update console connector to support S2S

Author: adorton-adobe

user_sync/connector/directory_adobe_console.py

@@ -44,6 +44,7 @@ def __init__(self, caller_options, *args, **kwargs):
         builder.set_string_value('user_identity_type', None)
         builder.set_string_value('identity_type_filter', 'all')
         builder.set_bool_value('ssl_cert_verify', True)
+        builder.set_string_value('authentication_method', 'jwt')
         options = builder.get_options()
 
         if not options['identity_type_filter'] == 'all':
@@ -57,8 +58,17 @@ def __init__(self, caller_options, *args, **kwargs):
         server_builder = config_common.OptionsBuilder(server_config)
         server_builder.set_string_value('host', 'usermanagement.adobe.io')
         server_builder.set_string_value('endpoint', '/v2/usermanagement')
-        server_builder.set_string_value('ims_host', 'ims-na1.adobelogin.com')
         server_builder.set_string_value('ims_endpoint_jwt', '/ims/exchange/jwt')
+
+        auth_host_key = 'ims_host' if 'ims_host' in server_config else 'auth_host'
+        server_builder.set_string_value(auth_host_key, 'ims-na1.adobelogin.com')
+
+        auth_endpoint_key = 'ims_endpoint_jwt' if 'ims_endpoint_jwt' in server_config else 'auth_endpoint'
+        auth_endpoint_default = '/ims/exchange/jwt'
+        if options['authentication_method'] == 'oauth':
+            auth_endpoint_default = '/ims/token/v2'
+        server_builder.set_string_value(auth_endpoint_key, auth_endpoint_default)
+
         server_builder.set_int_value('timeout', 120)
         server_builder.set_int_value('retries', 3)
         options['server'] = server_options = server_builder.get_options()
@@ -67,17 +77,33 @@ def __init__(self, caller_options, *args, **kwargs):
         integration_builder = config_common.OptionsBuilder(enterprise_config)
         integration_builder.require_string_value('org_id')
         tech_field = 'tech_acct_id' if 'tech_acct_id' in enterprise_config else 'tech_acct'
-        integration_builder.require_string_value(tech_field)
+        integration_builder.set_string_value(tech_field, None)
         options['integration'] = integration_options = integration_builder.get_options()
 
+        if integration_options[tech_field] is None and options['authentication_method'] == 'jwt':
+            raise AssertionException(f"'{tech_field}' is required for jwt authentication")
+
+        if integration_options[tech_field] is not None and options['authentication_method'] == 'oauth':
+            raise AssertionException(f"'{tech_field}' should not be set for oauth authentication")
+
         self.logger = logger = user_sync.connector.helper.create_logger(options)
         logger.debug('%s initialized with options: %s', self.name, options)
 
         self.options = options
 
         ims_host = server_options['ims_host']
         self.org_id = org_id = integration_options['org_id']
-        auth_dict = make_auth_dict(self.name, enterprise_config, org_id, integration_options[tech_field], logger)
+        auth = create_umapi_auth(
+            self.name,
+            enterprise_config,
+            org_id,
+            integration_options[tech_field],
+            server_options[auth_host_key],
+            server_options[auth_endpoint_key],
+            options['ssl_cert_verify'],
+            options['authentication_method'],
+            logger,
+        )
 
         # this check must come after we fetch all the settings
         caller_config.report_unused_values(logger)
@@ -88,15 +114,12 @@ def __init__(self, caller_options, *args, **kwargs):
         try:
             self.connection = umapi_client.Connection(
                 org_id=org_id,
-                auth_dict=auth_dict,
-                ims_host=ims_host,
-                ims_endpoint_jwt=server_options['ims_endpoint_jwt'],
-                user_management_endpoint=um_endpoint,
+                auth=auth,
+                endpoint=um_endpoint,
                 test_mode=False,
                 user_agent="user-sync/" + app_version,
-                logger=self.logger,
-                timeout_seconds=float(server_options['timeout']),
-                retry_max_attempts=server_options['retries'] + 1,
+                timeout=float(server_options['timeout']),
+                max_retries=server_options['retries'] + 1,
                 ssl_verify=options['ssl_cert_verify']
             )
         except Exception as e: