feat(config): get_authenticator_from_environment for loading from env

Author: ehdsouza

ibm_cloud_sdk_core/__init__.py

@@ -19,4 +19,4 @@
 from .jwt_token_manager import JWTTokenManager
 from .cp4d_token_manager import CP4DTokenManager
 from .api_exception import ApiException
-from .utils import datetime_to_string, string_to_datetime
+from .utils import datetime_to_string, string_to_datetime, get_authenticator_from_environment

ibm_cloud_sdk_core/base_service.py

@@ -22,7 +22,7 @@
 import requests
 from requests.structures import CaseInsensitiveDict
 from .version import __version__
-from .utils import has_bad_first_or_last_char, remove_null_values, cleanup_values
+from .utils import has_bad_first_or_last_char, remove_null_values, cleanup_values, read_from_external_sources
 from .detailed_response import DetailedResponse
 from .api_exception import ApiException
 from .authenticators import Authenticator, BasicAuthenticator, BearerTokenAuthenticator, CloudPakForDataAuthenticator, IamAuthenticator, NoauthAuthenticator
@@ -34,25 +34,19 @@
 
 
 class BaseService(object):
-    DEFAULT_CREDENTIALS_FILE_NAME = 'ibm-credentials.env'
+
     SDK_NAME = 'ibm-python-sdk-core'
 
     def __init__(self,
-                 vcap_services_name,
                  url,
                  authenticator=None,
                  disable_ssl_verification=False,
                  display_name=None):
         """
-        It loads credentials with the following preference:
-        1) Credentials explicitly set in the authenticator
-        2) Credentials loaded from credentials file if present
-        3) Credentials loaded from VCAP_SERVICES environment variable
-
-        :attr str vcap_services_name: The vcap service name
         :attr str url: The url for service api calls
+        :attr Athenticator authenticator: The authenticator for authentication
         :attr bool disable_ssl_verification: enables/ disabled ssl verification
-        :attr str display_name the name used for mapping services in credential file
+        :attr str display_name the name used for mapping services in environment file
         """
         self.url = url
         self.http_config = {}
@@ -63,114 +57,19 @@ def __init__(self,
 
         self._set_user_agent_header(self._build_user_agent())
 
-        # 1. Credentials are passed in constructor
         if self.authenticator:
             if not isinstance(self.authenticator, Authenticator):
                 raise ValueError(
                     'authenticator should be of type Authenticator')
 
-        # 2. Credentials from credential file
-        if display_name and not self.authenticator:
+        if display_name:
             service_name = display_name.replace(' ', '_').lower()
-            self._load_from_credential_file(service_name)
-
-        # 3. Credentials from VCAP
-        if not self.authenticator:
-            vcap_service_credentials = self._load_from_vcap_services(
-                vcap_services_name)
-            if vcap_service_credentials is not None and isinstance(
-                    vcap_service_credentials, dict):
-                if vcap_service_credentials.get('username') and vcap_service_credentials.get('password'): # cf
-                    vcap_service_credentials['auth_type'] = 'basic'
-                elif vcap_service_credentials.get('apikey'): # rc
-                    vcap_service_credentials['auth_type'] = 'iam'
-                self._set_authenticator_properties(vcap_service_credentials)
-                self._set_service_properties(vcap_service_credentials)
-
-        if not self.authenticator:
-            self.authenticator = NoauthAuthenticator()
-
-    def _load_from_credential_file(self, service_name, separator='='):
-        """
-        Initiates the credentials based on the credential file
+            config = read_from_external_sources(service_name)
+            if config.get('url'):
+                self.url = config.get('url')
+            if config.get('disable_ssl'):
+                self.disable_ssl_verification = config.get('disable_ssl')
 
