feat: use iam.cloud.ibm.com in IAM url; allow IAM client_id/secret to be configured

Author: padamstx

.gitignore

@@ -55,3 +55,6 @@ python3/
 
 .sfdx/tools/apex.db
 .pytest_cache/
+/.project
+/.pydevproject
+/.settings/

ibm_cloud_sdk_core/iam_token_manager.py

@@ -19,17 +19,18 @@
 from .api_exception import ApiException
 
 class IAMTokenManager(object):
-    DEFAULT_IAM_URL = 'https://iam.bluemix.net/identity/token'
+    DEFAULT_IAM_URL = 'https://iam.cloud.ibm.com/identity/token'
     CONTENT_TYPE = 'application/x-www-form-urlencoded'
-    DEFAULT_AUTHORIZATION = 'Basic Yng6Yng='
     REQUEST_TOKEN_GRANT_TYPE = 'urn:ibm:params:oauth:grant-type:apikey'
     REQUEST_TOKEN_RESPONSE_TYPE = 'cloud_iam'
     REFRESH_TOKEN_GRANT_TYPE = 'refresh_token'
 
-    def __init__(self, iam_apikey=None, iam_access_token=None, iam_url=None):
+    def __init__(self, iam_apikey=None, iam_access_token=None, iam_url=None, iam_client_id=None, iam_secret=None):
         self.iam_apikey = iam_apikey
         self.user_access_token = iam_access_token
         self.iam_url = iam_url if iam_url else self.DEFAULT_IAM_URL
+        self.iam_client_id = iam_client_id
+        self.iam_secret = iam_secret
         self.token_info = {
             'access_token': None,
             'refresh_token': None,
@@ -39,9 +40,12 @@ def __init__(self, iam_apikey=None, iam_access_token=None, iam_url=None):
         }
 
     def request(self, method, url, headers=None, params=None, data=None, **kwargs):
+        auth_tuple = ('bx', 'bx')
+        if self.iam_client_id and self.iam_secret:
+            auth_tuple = (self.iam_client_id, self.iam_secret)
         response = requests.request(method=method, url=url,
                                     headers=headers, params=params,
-                                    data=data, **kwargs)
+                                    data=data, auth=auth_tuple, **kwargs)
         if 200 <= response.status_code <= 299:
             return response.json()
         else:
@@ -77,8 +81,7 @@ def _request_token(self):
         """
         headers = {
             'Content-type': self.CONTENT_TYPE,
-            'Authorization': self.DEFAULT_AUTHORIZATION,
-            'accept': 'application/json'
+            'Accept': 'application/json'
         }
         data = {
             'grant_type': self.REQUEST_TOKEN_GRANT_TYPE,
@@ -98,8 +101,7 @@ def _refresh_token(self):
         """
         headers = {
             'Content-type': self.CONTENT_TYPE,
-            'Authorization': self.DEFAULT_AUTHORIZATION,
-            'accept': 'application/json'
+            'Accept': 'application/json'
         }
         data = {
             'grant_type': self.REFRESH_TOKEN_GRANT_TYPE,
@@ -131,6 +133,18 @@ def set_iam_url(self, iam_url):
         """
         self.iam_url = iam_url
 
+    def set_iam_authorization_info(self, iam_client_id, iam_secret):
+        """
+        Set the IAM authorization information.
+        This consists of the client_id and secret.
+        These values are used to form the basic authorization header that
+        is used when interacting with the IAM token server.
+        If these values are not supplied, then a default Authorization header
+        is used.
+        """
+        self.iam_client_id = iam_client_id
+        self.iam_secret = iam_secret
+
     def _is_token_expired(self):
         """
         Check if currently stored token is expired.
@@ -166,3 +180,4 @@ def _save_token_info(self, token_info):
         Save the response from the IAM service request to the object's state.
         """
         self.token_info = token_info
+        

test/test_base_service.py

@@ -101,14 +101,14 @@ def test_fail_http_config():
 
