def generate_authorization_provider(tenant_id):
# Creates an AuthorizationProvider instance based on the environment.
if using_cloud_sim:
provider = ExampleAuthorizationProvider(tenant_id)
elif using_service:
if principal == 'user principal':
if credentials_file is None:
raise IllegalArgumentException(
'Must specify the credentials file path.')
provider = SignatureProvider(config_file=credentials_file)
elif principal == 'instance principal':
if isinstance(endpoint, str):
region = Regions.from_region_id(endpoint)
else:
region = endpoint
provider = SignatureProvider.create_with_instance_principal(
region=region)
elif principal == 'resource principal':
provider = SignatureProvider.create_with_resource_principal()
else:
raise IllegalArgumentException('Must specify the principal.')
elif using_on_prem:
if user_name is None and password is None:
provider = StoreAccessTokenProvider()
else:
if user_name is None or password is None:
raise IllegalArgumentException(
'Please set both the user_name and password.')
provider = StoreAccessTokenProvider(user_name, password)
else:
raise IllegalArgumentException('Please set the test server.')
return provider
def testAccessTokenProviderGets(self):
self.token_provider = StoreAccessTokenProvider(
USER_NAME, PASSWORD).set_auto_renew(False).set_endpoint(self.base)
self.assertTrue(self.token_provider.is_secure())
self.assertFalse(self.token_provider.is_auto_renew())
self.assertEqual(self.token_provider.get_endpoint(), self.base)
self.assertIsNone(self.token_provider.get_logger())
def set_access_token_provider(config, tenant_id):
if is_cloudsim():
authorization_provider = NoSecurityAccessTokenProvider(tenant_id)
elif is_dev_pod() or is_minicloud():
authorization_provider = KeystoreAccessTokenProvider().set_tenant(
tenant_id)
elif is_prod_pod():
if credentials_file is None:
raise IllegalArgumentException(
'Must specify the credentials file path.')
creds_provider = PropertiesCredentialsProvider().set_properties_file(
credentials_file)
authorization_provider = DefaultAccessTokenProvider(
idcs_url=idcs_url(), entitlement_id=entitlement_id,
creds_provider=creds_provider, timeout_ms=timeout)
elif is_onprem():
if user_name is None and password is None:
authorization_provider = StoreAccessTokenProvider()
else:
if user_name is None or password is None:
raise IllegalArgumentException(
'Please set both the user_name and password.')
authorization_provider = StoreAccessTokenProvider(
user_name, password)
else:
raise IllegalArgumentException('Please set the test server.')
config.set_authorization_provider(authorization_provider)
def create_access_token_provider(tenant_id):
# Creates an AccessTokenProvider instance based on the environment.
if using_cloud_sim:
provider = NoSecurityAccessTokenProvider(tenant_id)
elif using_service:
if use_properties_credentials:
if credentials_file is None:
raise IllegalArgumentException(
'Must specify the credentials file path.')
creds_provider = PropertiesCredentialsProvider(
).set_properties_file(credentials_file)
else:
creds_provider = MyCredentialsProvider()
provider = DefaultAccessTokenProvider(idcs_url=idcs_url,
entitlement_id=entitlement_id,
creds_provider=creds_provider)
elif using_on_prem:
if user_name is None and password is None:
provider = StoreAccessTokenProvider()
else:
if user_name is None or password is None:
raise IllegalArgumentException(
'Please set both the user_name and password.')
provider = StoreAccessTokenProvider(user_name, password)
else:
raise IllegalArgumentException('Please set the test server.')
