Merge develop into master (#460)

* doc(IAM): Document changes for IAM support

* Add support for IAM (#456)

* Feat(IAM): Adding IAM feature

* Update constructors for IAM support (#459)

* :feat(iam): Generate service constructors to support IAM

Author: ehdsouza

README.md

@@ -47,24 +47,26 @@ The [examples][examples] folder has basic and advanced examples.
 
 Service credentials are required to access the APIs.
 
-If you run your app in IBM Cloud, you don't need to specify the username and password. In that case, the SDK uses the `VCAP_SERVICES` environment variable to load the credentials.
-
-To run locally or outside of IBM Cloud you need the `username` and `password` credentials for each service. (Service credentials are different from your IBM Cloud account email and password.)
+If you run your app in IBM Cloud, you don't need to specify the username and password or IAM API key (`apikey`). In that case, the SDK uses the `VCAP_SERVICES` environment variable to load the credentials.
+To run locally or outside of IBM Cloud you need the `username` and `password` credentials or IAM API key (`apikey`) for each service. (Service credentials are different from your IBM Cloud account email and password.)
 
 To create an instance of the service:
 
 1. Log in to [IBM Cloud][ibm_cloud].
 1. Create an instance of the service:
+   1. Click on **Create Resource**.
    1. In the IBM Cloud **Catalog**, select the Watson service you want to use. For example, select the Conversation service.
    1. Type a unique name for the service instance in the **Service name** field. For example, type `my-service-name`. Leave the default values for the other options.
    1. Click **Create**.
 
 To get your service credentials:
 
-Copy your credentials from the **Service details** page. To find the the Service details page for an existing service, navigate to your IBM Cloud dashboard and click the service name.
+Copy your credentials from the **Manage** page. To find the Service details page for an existing service, navigate to your [IBM Cloud][ibm_cloud] dashboard and click the service name.
 
-1. On the **Service Details** page, click **Service Credentials**, and then **View credentials**.
-1. Copy `username`, `password`, and `url`.
+1. On the **Manage** page, you will see a **Credentials** pane
+1. Depending on the service you will see use either:
+* 2.a: `username`, `password`, and `url`(optional).
+* 2.b: `apikey` which is the value for parameter `iam_api_key` when initializing the constructor.
 
 ## Python Version
 

test/integration/test_discovery_v1.py

@@ -8,28 +8,24 @@
 @pytest.mark.skipif(
     os.getenv('VCAP_SERVICES') is None, reason='requires VCAP_SERVICES')
 class Discoveryv1(TestCase):
-    discovery = None
-    environment_id = 'e15f6424-f887-4f50-b4ea-68267c36fc9c'  # This environment is created for integration testing
-    collection_id = None
-
-    @classmethod
-    def setup_class(cls):
-        cls.discovery = watson_developer_cloud.DiscoveryV1(
+    def setUp(self):
+        self.discovery = watson_developer_cloud.DiscoveryV1(
             version='2017-10-16',
             username="YOUR SERVICE USERNAME",
             password="YOUR SERVICE PASSWORD")
-        cls.discovery.set_default_headers({
+        self.discovery.set_default_headers({
             'X-Watson-Learning-Opt-Out': '1',
             'X-Watson-Test': '1'
         })
-        cls.collection_id = cls.discovery.list_collections(cls.environment_id)['collections'][0]['collection_id']
+        self.environment_id = 'e15f6424-f887-4f50-b4ea-68267c36fc9c'  # This environment is created for integration testing
+        collections = self.discovery.list_collections(self.environment_id)['collections']
+        self.collection_id = collections[0]['collection_id']
 
-    @classmethod
-    def teardown_class(cls):
-        collections = cls.discovery.list_collections(cls.environment_id)['collections']
+    def tearDown(self):
+        collections = self.discovery.list_collections(self.environment_id)['collections']
         for collection in collections:
             if collection['name'] != 'DO-NOT-DELETE':
-                cls.discovery.delete_collection(cls.environment_id, collection['collection_id'])
+                self.discovery.delete_collection(self.environment_id, collection['collection_id'])
 
     def test_environments(self):
         envs = self.discovery.list_environments()

test/integration/test_speech_to_text_v1.py

@@ -16,8 +16,8 @@ class TestSpeechToTextV1(TestCase):
     @classmethod
     def setup_class(cls):
         cls.speech_to_text = watson_developer_cloud.SpeechToTextV1(
-            username=os.getenv('YOUR SERVICE USERNAME'),
-            password=os.getenv('YOUR SERVICE PASSWORD'))
+            username='YOUR SERVICE USERNAME',
+            password='YOUR SERVICE PASSWORD')
         cls.speech_to_text.set_default_headers({
             'X-Watson-Learning-Opt-Out':
             '1',

