Merge pull request #378 from cloudant/support-legacy-creds-with-iam

Added support for IAM API key in cloudant_bluemix method

Author: emlaver

CHANGES.md

@@ -1,5 +1,6 @@
 # Unreleased
 
+- [IMPROVED] Added support for IAM API key in `cloudant_bluemix` method.
 - [IMPROVED] Updated Travis CI and unit tests to run against CouchDB 2.1.1.
 
 # 2.8.1 (2018-02-16)

src/cloudant/__init__.py

@@ -116,6 +116,7 @@ def cloudant_bluemix(vcap_services, instance_name=None, service_name=None, **kwa
                 "cloudantNoSQLDB": [
                     {
                         "credentials": {
+                            "apikey": "some123api456key"
                             "username": "example",
                             "password": "xxxxxxx",
                             "host": "example.cloudant.com",

src/cloudant/_common_util.py

@@ -1,5 +1,5 @@
 #!/usr/bin/env python
-# Copyright (c) 2015, 2017 IBM Corp. All rights reserved.
+# Copyright (C) 2015, 2018 IBM Corp. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@
 import json
 
 from ._2to3 import LONGTYPE, STRTYPE, NONETYPE, UNITYPE, iteritems_
-from .error import CloudantArgumentError, CloudantException
+from .error import CloudantArgumentError, CloudantException, CloudantClientException
 
 # Library Constants
 
@@ -306,9 +306,14 @@ def __init__(self, vcap_services, instance_name=None, service_name=None):
                     credentials = service['credentials']
                     self._host = credentials['host']
                     self._name = service.get('name')
-                    self._password = credentials['password']
                     self._port = credentials.get('port', 443)
                     self._username = credentials['username']
+                    if 'apikey' in credentials:
+                        self._iam_api_key = credentials['apikey']
+                    elif 'username' in credentials and 'password' in credentials:
+                        self._password = credentials['password']
+                    else:
+                        raise CloudantClientException(103)
                     break
             else:
                 raise CloudantException('Missing service in VCAP_SERVICES')
@@ -355,3 +360,8 @@ def url(self):
     def username(self):
         """ Return service username. """
         return self._username
+
+    @property
+    def iam_api_key(self):
+        """ Return service IAM API key. """
+        return self._iam_api_key

src/cloudant/_messages.py

@@ -72,6 +72,7 @@
     100: 'A general Cloudant client exception was raised.',
     101: 'Value must be set to a Database object. Found type: {0}',
     102: 'You must provide a url or an account.',
+    103: 'Invalid service: IAM API key or username/password credentials are required.',
     404: 'Database {0} does not exist. Verify that the client is valid and try again.',
     412: 'Database {0} already exists.'
 }

src/cloudant/client.py

@@ -1,5 +1,5 @@
 #!/usr/bin/env python
-# Copyright (C) 2015, 2017 IBM Corp. All rights reserved.
+# Copyright (C) 2015, 2018 IBM Corp. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -29,7 +29,7 @@
 from .error import (
     CloudantArgumentError,
     CloudantClientException,
-    CloudantDatabaseException)
+    CloudantDatabaseException, CloudantException)
 from ._common_util import (
     USER_AGENT,
     append_response_error_content,
@@ -788,9 +788,17 @@ def bluemix(cls, vcap_services, instance_name=None, service_name=None, **kwargs)
             print client.all_dbs()
         """
         service_name = service_name or 'cloudantNoSQLDB'  # default service
-        service = CloudFoundryService(vcap_services,
-                                      instance_name=instance_name,
-                                      service_name=service_name)
+        try:
+            service = CloudFoundryService(vcap_services,
+                                          instance_name=instance_name,
+                                          service_name=service_name)
+        except CloudantException:
+            raise CloudantClientException(103)
+
+        if hasattr(service, 'iam_api_key'):
+            return Cloudant.iam(service.username,
+                                service.iam_api_key,
+                                url=service.url)
         return Cloudant(service.username,
                         service.password,
                         url=service.url,

tests/unit/client_tests.py

@@ -633,9 +633,9 @@ def test_cloudant_context_helper(self):
             self.fail('Exception {0} was raised.'.format(str(err)))
 
     @skip_if_not_cookie_auth
-    def test_cloudant_bluemix_context_helper(self):
+    def test_cloudant_bluemix_context_helper_with_legacy_creds(self):
         """
-        Test that the cloudant_bluemix context helper works as expected.
+        Test that the cloudant_bluemix context helper with legacy creds works as expected.
         """
         instance_name = 'Cloudant NoSQL DB-lv'
         vcap_services = {'cloudantNoSQLDB': [{
@@ -657,6 +657,56 @@ def test_cloudant_bluemix_context_helper(self):
         except Exception as err:
             self.fail('Exception {0} was raised.'.format(str(err)))
 