return provider
def testAccessTokenProviderMultiThreads(self):
self.token_provider = StoreAccessTokenProvider(USER_NAME, PASSWORD)
self.token_provider.set_endpoint(self.base)
self.token_provider.set_url_for_test()
threads = list()
for i in range(5):
t = Thread(target=self._run)
t.start()
threads.append(t)
for t in threads:
t.join()
def testAccessTokenProviderMultiThreads(self):
httpd, port = self._find_port_start_server(TokenHandler)
self.base = 'https://localhost:' + str(port)
self.token_provider = StoreAccessTokenProvider(USER_NAME, PASSWORD)
self.token_provider.set_endpoint(self.base)
self.token_provider.set_url_for_test()
threads = list()
for i in range(5):
t = Thread(target=self._run)
t.start()
threads.append(t)
for t in threads:
t.join()
def testAccessTokenProviderGetAuthorizationString(self):
self.token_provider = StoreAccessTokenProvider(USER_NAME, PASSWORD)
self.token_provider.set_endpoint(self.base)
self.token_provider.set_url_for_test()
# get authorization string.
result = self.token_provider.get_authorization_string()
self.assertIsNotNone(result)
self.assertTrue(result.startswith(AUTH_TOKEN_PREFIX))
self.assertEqual(result[len(AUTH_TOKEN_PREFIX):], LOGIN_TOKEN)
# Wait for the refresh to complete
sleep(10)
result = self.token_provider.get_authorization_string()
self.assertEqual(result[len(AUTH_TOKEN_PREFIX):], RENEW_TOKEN)
self.token_provider.close()
self.assertIsNone(self.token_provider.get_authorization_string())
def testNoSQLHandleConfigIllegalInit(self):
# illegal endpoint
self.assertRaises(IllegalArgumentException, NoSQLHandleConfig,
{'IllegalEndpoint': endpoint})
# illegal provider
self.assertRaises(IllegalArgumentException, NoSQLHandleConfig,
endpoint, provider='IllegalProvider')
# no endpoint and provider
self.assertRaises(IllegalArgumentException, NoSQLHandleConfig)
# only StoreAccessTokenProvider
self.assertRaises(IllegalArgumentException, NoSQLHandleConfig, None,
StoreAccessTokenProvider())
# only SignatureProvider without region
provider = SignatureProvider(
tenant_id='ocid1.tenancy.oc1..tenancy',
user_id='ocid1.user.oc1..user', fingerprint='fingerprint',
private_key=fake_key_file)
self.assertRaises(IllegalArgumentException, NoSQLHandleConfig, None,
provider)
provider.close()
# both endpoint and provider, region not match
provider = SignatureProvider(
tenant_id='ocid1.tenancy.oc1..tenancy',
user_id='ocid1.user.oc1..user', fingerprint='fingerprint',
private_key=fake_key_file, region=Regions.US_ASHBURN_1)
self.assertRaises(IllegalArgumentException, NoSQLHandleConfig,
'us-phoenix-1', provider)
provider.close()
def get_handle():
"""
Constructs a NoSQLHandle. Additional configuration options can be added
here. Use the tenant_id as the default compartment for all operations. This
puts tables in the root compartment of the tenancy.
"""
provider = StoreAccessTokenProvider()
config = NoSQLHandleConfig(endpoint)
config.set_authorization_provider(provider)
return NoSQLHandle(config)
def generate_authorization_provider(tenant_id):
if is_cloudsim():
authorization_provider = InsecureAuthorizationProvider(tenant_id)
elif is_dev_pod() or is_minicloud():
authorization_provider = TestSignatureProvider(tenant_id)
elif is_prod_pod():
if iam_principal() == 'user principal':
if credentials_file is None:
raise IllegalArgumentException(
'Must specify the credentials file path.')
authorization_provider = SignatureProvider(
config_file=credentials_file)
elif iam_principal() == 'instance principal':
if isinstance(endpoint, str):
region = Regions.from_region_id(endpoint)
else:
region = endpoint
if region is None:
authorization_provider = (
SignatureProvider.create_with_instance_principal())
else:
authorization_provider = (
SignatureProvider.create_with_instance_principal(
region=region))
elif iam_principal() == 'resource principals':
authorization_provider = (
SignatureProvider.create_with_resource_principal())
else:
raise IllegalArgumentException('Must specify the principal.')
