chore: change a few things, fix a few things...

Signed-off-by: Norbert Biczo <[email protected]>

Author: pyrooka

ibm_cloud_sdk_core/authenticators/iam_assume_authenticator.py

@@ -126,9 +126,7 @@ def validate(self) -> None:
         Raises:
             ValueError: The apikey, client_id, and/or client_secret are not valid for IAM token requests.
         """
-        super().validate()
-
-        # Create a temporary IAM authenticator that we can use to validat our delegate.
+        # Create a temporary IAM authenticator that we can use to validate our delegate.
         tmp_authenticator = IAMAuthenticator("")
         tmp_authenticator.token_manager = self.token_manager.iam_delegate
         tmp_authenticator.validate()

ibm_cloud_sdk_core/token_managers/iam_assume_token_manager.py

@@ -14,14 +14,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from typing import Any, Dict, Optional
+from typing import Dict, Optional
 
 from ibm_cloud_sdk_core.token_managers.iam_token_manager import IAMTokenManager
 
 from .iam_request_based_token_manager import IAMRequestBasedTokenManager
 from ..private_helpers import _build_user_agent
 
 
+# pylint: disable=too-many-instance-attributes
 class IAMAssumeTokenManager(IAMRequestBasedTokenManager):
     """The IAMAssumeTokenManager takes an api key and information about a trusted profile then performs the necessary
     interactions with the IAM token service to obtain and store a suitable bearer token. This token "assumes" the
@@ -84,12 +85,9 @@ def __init__(
     ) -> None:
         super().__init__(
             url=url,
-            client_id=client_id,
-            client_secret=client_secret,
             disable_ssl_verification=disable_ssl_verification,
             headers=headers,
             proxies=proxies,
-            scope=scope,
         )
 
         self.iam_profile_id = iam_profile_id
@@ -114,14 +112,6 @@ def __init__(
         self.request_payload['grant_type'] = 'urn:ibm:params:oauth:grant-type:assume'
         self._set_user_agent(_build_user_agent('iam-assume-authenticator'))
 
-    # Remove unsupported attributes, inherited from the parent class.
-    def __getattribute__(self, name: str) -> Any:
-        disallowed_attrs = ['refresh_token', 'client_id', 'client_secret']
-        if name in disallowed_attrs:
-            raise AttributeError(f"'{self.__class__.__name__}' has no attribute '{name}'")
-
-        return super().__getattribute__(name)
-
     def request_token(self) -> Dict:
         """Retrieves a standard IAM access token by using the IAM token manager
         then obtains another access token for the assumed identity.
@@ -140,4 +130,14 @@ def request_token(self) -> Dict:
             self.request_payload['profile_name'] = self.iam_profile_name
             self.request_payload['account'] = self.iam_account_id
 
+        # Make sure that the unsupported attributes will never be included in the requests.
+        self.client_id = None
+        self.client_secret = None
+        self.scope = None
+
         return super().request_token()
+
+    def _save_token_info(self, token_response: Dict) -> None:
+        super()._save_token_info(token_response)
+        # Set refresh token to None unconditionally.
+        self.refresh_token = None

test/test_iam_assume_token_manager.py

@@ -21,7 +21,6 @@
 import urllib
 
 import jwt
-import pytest
 import responses
 
 from ibm_cloud_sdk_core import IAMAssumeTokenManager
@@ -148,8 +147,7 @@ def test_request_token_with_profile_name_and_account_id():
 
 @responses.activate
 def test_request_token_uses_the_correct_grant_types():
-    iam_url = "https://iam.cloud.ibm.com/identity/token"
-    responses.add(responses.POST, url=iam_url, body=BASE_RESPONSE_JSON, status=200)
+    responses.add(responses.POST, url=IAM_URL, body=BASE_RESPONSE_JSON, status=200)
 
     token_manager = IAMAssumeTokenManager("apikey", iam_profile_id='my_profile_id')
     token_manager.request_token()
@@ -192,7 +190,26 @@ def test_get_token():
     # The final result should be the other access token, which belong to the "assume" request.
     assert access_token == OTHER_ACCESS_TOKEN
 
-    # Make sure `refresh_token` is not accessible.
-    with pytest.raises(AttributeError) as err:
-        assert token_manager.refresh_token == "not_available"
-    assert str(err.value) == "'IAMAssumeTokenManager' has no attribute 'refresh_token'"
+    # Make sure `refresh_token` is None.
+    assert token_manager.refresh_token is None
+
+
+@responses.activate
+def test_correct_properties_used_in_calls():
+    responses.add_callback(responses.POST, url=IAM_URL, callback=request_callback)
+
+    token_manager = IAMAssumeTokenManager(
+        "apikey",
+        iam_profile_id=MY_PROFILE_ID,
+        client_id='my_client_id',
+        client_secret='my_client_secret',
+        scope='my_scope',
+    )
+    token_manager.get_token()
+
+    # Make sure the all properties were used in the first request via the IAM delegate,
+    assert responses.calls[0].request.headers.get('Authorization') == 'Basic bXlfY2xpZW50X2lkOm15X2NsaWVudF9zZWNyZXQ='
+    assert 'scope=my_scope' in responses.calls[0].request.body
+    # but those were not included in the second, assume type request.
+    assert responses.calls[1].request.headers.get('Authorization') is None
+    assert 'scope=my_scope' not in responses.calls[1].request.body