test coverage, linting

zackverham · zackverham · commit 08796e2ab5c9 · 2024-12-02T15:48:51.000-05:00
diff --git a/src/posit/connect/external/databricks.py b/src/posit/connect/external/databricks.py
@@ -2,17 +2,19 @@
 from typing import Callable, Dict, Optional
 
 from ..client import Client
+from ..oauth import Credentials
 from .external import is_local
 
 """
 NOTE: These APIs are provided as a convenience and are subject to breaking changes:
 https://github.com/databricks/databricks-sdk-py#interface-stability
 """
 
+POSIT_OAUTH_INTEGRATION_AUTH_TYPE = "posit-oauth-integration"
+
 # The Databricks SDK CredentialsProvider == Databricks SQL HeaderFactory
 CredentialsProvider = Callable[[], Dict[str, str]]
 
-
 class CredentialsStrategy(abc.ABC):
     """Maintain compatibility with the Databricks SQL/SDK client libraries.
 
@@ -28,20 +30,74 @@ def auth_type(self) -> str:
     def __call__(self, *args, **kwargs) -> CredentialsProvider:
         raise NotImplementedError
 
-# TODO: Refactor common behavior across different cred providers.
+
+def _new_bearer_authorization_header(credentials: Credentials) -> Dict[str, str]:
+    """Helper to transform an Credentials object into the Bearer auth header consumed by databricks.
+
+    Raises
+    ------
+        ValueError: If provided Credentials object does not contain an access token
+
+    Returns
+    -------
+        Dict[str, str]
+    """
+    access_token = credentials.get("access_token")
+    if access_token is None:
+        raise ValueError("Missing value for field 'access_token' in credentials.")
+    return {"Authorization": f"Bearer {access_token}"}
+
+def _get_auth_type(local_auth_type: str) -> str: 
+    """Returns the auth type currently in use.
+
+    The databricks-sdk client uses the configurated auth_type to create
+    a user-agent string which is used for attribution. We should only
+    overwrite the auth_type if we are using the PositCredentialsStrategy (non-local),
+    otherwise, we should return the auth_type of the configured local_strategy instead
+    to avoid breaking someone elses attribution.
+
+    https://github.com/databricks/databricks-sdk-py/blob/v0.29.0/databricks/sdk/config.py#L261-L269
+
+    NOTE: The databricks-sql client does not use auth_type to set the user-agent.
+    https://github.com/databricks/databricks-sql-python/blob/v3.3.0/src/databricks/sql/client.py#L214-L219
+    
+    Returns
+    -------
+        str
+    """
+    if is_local():
+        return local_auth_type
+
+    return POSIT_OAUTH_INTEGRATION_AUTH_TYPE 
+
+
 
 class PositContentCredentialsProvider:
+    """CredentialsProvider implementation which initiates a credential exchange using a content-session-token."""
+
     def __init__(self, client: Client):
         self._client = client
 
     def __call__(self) -> Dict[str, str]:
         credentials = self._client.oauth.get_content_credentials()
-        access_token = credentials.get("access_token")
-        if access_token is None:
-            raise ValueError("Missing value for field 'access_token' in credentials.")
-        return {"Authorization": f"Bearer {access_token}"}
+        return _new_bearer_authorization_header(credentials)
+
+
+class PositCredentialsProvider:
+    """CredentialsProvider implementation which initiates a credential exchange using a user-session-token."""
+
+    def __init__(self, client: Client, user_session_token: str):
+        self._client = client
+        self._user_session_token = user_session_token
+
+    def __call__(self) -> Dict[str, str]:
+        credentials = self._client.oauth.get_credentials(self._user_session_token)
+        return _new_bearer_authorization_header(credentials)
+
+
+class PositContentCredentialsStrategy(CredentialsStrategy):
+    """CredentialsStrategy implementation which returns a PositContentCredentialsProvider when called."""
 
