fix: address review comments; support AUTHTYPE property

Author: padamstx

ibm_cloud_sdk_core/authenticators/container_authenticator.py

@@ -32,10 +32,12 @@ class ContainerAuthenticator(IAMRequestBasedAuthenticator):
         cr_token_filename: The name of the file containing the injected CR token value
             (applies to IKS-managed compute resources). Defaults to "/var/run/secrets/tokens/vault-token".
         iam_profile_name: The name of the linked trusted IAM profile to be used when obtaining the IAM access token
-            (a CR token might map to multiple IAM profiles). One of IAMProfileName or IAMProfileID must be specified.
+            (a CR token might map to multiple IAM profiles).
+            One of iam_profile_name or iam_profile_id must be specified.
             Defaults to None.
         iam_profile_id: The id of the linked trusted IAM profile to be used when obtaining the IAM access token
-	        (a CR token might map to multiple IAM profiles). One of IAMProfileName or IAMProfileID must be specified.
+            (a CR token might map to multiple IAM profiles).
+            One of iam_profile_name or iam_profile_id must be specified.
             Defaults to None.
         url: The URL representing the IAM token service endpoint. If not specified, a suitable default value is used.
         client_id: The client_id and client_secret fields are used to form
@@ -97,7 +99,8 @@ def validate(self) -> None:
         super().validate()
 
         if not self.token_manager.iam_profile_name and not self.token_manager.iam_profile_id:
-            raise ValueError('At least one of iam_profile_name or iam_profile_id must be specified.')
+            raise ValueError(
+                'At least one of iam_profile_name or iam_profile_id must be specified.')
 
     def set_cr_token_filename(self, cr_token_filename: str) -> None:
         """Set the location of the compute resource token on the local filesystem.

ibm_cloud_sdk_core/get_authenticator.py

@@ -44,6 +44,8 @@ def __construct_authenticator(config: dict) -> Authenticator:
     # Determine the authentication type if not specified explicitly.
     if config.get('AUTH_TYPE'):
         auth_type = config.get('AUTH_TYPE').lower()
+    elif config.get('AUTHTYPE'):
+        auth_type = config.get('AUTHTYPE').lower()
     else:
         # If the APIKEY property is specified, then it should be IAM, otherwise Container Auth.
         auth_type = 'iam' if config.get('APIKEY') else 'container'
@@ -65,7 +67,8 @@ def __construct_authenticator(config: dict) -> Authenticator:
             url=config.get('AUTH_URL'),
             client_id=config.get('CLIENT_ID'),
             client_secret=config.get('CLIENT_SECRET'),
-            disable_ssl_verification=config.get('AUTH_DISABLE_SSL', 'false').lower() == 'true',
+            disable_ssl_verification=config.get(
+                'AUTH_DISABLE_SSL', 'false').lower() == 'true',
             scope=config.get('SCOPE'))
     elif auth_type == 'cp4d':
         authenticator = CloudPakForDataAuthenticator(
@@ -80,7 +83,8 @@ def __construct_authenticator(config: dict) -> Authenticator:
             url=config.get('AUTH_URL'),
             client_id=config.get('CLIENT_ID'),
             client_secret=config.get('CLIENT_SECRET'),
-            disable_ssl_verification=config.get('AUTH_DISABLE_SSL', 'false').lower() == 'true',
+            disable_ssl_verification=config.get(
+                'AUTH_DISABLE_SSL', 'false').lower() == 'true',
             scope=config.get('SCOPE'))
     elif auth_type == 'noauth':
         authenticator = NoAuthAuthenticator()

ibm_cloud_sdk_core/token_managers/container_token_manager.py

@@ -32,9 +32,10 @@ class ContainerTokenManager(IAMRequestBasedTokenManager):
             (applies to IKS-managed compute resources).
         iam_profile_name (str): The name of the linked trusted IAM profile to be used when obtaining the
             IAM access token (a CR token might map to multiple IAM profiles).
-            One of IAMProfileName or IAMProfileID must be specified.
+            One of iam_profile_name or iam_profile_id must be specified.
         iam_profile_id (str): The id of the linked trusted IAM profile to be used when obtaining the IAM access token
-	        (a CR token might map to multiple IAM profiles). One of IAMProfileName or IAMProfileID must be specified.
+            (a CR token might map to multiple IAM profiles).
+            One of iam_profile_name or iam_profile_id must be specified.
         url (str): The IAM endpoint to token requests.
         client_id (str): The client_id and client_secret fields are used to form
             a "basic auth" Authorization header for interactions with the IAM token server.
@@ -52,10 +53,12 @@ class ContainerTokenManager(IAMRequestBasedTokenManager):
         cr_token_filename: The name of the file containing the injected CR token value
             (applies to IKS-managed compute resources). Defaults to "/var/run/secrets/tokens/vault-token".
         iam_profile_name: The name of the linked trusted IAM profile to be used when obtaining the IAM access token
-            (a CR token might map to multiple IAM profiles). One of IAMProfileName or IAMProfileID must be specified.
-            sDefaults to None.
+            (a CR token might map to multiple IAM profiles).
+            One of iam_profile_name or iam_profile_id must be specified.
+            Defaults to None.
         iam_profile_id: The id of the linked trusted IAM profile to be used when obtaining the IAM access token
-	        (a CR token might map to multiple IAM profiles). One of IAMProfileName or IAMProfileID must be specified.
+            (a CR token might map to multiple IAM profiles).
+            One of iam_profile_name or iam_prfoile_id must be specified.
             Defaults to None.
         url: The IAM endpoint to token requests. Defaults to None.
         client_id: The client_id and client_secret fields are used to form
@@ -107,7 +110,8 @@ def retrieve_cr_token(self) -> str:
         """
         cr_token_filename = self.cr_token_filename if self.cr_token_filename else self.DEFAULT_CR_TOKEN_FILENAME
 
