DVPL-9735 Move tests to scs

Author: fantavlik

.gitignore

@@ -1,5 +1,6 @@
 *.pyc
 .venv
+*.env
 .idea
 .vscode
 .cache

Makefile

@@ -16,6 +16,9 @@ generate:
 	scripts/copy_generated_files.sh $(TMPDIR)
 	rm -rf $(TMPDIR)
 
+pep:
+	tox -e pep8
+
 update_dependencies:
 	pip3 freeze > requirements.txt
 

THIRD-PARTY-CREDITS.md

@@ -6,7 +6,7 @@ The Splunk Developer Cloud SDK for Python contains some libraries that were writ
 ### requests
 [https://pypi.org/project/requests/](https://pypi.org/project/requests/)
 
-requests version 2.22.1
+requests version 2.25.1
 
 License: Apache Software License (Apache 2.0)
 
@@ -17,6 +17,21 @@ urllib3 version 1.25.2
 
 License: MIT License (MIT)
 
+### PyJWT
+[https://pypi.org/project/PyJWT/](https://pypi.org/project/PyJWT/)
+
+PyJWT version 2.1.0
+
+License: MIT License (MIT)
+
+### cryptography
+[https://pypi.org/project/cryptography/](https://pypi.org/project/cryptography/)
+
+cryptography version 2.6.1
+
+License: Apache Software License (Apache 2.0)
+
+
 ## Test Dependencies
 
 
@@ -36,14 +51,6 @@ flake8 version 3.7.7
 License: MIT License (MIT)
 
 
-### cryptography
-[https://pypi.org/project/cryptography/](https://pypi.org/project/cryptography/)
-
-cryptography version 2.6.1
-
-License: Apache Software License, BSD License (BSD or Apache License, Version 2.0)
-
-
 ## Build Dependencies
 
 ### coverage

example_sdkrc

@@ -1,26 +1,21 @@
-# SPLUNK HOSTS
-export SPLUNK_AUTH_HOST=<REDACTED>
+# SPLUNK HOSTS, TENANT, REGION
 export SPLUNK_AUTH_HOST_2=<REDACTED>
-export SPLUNK_AUTHN_URL=<REDACTED>
-export SPLUNK_HOST=<REDACTED>
-export SPLUNK_APP_SERVER=<REDACTED>
 export SPLUNK_DEBUG=<REDACTED>
 export SPLUNK_HOST_2=<REDACTED>
-
-# Choose one set of vars for PKCE or CLIENT auth flows
+export SPLUNK_REGION=<REDACTED>
+export SPLUNK_TENANT_2=<REDACTED>
 
 # PKCE FLOW
-export SPLUNK_APP_CLIENT_ID=<REDACTED>
+export SPLUNK_APP_CLIENT_ID_2=<REDACTED>
 export TEST_USERNAME=<REDACTED>
 export TEST_PASSWORD=<REDACTED>
-export SPLUNK_TENANT=<REDACTED>
-export SPLUNK_TENANT_ML=<REDACTED>
-export SPLUNK_REDIRECT_URL=<REDACTED>
 
 # CLIENT CREDENTIAL FLOW
-export SPLUNK_APP_CLIENT_CRED_ID=<REDACTED>
-export SPLUNK_APP_CLIENT_CRED_SECRET=<REDACTED>
 export SPLUNK_APP_CLIENT_CRED_ID_2=<REDACTED>
 export SPLUNK_APP_CLIENT_CRED_SECRET_2=<REDACTED>
-export SPLUNK_TENANT_2=<REDACTED>
-export SPLUNK_SCOPE=<REDACTED>
+
+# SERVICE PRINCIPAL FLOW
+export SPLUNK_APP_PRINCIPAL_NAME_2=<REDACTED>
+export SPLUNK_APP_PRINCIPAL_PRIVATE_KEY=<REDACTED>
+export SPLUNK_APP_PRINCIPAL_KEY_ID=<REDACTED>
+export SPLUNK_APP_PRINCIPAL_KEY_ALG=<REDACTED>

requirements.txt

@@ -1,31 +1,11 @@
-asn1crypto==0.24.0
-atomicwrites==1.3.0
-attrs==19.1.0
-certifi==2019.3.9
-cffi==1.12.3
-chardet==3.0.4
-coverage==4.5.3
-cryptography==2.6.1
-entrypoints==0.3
-flake8==3.7.7
-idna==2.8
-importlib-metadata==1.6.0
-Jinja2==2.11.3
-Mako==1.1.3
-Markdown==3.3.3
-MarkupSafe==1.1.1
-mccabe==0.6.1
-more-itertools==7.0.0
-pluggy==0.11.0
-py==1.10.0
-pycodestyle==2.5.0
-pycparser==2.19
-pyflakes==2.1.1
+asn1crypto==1.4.0
+certifi==2021.5.30
+cffi==1.14.6
+chardet==4.0.0
+idna==2.10
+pycparser==2.20
 PyJWT==1.7.1
-pytest==4.5.0
-pytest-asyncio==0.10.0
 requests==2.25.1
-six==1.12.0
-urllib3==1.26.5
-wcwidth==0.1.7
-zipp==3.1.0
+six==1.16.0
+urllib3==1.26.6
+cryptography==2.6.1

