Add impersonate auth apis

mmourafiq · mmourafiq · commit b3806355e5ac · 2019-02-17T19:30:57.000+01:00
diff --git a/polyaxon_client/api/auth.py b/polyaxon_client/api/auth.py
@@ -47,12 +47,17 @@ def get_user(self, token=None):
 
         return self.prepare_results(response_json=user_dict, config=UserConfig)
 
-    def _persist_token(self, token):
+    def _persist_token(self, token, token_path):
         create_polyaxon_tmp()
-        with open(settings.TMP_AUTH_TOKEN_PATH, "w") as config_file:
+        with open(token_path, "w") as config_file:
             config_file.write(json.dumps({settings.SECRET_USER_TOKEN_KEY: token}))
 
-    def _process_token(self, request_url, response, set_token=True, persist_token=False):
+    def _process_token(self,
+                       request_url,
+                       response,
+                       set_token=True,
+                       persist_token=False,
+                       token_path=None):
         try:
             token_dict = response.json()
             response.raise_for_status()
@@ -73,7 +78,7 @@ def _process_token(self, request_url, response, set_token=True, persist_token=Fa
         if set_token:
             self.config.token = token
         if persist_token:
-            self._persist_token(token)
+            self._persist_token(token, token_path)
         return token
 
     def login(self, credentials, set_token=False):
@@ -118,10 +123,72 @@ def login_experiment_ephemeral_token(self,
         token = self._process_token(request_url=request_url,
                                     response=response,
                                     set_token=set_token,
-                                    persist_token=persist_token)
+                                    persist_token=persist_token,
+                                    token_path=settings.TMP_AUTH_TOKEN_PATH)
         # Destroy ephemeral token
         if os.environ.get(settings.SECRET_EPHEMERAL_TOKEN_KEY):
             del os.environ[settings.SECRET_EPHEMERAL_TOKEN_KEY]
         if hasattr(settings, 'SECRET_EPHEMERAL_TOKEN') and settings.SECRET_EPHEMERAL_TOKEN:
             del settings.SECRET_EPHEMERAL_TOKEN
         return token
+
+    def _login_impersonate_token(self,
+                                 request_url,
+                                 internal_token,
+                                 set_token=True,
+                                 persist_token=True):
+        try:
+            response = self.transport.post(
+                request_url,
+                headers={
+                    'Authorization': '{} {}'.format(
+                        AuthenticationTypes.INTERNAL_TOKEN, internal_token)
+                })
+        except requests.ConnectionError:
+            raise PolyaxonHTTPError(
+                request_url,
+                None,
+                "Connection error.",
+                None)
+        token = self._process_token(request_url=request_url,
+                                    response=response,
+                                    set_token=set_token,
+                                    persist_token=persist_token,
+                                    token_path=settings.CONTEXT_AUTH_TOKEN_PATH)
+        return token
+
+    def login_experiment_impersonate_token(self,
+                                           username,
+                                           project_name,
+                                           experiment_id,
+                                           internal_token,
+                                           set_token=True,
+                                           persist_token=True):
+        request_url = self.build_url(self._get_http_url('/'),
+                                     username,
+                                     project_name,
+                                     'experiments',
+                                     experiment_id,
+                                     'imporsonatetoken')
+        return self._login_impersonate_token(request_url=request_url,
+                                             internal_token=internal_token,
+                                             set_token=set_token,
+                                             persist_token=persist_token)
+
+    def login_job_impersonate_token(self,
+                                    username,
+                                    project_name,
+                                    job_id,
+                                    internal_token,
+                                    set_token=True,
+                                    persist_token=True):
+        request_url = self.build_url(self._get_http_url('/'),
+                                     username,
+                                     project_name,
+                                     'jobs',
+                                     job_id,
+                                     'imporsonatetoken')
+        return self._login_impersonate_token(request_url=request_url,
+                                             internal_token=internal_token,
+                                             set_token=set_token,
+                                             persist_token=persist_token)
diff --git a/polyaxon_client/settings.py b/polyaxon_client/settings.py
@@ -10,6 +10,7 @@
 from rhea import RheaError  # noqa
 
 TMP_AUTH_TOKEN_PATH = '/tmp/.polyaxon/.authtoken'
+CONTEXT_AUTH_TOKEN_PATH = '/plx-context/.authtoken'
 CLIENT_CONFIG_PATH = os.path.join(polyaxon_user_path(), '.polyaxonclient')
 CONFIG_PATH = os.path.join(polyaxon_user_path(), '.polyaxonconfig')
 AUTH_PATH = os.path.join(polyaxon_user_path(), '.polyaxonauth')
@@ -25,7 +26,8 @@
 config = rhea.Rhea.read_configs([
     rhea.ConfigSpec(CLIENT_CONFIG_PATH, config_type='.json', check_if_exists=False),
     os.environ,
-    rhea.ConfigSpec(TMP_AUTH_TOKEN_PATH, config_type='.json', check_if_exists=False)
+    rhea.ConfigSpec(TMP_AUTH_TOKEN_PATH, config_type='.json', check_if_exists=False),
+    rhea.ConfigSpec(CONTEXT_AUTH_TOKEN_PATH, config_type='.json', check_if_exists=False)
 ])
 