elif is_onprem():
if user_name is None and password is None:
authorization_provider = StoreAccessTokenProvider()
else:
if user_name is None or password is None:
raise IllegalArgumentException(
'Please set both the user_name and password.')
authorization_provider = StoreAccessTokenProvider(
user_name, password)
else:
raise IllegalArgumentException('Please set the test server.')
return authorization_provider
def testAccessTokenProviderSetIllegalEndpoint(self):
self.token_provider = StoreAccessTokenProvider(USER_NAME, PASSWORD)
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint, None)
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint,
{'endpoint': self.base})
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint,
'localhost:notanint')
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint, 'localhost:-1')
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint, 'localhost:8080')
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint, 'ttp://localhost')
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint, 'http://localhost')
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint,
'localhost:8080:foo')
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint,
'https://localhost:-1:x')
def testAccessTokenProviderSetIllegalAutoRenew(self):
self.token_provider = StoreAccessTokenProvider()
self.assertRaises(IllegalArgumentException,
self.token_provider.set_auto_renew, 'IllegalRenew')
class TestStoreAccessTokenProvider(unittest.TestCase):
@classmethod
def setUpClass(cls):
global LOGIN_PATH, LOGOUT_PATH, RENEW_PATH
LOGIN_PATH = '/V2/nosql/security/login'
LOGOUT_PATH = '/V2/nosql/security/logout'
RENEW_PATH = '/V2/nosql/security/renew'
# basicAuthString matching user name test and password NoSql00__123456
global USER_NAME, PASSWORD, BASIC_AUTH_STRING
USER_NAME = 'test'
PASSWORD = '******'
BASIC_AUTH_STRING = 'Basic dGVzdDpOb1NxbDAwX18xMjM0NTY='
global AUTH_TOKEN_PREFIX, LOGIN_TOKEN, RENEW_TOKEN
AUTH_TOKEN_PREFIX = 'Bearer '
LOGIN_TOKEN = 'LOGIN_TOKEN'
RENEW_TOKEN = 'RENEW_TOKEN'
global PORT
PORT = cls._find_port_start_server(TokenHandler)
@classmethod
def tearDownClass(cls):
if cls.httpd is not None:
cls.httpd.shutdown()
cls.httpd.server_close()
cls.httpd = None
def setUp(self):
self.base = 'https://localhost:' + str(PORT)
self.token_provider = None
def tearDown(self):
if self.token_provider is not None:
self.token_provider.close()
self.token_provider = None
def testAccessTokenProviderIllegalInit(self):
# illegal user name
self.assertRaises(IllegalArgumentException, StoreAccessTokenProvider,
{'user_name': USER_NAME}, PASSWORD)
self.assertRaises(IllegalArgumentException, StoreAccessTokenProvider,
'', PASSWORD)
# illegal password
self.assertRaises(IllegalArgumentException, StoreAccessTokenProvider,
USER_NAME, {'password': PASSWORD})
self.assertRaises(IllegalArgumentException, StoreAccessTokenProvider,
USER_NAME, '')
# one of the required parameters is None
self.assertRaises(IllegalArgumentException, StoreAccessTokenProvider,
None, PASSWORD)
def testAccessTokenProviderSetIllegalAutoRenew(self):
self.token_provider = StoreAccessTokenProvider()
self.assertRaises(IllegalArgumentException,
self.token_provider.set_auto_renew, 'IllegalRenew')
def testAccessTokenProviderSetIllegalEndpoint(self):
self.token_provider = StoreAccessTokenProvider(USER_NAME, PASSWORD)
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint, None)
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint,
{'endpoint': self.base})
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint,
'localhost:notanint')
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint, 'localhost:-1')
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint, 'localhost:8080')
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint, 'ttp://localhost')
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint, 'http://localhost')
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint,
'localhost:8080:foo')
self.assertRaises(IllegalArgumentException,
self.token_provider.set_endpoint,
'https://localhost:-1:x')
def testAccessTokenProviderSetIllegalLogger(self):
self.token_provider = StoreAccessTokenProvider()
self.assertRaises(IllegalArgumentException,
self.token_provider.set_logger, 'IllegalLogger')
def testAccessTokenProviderGetAuthorizationStringWithIllegalRequest(self):
self.token_provider = StoreAccessTokenProvider()
self.assertRaises(IllegalArgumentException,
self.token_provider.get_authorization_string,
'IllegalRequest')
def testAccessTokenProviderGets(self):
base = 'https://localhost:80'
self.token_provider = StoreAccessTokenProvider(
USER_NAME, PASSWORD).set_auto_renew(False).set_endpoint(base)
self.assertTrue(self.token_provider.is_secure())
self.assertFalse(self.token_provider.is_auto_renew())
self.assertEqual(self.token_provider.get_endpoint(), base)
self.assertIsNone(self.token_provider.get_logger())
def testAccessTokenProviderGetAuthorizationString(self):
self.token_provider = StoreAccessTokenProvider(USER_NAME, PASSWORD)
self.token_provider.set_endpoint(self.base)
self.token_provider.set_url_for_test()
