chore: change a few things, fix a few things...

pyrooka · pyrooka · commit f9617eed10f7 · 2024-10-09T21:30:22.000+02:00
Signed-off-by: Norbert Biczo &lt;pyrooka@users.noreply.github.com&gt;
diff --git a/ibm_cloud_sdk_core/authenticators/iam_assume_authenticator.py b/ibm_cloud_sdk_core/authenticators/iam_assume_authenticator.py
@@ -126,8 +126,6 @@ def validate(self) -> None:
         Raises:
             ValueError: The apikey, client_id, and/or client_secret are not valid for IAM token requests.
         """
-        super().validate()
-
         # Create a temporary IAM authenticator that we can use to validat our delegate.
         tmp_authenticator = IAMAuthenticator("")
         tmp_authenticator.token_manager = self.token_manager.iam_delegate
diff --git a/ibm_cloud_sdk_core/token_managers/iam_assume_token_manager.py b/ibm_cloud_sdk_core/token_managers/iam_assume_token_manager.py
@@ -84,12 +84,9 @@ def __init__(
     ) -> None:
         super().__init__(
             url=url,
-            client_id=client_id,
-            client_secret=client_secret,
             disable_ssl_verification=disable_ssl_verification,
             headers=headers,
             proxies=proxies,
-            scope=scope,
         )
 
         self.iam_profile_id = iam_profile_id
@@ -114,14 +111,6 @@ def __init__(
         self.request_payload['grant_type'] = 'urn:ibm:params:oauth:grant-type:assume'
         self._set_user_agent(_build_user_agent('iam-assume-authenticator'))
 
-    # Remove unsupported attributes, inherited from the parent class.
-    def __getattribute__(self, name: str) -> Any:
-        disallowed_attrs = ['refresh_token', 'client_id', 'client_secret']
-        if name in disallowed_attrs:
-            raise AttributeError(f"'{self.__class__.__name__}' has no attribute '{name}'")
-
-        return super().__getattribute__(name)
-
     def request_token(self) -> Dict:
         """Retrieves a standard IAM access token by using the IAM token manager
         then obtains another access token for the assumed identity.
@@ -140,4 +129,14 @@ def request_token(self) -> Dict:
             self.request_payload['profile_name'] = self.iam_profile_name
             self.request_payload['account'] = self.iam_account_id
 
+        # Make sure that the unsupported attributes will never be included in the requests.
+        self.client_id = None
+        self.client_secret = None
+        self.scope = None
+
         return super().request_token()
+
+    def _save_token_info(self, token_response: Dict) -> None:
+        super()._save_token_info(token_response)
+        # Set refresh token to None unconditionally.
+        self.refresh_token = None
diff --git a/test/test_iam_assume_token_manager.py b/test/test_iam_assume_token_manager.py
@@ -148,8 +148,7 @@ def test_request_token_with_profile_name_and_account_id():
 
 @responses.activate
 def test_request_token_uses_the_correct_grant_types():
-    iam_url = "https://iam.cloud.ibm.com/identity/token"
-    responses.add(responses.POST, url=iam_url, body=BASE_RESPONSE_JSON, status=200)
+    responses.add(responses.POST, url=IAM_URL, body=BASE_RESPONSE_JSON, status=200)
 
     token_manager = IAMAssumeTokenManager("apikey", iam_profile_id='my_profile_id')
     token_manager.request_token()
@@ -192,7 +191,19 @@ def test_get_token():
     # The final result should be the other access token, which belong to the "assume" request.
     assert access_token == OTHER_ACCESS_TOKEN
 
-    # Make sure `refresh_token` is not accessible.
-    with pytest.raises(AttributeError) as err:
-        assert token_manager.refresh_token == "not_available"
-    assert str(err.value) == "'IAMAssumeTokenManager' has no attribute 'refresh_token'"
+    # Make sure `refresh_token` is None.
+    assert token_manager.refresh_token is None
+
+@responses.activate
+def test_correct_properties_used_in_calls():
+    responses.add_callback(responses.POST, url=IAM_URL, callback=request_callback)
+
+    token_manager = IAMAssumeTokenManager("apikey", iam_profile_id=MY_PROFILE_ID, client_id='my_client_id', client_secret='my_client_secret', scope='my_scope')
+    token_manager.get_token()
+
+    # Make sure the all properties were used in the first request via the IAM delegate,
+    assert responses.calls[0].request.headers.get('Authorization') == 'Basic bXlfY2xpZW50X2lkOm15X2NsaWVudF9zZWNyZXQ='
+    assert 'scope=my_scope' in responses.calls[0].request.body
+    # but those were not included in the second, assume type request.
+    assert responses.calls[1].request.headers.get('Authorization') is None
+    assert 'scope=my_scope' not in responses.calls[1].request.body