 @responses.activate
 def test_iam():
-    iam_url = "https://iam.bluemix.net/identity/token"
+    iam_url = "https://iam.cloud.ibm.com/identity/token"
     service = AnyServiceV1('2017-07-07', iam_apikey="iam_apikey")
     assert service.token_manager is not None
 
-    service.set_iam_url('https://iam-test.bluemix.net/identity/token')
-    assert service.token_manager.iam_url == 'https://iam-test.bluemix.net/identity/token'
+    service.set_iam_url('https://iam-test.cloud.ibm.com/identity/token')
+    assert service.token_manager.iam_url == 'https://iam-test.cloud.ibm.com/identity/token'
 
-    iam_url = "https://iam.bluemix.net/identity/token"
+    iam_url = "https://iam.cloud.ibm.com/identity/token"
     service = AnyServiceV1('2017-07-07', username='xxx', password='yyy')
     assert service.token_manager is None
     service.set_iam_apikey('yyy')
@@ -149,14 +149,14 @@ def test_when_apikey_is_username():
     assert service1.iam_apikey == 'xxxxx'
     assert service1.username is None
     assert service1.password is None
-    assert service1.token_manager.iam_url == 'https://iam.bluemix.net/identity/token'
+    assert service1.token_manager.iam_url == 'https://iam.cloud.ibm.com/identity/token'
 
-    service2 = AnyServiceV1('2017-07-07', username='apikey', password='xxxxx', iam_url='https://iam.stage1.bluemix.net/identity/token')
+    service2 = AnyServiceV1('2017-07-07', username='apikey', password='xxxxx', iam_url='https://iam.stage1.cloud.ibm.com/identity/token')
     assert service2.token_manager is not None
     assert service2.iam_apikey == 'xxxxx'
     assert service2.username is None
     assert service2.password is None
-    assert service2.token_manager.iam_url == 'https://iam.stage1.bluemix.net/identity/token'
+    assert service2.token_manager.iam_url == 'https://iam.stage1.cloud.ibm.com/identity/token'
 
 def test_for_icp():
     service1 = AnyServiceV1('2017-07-07', username='apikey', password='icp-xxxx', url='service_url')

