chore: add back removed properties

Signed-off-by: Norbert Biczo <[email protected]>

Author: pyrooka

ibm_cloud_sdk_core/authenticators/iam_assume_authenticator.py

@@ -42,12 +42,18 @@ class IAMAssumeAuthenticator(IAMRequestBasedAuthenticator):
         iam_profile_name: the name of the trusted profile (must be used together with `iam_account_id`)
         iam_account_id: the ID of the trusted profile (must be used together with `iam_profile_name`)
         url: The URL representing the IAM token service endpoint. If not specified, a suitable default value is used.
+        client_id: The client_id and client_secret fields are used to form
+            a "basic" authorization header for IAM token requests. Defaults to None.
+        client_secret: The client_id and client_secret fields are used to form
+            a "basic" authorization header for IAM token requests. Defaults to None.
         disable_ssl_verification: A flag that indicates whether verification of
             the server's SSL certificate should be disabled or not. Defaults to False.
         headers: Default headers to be sent with every IAM token request. Defaults to None.
         proxies: Dictionary for mapping request protocol to proxy URL. Defaults to None.
         proxies.http (optional): The proxy endpoint to use for HTTP requests.
         proxies.https (optional): The proxy endpoint to use for HTTPS requests.
+        scope: The "scope" to use when fetching the bearer token from the IAM token server.
+            This can be used to obtain an access token with a specific scope.
 
     Attributes:
         token_manager (IAMTokenManager): Retrieves and manages IAM tokens from the endpoint specified by the url.
@@ -56,6 +62,7 @@ class IAMAssumeAuthenticator(IAMRequestBasedAuthenticator):
         TypeError: The `disable_ssl_verification` is not a bool.
         ValueError: The `apikey` is not valid for IAM token requests or the following keyword arguments are incorrectly specified:
             `iam_profile_id`, `iam_profile_crn`, `iam_profile_name`, `iam_account_id`,
+        ValueError: The apikey, client_id, and/or client_secret are not valid for IAM token requests.
     """
 
     def __init__(
@@ -67,9 +74,12 @@ def __init__(
         iam_profile_name: Optional[str] = None,
         iam_account_id: Optional[str] = None,
         url: Optional[str] = None,
+        client_id: Optional[str] = None,
+        client_secret: Optional[str] = None,
         disable_ssl_verification: bool = False,
         headers: Optional[Dict[str, str]] = None,
         proxies: Optional[Dict[str, str]] = None,
+        scope: Optional[str] = None,
     ) -> None:
         # Check the type of `disable_ssl_verification`. Must be a bool.
         if not isinstance(disable_ssl_verification, bool):
@@ -82,9 +92,12 @@ def __init__(
             iam_profile_name=iam_profile_name,
             iam_account_id=iam_account_id,
             url=url,
+            client_id=client_id,
+            client_secret=client_secret,
             disable_ssl_verification=disable_ssl_verification,
             headers=headers,
             proxies=proxies,
+            scope=scope,
         )
 
         self.validate()

ibm_cloud_sdk_core/get_authenticator.py

@@ -114,7 +114,10 @@ def __construct_authenticator(config: dict) -> Authenticator:
             iam_profile_name=config.get('IAM_PROFILE_NAME'),
             iam_account_id=config.get('IAM_ACCOUNT_ID'),
             url=config.get('AUTH_URL'),
+            client_id=config.get('CLIENT_ID'),
+            client_secret=config.get('CLIENT_SECRET'),
             disable_ssl_verification=config.get('AUTH_DISABLE_SSL', 'false').lower() == 'true',
+            scope=config.get('SCOPE'),
         )
     elif auth_type == Authenticator.AUTHTYPE_VPC.lower():
         authenticator = VPCInstanceAuthenticator(

ibm_cloud_sdk_core/token_managers/iam_assume_token_manager.py

@@ -49,12 +49,20 @@ class IAMAssumeTokenManager(IAMRequestBasedTokenManager):
         iam_profile_name: the name of the trusted profile (must be used together with `iam_account_id`)
         iam_account_id: the ID of the trusted profile (must be used together with `iam_profile_name`)
         url: The IAM endpoint to token requests. Defaults to None.
+        client_id: The client_id and client_secret fields are used to form
+            a "basic auth" Authorization header for interactions with the IAM token server.
+            Defaults to None.
+        client_secret: The client_id and client_secret fields are used to form
+            a "basic auth" Authorization header for interactions with the IAM token server.
+            Defaults to None.
         disable_ssl_verification: A flag that indicates whether verification of
             the server's SSL certificate should be disabled or not. Defaults to False.
         headers: Default headers to be sent with every IAM token request. Defaults to None.
         proxies: Proxies to use for communicating with IAM. Defaults to None.
         proxies.http: The proxy endpoint to use for HTTP requests.
         proxies.https: The proxy endpoint to use for HTTPS requests.
+        scope: The "scope" to use when fetching the bearer token from the IAM token server.
+        This can be used to obtain an access token with a specific scope.
     """
 