setup.py

@@ -14,7 +14,10 @@
 from splunk_sdk import __version__
 
 install_requires = ['requests>=2.25.1,<2.26.1',
-                    'urllib3>=1.26.5,<1.26.7', ]
+                    'urllib3>=1.26.5,<1.26.7',
+                    'pyjwt>=1.7.1,<1.8.0',
+                    'cryptography>=2.6.1,<2.7.0',
+                    ]
 
 setup(
     name='splunk-cloud-sdk',
@@ -36,7 +39,6 @@
         'dev': ['pep8>=1.7.1,<2',
                 'sphinx >= 2.0.1,<3',
                 'sphinxcontrib-apidoc>=0.3.0',
-                'cryptography>=2.6.1,<2.7',
                 ],
         'test': ['coverage>=4.5.3,<5',
                  'flake8>=3.7.7,<4',

splunk_sdk/base_client.py

@@ -429,7 +429,7 @@ def handle_response(response: Response, klass=None, key=None):
         raise Exception("Unexpected http response body: {}".format(data))
 
     else:
-        raise HTTPError(response.status_code, response.text)
+        raise HTTPError(response.status_code, response.text, response.headers.get('X-Request-Id', None))
 
 
 class RetryConfig(object):
@@ -498,9 +498,10 @@ def handle_response(self, client, method, url, retry_count, data=None, json_data
 class HTTPError(Exception):
     """The HTTPError class provides an exception wrapper for HTTP error responses."""
 
-    def __init__(self, http_status_code: int, details: str):
+    def __init__(self, http_status_code: int, details: str, request_id: str = None):
         self._http_status_code = http_status_code
         self._http_details = details
+        self._request_id = request_id
         if details != '':
             parsed = json.loads(details)
         else:
@@ -532,3 +533,11 @@ def code(self) -> str:
     @property
     def message(self):
         return self._message
+
+    @property
+    def request_id(self) -> str:
+        return self._request_id
+
+    @request_id.setter
+    def request_id(self, request_id: str):
+        self._request_id = request_id

test/auth/test_auth_manager.py

@@ -10,7 +10,6 @@
 from splunk_sdk.auth import PKCEAuthManager, ClientAuthManager
 from test.fixtures import get_auth_manager as pkce_auth_manager  # NOQA
 from test.fixtures import get_client_auth_manager as client_auth_manager  # NOQA
-from test.fixtures import get_client_auth_manager_scoped as client_auth_manager_scoped
 from test.fixtures import get_service_principal_auth_manager as service_principal_auth_manager  # NOQA
 
 
@@ -27,10 +26,7 @@ def test_auth_error_properties(pkce_auth_manager):
     try:
         pkce_auth_manager.authenticate()
     except AuthnError as err:
-        assert (err.status != "")
-        assert (err.status is not None)
-        assert (err.server_error_description != "")
-        assert (err.server_error_description is not None)
+        assert (err._response is not None)
         assert (err.request_id != "")
         assert (err.request_id is not None)
     finally:
@@ -41,9 +37,12 @@ def test_refresh_token_authenticate(pkce_auth_manager):
     auth_context = pkce_auth_manager.authenticate()
 
     # use existing token from auth_context
-    refresh_token_mgr = RefreshTokenAuthManager(client_id=os.environ.get('SPLUNK_APP_CLIENT_ID'),
+    refresh_token_mgr = RefreshTokenAuthManager(client_id=os.environ.get('SPLUNK_APP_CLIENT_ID_2'),
                                                 refresh_token=auth_context.refresh_token,
-                                                host=os.environ.get('SPLUNK_AUTH_HOST'))
+                                                tenant_scoped=True,
+                                                tenant=os.environ.get('SPLUNK_TENANT_2'),
+                                                region=os.environ.get('SPLUNK_REGION'),
+                                                host=os.environ.get('SPLUNK_AUTH_HOST_2'))
 
     new_auth_context = refresh_token_mgr.authenticate()
 
