addressed review comments

vmware · Aug 22, 2024 · 4b31def · 4b31def
1 parent a73ff4b
commit 4b31def
Show file tree

Hide file tree

Showing 5 changed files with 64 additions and 61 deletions.
diff --git a/projects/vdk-plugins/vdk-kerberos-auth/src/vdk/plugin/kerberos/kerberos_configuration.py b/projects/vdk-plugins/vdk-kerberos-auth/src/vdk/plugin/kerberos/kerberos_configuration.py
@@ -19,7 +19,7 @@
 KERBEROS_KDC_HOST = "KERBEROS_KDC_HOST"
 KRB_AUTH_FAIL_FAST = "KRB_AUTH_FAIL_FAST"
 API_SERVER_KERBEROS_SERVICE_NAME = "API_SERVER_KERBEROS_SERVICE_NAME"
-
+DISABLE_KERBEROS_LOGIN = "DISABLE_KERBEROS_LOGIN"
 
 class KerberosPluginConfiguration:
     def __init__(
@@ -86,6 +86,9 @@ def auth_fail_fast(self) -> bool:
     def api_server_kerberos_service_name(self) -> str:
         return self.__config.get_value(API_SERVER_KERBEROS_SERVICE_NAME)
 
+    def disable_kerberos_plugin(self):
+        return self.__config.get_value(DISABLE_KERBEROS_LOGIN).lower() == "true"
+
 
 def add_definitions(config_builder: ConfigurationBuilder) -> None:
     config_builder.add(

diff --git a/projects/vdk-plugins/vdk-kerberos-auth/src/vdk/plugin/kerberos/kerberos_plugin.py b/projects/vdk-plugins/vdk-kerberos-auth/src/vdk/plugin/kerberos/kerberos_plugin.py
@@ -1,7 +1,6 @@
 # Copyright 2023-2024 Broadcom
 # SPDX-License-Identifier: Apache-2.0
 import logging
-import os
 from typing import List
 
 from vdk.api.plugin.hook_markers import hookimpl
@@ -57,11 +56,11 @@ def vdk_configure(config_builder: ConfigurationBuilder) -> None:
 
     @hookimpl
     def vdk_initialize(self, context: CoreContext) -> None:
-        if context.configuration.get_value("DISABLE_KERBEROS_LOGIN"):
-            return
         kerberos_configuration = KerberosPluginConfiguration(
             None, None, context.configuration
         )
+        if kerberos_configuration.disable_kerberos_plugin():
+            return
         if (
             kerberos_configuration.keytab_filename()
             and kerberos_configuration.keytab_principal()
@@ -79,11 +78,12 @@ def initialize_job(self, context: JobContext) -> None:
         This is called during vdk run (job execution) and here we know the job directory
         and can try to infer where the keytab file is.
         """
-        if context.core_context.configuration.get_value("DISABLE_KERBEROS_LOGIN"):
-            return
         kerberos_configuration = KerberosPluginConfiguration(
             context.name, str(context.job_directory), context.core_context.configuration
         )
+        if kerberos_configuration.disable_kerberos_plugin():
+            return
+
         self.__attempt_kerberos_authentication(kerberos_configuration)
 
 

diff --git a/projects/vdk-plugins/vdk-oauth-auth/README.md b/projects/vdk-plugins/vdk-oauth-auth/README.md
@@ -1,5 +1,5 @@
 
-The plugin provides GSSAPI Kerberos authentication on data job startup. The plugin also adds Kerberos/GSSAPI support for HTTP requests.
+The plugin provides Oauth authentication on data job startup.
 
 # Usage
 
@@ -13,7 +13,7 @@ pip install vdk-oauth-auth
 
 The following environment variables can be used to configure this plugin:
 
-| name                | description                                   |
-|---------------------|-----------------------------------------------|
-| `CLIENT_ID`         | Client id to fetch access token from CSP.     |
-| `CLIENT_SECRET`     | Client secret to fetch access token from CSP. |
+| name                 | description                                   |
+|----------------------|-----------------------------------------------|
+| `TEAM_CLIENT_ID`     | Client id to fetch access token from CSP.     |
+| `TEAM_CLIENT_SECRET` | Client secret to fetch access token from CSP. |
diff --git a/projects/vdk-plugins/vdk-oauth-auth/src/vdk/plugin/oauth/oauth_configuration.py b/projects/vdk-plugins/vdk-oauth-auth/src/vdk/plugin/oauth/oauth_configuration.py
@@ -1,11 +1,18 @@
 # Copyright 2024-2025 Broadcom
 # SPDX-License-Identifier: Apache-2.0
 from vdk.internal.core.config import Configuration
-from vdk.internal.core.config import ConfigurationBuilder
 
