def __init__(self, duration_seconds=MAX_ENTRY_LIFE_TIME,
refresh_ahead=DEFAULT_REFRESH_AHEAD):
"""
Creates an AccessTokenProvider with the specified cache duration. The
duration specifies the lifetime of an AT in the cache. Setting the
duration too large runs the risk that client requests may stall because
a current token is not available or expired. Setting the duration too
small means that there may be unnecessary overhead due to token renewal.
"""
self._timer = None
# Refresh time before AT expired from cache.
self._refresh_ahead_s = refresh_ahead
CheckValue.check_int_gt_zero(duration_seconds, 'duration_seconds')
if duration_seconds > AccessTokenProvider.MAX_ENTRY_LIFE_TIME:
raise IllegalArgumentException(
'Access token cannot be cached longer than ' +
str(AccessTokenProvider.MAX_ENTRY_LIFE_TIME) + ' seconds')
self._duration_seconds = duration_seconds
self._at_cache = Memoize(self._duration_seconds)
# AT refresh interval, if zero, no refresh will be scheduled.
self._refresh_interval_s = (
self._duration_seconds - self._refresh_ahead_s if
self._duration_seconds > self._refresh_ahead_s else 0)
def __init__(
self,
idcs_props_file=_DEFAULT_PROPS_FILE,
idcs_url=None,
entitlement_id=None,
creds_provider=None,
timeout_ms=Utils.DEFAULT_TIMEOUT_MS,
cache_duration_seconds=AccessTokenProvider.MAX_ENTRY_LIFE_TIME,
refresh_ahead=AccessTokenProvider.DEFAULT_REFRESH_AHEAD):
# Constructs a default access token provider.
if idcs_url is None:
CheckValue.check_str(idcs_props_file, 'idcs_props_file')
super(DefaultAccessTokenProvider, self).__init__(
DefaultAccessTokenProvider.MAX_ENTRY_LIFE_TIME,
DefaultAccessTokenProvider.DEFAULT_REFRESH_AHEAD)
self.__idcs_url = self.__get_idcs_url(idcs_props_file)
entitlement = self.__get_entitlement_id(idcs_props_file)
self.__creds_provider = (
PropertiesCredentialsProvider().set_properties_file(
self.__get_credential_file(idcs_props_file)))
self.__timeout_ms = Utils.DEFAULT_TIMEOUT_MS
else:
CheckValue.check_str(idcs_url, 'idcs_url')
self.__is_credentials_provider(creds_provider)
CheckValue.check_int_gt_zero(timeout_ms, 'timeout_ms')
CheckValue.check_int_gt_zero(cache_duration_seconds,
'cache_duration_seconds')
CheckValue.check_int_gt_zero(refresh_ahead, 'refresh_ahead')
super(DefaultAccessTokenProvider,
self).__init__(cache_duration_seconds, refresh_ahead)
self.__idcs_url = idcs_url
entitlement = entitlement_id
self.__creds_provider = (PropertiesCredentialsProvider()
if creds_provider is None else
creds_provider)
self.__timeout_ms = timeout_ms
url = urlparse(self.__idcs_url)
self.__host = url.hostname
self.__andc_fqs = None
if entitlement is not None:
CheckValue.check_str(entitlement, 'entitlement_id')
self.__andc_fqs = (AccessTokenProvider.ANDC_AUD_PREFIX +
entitlement + AccessTokenProvider.SCOPE)
self.__psm_fqs = None
self.__logger = None
self.__logutils = LogUtils()
self.__sess = Session()
self.__request_utils = RequestUtils(self.__sess, self.__logutils)
def __init__(self,
provider=None,
config_file=None,
profile_name=None,
tenant_id=None,
user_id=None,
fingerprint=None,
private_key=None,
pass_phrase=None,
region=None,
duration_seconds=MAX_ENTRY_LIFE_TIME,
refresh_ahead=DEFAULT_REFRESH_AHEAD):
"""
The SignatureProvider that generates and caches request signature.
"""
#
# This class depends on the oci package
#
if oci is None:
raise ImportError('Package "oci" is required; please install.')
CheckValue.check_int_gt_zero(duration_seconds, 'duration_seconds')
CheckValue.check_int_gt_zero(refresh_ahead, 'refresh_ahead')
if duration_seconds > SignatureProvider.MAX_ENTRY_LIFE_TIME:
raise IllegalArgumentException(
'Access token cannot be cached longer than ' +
str(SignatureProvider.MAX_ENTRY_LIFE_TIME) + ' seconds.')
self._region = None
if provider is not None:
if not isinstance(
provider,
(oci.signer.Signer, oci.auth.signers.SecurityTokenSigner)):
raise IllegalArgumentException(
'provider should be an instance of oci.signer.Signer or ' +
'oci.auth.signers.SecurityTokenSigner.')
self._provider = provider
try:
region_id = provider.region
except AttributeError:
region_id = None
if region_id is not None:
self._region = Regions.from_region_id(region_id)
elif (tenant_id is None or user_id is None or fingerprint is None
or private_key is None):
CheckValue.check_str(config_file, 'config_file', True)
CheckValue.check_str(profile_name, 'profile_name', True)
if config_file is None and profile_name is None:
# Use default user profile and private key from default path of
# configuration file ~/.oci/config.
config = oci.config.from_file()
elif config_file is None and profile_name is not None:
# Use user profile with given profile name and private key from
# default path of configuration file ~/.oci/config.
config = oci.config.from_file(profile_name=profile_name)
elif config_file is not None and profile_name is None:
# Use user profile with default profile name and private key
# from specified configuration file.
config = oci.config.from_file(file_location=config_file)
else: # config_file is not None and profile_name is not None
# Use user profile with given profile name and private key from
# specified configuration file.
config = oci.config.from_file(file_location=config_file,
profile_name=profile_name)
self._provider = oci.signer.Signer(config['tenancy'],
config['user'],
config['fingerprint'],
config['key_file'],
config.get('pass_phrase'),
config.get('key_content'))
region_id = config.get('region')
if region_id is not None:
self._provider.region = region_id
self._region = Regions.from_region_id(region_id)
else:
CheckValue.check_str(tenant_id, 'tenant_id')
CheckValue.check_str(user_id, 'user_id')
CheckValue.check_str(fingerprint, 'fingerprint')
CheckValue.check_str(private_key, 'private_key')
CheckValue.check_str(pass_phrase, 'pass_phrase', True)
if path.isfile(private_key):
key_file = private_key
key_content = None
else:
key_file = None
key_content = private_key
self._provider = oci.signer.Signer(tenant_id, user_id, fingerprint,
key_file, pass_phrase,
key_content)
if region is not None:
if not isinstance(region, Region):
raise IllegalArgumentException(
'region must be an instance of an instance of Region.')
self._provider.region = region.get_region_id()
self._region = region
self._signature_cache = Memoize(duration_seconds)
self._refresh_interval_s = (duration_seconds - refresh_ahead
if duration_seconds > refresh_ahead else 0)
# Refresh timer.
self._timer = None
self._service_url = None
self._logger = None
self._logutils = LogUtils()
self._sess = Session()
self._request_utils = RequestUtils(self._sess, self._logutils)