@@ -55,9 +54,12 @@ def test_refresh_token_authenticate(pkce_auth_manager):
     assert (new_auth_context.scope is not None)
 
 def test_error_refresh_token_authenticate():
-    refresh_token_mgr = RefreshTokenAuthManager(client_id=os.environ.get('SPLUNK_APP_CLIENT_ID'),
-                                                refresh_token="refresh",
-                                                host=os.environ.get('SPLUNK_AUTH_HOST'))
+    refresh_token_mgr = RefreshTokenAuthManager(client_id=os.environ.get('SPLUNK_APP_CLIENT_ID_2'),
+                                                refresh_token='refresh',
+                                                tenant_scoped=True,
+                                                tenant=os.environ.get('SPLUNK_TENANT_2'),
+                                                region=os.environ.get('SPLUNK_REGION'),
+                                                host=os.environ.get('SPLUNK_AUTH_HOST_2'))
 
     with pytest.raises(AuthnError):
         refresh_token_mgr.authenticate()
@@ -67,11 +69,6 @@ def test_client_credentials_authenticate(client_auth_manager):
     auth_context = client_auth_manager.authenticate()
     _assert_client_credentials_auth_context(auth_context)
 
-@pytest.mark.usefixtures('client_auth_manager_scoped')  # NOQA
-def test_client_credentials_authenticate_scoped(client_auth_manager_scoped):
-    auth_context = client_auth_manager_scoped.authenticate()
-    _assert_client_credentials_auth_context(auth_context)
-
 @pytest.mark.usefixtures('client_auth_manager')  # NOQA
 def test_token_authenticate(client_auth_manager):
     auth_context = client_auth_manager.authenticate()
@@ -93,10 +90,10 @@ def test_token_authenticate(client_auth_manager):
     assert (auth_context.id_token == new_auth_context.id_token)
     assert (auth_context.refresh_token == new_auth_context.refresh_token)
 
-    context = Context(host=os.environ.get("SPLUNK_HOST"), tenant=os.environ.get("SPLUNK_TENANT"))
+    context = Context(host=os.environ.get("SPLUNK_HOST_2"), tenant=os.environ.get("SPLUNK_TENANT_2"))
     base_client = BaseClient(context=context, auth_manager=token_mgr)
     idc = IdentityAndAccessControl(base_client)
-    assert (idc.validate_token().name.lower() == os.environ.get("SPLUNK_APP_CLIENT_CRED_ID").lower())
+    assert (idc.validate_token().name.lower() == os.environ.get("SPLUNK_APP_CLIENT_CRED_ID_2").lower())
 
 
 def test_pkce_requests_hook():
@@ -105,25 +102,34 @@ def test_pkce_requests_hook():
     def test_hook(response, **kwargs):
         responses.append(response)
 
-    PKCEAuthManager(host=os.environ.get('SPLUNK_AUTH_HOST'),
-                    client_id=os.environ.get('SPLUNK_APP_CLIENT_ID'),
+    PKCEAuthManager(host=os.environ.get('SPLUNK_AUTH_HOST_2'),
+                    client_id=os.environ.get('SPLUNK_APP_CLIENT_ID_2'),
                     username=os.environ.get('TEST_USERNAME'),
                     password=os.environ.get('TEST_PASSWORD'),
-                    redirect_uri=os.environ.get('SPLUNK_REDIRECT_URL'),
+                    redirect_uri='https://localhost:8000',
+                    tenant_scoped=True,
+                    tenant=os.environ.get('SPLUNK_TENANT_2'),
+                    region=os.environ.get('SPLUNK_REGION'),
                     requests_hooks=[test_hook]).authenticate()
     assert len(responses) == 4
-    auth_url = 'https://%s' % os.environ.get('SPLUNK_AUTH_HOST')
+    auth_url = 'https://region-%s.%s' % (
+        os.environ.get('SPLUNK_REGION'),
+        os.environ.get('SPLUNK_AUTH_HOST_2'))
+    auth_url_scoped = 'https://%s.%s' % (
+        os.environ.get('SPLUNK_TENANT_2'),
+        os.environ.get('SPLUNK_AUTH_HOST_2'))
     assert responses[0].request.method == 'GET'
     assert responses[0].request.url == '%s/csrfToken' % auth_url
     assert responses[0].status_code == 200
     assert responses[1].request.method == 'POST'
     assert responses[1].request.url == '%s/authn' % auth_url
     assert responses[1].status_code == 200
     assert responses[2].request.method == 'GET'
-    assert responses[2].request.url.startswith('%s/authorize' % auth_url)
+    assert responses[2].request.url.startswith('%s/authorize' % auth_url_scoped)
     assert responses[2].status_code == 302
     assert responses[3].request.method == 'POST'
-    assert responses[3].request.url == '%s/token' % auth_url
+    assert responses[3].request.url == '%s/%s/token' % (
+        auth_url_scoped, os.environ.get('SPLUNK_TENANT_2'))
     assert responses[3].status_code == 200
 