# get authorization string.
result = self.token_provider.get_authorization_string()
self.assertIsNotNone(result)
self.assertTrue(result.startswith(AUTH_TOKEN_PREFIX))
self.assertEqual(result[len(AUTH_TOKEN_PREFIX):], LOGIN_TOKEN)
# Wait for the refresh to complete
sleep(10)
result = self.token_provider.get_authorization_string()
self.assertEqual(result[len(AUTH_TOKEN_PREFIX):], RENEW_TOKEN)
self.token_provider.close()
self.assertIsNone(self.token_provider.get_authorization_string())
def testAccessTokenProviderMultiThreads(self):
self.token_provider = StoreAccessTokenProvider(USER_NAME, PASSWORD)
self.token_provider.set_endpoint(self.base)
self.token_provider.set_url_for_test()
threads = list()
for i in range(5):
t = Thread(target=self._run)
t.start()
threads.append(t)
for t in threads:
t.join()
@classmethod
def _find_port_start_server(cls, token_handler):
port = 9000
while True:
try:
cls.httpd = TCPServer(('', port), token_handler)
except error:
port += 1
else:
break
thread = Thread(target=cls.httpd.serve_forever)
thread.setDaemon(True)
thread.start()
return port
def _run(self):
try:
for i in range(5):
self.token_provider.bootstrap_login()
finally:
self.token_provider.close()
def testAccessTokenProviderGetAuthorizationStringWithIllegalRequest(self):
self.token_provider = StoreAccessTokenProvider()
self.assertRaises(IllegalArgumentException,
self.token_provider.get_authorization_string,
'IllegalRequest')
def testAccessTokenProviderSetIllegalLogger(self):
self.token_provider = StoreAccessTokenProvider()
self.assertRaises(IllegalArgumentException,
self.token_provider.set_logger, 'IllegalLogger')
# # For more information, check the SDK documentation at the link below: # https://nosql-python-sdk.readthedocs.io/en/latest/installation.html#configure-for-the-cloud-simulator # # #---------------------------------------------------------------------------- # This Git repository belongs to my ([email protected]) studies about # Oracle NoSQL. To known more, check the blog post (pt-br): # # https://blogs.oracle.com/lad-cloud-experts/pt/introducao-ao-oracle-nosql-database-cloud-parte-1 # https://blogs.oracle.com/lad-cloud-experts/pt/introducao-ao-oracle-nosql-database-cloud-parte-2 # --------------------------------------------------------------------------- from borneo import NoSQLHandle, NoSQLHandleConfig from borneo.kv import StoreAccessTokenProvider # NoSQL Cloud Simulator endpoint simulator_endpoint = 'http://localhost:5000' # create the AuthorizationProvider for a not secure store: ap = StoreAccessTokenProvider() # create handle config handle_config = NoSQLHandleConfig(simulator_endpoint) handle_config.set_authorization_provider(ap) # create the handle. nosql_handle = NoSQLHandle(handle_config) nosql_handle.close()
