Add build_from_cf_config() to use cf login credentials (#175)

svenXY · web-flow · commit 6186be6cb9ab · 2022-07-08T18:25:14.000+02:00
* Add build_from_cf_config() to allow using credentials from a previous cf login Authored-by: Sven Hergenhahn <sven.hergenhahn@dm.de> See #172
diff --git a/README.rst b/README.rst
@@ -73,6 +73,19 @@ To instantiate the client, nothing easier
     client.refresh_token = 'refresh-token'
     client._access_token = 'access-token'
 
+You can also instantiate the client by reading the config file generated by `cf login`, which allows for authenticating via SSO and LDAP:
+
+.. code-block:: python
+
+    # init with endpoint & token from the cf cli config file
+    from cloudfoundry_client.client import CloudFoundryClient
+
+    # use the default file, i.e. ~/.cf/config.json
+    client = CloudFoundryClient.build_from_cf_config()
+    # or specify an alternative path
+    # - other kwargs can be passed through to CloudFoundryClient instantiation
+    client = CloudFoundryClient.build_from_cf_config(config_path="some/path/config.json", proxy=proxy, verify=False)
+
 It can also be instantiated with oauth code flow if you possess a dedicated oauth application with its redirection
 
 .. code-block:: python
diff --git a/main/cloudfoundry_client/client.py b/main/cloudfoundry_client/client.py
@@ -1,4 +1,6 @@
 import logging
+from pathlib import Path
+import json
 from http import HTTPStatus
 from typing import Optional
 
@@ -120,8 +122,8 @@ def __init__(self, target_endpoint: str, credential_manager: "CloudFoundryClient
 
 class CloudFoundryClient(CredentialManager):
     def __init__(self, target_endpoint: str, client_id: str = "cf", client_secret: str = "", **kwargs):
-        """ "
-        :param target_endpoint :the target endpoint
+        """
+        :param target_endpoint :the target endpoint.
         :param client_id: the client_id
         :param client_secret: the client secret
         :param proxy: a dict object with entries http and https
@@ -206,6 +208,19 @@ def _get_info(self, target_endpoint: str, proxy: Optional[dict] = None, verify:
             log_stream.get("href") if log_stream is not None else None,
         )
 
+    @staticmethod
+    def build_from_cf_config(config_path: Optional[str] = None, **kwargs) -> 'CloudFoundryClient':
+        config = Path(config_path) if config_path else Path.home() / '.cf/config.json'
+        try:
+            with open(config) as f:
+                cf_config = json.load(f)
+        except Exception as e:
+            _logger.critical('Could not retrieve cf config: %s', e)
+            raise
+        client = CloudFoundryClient(cf_config['Target'], **kwargs)
+        client.init_with_token(cf_config['RefreshToken'])
+        return client
+
     @staticmethod
     def _resolve_login_endpoint(root_links):
         return (root_links.get("login") or root_links.get("uaa") or root_links.get("self"))["href"]
diff --git a/test/test_client.py b/test/test_client.py
@@ -1,4 +1,5 @@
 import json
+from os import remove as file_remove
 import unittest
 from http import HTTPStatus
 from unittest.mock import patch
@@ -89,6 +90,34 @@ def test_refresh_request_with_token_format_opaque(self):
                 verify=True,
             )
 
+    def test_refresh_request_with_token_from_cf_config(self):
+        requests = FakeRequests()
+        session = MockSession()
+        proxy = dict(http='', https='')
+        cf_config_file_content = {"Target": self.TARGET_ENDPOINT, "RefreshToken": "refresh-token"}
+        with open("config.json", "w", encoding="utf-8") as f:
+            json.dump(cf_config_file_content, f, ensure_ascii=False, indent=4)
+        with patch("oauth2_client.credentials_manager.requests", new=requests), patch(
+            "cloudfoundry_client.client.requests", new=requests
+        ):
+            requests.Session.return_value = session
+            self._mock_info_calls(requests)
+            requests.post.return_value = MockResponse(
+                "%s/oauth/token" % self.AUTHORIZATION_ENDPOINT,
+                status_code=HTTPStatus.OK.value,
+                text=json.dumps(dict(access_token="access-token", refresh_token="refresh-token")),
+            )
+            client = CloudFoundryClient.build_from_cf_config("config.json", proxy=proxy, verify=True)  # noqa: F841
+            file_remove('config.json')
+            self.assertEqual("Bearer access-token", session.headers.get("Authorization"))
+            requests.post.assert_called_with(
+                requests.post.return_value.url,
+                data=dict(grant_type="refresh_token", scope="", refresh_token="refresh-token"),
+                headers=dict(Accept="application/json", Authorization="Basic Y2Y6"),
+                proxies=proxy,
+                verify=True,
+            )
+
     def test_grant_password_request_with_login_hint(self):
         requests = FakeRequests()
         session = MockSession()
