None, it will use checkers.Checker(None).
+        @param root_key_store holds the root key store to use.
+        If you need to use a different root key store for different operations,
+        you'll need to pass a root_key_store_for_ops value to Oven directly.
+        @param root_key_store If this is None, it will use MemoryKeyStore().
+        Note that that is almost certain insufficient for production services
+        that are spread across multiple instances or that need
+        to persist keys across restarts.
+        @param locator is used to find out information on third parties when
+        adding third party caveats. If this is None, no non-local third
+        party caveats can be added.
+        @param key holds the private key of the oven. If this is None,
+        no third party caveats may be added.
+        @param identity_client holds the identity implementation to use for
+        authentication. If this is None, no authentication will be possible.
+        @param authorizer is used to check whether an authenticated user is
+        allowed to perform operations. If it is None, it will use
+        a ClosedAuthorizer.
+        The identity parameter passed to authorizer.allow will
+        always have been obtained from a call to
+        IdentityClient.declared_identity.
+        @param ops_store used to persistently store the association of
+        multi-op entities with their associated operations
+        when oven.macaroon is called with multiple operations.
+        @param location holds the location to use when creating new macaroons.
+        '''
+
+        if checker is None:
+            checker = checkers.Checker()
+        root_keystore_for_ops = None
+        if root_key_store is not None:
+            def root_keystore_for_ops(ops):
+                return root_key_store
+
+        oven = Oven(key=key,
+                    location=location,
+                    locator=locator,
+                    namespace=checker.namespace(),
+                    root_keystore_for_ops=root_keystore_for_ops,
+                    ops_store=ops_store)
+        self._oven = oven
+
+        self._checker = Checker(checker=checker, authorizer=authorizer,
+                                identity_client=identity_client,
+                                macaroon_opstore=oven)
+
+    @property
+    def oven(self):
+        return self._oven
+
+    @property
+    def checker(self):
+        return self._checker