Add new setIamApiKey function.

Author: smithsz

CHANGES.md

@@ -1,4 +1,5 @@
 # UNRELEASED
+- [NEW] Added option to set new IAM API key.
 - [FIXED] Allow plugins to be loaded from outside the 'plugins/' directory.
 - [FIXED] Retry bad IAM token requests.
 

lib/client.js

@@ -233,6 +233,15 @@ class CloudantClient {
 
   // public
 
+  /**
+   * Get a client plugin instance.
+   *
+   * @param {string} pluginId
+   */
+  getPlugin(pluginId) {
+    return this._plugins[this._pluginIds.indexOf(pluginId)];
+  }
+
   /**
    * Perform a request using this Cloudant client.
    *

plugins/iamauth.js

@@ -37,9 +37,9 @@ class IAMPlugin extends BasePlugin {
 
     super(client, cfg);
 
-    this.iamApiKey = null;
+    this.currentIamApiKey = null;
     this.baseUrl = cfg.baseUrl || null;
-    this.cookieJar = request.jar();
+    this.cookieJar = null;
     this.tokenUrl = cfg.iamTokenUrl || 'https://iam.cloud.ibm.com/identity/token';
     this.shouldApplyIAMAuth = true;
     this.refreshRequired = true;
@@ -48,8 +48,10 @@ class IAMPlugin extends BasePlugin {
   onRequest(state, req, callback) {
     var self = this;
 
-    if (self._cfg.iamApiKey !== self.iamApiKey) {
-      debug('New credentials identified. Renewing session cookie...');
+    if (self._cfg.iamApiKey !== self.currentIamApiKey) {
+      debug('New IAM API key identified.');
+      this.cookieJar = request.jar(); // new jar
+      self.currentIamApiKey = self._cfg.iamApiKey;
       self.shouldApplyIAMAuth = self.refreshRequired = true;
     }
 
@@ -177,7 +179,6 @@ class IAMPlugin extends BasePlugin {
             if (error) {
               callback(error);
             } else if (response.statusCode === 200) {
-              self.iamApiKey = cfg.iamApiKey;
               self.refreshRequired = false;
               debug('Successfully renewed IAM session.');
               callback();
@@ -196,6 +197,11 @@ class IAMPlugin extends BasePlugin {
       });
     });
   }
+
+  setIamApiKey(iamApiKey) {
+    debug('Setting new IAM API key.');
+    this._cfg.iamApiKey = iamApiKey;
+  }
 }
 
 IAMPlugin.id = 'iamauth';

test/plugins/iamauth.js

@@ -604,4 +604,58 @@ describe('#db IAMAuth Plugin', function() {
       done();
     });
   });
+
+  it('supports changing the IAM API key', function(done) {
+    if (process.env.NOCK_OFF) {
+      this.skip();
+    }
+
+    var iamMocks = nock(TOKEN_SERVER)
+      .post('/identity/token', {
+        'grant_type': 'urn:ibm:params:oauth:grant-type:apikey',
+        'response_type': 'cloud_iam',
+        'apikey': 'bad_key'
+      })
+      .reply(400, {
+        errorCode: 'BXNIM0415E',
+        errorMessage: 'Provided API key could not be found'
+      })
+      .post('/identity/token', {
+        'grant_type': 'urn:ibm:params:oauth:grant-type:apikey',
+        'response_type': 'cloud_iam',
+        'apikey': IAM_API_KEY
+      })
+      .reply(200, MOCK_IAM_TOKEN_RESPONSE);
+
+    var cloudantMocks = nock(SERVER)
+      .get(DBNAME)
+      .reply(401, {error: 'unauthorized', reason: 'Unauthorized'})
+      .post('/_iam_session', {access_token: MOCK_ACCESS_TOKEN})
+      .reply(200, {ok: true}, MOCK_SET_IAM_SESSION_HEADER)
+      .get(DBNAME)
+      .reply(200, {doc_count: 0});
+
+    var cloudantClient = new Client({ plugins: { iamauth: { iamApiKey: 'bad_key' } } });
+    var req = { url: SERVER + DBNAME, method: 'GET' };
+    cloudantClient.request(req, function(err, resp, data) {
+      assert.equal(err, null);
+      assert.equal(resp.request.headers.cookie, null);
+      assert.equal(resp.statusCode, 401);
+      assert.ok(data.indexOf('"error":"unauthorized"') > -1);
+
+      // update IAM API key
+      cloudantClient.getPlugin('iamauth').setIamApiKey(IAM_API_KEY);
+
+      cloudantClient.request(req, function(err, resp, data) {
+        assert.equal(err, null);
+        assert.equal(resp.request.headers.cookie, MOCK_IAM_SESSION);
+        assert.equal(resp.statusCode, 200);
+        assert.ok(data.indexOf('"doc_count":0') > -1);
+
+        iamMocks.done();
+        cloudantMocks.done();
+        done();
+      });
+    });
+  });
 });