-        logging.debug('Attempting to read CR token from file: %s', cr_token_filename)
+        logging.debug('Attempting to read CR token from file: %s',
+                      cr_token_filename)
 
         try:
             with open(cr_token_filename, 'r') as file:

resources/ibm-credentials-basic.env

@@ -1,3 +1,3 @@
 WATSON_USERNAME=my_username
 WATSON_PASSWORD=my_password
-WATSON_AUTH_TYPE=basic
+WATSON_AUTHTYPE=basic

resources/ibm-credentials-bearer.env

@@ -1,2 +1,2 @@
 WATSON_BEARER_TOKEN=my_token
-WATSON_AUTH_TYPE=bearerToken
+WATSON_AUTHTYPE=bearerToken

test/test_container_authenticator.py

@@ -7,6 +7,9 @@
 def test_container_authenticator():
     authenticator = ContainerAuthenticator(iam_profile_name='iam-user-123')
     assert authenticator is not None
+    assert authenticator.token_manager.cr_token_filename is None
+    assert authenticator.token_manager.iam_profile_name == 'iam-user-123'
+    assert authenticator.token_manager.iam_profile_id is None
     assert authenticator.token_manager.client_id is None
     assert authenticator.token_manager.client_secret is None
     assert authenticator.token_manager.disable_ssl_verification is False
@@ -21,7 +24,8 @@ def test_container_authenticator():
     # because both of the profile and ID are None.
     with pytest.raises(ValueError) as err:
         authenticator.set_iam_profile_name(None)
-    assert str(err.value) == 'At least one of iam_profile_name or iam_profile_id must be specified.'
+    assert str(
+        err.value) == 'At least one of iam_profile_name or iam_profile_id must be specified.'
 
     authenticator.set_iam_profile_id('iam-id-123')
     assert authenticator.token_manager.iam_profile_id == 'iam-id-123'
@@ -52,7 +56,8 @@ def test_container_authenticator():
 
 
 def test_disable_ssl_verification():
-    authenticator = ContainerAuthenticator(iam_profile_name='iam-user-123', disable_ssl_verification=True)
+    authenticator = ContainerAuthenticator(
+        iam_profile_name='iam-user-123', disable_ssl_verification=True)
     assert authenticator.token_manager.disable_ssl_verification is True
 
     authenticator.set_disable_ssl_verification(False)
@@ -61,7 +66,8 @@ def test_disable_ssl_verification():
 
 def test_invalid_disable_ssl_verification_type():
     with pytest.raises(TypeError) as err:
-        authenticator = ContainerAuthenticator(iam_profile_name='iam-user-123', disable_ssl_verification='True')
+        authenticator = ContainerAuthenticator(
+            iam_profile_name='iam-user-123', disable_ssl_verification='True')
     assert str(err.value) == 'disable_ssl_verification must be a bool'
 
     authenticator = ContainerAuthenticator(iam_profile_name='iam-user-123')
@@ -73,22 +79,26 @@ def test_invalid_disable_ssl_verification_type():
 
 
 def test_container_authenticator_with_scope():
-    authenticator = ContainerAuthenticator(iam_profile_name='iam-user-123', scope='scope1 scope2')
+    authenticator = ContainerAuthenticator(
+        iam_profile_name='iam-user-123', scope='scope1 scope2')
     assert authenticator is not None
     assert authenticator.token_manager.scope == 'scope1 scope2'
 
 
 def test_authenticator_validate_failed():
     with pytest.raises(ValueError) as err:
         ContainerAuthenticator(None)
-    assert str(err.value) == 'At least one of iam_profile_name or iam_profile_id must be specified.'
+    assert str(
+        err.value) == 'At least one of iam_profile_name or iam_profile_id must be specified.'
 
     with pytest.raises(ValueError) as err:
-        ContainerAuthenticator(iam_profile_name='iam-user-123', client_id='my_client_id')
+        ContainerAuthenticator(
+            iam_profile_name='iam-user-123', client_id='my_client_id')
     assert str(
         err.value) == 'Both client_id and client_secret should be initialized.'
 
     with pytest.raises(ValueError) as err:
-        ContainerAuthenticator(iam_profile_name='iam-user-123', client_secret='my_client_secret')
+        ContainerAuthenticator(
+            iam_profile_name='iam-user-123', client_secret='my_client_secret')
     assert str(
         err.value) == 'Both client_id and client_secret should be initialized.'