 
 CLIENT_ID = "CLIENT_ID"
 CLIENT_SECRET = "CLIENT_SECRET"
+TEAM_CLIENT_ID = "TEAM_CLIENT_ID"
+TEAM_CLIENT_SECRET = "TEAM_CLIENT_SECRET"
+CONTROL_SERVICE_REST_API_URL = "CONTROL_SERVICE_REST_API_URL"
+API_TOKEN_AUTHORIZATION_URL = "API_TOKEN_AUTHORIZATION_URL"
+TEAM_OAUTH_AUTHORIZE_URL = "TEAM_OAUTH_AUTHORIZE_URL"
+CSP_ACCESS_TOKEN = "CSP_ACCESS_TOKEN"
+DISABLE_OAUTH_LOGIN = "DISABLE_OAUTH_LOGIN"
+Team = "TEAM"
 
 
 class OauthPluginConfiguration:
@@ -15,21 +22,26 @@ def __init__(
     ):
         self.__config = config
 
-    def client_id(self):
-        return self.__config.get_value(CLIENT_ID)
+    def team(self):
+        return self.__config.get_value(Team)
 
-    def client_secret(self):
-        return self.__config.get_value(CLIENT_SECRET)
+    def team_client_id(self):
+        return self.__config.get_value(TEAM_CLIENT_ID)
 
+    def team_client_secret(self):
+        return self.__config.get_value(TEAM_CLIENT_SECRET)
 
-def add_definitions(config_builder: ConfigurationBuilder) -> None:
-    config_builder.add(
-        key=CLIENT_ID,
-        default_value=None,
-        description="client id for oauth authentication",
-    )
-    config_builder.add(
-        key=CLIENT_SECRET,
-        default_value=None,
-        description="client secret for oauth authentication",
-    )
+    def control_service_rest_api_url(self):
+        return self.__config.get_value(CONTROL_SERVICE_REST_API_URL)
+
+    def api_token_authorization_url(self):
+        return self.__config.get_value(API_TOKEN_AUTHORIZATION_URL)
+
+    def team_oauth_authorize_url(self):
+        return self.__config.get_value(TEAM_OAUTH_AUTHORIZE_URL)
+
+    def csp_access_token(self):
+        return self.__config.get_value(CSP_ACCESS_TOKEN)
+
+    def disable_oauth_plugin(self):
+        return self.__config.get_value(DISABLE_OAUTH_LOGIN).lower() == "true"
diff --git a/projects/vdk-plugins/vdk-oauth-auth/src/vdk/plugin/oauth/oauth_plugin.py b/projects/vdk-plugins/vdk-oauth-auth/src/vdk/plugin/oauth/oauth_plugin.py
@@ -14,19 +14,14 @@
 from vdk.internal.core.config import ConfigurationBuilder
 from vdk.internal.core.context import CoreContext
 from vdk.plugin.control_api_auth.auth_config import LocalFolderCredentialsCache
-from vdk.plugin.oauth.oauth_configuration import add_definitions
+from vdk.plugin.oauth.oauth_configuration import OauthPluginConfiguration
+
 
 log = logging.getLogger(__name__)
 
-CLIENT_ID = "CLIENT_ID"
-CLIENT_SECRET = "CLIENT_SECRET"
 TEAM_CLIENT_ID = "TEAM_CLIENT_ID"
 TEAM_CLIENT_SECRET = "TEAM_CLIENT_SECRET"
-CONTROL_SERVICE_REST_API_URL = "CONTROL_SERVICE_REST_API_URL"
-API_TOKEN_AUTHORIZATION_URL = "API_TOKEN_AUTHORIZATION_URL"
-CSP_AUTHORIZATION_URL = "CSP_AUTHORIZATION_URL"
 CSP_ACCESS_TOKEN = "CSP_ACCESS_TOKEN"
-DISABLE_OAUTH_LOGIN = "DISABLE_OAUTH_LOGIN"
 
 
 class OauthPlugin:
@@ -36,18 +31,16 @@ def __init__(self):
         self.team_name = None
         self.is_oauth_creds_available = False
 