-class PositContentCredentialsStrategy:
     def __init__(
         self,
         local_strategy: CredentialsStrategy,
@@ -51,15 +107,22 @@ def __init__(
         self._client = client
 
     def sql_credentials_provider(self, *args, **kwargs):
+        """The sql connector attempts to call the credentials provider w/o any args.
+
+        The SQL client's `ExternalAuthProvider` is not compatible w/ the SDK's implementation of
+        `CredentialsProvider`, so create a no-arg lambda that wraps the args defined by the real caller.
+        This way we can pass in a databricks `Config` object required by most of the SDK's `CredentialsProvider`
+        implementations from where `sql.connect` is called.
+
+        https://github.com/databricks/databricks-sql-python/issues/148#issuecomment-2271561365
+        """
         return lambda: self.__call__(*args, **kwargs)
 
     def auth_type(self) -> str:
-        if is_local():
-            return self._local_strategy.auth_type()
-        else:
-            return "posit-oauth-integration"
+        return _get_auth_type(self._local_strategy.auth_type())
 
     def __call__(self, *args, **kwargs) -> CredentialsProvider:
+        # If the content is not running on Connect then fall back to local_strategy
         if is_local():
             return self._local_strategy(*args, **kwargs)
 
@@ -69,20 +132,9 @@ def __call__(self, *args, **kwargs) -> CredentialsProvider:
         return PositContentCredentialsProvider(self._client)
 
 
-class PositCredentialsProvider:
-    def __init__(self, client: Client, user_session_token: str):
-        self._client = client
-        self._user_session_token = user_session_token
-
-    def __call__(self) -> Dict[str, str]:
-        credentials = self._client.oauth.get_credentials(self._user_session_token)
-        access_token = credentials.get("access_token")
-        if access_token is None:
-            raise ValueError("Missing value for field 'access_token' in credentials.")
-        return {"Authorization": f"Bearer {access_token}"}
-
-
 class PositCredentialsStrategy(CredentialsStrategy):
+    """CredentialsStrategy implementation which returns a PositContentCredentialsProvider when called."""
+
     def __init__(
         self,
         local_strategy: CredentialsStrategy,
@@ -106,23 +158,7 @@ def sql_credentials_provider(self, *args, **kwargs):
         return lambda: self.__call__(*args, **kwargs)
 
     def auth_type(self) -> str:
-        """Returns the auth type currently in use.
-
-        The databricks-sdk client uses the configurated auth_type to create
-        a user-agent string which is used for attribution. We should only
-        overwrite the auth_type if we are using the PositCredentialsStrategy (non-local),
-        otherwise, we should return the auth_type of the configured local_strategy instead
-        to avoid breaking someone elses attribution.
-
-        https://github.com/databricks/databricks-sdk-py/blob/v0.29.0/databricks/sdk/config.py#L261-L269
-
-        NOTE: The databricks-sql client does not use auth_type to set the user-agent.
-        https://github.com/databricks/databricks-sql-python/blob/v3.3.0/src/databricks/sql/client.py#L214-L219
-        """
-        if is_local():
-            return self._local_strategy.auth_type()
-        else:
-            return "posit-oauth-integration"
+        return _get_auth_type(self._local_strategy.auth_type())
 
     def __call__(self, *args, **kwargs) -> CredentialsProvider:
         # If the content is not running on Connect then fall back to local_strategy
diff --git a/src/posit/connect/oauth/__init__.py b/src/posit/connect/oauth/__init__.py
@@ -1 +1,2 @@
+from .oauth import Credentials as Credentials
 from .oauth import OAuth as OAuth
diff --git a/src/posit/connect/oauth/oauth.py b/src/posit/connect/oauth/oauth.py
@@ -48,8 +48,7 @@ def sessions(self):
         return Sessions(self.params)
 
     def get_credentials(self, user_session_token: Optional[str] = None) -> Credentials:
-        """Perform an oauth credential exchange for a viewer's access token."""
-
+        """Perform an oauth credential exchange with a user-session-token."""
         # craft a credential exchange request
         data = {}
         data["grant_type"] = GRANT_TYPE
@@ -61,8 +60,7 @@ def get_credentials(self, user_session_token: Optional[str] = None) -> Credentia
         return Credentials(**response.json())
 
     def get_content_credentials(self, content_session_token: Optional[str] = None) -> Credentials:
-        """Perform an oauth credential exchange for a service account's access token."""
-        
+        """Perform an oauth credential exchange with a content-session-token."""
         # craft a credential exchange request
         data = {}
         data["grant_type"] = GRANT_TYPE
diff --git a/tests/posit/connect/external/test_databricks.py b/tests/posit/connect/external/test_databricks.py
@@ -1,15 +1,22 @@
 from typing import Dict
 from unittest.mock import patch
 