test/integration/test_visual_recognition.py

@@ -16,7 +16,7 @@ class IntegrationTestVisualRecognitionV3(TestCase):
     @classmethod
     def setup_class(cls):
         cls.visual_recognition = watson_developer_cloud.VisualRecognitionV3(
-            '2016-05-20', api_key=os.environ.get('YOUR API KEY'))
+            '2016-05-20', api_key='YOUR API KEY')
         cls.visual_recognition.set_default_headers({
             'X-Watson-Learning-Opt-Out':
             '1',

test/unit/test_iam_token_manager.py

@@ -0,0 +1,111 @@
+import responses
+from watson_developer_cloud import iam_token_manager
+import time
+
+@responses.activate
+def test_request_token():
+    iam_url = "https://iam.bluemix.net/identity/token"
+    response = """{
+        "access_token": "oAeisG8yqPY7sFR_x66Z15",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": 1524167011,
+        "refresh_token": "jy4gl91BQ"
+    }"""
+    responses.add(responses.POST, url=iam_url, body=response, status=200)
+
+    token_manager = iam_token_manager.IAMTokenManager("iam_api_key", "iam_access_token", iam_url)
+    token_manager._request_token()
+
+    assert responses.calls[0].request.url == iam_url
+    assert responses.calls[0].response.text == response
+    assert len(responses.calls) == 1
+
+@responses.activate
+def test_refresh_token():
+    iam_url = "https://iam.bluemix.net/identity/token"
+    response = """{
+        "access_token": "oAeisG8yqPY7sFR_x66Z15",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": 1524167011,
+        "refresh_token": "jy4gl91BQ"
+    }"""
+    responses.add(responses.POST, url=iam_url, body=response, status=200)
+
+    token_manager = iam_token_manager.IAMTokenManager("iam_api_key", "iam_access_token", iam_url)
+    token_manager._refresh_token()
+
+    assert responses.calls[0].request.url == iam_url
+    assert responses.calls[0].response.text == response
+    assert len(responses.calls) == 1
+
+@responses.activate
+def test_is_token_expired():
+    token_manager = iam_token_manager.IAMTokenManager("iam_api_key", "iam_access_token", "iam_url")
+    token_manager.token_info = {
+        "access_token": "oAeisG8yqPY7sFR_x66Z15",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": int(time.time()) + 6000,
+        "refresh_token": "jy4gl91BQ"
+    }
+    assert token_manager._is_token_expired() is False
+    token_manager.token_info['expiration'] = int(time.time()) - 3600
+    assert token_manager._is_token_expired()
+
+@responses.activate
+def test_is_refresh_token_expired():
+    token_manager = iam_token_manager.IAMTokenManager("iam_api_key", "iam_access_token", "iam_url")
+    token_manager.token_info = {
+        "access_token": "oAeisG8yqPY7sFR_x66Z15",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": int(time.time()),
+        "refresh_token": "jy4gl91BQ"
+    }
+    assert token_manager._is_refresh_token_expired() is False
+    token_manager.token_info['expiration'] = int(time.time()) - (8 * 24 * 3600)
+    assert token_manager._is_token_expired()
+
+@responses.activate
+def test_get_token():
+    iam_url = "https://iam.bluemix.net/identity/token"
+    token_manager = iam_token_manager.IAMTokenManager("iam_api_key", iam_url=iam_url)
+    token_manager.user_access_token = 'user_access_token'
+
+    # Case 1:
+    token = token_manager.get_token()
+    assert token == token_manager.user_access_token
+
+    # Case 2:
+    token_manager.user_access_token = ''
+    response = """{
+        "access_token": "hellohello",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": 1524167011,
+        "refresh_token": "jy4gl91BQ"
+    }"""
+    responses.add(responses.POST, url=iam_url, body=response, status=200)
+    token = token_manager.get_token()
+    assert token == "hellohello"
+
+    # Case 3:
+    token_manager.token_info['expiration'] = int(time.time()) - (20 * 24 * 3600)
+    token = token_manager.get_token()
+    assert "grant_type=urn" in responses.calls[1].request.body
+    token_manager.token_info['expiration'] = int(time.time()) - 4000
+    token = token_manager.get_token()
+    assert "grant_type=refresh_token" in responses.calls[2].request.body
+
+    # Case 4
+    token_manager.token_info = {
+        "access_token": "dummy",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": int(time.time()) + 3600,
+        "refresh_token": "jy4gl91BQ"
+    }
+    token = token_manager.get_token()
+    assert token == 'dummy'

test/unit/test_watson_service.py

@@ -2,6 +2,7 @@
 import json
 import pytest
 from watson_developer_cloud import WatsonService
+import time
 
 import responses
 
@@ -12,14 +13,20 @@
 class AnyServiceV1(WatsonService):
     default_url = 'https://gateway.watsonplatform.net/test/api'
 