test/test_iam_token_manager.py

@@ -109,3 +109,153 @@ def test_get_token():
     }
     token = token_manager.get_token()
     assert token == 'dummy'
+
+@responses.activate
+def test_request_token_auth_default():
+    iam_url = "https://iam.cloud.ibm.com/identity/token"
+    response = """{
+        "access_token": "oAeisG8yqPY7sFR_x66Z15",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": 1524167011,
+        "refresh_token": "jy4gl91BQ"
+    }"""
+    default_auth_header = 'Basic Yng6Yng='
+    responses.add(responses.POST, url=iam_url, body=response, status=200)
+
+    token_manager = IAMTokenManager("iam_apikey", "iam_access_token")
+    token_manager._request_token()
+
+    assert len(responses.calls) == 1
+    assert responses.calls[0].request.url == iam_url
+    assert responses.calls[0].request.headers['Authorization'] == default_auth_header
+    assert responses.calls[0].response.text == response
+
+@responses.activate
+def test_request_token_auth_in_ctor():
+    iam_url = "https://iam.cloud.ibm.com/identity/token"
+    response = """{
+        "access_token": "oAeisG8yqPY7sFR_x66Z15",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": 1524167011,
+        "refresh_token": "jy4gl91BQ"
+    }"""
+    default_auth_header = 'Basic Yng6Yng='
+    responses.add(responses.POST, url=iam_url, body=response, status=200)
+
+    token_manager = IAMTokenManager("iam_apikey", "iam_access_token", iam_url, 'foo', 'bar')
+    token_manager._request_token()
+
+    assert len(responses.calls) == 1
+    assert responses.calls[0].request.url == iam_url
+    assert responses.calls[0].request.headers['Authorization'] != default_auth_header
+    assert responses.calls[0].response.text == response
+
+@responses.activate
+def test_request_token_auth_in_ctor_client_id_only():
+    iam_url = "https://iam.bluemix.net/identity/token"
+    response = """{
+        "access_token": "oAeisG8yqPY7sFR_x66Z15",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": 1524167011,
+        "refresh_token": "jy4gl91BQ"
+    }"""
+    default_auth_header = 'Basic Yng6Yng='
+    responses.add(responses.POST, url=iam_url, body=response, status=200)
+
+    token_manager = IAMTokenManager("iam_apikey", "iam_access_token", iam_url, 'foo')
+    token_manager._request_token()
+
+    assert len(responses.calls) == 1
+    assert responses.calls[0].request.url == iam_url
+    assert responses.calls[0].request.headers['Authorization'] == default_auth_header
+    assert responses.calls[0].response.text == response
+
+@responses.activate
+def test_request_token_auth_in_ctor_secret_only():
+    iam_url = "https://iam.bluemix.net/identity/token"
+    response = """{
+        "access_token": "oAeisG8yqPY7sFR_x66Z15",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": 1524167011,
+        "refresh_token": "jy4gl91BQ"
+    }"""
+    default_auth_header = 'Basic Yng6Yng='
+    responses.add(responses.POST, url=iam_url, body=response, status=200)
+
+    token_manager = IAMTokenManager("iam_apikey", "iam_access_token", iam_url, None, 'bar')
+    token_manager._request_token()
+
+    assert len(responses.calls) == 1
+    assert responses.calls[0].request.url == iam_url
+    assert responses.calls[0].request.headers['Authorization'] == default_auth_header
+    assert responses.calls[0].response.text == response
+
+@responses.activate
+def test_request_token_auth_in_setter():
+    iam_url = "https://iam.cloud.ibm.com/identity/token"
+    response = """{
+        "access_token": "oAeisG8yqPY7sFR_x66Z15",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": 1524167011,
+        "refresh_token": "jy4gl91BQ"
+    }"""
+    default_auth_header = 'Basic Yng6Yng='
+    responses.add(responses.POST, url=iam_url, body=response, status=200)
+
+    token_manager = IAMTokenManager("iam_apikey")
+    token_manager.set_iam_authorization_info('foo', 'bar')
+    token_manager._request_token()
+
+    assert len(responses.calls) == 1
+    assert responses.calls[0].request.url == iam_url
+    assert responses.calls[0].request.headers['Authorization'] != default_auth_header
+    assert responses.calls[0].response.text == response
+
+@responses.activate
+def test_request_token_auth_in_setter_client_id_only():
+    iam_url = "https://iam.cloud.ibm.com/identity/token"
+    response = """{
+        "access_token": "oAeisG8yqPY7sFR_x66Z15",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": 1524167011,
+        "refresh_token": "jy4gl91BQ"
+    }"""
+    default_auth_header = 'Basic Yng6Yng='
+    responses.add(responses.POST, url=iam_url, body=response, status=200)
+
+    token_manager = IAMTokenManager("iam_apikey")
+    token_manager.set_iam_authorization_info('foo', None)
+    token_manager._request_token()
+
+    assert len(responses.calls) == 1
+    assert responses.calls[0].request.url == iam_url
+    assert responses.calls[0].request.headers['Authorization'] == default_auth_header
+    assert responses.calls[0].response.text == response
+
+@responses.activate
+def test_request_token_auth_in_setter_secret_only():
+    iam_url = "https://iam.cloud.ibm.com/identity/token"
+    response = """{
+        "access_token": "oAeisG8yqPY7sFR_x66Z15",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": 1524167011,
+        "refresh_token": "jy4gl91BQ"
+    }"""
+    default_auth_header = 'Basic Yng6Yng='
+    responses.add(responses.POST, url=iam_url, body=response, status=200)
+
+    token_manager = IAMTokenManager("iam_apikey")
+    token_manager.set_iam_authorization_info(None, 'bar')
+    token_manager._request_token()
+
+    assert len(responses.calls) == 1
+    assert responses.calls[0].request.url == iam_url
+    assert responses.calls[0].request.headers['Authorization'] == default_auth_header
+    assert responses.calls[0].response.text == response