+    @unittest.skipUnless(os.environ.get('IAM_API_KEY'),
+                     'Skipping Cloudant Bluemix context helper with IAM test')
+    def test_cloudant_bluemix_context_helper_with_iam(self):
+        """
+        Test that the cloudant_bluemix context helper with IAM works as expected.
+        """
+        instance_name = 'Cloudant NoSQL DB-lv'
+        vcap_services = {'cloudantNoSQLDB': [{
+          'credentials': {
+            'apikey': self.iam_api_key,
+            'username': self.user,
+            'host': '{0}.cloudant.com'.format(self.account),
+            'port': 443,
+            'url': self.url
+          },
+          'name': instance_name,
+        }]}
+
+        try:
+            with cloudant_bluemix(vcap_services, instance_name=instance_name) as c:
+                self.assertIsInstance(c, Cloudant)
+                self.assertIsInstance(c.r_session, requests.Session)
+        except Exception as err:
+            self.fail('Exception {0} was raised.'.format(str(err)))
+
+    def test_cloudant_bluemix_context_helper_raise_error_for_missing_iam_and_creds(self):
+        """
+        Test that the cloudant_bluemix context helper raises a CloudantClientException
+        when the IAM key, username, and password are missing in the VCAP_SERVICES env variable.
+        """
+        instance_name = 'Cloudant NoSQL DB-lv'
+        vcap_services = {'cloudantNoSQLDB': [{
+          'credentials': {
+            'host': '{0}.cloudant.com'.format(self.account),
+            'port': 443,
+            'url': self.url
+          },
+          'name': instance_name,
+        }]}
+
+        try:
+            with cloudant_bluemix(vcap_services, instance_name=instance_name) as c:
+                self.assertIsInstance(c, Cloudant)
+                self.assertIsInstance(c.r_session, requests.Session)
+        except CloudantClientException as err:
+            self.assertEqual(
+                'Invalid service: IAM API key or username/password credentials are required.',
+                str(err)
+            )
+
     def test_cloudant_bluemix_dedicated_context_helper(self):
         """
         Test that the cloudant_bluemix context helper works as expected when
@@ -698,7 +748,7 @@ def test_constructor_with_account(self):
             )
 
     @skip_if_not_cookie_auth
-    def test_bluemix_constructor(self):
+    def test_bluemix_constructor_with_legacy_creds(self):
         """
         Test instantiating a client object using a VCAP_SERVICES environment
         variable.
@@ -730,7 +780,39 @@ def test_bluemix_constructor(self):
         finally:
             c.disconnect()
 
-    @skip_if_not_cookie_auth
+
+    @unittest.skipUnless(os.environ.get('IAM_API_KEY'),
+                     'Skipping Cloudant Bluemix constructor with IAM test')
+    def test_bluemix_constructor_with_iam(self):
+        """
+        Test instantiating a client object using a VCAP_SERVICES environment
+        variable.
+        """
+        instance_name = 'Cloudant NoSQL DB-lv'
+        vcap_services = {'cloudantNoSQLDB': [{
+            'credentials': {
+                'apikey': self.iam_api_key,
+                'username': self.user,
+                'host': '{0}.cloudant.com'.format(self.account),
+                'port': 443
+            },
+            'name': instance_name
+        }]}
+
+        # create Cloudant Bluemix client
+        c = Cloudant.bluemix(vcap_services)
+
+        try:
+            c.connect()
+            self.assertIsInstance(c, Cloudant)
+            self.assertIsInstance(c.r_session, requests.Session)
+
+        except Exception as err:
+            self.fail('Exception {0} was raised.'.format(str(err)))
+
+        finally:
+            c.disconnect()
+
     def test_bluemix_constructor_specify_instance_name(self):
         """
         Test instantiating a client object using a VCAP_SERVICES environment
@@ -773,8 +855,7 @@ def test_bluemix_constructor_with_multiple_services(self):
         vcap_services = {'cloudantNoSQLDB': [
             {
                 'credentials': {
-                    'username': self.user,
-                    'password': self.pwd,
+                    'apikey': '1234api',
                     'host': '{0}.cloudant.com'.format(self.account),
                     'port': 443,
                     'url': self.url