-    def __init__(self, version, url=default_url, username=None, password=None):
+    def __init__(self, version, url=default_url, username=None, password=None,
+                 iam_api_key=None,
+                 iam_access_token=None,
+                 iam_url=None):
         WatsonService.__init__(
             self,
             vcap_services_name='test',
             url=url,
             username=username,
             password=password,
-            use_vcap_services=True)
+            use_vcap_services=True,
+            iam_api_key=iam_api_key,
+            iam_access_token=iam_access_token,
+            iam_url=iam_url)
         self.version = version
 
     def op_with_path_params(self, path0, path1):
@@ -39,6 +46,10 @@ def with_http_config(self, http_config):
         response = self.request(method='GET', url='', accept_json=True)
         return response
 
+    def any_service_call(self):
+        response = self.request(method='GET', url='', accept_json=True)
+        return response
+
 @responses.activate
 def test_url_encoding():
     service = AnyServiceV1('2017-07-07', username='username', password='password')
@@ -84,3 +95,31 @@ def test_fail_http_config():
     service = AnyServiceV1('2017-07-07', username='username', password='password')
     with pytest.raises(TypeError):
         service.with_http_config(None)
+
+@responses.activate
+def test_iam():
+    iam_url = "https://iam.bluemix.net/identity/token"
+    service = AnyServiceV1('2017-07-07', iam_api_key="iam_api_key")
+    assert service.token_manager is not None
+
+    service.token_manager.token_info = {
+        "access_token": "dummy",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": int(time.time()) - 4000,
+        "refresh_token": "jy4gl91BQ"
+    }
+    response = """{
+        "access_token": "hellohello",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": 1524167011,
+        "refresh_token": "jy4gl91BQ"
+    }"""
+    responses.add(responses.POST, url=iam_url, body=response, status=200)
+    responses.add(responses.GET,
+                  service.default_url,
+                  body=json.dumps({"foobar": "baz"}),
+                  content_type='application/json')
+    service.any_service_call()
+    assert "grant_type=refresh_token" in responses.calls[0].request.body

watson_developer_cloud/assistant_v1.py

@@ -35,7 +35,14 @@ class AssistantV1(WatsonService):
 
     default_url = 'https://gateway.watsonplatform.net/assistant/api'
 
-    def __init__(self, version, url=default_url, username=None, password=None):
+    def __init__(self,
+                 version,
+                 url=default_url,
+                 username=None,
+                 password=None,
+                 iam_api_key=None,
+                 iam_access_token=None,
+                 iam_url=None):
         """
         Construct a new client for the Assistant service.
 
@@ -66,6 +73,17 @@ def __init__(self, version, url=default_url, username=None, password=None):
                Bluemix, the credentials will be automatically loaded from the
                `VCAP_SERVICES` environment variable.
 
+        :param str iam_api_key: An API key that can be used to request IAM tokens. If
+               this API key is provided, the SDK will manage the token and handle the
+               refreshing.
+
+        :param str iam_access_token:  An IAM access token is fully managed by the application.
+               Responsibility falls on the application to refresh the token, either before
+               it expires or reactively upon receiving a 401 from the service as any requests
+               made with an expired token will fail.
+
+        :param str iam_url: An optional URL for the IAM service API. Defaults to
+               'https://iam.ng.bluemix.net/identity/token'.
         """
 
         WatsonService.__init__(
@@ -74,6 +92,9 @@ def __init__(self, version, url=default_url, username=None, password=None):
             url=url,
             username=username,
             password=password,
+            iam_api_key=iam_api_key,
+            iam_access_token=iam_access_token,
+            iam_url=iam_url,
             use_vcap_services=True)
         self.version = version
 

watson_developer_cloud/conversation_v1.py

@@ -35,7 +35,14 @@ class ConversationV1(WatsonService):
 
     default_url = 'https://gateway.watsonplatform.net/conversation/api'
 
-    def __init__(self, version, url=default_url, username=None, password=None):
+    def __init__(self,
+                 version,
+                 url=default_url,
+                 username=None,
+                 password=None,
+                 iam_api_key=None,
+                 iam_access_token=None,
+                 iam_url=None):
         """
         Construct a new client for the Conversation service.
 
@@ -66,6 +73,17 @@ def __init__(self, version, url=default_url, username=None, password=None):
                Bluemix, the credentials will be automatically loaded from the
                `VCAP_SERVICES` environment variable.
 
+        :param str iam_api_key: An API key that can be used to request IAM tokens. If
+               this API key is provided, the SDK will manage the token and handle the
+               refreshing.
+
+        :param str iam_access_token:  An IAM access token is fully managed by the application.
+               Responsibility falls on the application to refresh the token, either before
+               it expires or reactively upon receiving a 401 from the service as any requests
+               made with an expired token will fail.
+
+        :param str iam_url: An optional URL for the IAM service API. Defaults to
+               'https://iam.ng.bluemix.net/identity/token'.
         """
 
         WatsonService.__init__(
@@ -74,6 +92,9 @@ def __init__(self, version, url=default_url, username=None, password=None):
             url=url,
             username=username,
             password=password,
+            iam_api_key=iam_api_key,
+            iam_access_token=iam_access_token,
+            iam_url=iam_url,
             use_vcap_services=True)
         self.version = version