+import pytest
 import responses
 
 from posit.connect import Client
 from posit.connect.external.databricks import (
+    POSIT_OAUTH_INTEGRATION_AUTH_TYPE,
     CredentialsProvider,
     CredentialsStrategy,
+    PositContentCredentialsProvider,
+    PositContentCredentialsStrategy,
     PositCredentialsProvider,
     PositCredentialsStrategy,
+    _get_auth_type,
+    _new_bearer_authorization_header,
 )
+from posit.connect.oauth import Credentials
 
 
 class mock_strategy(CredentialsStrategy):
@@ -42,8 +49,59 @@ def register_mocks():
         },
     )
 
+    responses.post(
+        "https://connect.example/__api__/v1/oauth/integrations/credentials",
+        match=[
+            responses.matchers.urlencoded_params_matcher(
+                {
+                    "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
+                    "subject_token_type": "urn:posit:connect:content-session-token",
+                    "subject_token": "cit",
+                },
+            ),
+        ],
+        json={
+            "access_token": "content-access-token",
+            "issued_token_type": "urn:ietf:params:oauth:token-type:access_token",
+            "token_type": "Bearer",
+        },
+    )
+
+
+
 
 class TestPositCredentialsHelpers:
+
+    def test_new_bearer_authorization_header(self):
+        credential = Credentials()
+        credential["token_type"] = "token_type"
+        credential["issued_token_type"] = "issued_token_type"
+
+        with pytest.raises(ValueError):
+            _new_bearer_authorization_header(credential)
+
+        credential["access_token"] = "access_token"
+        result = _new_bearer_authorization_header(credential)
+        assert result == {"Authorization": "Bearer access_token"}
+
+    def test_get_auth_type_local(self):
+        assert _get_auth_type("local-auth") == "local-auth"
+
+
+    @patch.dict("os.environ", {"RSTUDIO_PRODUCT": "CONNECT"})
+    def test_get_auth_type_connect(self):
+        assert _get_auth_type("local-auth") == POSIT_OAUTH_INTEGRATION_AUTH_TYPE
+
+    @patch.dict("os.environ", {"CONNECT_CONTENT_SESSION_TOKEN": "cit"})
+    @responses.activate
+    def test_posit_content_credentials_provider(self):
+        register_mocks()
+
+        client = Client(api_key="12345", url="https://connect.example/")
+        client._ctx.version = None
+        cp = PositContentCredentialsProvider(client=client)
+        assert cp() == {"Authorization": "Bearer content-access-token"}
+
     @responses.activate
     def test_posit_credentials_provider(self):
         register_mocks()
@@ -53,6 +111,23 @@ def test_posit_credentials_provider(self):
         cp = PositCredentialsProvider(client=client, user_session_token="cit")
         assert cp() == {"Authorization": "Bearer dynamic-viewer-access-token"}
 
+    @patch.dict("os.environ", {"CONNECT_CONTENT_SESSION_TOKEN": "cit"})
+    @responses.activate
+    @patch.dict("os.environ", {"RSTUDIO_PRODUCT": "CONNECT"})
+    def test_posit_content_credentials_strategy(self):
+        register_mocks()
+
+        client = Client(api_key="12345", url="https://connect.example/")
+        client._ctx.version = None
+        cs = PositContentCredentialsStrategy(
+            local_strategy=mock_strategy(),
+            client=client,
+        )
+        cp = cs()
+        assert cs.auth_type() == "posit-oauth-integration"
+        assert cp() == {"Authorization": "Bearer content-access-token"}
+
+
     @responses.activate
     @patch.dict("os.environ", {"RSTUDIO_PRODUCT": "CONNECT"})
     def test_posit_credentials_strategy(self):
@@ -69,6 +144,17 @@ def test_posit_credentials_strategy(self):
         assert cs.auth_type() == "posit-oauth-integration"
         assert cp() == {"Authorization": "Bearer dynamic-viewer-access-token"}
 
+    def test_posit_content_credentials_strategy_fallback(self):
+        # local_strategy is used when the content is running locally
+        client = Client(api_key="12345", url="https://connect.example/")
+        cs = PositContentCredentialsStrategy(
+            local_strategy=mock_strategy(),
+            client=client,
+        )
+        cp = cs()
+        assert cs.auth_type() == "local"
+        assert cp() == {"Authorization": "Bearer static-pat-token"}
+
     def test_posit_credentials_strategy_fallback(self):
         # local_strategy is used when the content is running locally
         client = Client(api_key="12345", url="https://connect.example/")
diff --git a/tests/posit/connect/oauth/test_oauth.py b/tests/posit/connect/oauth/test_oauth.py

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
	`1`	`+from .oauth import Credentials as Credentials`
`1`	`2`	`from .oauth import OAuth as OAuth`