 
@@ -133,11 +139,14 @@ def test_pkce_no_list_hooks():
     def test_hook(*args, **kwargs):
         hook_called.append(True)
 
-    PKCEAuthManager(host=os.environ.get('SPLUNK_AUTH_HOST'),
-                    client_id=os.environ.get('SPLUNK_APP_CLIENT_ID'),
+    PKCEAuthManager(host=os.environ.get('SPLUNK_AUTH_HOST_2'),
+                    client_id=os.environ.get('SPLUNK_APP_CLIENT_ID_2'),
                     username=os.environ.get('TEST_USERNAME'),
                     password=os.environ.get('TEST_PASSWORD'),
-                    redirect_uri=os.environ.get('SPLUNK_REDIRECT_URL'),
+                    redirect_uri='https://localhost:8000',
+                    tenant_scoped=True,
+                    tenant=os.environ.get('SPLUNK_TENANT_2'),
+                    region=os.environ.get('SPLUNK_REGION'),
                     requests_hooks=test_hook).authenticate()
     assert hook_called
 
@@ -148,10 +157,13 @@ def test_client_manager_requests_hook():
     def test_hook(*args, **kwargs):
         hook_called.append(True)
 
-    ClientAuthManager(host=os.environ.get('SPLUNK_AUTH_HOST'),
-                      client_id=os.environ.get('SPLUNK_APP_CLIENT_CRED_ID'),
-                      client_secret=os.environ.get('SPLUNK_APP_CLIENT_CRED_SECRET'),
-                      scope=os.environ.get('SPLUNK_SCOPE'),
+    ClientAuthManager(host=os.environ.get('SPLUNK_AUTH_HOST_2'),
+                      client_id=os.environ.get('SPLUNK_APP_CLIENT_CRED_ID_2'),
+                      client_secret=os.environ.get('SPLUNK_APP_CLIENT_CRED_SECRET_2'),
+                      scope='',
+                      tenant_scoped=True,
+                      tenant=os.environ.get('SPLUNK_TENANT_2'),
+                      region=os.environ.get('SPLUNK_REGION'),
                       requests_hooks=[test_hook]).authenticate()
     assert hook_called
 
@@ -162,11 +174,14 @@ def test_pkce_manager_no_list_hooks():
     def test_hook(*args, **kwargs):
         hook_called.append(True)
 
-    PKCEAuthManager(host=os.environ.get('SPLUNK_AUTH_HOST'),
-                    client_id=os.environ.get('SPLUNK_APP_CLIENT_ID'),
+    PKCEAuthManager(host=os.environ.get('SPLUNK_AUTH_HOST_2'),
+                    client_id=os.environ.get('SPLUNK_APP_CLIENT_ID_2'),
                     username=os.environ.get('TEST_USERNAME'),
                     password=os.environ.get('TEST_PASSWORD'),
-                    redirect_uri=os.environ.get('SPLUNK_REDIRECT_URL'),
+                    redirect_uri='https://localhost:8000',
+                    tenant_scoped=True,
+                    tenant=os.environ.get('SPLUNK_TENANT_2'),
+                    region=os.environ.get('SPLUNK_REGION'),
                     requests_hooks=test_hook).authenticate()
     assert hook_called
 
@@ -186,11 +201,11 @@ def _assert_pkce_auth_context(auth_context):
     assert ('email' in auth_context.scope)
 
 
-def _assert_client_credentials_auth_context(auth_context, expires_in=43200):
+def _assert_client_credentials_auth_context(auth_context, expires_in=None):
     assert (auth_context is not None)
     assert (auth_context.access_token is not None)
-    # assert(auth_context.id_token is None)
-    assert (auth_context.expires_in == expires_in)
+    if expires_in is not None:
+        assert (auth_context.expires_in == expires_in)
     assert (auth_context.token_type == 'Bearer')
     assert (auth_context.refresh_token is None)
     assert (auth_context.scope == 'client_credentials')
@@ -227,7 +242,7 @@ def test_sp_token_authenticate(service_principal_auth_manager):
     assert (auth_context.id_token == new_auth_context.id_token)
     assert (auth_context.refresh_token == new_auth_context.refresh_token)
 
-    context = Context(host=os.environ.get("SPLUNK_HOST"), tenant=os.environ.get("SPLUNK_TENANT"))
+    context = Context(host=os.environ.get("SPLUNK_HOST_2"), tenant=os.environ.get("SPLUNK_TENANT_2"))
     base_client = BaseClient(context=context, auth_manager=token_mgr)
     idc = IdentityAndAccessControl(base_client)
-    assert (idc.validate_token().name.lower() == os.environ.get("SPLUNK_APP_PRINCIPAL_NAME").lower())
+    assert (idc.validate_token().name.lower() == os.environ.get("SPLUNK_APP_PRINCIPAL_NAME_2").lower())