-        :param str service_name: The service name
-        :param str separator: the separator for key value pair
-        """
-        # File path specified by an env variable
-        credential_file_path = os.getenv('IBM_CREDENTIALS_FILE')
-
-        # Home directory
-        if credential_file_path is None:
-            file_path = join(
-                expanduser('~'), self.DEFAULT_CREDENTIALS_FILE_NAME)
-            if isfile(file_path):
-                credential_file_path = file_path
-
-        # Top-level of the project directory
-        if credential_file_path is None:
-            file_path = join(
-                dirname(dirname(abspath(__file__))),
-                self.DEFAULT_CREDENTIALS_FILE_NAME)
-            if isfile(file_path):
-                credential_file_path = file_path
-
-        properties = {}
-        if credential_file_path is not None:
-            with open(credential_file_path, 'r') as fp:
-                for line in fp:
-                    key_val = line.strip().split(separator)
-                    if len(key_val) == 2:
-                        key = key_val[0].lower()
-                        value = key_val[1]
-                        if service_name in key:
-                            index = key.find('_')
-                            if index != -1:
-                                properties[key[index + 1:]] = value
-
-        if properties:
-            self._set_authenticator_properties(properties)
-            self._set_service_properties(properties)
-
-    def _set_authenticator_properties(self, properties):
-        auth_type = properties.get('auth_type')
-        if auth_type == 'basic':
-            self.authenticator = BasicAuthenticator(
-                username=properties.get('username'),
-                password=properties.get('password'))
-        elif auth_type == 'bearerToken':
-            self.authenticator = BearerTokenAuthenticator(
-                bearer_token=properties.get('bearer_token'))
-        elif auth_type == 'cp4d':
-            self.authenticator = CloudPakForDataAuthenticator(
-                username=properties.get('username'),
-                password=properties.get('password'),
-                url=properties.get('auth_url'),
-                disable_ssl_verification=properties.get('auth_disable_ssl'))
-        elif auth_type == 'iam':
-            self.authenticator = IamAuthenticator(
-                apikey=properties.get('apikey'),
-                url=properties.get('auth_url'),
-                client_id=properties.get('client_id'),
-                client_secret=properties.get('client_secret'),
-                disable_ssl_verification=properties.get('auth_disable_ssl'))
-        elif auth_type == 'noauth':
-            self.authenticator = NoauthAuthenticator()
-
-    def _set_service_properties(self, properties):
-        if 'url' in properties:
-            self.url = properties.get('url')
-        if 'disable_ssl' in properties:
-            self.disable_ssl_verification = properties.get('disable_ssl')
-
-    def _load_from_vcap_services(self, service_name):
-        vcap_services = os.getenv('VCAP_SERVICES')
-        if vcap_services is not None:
-            services = json_import.loads(vcap_services)
-            if service_name in services:
-                return services[service_name][0]['credentials']
-        else:
-            return None
 
     def _get_system_info(self):
         return '{0} {1} {2}'.format(
@@ -237,7 +136,6 @@ def send(self, request, **kwargs):
             kwargs['verify'] = False
 
         response = requests.request(**request, cookies=self.jar, **kwargs)
-        print(response.headers)
 
         if 200 <= response.status_code <= 299:
             if response.status_code == 204 or request['method'] == 'HEAD':

ibm_cloud_sdk_core/utils.py

@@ -15,6 +15,9 @@
 # limitations under the License.
 
 import dateutil.parser as date_parser
+from os.path import dirname, isfile, join, expanduser, abspath, basename
+from os import getenv
+import json as json_import
 
 def has_bad_first_or_last_char(str):
     return str is not None and (str.startswith('{') or str.startswith('"') or str.endswith('}') or str.endswith('"'))
@@ -39,7 +42,7 @@ def datetime_to_string(datetime):
     """
     Serializes a datetime to a string.
     :param datetime: datetime value
-    :return: string. containing iso8601 format date string
+    :return: string containing iso8601 format date string
     """
     return datetime.isoformat().replace('+00:00', 'Z')
 