-    def __attempt_oauth_authentication(self, context: JobContext):
+    def __attempt_oauth_authentication(self,  oauth_configuration : OauthPluginConfiguration):
         original_string = (
-            context.core_context.configuration.get_value(CLIENT_ID)
-            + ":"
-            + context.core_context.configuration.get_value(CLIENT_SECRET)
+            oauth_configuration.team_client_id() + ":" + oauth_configuration.team_client_secret()
         )
 
         # Encoding
         encoded_bytes = base64.b64encode(original_string.encode("utf-8"))
         encoded_string = encoded_bytes.decode("utf-8")
 
-        url = context.core_context.configuration.get_value(CSP_AUTHORIZATION_URL)
+        url = oauth_configuration.team_oauth_authorize_url()
         headers = {
             "Authorization": "Basic " + encoded_string,
             "Content-Type": "application/x-www-form-urlencoded",
@@ -61,20 +54,21 @@ def __attempt_oauth_authentication(self, context: JobContext):
     @staticmethod
     @hookimpl
     def vdk_configure(config_builder: ConfigurationBuilder) -> None:
-        add_definitions(config_builder)
+        pass
 
     @hookimpl
     def vdk_initialize(self, context: CoreContext) -> None:
         """
         Check if Oauth enabled
         """
-        disable_oauth = os.getenv(DISABLE_OAUTH_LOGIN).lower() == "true"
-        if disable_oauth:
+        oauth_configuration = OauthPluginConfiguration(context.configuration)
+
+        if oauth_configuration.disable_oauth_plugin():
             return
         # Scenario: data job running in cloud has oauth creds present
         if (
-            os.getenv(TEAM_CLIENT_ID) is not None
-            and os.getenv(TEAM_CLIENT_SECRET) is not None
+            oauth_configuration.team_client_id() is not None
+            and oauth_configuration.team_client_secret() is not None
         ):
             self.is_oauth_creds_available = True
             return
@@ -83,28 +77,21 @@ def vdk_initialize(self, context: CoreContext) -> None:
         credentials = credentials_cache.read_credentials()
         credentials = json.loads(credentials.replace("'", '"'))
         self.access_token = credentials.get("access_token")
-        self.control_service_rest_api_url = context.configuration.get_value(
-            CONTROL_SERVICE_REST_API_URL
-        )
-        self.team_name = context.configuration.get_value("team")
+        self.control_service_rest_api_url = oauth_configuration.control_service_rest_api_url()
+        self.team_name = oauth_configuration.team()
 
     @hookimpl(tryfirst=True)
     def initialize_job(self, context: JobContext) -> None:
         """
         This is called during vdk run (job execution)
         Check if Oauth enabled
         """
-        disable_oauth = os.getenv(DISABLE_OAUTH_LOGIN).lower() == "true"
-        if disable_oauth:
+        oauth_configuration = OauthPluginConfiguration(context.core_context.configuration)
+
+        if oauth_configuration.disable_oauth_plugin():
             return
-        if self.is_oauth_creds_available:
-            context.core_context.configuration.override_value(
-                "client_id", os.getenv(TEAM_CLIENT_ID)
-            )
-            context.core_context.configuration.override_value(
-                "client_secret", os.getenv(TEAM_CLIENT_SECRET)
-            )
-        else:
+
+        if not self.is_oauth_creds_available:
             # Enter a context with an instance of the API client
             configuration = taurus_datajob_api.Configuration(
                 host=self.control_service_rest_api_url,
@@ -124,14 +111,15 @@ def initialize_job(self, context: JobContext) -> None:
                     )
                     raise e
             oauth_creds = oauth_creds.to_dict()
+
             context.core_context.configuration.override_value(
-                "client_id", oauth_creds.get("clientId")
+                TEAM_CLIENT_ID, oauth_creds.get("clientId")
             )
             context.core_context.configuration.override_value(
-                "client_secret", oauth_creds.get("clientSecret")
+                TEAM_CLIENT_SECRET, oauth_creds.get("clientSecret")
             )
 
-        self.__attempt_oauth_authentication(context)
+        self.__attempt_oauth_authentication(oauth_configuration)
 
 
 @hookimpl