 IN_CLUSTER = config.get_boolean('POLYAXON_IN_CLUSTER',
diff --git a/tests/test_api/test_auth.py b/tests/test_api/test_auth.py
@@ -1,6 +1,8 @@
 # -*- coding: utf-8 -*-
 from __future__ import absolute_import, division, print_function
 
+import tempfile
+
 import httpretty
 import json
 import os
@@ -18,6 +20,8 @@ class TestAuthApi(TestBaseApi):
 
     def setUp(self):
         super(TestAuthApi, self).setUp()
+        settings.CONTEXT_AUTH_TOKEN_PATH = '{}/{}'.format(tempfile.mkdtemp(), '.authtoken')
+        settings.TMP_AUTH_TOKEN_PATH = '{}/{}'.format(tempfile.mkdtemp(), '.authtoken')
         self.api_handler = AuthApi(transport=self.transport, config=self.api_config)
 
     @httpretty.activate
@@ -136,3 +140,93 @@ def test_login_experiment_ephemeral_token(self):
             ephemeral_token='foo',
             set_token=True,
             persist_token=True)
+
+    @httpretty.activate
+    def test_login_experiment_impersonate_token(self):
+        token = uuid.uuid4().hex
+        httpretty.register_uri(
+            httpretty.POST,
+            BaseApiHandler.build_url(
+                self.api_config.base_url,
+                '/',
+                'user',
+                'project',
+                'experiments',
+                '1',
+                'imporsonatetoken'
+            ),
+            body=json.dumps({'token': token}),
+            content_type='application/json', status=200)
+
+        # Login without updating the token and without persistence
+        if os.path.exists(settings.CONTEXT_AUTH_TOKEN_PATH):
+            os.remove(settings.CONTEXT_AUTH_TOKEN_PATH)
+        assert self.api_config.token == 'token'
+        assert token == self.api_handler.login_experiment_impersonate_token(
+            username='user',
+            project_name='project',
+            experiment_id=1,
+            internal_token='foo',
+            set_token=False,
+            persist_token=False)
+        assert self.api_config.token == 'token'
+        assert os.path.exists(settings.CONTEXT_AUTH_TOKEN_PATH) is False
+
+        # Login and update the token and persistence
+        if os.path.exists(settings.CONTEXT_AUTH_TOKEN_PATH):
+            os.remove(settings.CONTEXT_AUTH_TOKEN_PATH)
+        assert self.api_config.token == 'token'
+        assert token == self.api_handler.login_experiment_impersonate_token(
+            username='user',
+            project_name='project',
+            experiment_id=1,
+            internal_token='foo',
+            set_token=True,
+            persist_token=True)
+        assert self.api_config.token == token
+        assert os.path.exists(settings.CONTEXT_AUTH_TOKEN_PATH) is True
+
+    @httpretty.activate
+    def test_login_job_impersonate_token(self):
+        token = uuid.uuid4().hex
+        httpretty.register_uri(
+            httpretty.POST,
+            BaseApiHandler.build_url(
+                self.api_config.base_url,
+                '/',
+                'user',
+                'project',
+                'jobs',
+                '1',
+                'imporsonatetoken'
+            ),
+            body=json.dumps({'token': token}),
+            content_type='application/json', status=200)
+
+        # Login without updating the token and without persistence
+        if os.path.exists(settings.CONTEXT_AUTH_TOKEN_PATH):
+            os.remove(settings.CONTEXT_AUTH_TOKEN_PATH)
+        assert self.api_config.token == 'token'
+        assert token == self.api_handler.login_job_impersonate_token(
+            username='user',
+            project_name='project',
+            job_id=1,
+            internal_token='foo',
+            set_token=False,
+            persist_token=False)
+        assert self.api_config.token == 'token'
+        assert os.path.exists(settings.CONTEXT_AUTH_TOKEN_PATH) is False
+
+        # Login and update the token and persistence
+        if os.path.exists(settings.CONTEXT_AUTH_TOKEN_PATH):
+            os.remove(settings.CONTEXT_AUTH_TOKEN_PATH)
+        assert self.api_config.token == 'token'
+        assert token == self.api_handler.login_job_impersonate_token(
+            username='user',
+            project_name='project',
+            job_id=1,
+            internal_token='foo',
+            set_token=True,
+            persist_token=True)
+        assert self.api_config.token == token
+        assert os.path.exists(settings.CONTEXT_AUTH_TOKEN_PATH) is True
diff --git a/tests/test_polyaxon_client.py b/tests/test_polyaxon_client.py
@@ -2,6 +2,7 @@
 from __future__ import absolute_import, division, print_function
 
 import os
+import tempfile
 
 from unittest import TestCase
 
@@ -24,10 +25,10 @@
 
 
 class TestPolyaxonClient(TestCase):
-    def tearDown(self):
-        super(TestPolyaxonClient, self).tearDown()
-        if os.path.exists(settings.TMP_AUTH_TOKEN_PATH):
-            os.remove(settings.TMP_AUTH_TOKEN_PATH)
+
+    def setUp(self):
+        super(TestPolyaxonClient, self).setUp()
+        settings.CONTEXT_AUTH_TOKEN_PATH = '{}/{}'.format(tempfile.mkdtemp(), '.authtoken')
 
     def test_client(self):
         settings.SECRET_USER_TOKEN = None
