Add region scoping and system tenant checks

shilpabijam · shilpabijam · commit 62cec69baba1 · 2021-03-29T17:07:07.000Z
diff --git a/splunk_sdk/auth/auth_manager.py b/splunk_sdk/auth/auth_manager.py
@@ -193,12 +193,28 @@ def _post(self, url, auth=None, headers=None, data=None, cookies=None):
         return response
 
     def _url(self, path):
-        if self._tenant_scoped is True and self._tenant is not None and self._tenant != "system":
-            self._host = self._tenant + "." + self._host
-            # generate tenant scoped token
-            os.path.join("/", self._tenant, path)
-        # ToDo:Region+system scoped tokens will be added once implementation details are finalized in multi-cell
-        # else:
+        if self._tenant_scoped is True:
+            if self._tenant is None:
+                raise ValueError("Tenant is empty.")
+            elif self._region is None:
+                raise ValueError("Region is empty.")
+            elif "token" in path and self._tenant != "system":
+                self._host = self._tenant + "." + self._host
+                # generate tenant scoped token
+                path = "/" + self._tenant + path
+            elif "token" in path and self._tenant == "system":
+                self._host = "region-" + self._region + "." + self._host
+                # generate system scoped token
+                path = "/system" + path
+            elif "authorize" in path and self._tenant != "system":
+                self._host = self._tenant + "." + self._host
+            elif "authorize" in path and self._tenant == "system":
+                self._host = "region-" + self._region + "." + self._host
+            elif "csrfToken" in path:
+                self._host = "region-" + self._region + "." + self._host
+            elif "authn" in path:
+                self._host = "region-" + self._region + "." + self._host
+
         print("https://%s%s" % (self._host, path))
         return "https://%s%s" % (self._host, path)
 
diff --git a/splunk_sdk/base_client.py b/splunk_sdk/base_client.py
@@ -240,6 +240,8 @@ def build_url(self, route: str, **kwargs) -> str:
         """
         if self.context.tenant_scoped is True and self.context.tenant != "system" and route.startswith("/system") is False:
             url = self.context.scheme + "://" + self.context.tenant + "." + self.context.host
+        elif self.context.tenant_scoped is True and route.startswith("/system/") and self.context.region is None:
+            raise ValueError("Invalid value for `region`, must not be `None`")
         elif self.context.tenant_scoped is True and route.startswith("/system/") and self.context.region is not None:
             url = self.context.scheme + "://region-" + self.context.region + "." + self.context.host
         else:
diff --git a/test/auth/test_auth_manager.py b/test/auth/test_auth_manager.py
@@ -67,7 +67,7 @@ def test_client_credentials_authenticate(client_auth_manager):
     auth_context = client_auth_manager.authenticate()
     _assert_client_credentials_auth_context(auth_context)
 
-@pytest.mark.usefixtures('client_auth_manager')  # NOQA
+@pytest.mark.usefixtures('client_auth_manager_scoped')  # NOQA
 def test_client_credentials_authenticate_scoped(client_auth_manager_scoped):
     auth_context = client_auth_manager_scoped.authenticate()
     _assert_client_credentials_auth_context(auth_context)