@@ -50,3 +53,109 @@ def string_to_datetime(string):
     :return: datetime.
     """
     return date_parser.parse(string)
+
+def get_authenticator_from_environment(service_name):
+    """
+    Checks the credentials file and VCAP_SERVICES environment variable
+    :param service_name: The service name
+    :return: the authenticator
+    """
+    authenticator = None
+    # 1. Credentials from credential file
+    config = read_from_external_sources(service_name)
+    if config:
+        authenticator = contruct_authenticator(config)
+
+    # 2. Credentials from VCAP
+    if not authenticator:
+        config = read_from_vcap_services(service_name)
+        if config:
+            authenticator = contruct_authenticator(config)
+
+    return authenticator
+
+def read_from_external_sources(service_name, separator='='):
+    """
+    :param str service_name: The service name
+    :return dict config: parsed key values pairs
+    """
+    service_name = service_name.lower()
+    DEFAULT_CREDENTIALS_FILE_NAME = 'ibm-credentials.env'
+
+    # File path specified by an env variable
+    credential_file_path = getenv('IBM_CREDENTIALS_FILE')
+
+    # Home directory
+    if credential_file_path is None:
+        file_path = join(expanduser('~'), DEFAULT_CREDENTIALS_FILE_NAME)
+        if isfile(file_path):
+            credential_file_path = file_path
+
+    # Top-level of the project directory
+    if credential_file_path is None:
+        file_path = join(
+            dirname(dirname(abspath(__file__))), DEFAULT_CREDENTIALS_FILE_NAME)
+        if isfile(file_path):
+            credential_file_path = file_path
+
+    config = {}
+    if credential_file_path is not None:
+        with open(credential_file_path, 'r') as fp:
+            for line in fp:
+                key_val = line.strip().split(separator)
+                if len(key_val) == 2:
+                    key = key_val[0].lower()
+                    value = key_val[1]
+                    if service_name in key:
+                        index = key.find('_')
+                        if index != -1:
+                            config[key[index + 1:]] = value
+
+    return config
+
+def read_from_vcap_services(service_name):
+    vcap_services = getenv('VCAP_SERVICES')
+    vcap_service_credentials = None
+    if vcap_services:
+        services = json_import.loads(vcap_services)
+
+        if service_name in services:
+            vcap_service_credentials = services[service_name][0]['credentials']
+            if vcap_service_credentials is not None and isinstance(vcap_service_credentials, dict):
+                if vcap_service_credentials.get('username') and vcap_service_credentials.get('password'): # cf
+                    vcap_service_credentials['auth_type'] = 'basic'
+                elif vcap_service_credentials.get('apikey'):  # rc
+                    vcap_service_credentials['auth_type'] = 'iam'
+                else: # no other auth mechanism is supported
+                    vcap_service_credentials = None
+    return vcap_service_credentials
+
+def contruct_authenticator(config):
+    auth_type = config.get('auth_type')
+    authenticator = None
+    from .authenticators import BasicAuthenticator, BearerTokenAuthenticator, CloudPakForDataAuthenticator, IamAuthenticator, NoauthAuthenticator
+
+    if auth_type == 'basic':
+        authenticator = BasicAuthenticator(
+            username=config.get('username'),
+            password=config.get('password'))
+    elif auth_type == 'bearerToken':
+        authenticator = BearerTokenAuthenticator(
+            bearer_token=config.get('bearer_token'))
+    elif auth_type == 'cp4d':
+        authenticator = CloudPakForDataAuthenticator(
+            username=config.get('username'),
+            password=config.get('password'),
+            url=config.get('auth_url'),
+            disable_ssl_verification=config.get('auth_disable_ssl'))
+    elif auth_type == 'iam':
+        authenticator = IamAuthenticator(
+            apikey=config.get('apikey'),
+            url=config.get('auth_url'),
+            client_id=config.get('client_id'),
+            client_secret=config.get('client_secret'),
+            disable_ssl_verification=config.get('auth_disable_ssl'))
+    elif auth_type == 'noauth':
+        authenticator = NoauthAuthenticator()
+
+    return authenticator

resources/ibm-credentials-iam.env

@@ -1,3 +1,4 @@
 WATSON_APIKEY=5678efgh
 WATSON_URL=https://gateway-s.watsonplatform.net/watson/api
-WATSON_AUTH_TYPE=iam
+WATSON_AUTH_TYPE=iam
+WATSON_DISABLE_SSL=False