Client¶
VARSClient is the main entry point: it resolves a
ConfigProvider's endpoints once, then wires each generated
service client to a Kiota RequestAdapter with the auth provider
appropriate for that service.
from vars_client.client import VARSClient
from vars_client.config import RazielConfigProvider
config = RazielConfigProvider("https://raziel.example.org", "user", "password")
client = await VARSClient(config).connect()
connect()¶
connect() does the actual endpoint resolution and client construction, and
returns self so it can be chained with the constructor as above. It's
async because resolving endpoints may itself be a network call (e.g.
RazielConfigProvider).
Attributes¶
After connect(), use whichever of these your ConfigProvider returned an
endpoint for — anything else is left as None:
| Attribute | Type |
|---|---|
client.annosaurus |
AnnosaurusClient |
client.vampire_squid |
VampireSquidClient |
client.oni |
OniClient |
client.panoptes |
PanoptesClient |
client.beholder |
BeholderClient |
client.raziel |
RazielClient |
client.skimmer |
SkimmerClient |
client.raziel is only populated when the ConfigProvider passed in is a
RazielConfigProvider — it reuses that provider's already-authenticated (or
anonymous) session rather than requiring a separate set of credentials.
Each of annosaurus, vampire_squid, oni, and panoptes is a full
Kiota-generated client with a
fluent API mirroring its OpenAPI paths, e.g.:
client.beholder and client.raziel work the same way. client.skimmer is
the hand-written Skimmer URL builder, not a Kiota client.
Anonymous access¶
An endpoint with no secret isn't an error — connect() builds that service
anonymously (no Authorization header at all) instead of refusing to
connect. This matches how VARS' services are actually secured: every read
endpoint on Annosaurus, Vampire Squid, Oni, and Panoptes works without auth,
only writes need a Bearer token. So you can get a fully read-capable client
with zero credentials:
from vars_client.config import StaticConfigProvider
config = StaticConfigProvider.from_dict({
"annosaurus": {"url": "https://annosaurus.example.org"}, # no secret
})
client = await VARSClient(config).connect()
await client.annosaurus.v1.health.get() # works anonymously
If you then attempt a write with no secret configured, it fails at that
call with the server's 401/403 — not eagerly at connect().
Beholder is the exception: every capture endpoint requires its key, only
/health doesn't, so an anonymous Beholder client is of limited use.
RazielConfigProvider follows the same rule: omit username/password and
it discovers endpoints anonymously from /config/endpoints, which still
works but omits each entry's secret — see Auth.