     def __init__(
@@ -66,15 +74,21 @@ def __init__(
         iam_profile_name: Optional[str] = None,
         iam_account_id: Optional[str] = None,
         url: Optional[str] = None,
+        client_id: Optional[str] = None,
+        client_secret: Optional[str] = None,
         disable_ssl_verification: bool = False,
         headers: Optional[Dict[str, str]] = None,
         proxies: Optional[Dict[str, str]] = None,
+        scope: Optional[str] = None,
     ) -> None:
         super().__init__(
             url=url,
+            client_id=client_id,
+            client_secret=client_secret,
             disable_ssl_verification=disable_ssl_verification,
             headers=headers,
             proxies=proxies,
+            scope=scope,
         )
 
         self.iam_profile_id = iam_profile_id
@@ -88,9 +102,12 @@ def __init__(
         self.iam_delegate = IAMTokenManager(
             apikey=apikey,
             url=url,
+            client_id=client_id,
+            client_secret=client_secret,
             disable_ssl_verification=disable_ssl_verification,
             headers=headers,
             proxies=proxies,
+            scope=scope,
         )
 
         self.request_payload['grant_type'] = 'urn:ibm:params:oauth:grant-type:assume'

test/test_iam_assume_authenticator.py

@@ -18,6 +18,8 @@ def test_iam_assume_authenticator():
     assert authenticator is not None
     assert authenticator.authentication_type() == Authenticator.AUTHTYPE_IAM_ASSUME
     assert authenticator.token_manager.url == 'https://iam.cloud.ibm.com'
+    assert authenticator.token_manager.client_id is None
+    assert authenticator.token_manager.client_secret is None
     assert authenticator.token_manager.disable_ssl_verification is False
     assert authenticator.token_manager.headers is None
     assert authenticator.token_manager.proxies is None
@@ -26,6 +28,7 @@ def test_iam_assume_authenticator():
     assert authenticator.token_manager.iam_profile_crn == 'crn:iam-profile:123'
     assert authenticator.token_manager.iam_profile_name is None
     assert authenticator.token_manager.iam_account_id is None
+    assert authenticator.token_manager.scope is None
 
     authenticator.set_iam_profile_id('my-id-123')
     assert authenticator.token_manager.iam_profile_id == 'my-id-123'
@@ -40,6 +43,13 @@ def test_iam_assume_authenticator():
     assert authenticator.token_manager.iam_profile_name == 'my-profile-name'
     assert authenticator.token_manager.iam_account_id == 'my-acc-id'
 
+    authenticator.set_client_id_and_secret('tom', 'jerry')
+    assert authenticator.token_manager.client_id == 'tom'
+    assert authenticator.token_manager.client_secret == 'jerry'
+
+    authenticator.set_scope('scope1 scope2 scope3')
+    assert authenticator.token_manager.scope == 'scope1 scope2 scope3'
+
     with pytest.raises(TypeError) as err:
         authenticator.set_headers('dummy')
     assert str(err.value) == 'headers must be a dictionary'
@@ -146,6 +156,14 @@ def test_iam_assume_authenticator_validate_failed():
         str(err.value) == 'Exactly one of `iam_profile_id`, `iam_profile_crn`, or `iam_profile_name` must be specified.'
     )
 
+    with pytest.raises(ValueError) as err:
+        IAMAssumeAuthenticator('my_apikey', client_id='my_client_id')
+    assert str(err.value) == 'Both client_id and client_secret should be initialized.'
+
+    with pytest.raises(ValueError) as err:
+        IAMAssumeAuthenticator('my_apikey', client_secret='my_client_secret')
+    assert str(err.value) == 'Both client_id and client_secret should be initialized.'
+
 
 @responses.activate
 def test_get_token():

test/test_utils.py

@@ -294,7 +294,10 @@ def test_get_authenticator_from_credential_file():
     assert authenticator.token_manager.iam_delegate.apikey == 'my-api-key'
     assert authenticator.token_manager.iam_profile_id == 'iam-profile-1'
     assert authenticator.token_manager.url == 'https://iam.cloud.ibm.com'
+    assert authenticator.token_manager.client_id is None
+    assert authenticator.token_manager.client_secret is None
     assert authenticator.token_manager.disable_ssl_verification is False
+    assert authenticator.token_manager.scope is None
     del os.environ['IBM_CREDENTIALS_FILE']
 
     file_path = os.path.join(os.path.dirname(__file__), '../resources/ibm-credentials-basic.env')