chore: address issues #2

Co-authored-by: Phil Adams <[email protected]>

Author: pyrooka

Authentication.md

@@ -3,8 +3,8 @@ The python-sdk-core project supports the following types of authentication:
 - Basic Authentication
 - Bearer Token Authentication
 - Identity and Access Management (IAM) Authentication
-- VPC Instance Authentication
 - Container Authentication
+- VPC Instance Authentication
 - Cloud Pak for Data Authentication
 - No Authentication
 
@@ -295,7 +295,7 @@ service = ExampleServiceV1.new_instance(service_name='example_service')
 
 
 ## VPC Instance Authentication
-The `VpcInstanceAuthenticator` is intended to be used by application code
+The `VPCInstanceAuthenticator` is intended to be used by application code
 running inside a VPC-managed compute resource (virtual server instance) that has been configured
 to use the "compute resource identity" feature.
 The compute resource identity feature allows you to assign a trusted IAM profile to the compute resource as its "identity".
@@ -305,7 +305,7 @@ This results in a simplified security model that allows the application develope
 - avoid storing credentials in application code, configuraton files or a password vault
 - avoid managing or rotating credentials
 
-The `VpcInstanceAuthenticator` will invoke the appropriate operations on the compute resource's locally-available
+The `VPCInstanceAuthenticator` will invoke the appropriate operations on the compute resource's locally-available
 VPC Instance Metadata Service to (1) retrieve an instance identity token
 and then (2) exchange that instance identity token for an IAM access token.
 The authenticator will repeat these steps to obtain a new IAM access token whenever the current access token expires.

ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py

@@ -79,6 +79,7 @@ def request_token(self) -> dict:
 
         url = self.url + '/instance_identity/v1/iam_token'
 
+        request_payload = None
         if self.iam_profile_crn:
             request_payload = {'trusted_profile': {'crn': self.iam_profile_crn}}
         if self.iam_profile_id:
@@ -97,7 +98,7 @@ def request_token(self) -> dict:
             url=url,
             headers=headers,
             params={'version': self.METADATA_SERVICE_VERSION},
-            data=json.dumps(request_payload))
+            data=json.dumps(request_payload) if request_payload else None)
         logging.debug('Returned from VPC \'create_iam_token\' operation."')
 
         return response

test/test_vpc_instance_token_manager.py

@@ -179,6 +179,37 @@ def mock_retrieve_instance_identity_token():
     assert caplog.record_tuples[1][2] == 'Returned from VPC \'create_iam_token\' operation."'
 
 
+@responses.activate
+def test_request_token(caplog):
+    caplog.set_level(logging.DEBUG)
+
+    token_manager = VPCInstanceTokenManager()
+
+    # Mock the retrieve instance identity token method.
+    def mock_retrieve_instance_identity_token():
+        return TEST_TOKEN
+    token_manager.retrieve_instance_identity_token = mock_retrieve_instance_identity_token
+
+    response = {
+        'access_token': TEST_IAM_TOKEN,
+    }
+
+    responses.add(responses.POST, 'http://169.254.169.254/instance_identity/v1/iam_token',
+                  body=json.dumps(response), status=200)
+
+    response = token_manager.request_token()
+    assert len(responses.calls) == 1
+    assert responses.calls[0].request.headers['Content-Type'] == 'application/json'
+    assert responses.calls[0].request.headers['Accept'] == 'application/json'
+    assert responses.calls[0].request.headers['Authorization'] == 'Bearer ' + TEST_TOKEN
+    assert responses.calls[0].request.body is None
+    assert responses.calls[0].request.params['version'] == '2021-09-20'
+    # Check the logs.
+    #pylint: disable=line-too-long
+    assert caplog.record_tuples[0][2] == 'Invoking VPC \'create_iam_token\' operation: http://169.254.169.254/instance_identity/v1/iam_token'
+    assert caplog.record_tuples[1][2] == 'Returned from VPC \'create_iam_token\' operation."'
+
+
 @responses.activate
 def test_request_token_failed(caplog):
     caplog.set_level(logging.DEBUG)