Merge pull request #223 from ianunruh/adapter_pattern

jeffwecan · web-flow · commit fa44c68a7ad1 · 2018-07-19T06:45:56.000-05:00
Breakout Requests Functionality to New Adapter Module
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,12 +2,17 @@
 
 ## 0.6.2 (UNRELEASED)
 
+BACKWARDS COMPATIBILITY NOTICE:
+
+* With the newly added `hvac.adapters.Request` class, request kwargs can no longer be directly modified via the `_kwargs` attribute on the `Client` class. If runtime modifications to this dictionary are required, callers either need to explicitly pass in a new `adapter` instance with the desired settings via the `adapter` propery on the `Client` class *or* access the `_kwargs` property via the `adapter` property on the `Client` class.
+
 IMPROVEMENTS:
 
 * sphinx documentation and [readthedocs.io project](https://hvac.readthedocs.io/en/latest/) added. [GH-222]
 * README.md included in setuptools metadata. [GH-222]
 * All `tune_secret_backend()` parameters now accepted. [GH-215]
 * Add `read_lease()` method [GH-218]
+* Added adapter module with `Request` class to abstract HTTP requests away from the `Client` class. [GH-223]
 
 Thanks to @bbayszczak, @jvanbrunschot-coolblue for their lovely contributions.
 
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -16,3 +16,10 @@ the latest `vault` binary is available in your `PATH`.
 ### Examples
 
 Example code or general guides for methods in this module can be added under [docs/examples](docs/examples).
+
+## Backwards Compatibility Breaking Changes
+
+Due to the close connection between this module and HashiCorp Vault versions, breaking changes are sometimes required. This can also occur as part of code refactoring to enable improvements in the module generally. In these cases:
+
+* A deprecation notice should be displayed to callers of the module until the minor revision +2. E.g., a notice added in version 0.6.2 could see the marked method / functionality removed in version 0.8.0.
+* Breaking changes should be called out in the [CHANGELOG.md](CHANGELOG.md) for the affected version.
diff --git a/docs/advanced_usage.rst b/docs/advanced_usage.rst
@@ -0,0 +1,11 @@
+Advanced Usage
+==============
+
+Custom Requests / HTTP Adapter
+------------------------------
+
+.. versionadded:: 0.6.3
+
+Calls to the `requests module`_. (which provides the methods hvac utilizes to send HTTP/HTTPS request to Vault instances) were extracted from the :class:`Client <hvac.v1.Client>` class and moved to a newly added :meth:`hvac.adapters` module. The :class:`Client <hvac.v1.Client>` class itself defaults to an instance of the :class:`Request <hvac.adapters.Request>` class for its :attr:`_adapter <hvac.v1.Client._adapter>` private attribute attribute if no adapter argument is provided to its :meth:`constructor <hvac.v1.Client.__init__>`. This attribute provides an avenue for modifying the manner in which hvac completes request. To enable this type of customization, implement a class of type :meth:`hvac.adapters.Adapter`, override its abstract methods, and pass an instance of this custom class to the adapter argument of the :meth:`Client constructor <hvac.v1.Client.__init__>`
+
+.. _requests module: http://requests.readthedocs.io/en/master/
diff --git a/docs/conf.py b/docs/conf.py
@@ -67,4 +67,17 @@
 # A list of files that should not be packed into the epub file.
 epub_exclude_files = ['search.html']
 
-# -- Extension configuration -------------------------------------------------
+# -- Autodoc configuration -------------------------------------------------
+
+
+def skip(app, what, name, obj, skip, options):
+    """Method to override default autodoc skip call. Ensures class constructor (e.g., __init__()) methods are included
+    regardless of if private methods are included in the documentation generally.
+    """
+    if name == "__init__":
+        return False
+    return skip
+
+
+def setup(app):
+    app.connect("autodoc-skip-member", skip)
diff --git a/docs/examples/system_backend.rst b/docs/examples/system_backend.rst
@@ -109,6 +109,8 @@ View and Manage Leases
 
 Read a lease:
 
+.. versionadded:: 0.6.3
+
 .. code-block:: python
 
     >>> client.read_lease(lease_id='pki/issue/my-role/d05138a2-edeb-889d-db98-2057ecd5138f')
diff --git a/docs/index.rst b/docs/index.rst
@@ -11,6 +11,7 @@ Source code repository hosted at `github.com/ianunruh/hvac`_.
 
    Readme <readme>
    Examples <examples/examples>
+   advanced_usage
    source/hvac
    contributing
    changelog
diff --git a/docs/source/hvac.rst b/docs/source/hvac.rst
@@ -9,6 +9,14 @@ hvac.v1.Client
     :undoc-members:
     :show-inheritance:
 
+hvac.utils
+----------------------
+
+.. automodule:: hvac.utils
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
 hvac.aws\_utils
 ----------------------
 
@@ -17,6 +25,14 @@ hvac.aws\_utils
     :undoc-members:
     :show-inheritance:
 
+hvac.adapters
+----------------------
+
+.. automodule:: hvac.adapters
+    :members:
+    :undoc-members:
+    :show-inheritance:
+
 hvac.exceptions
 ----------------------
 
diff --git a/hvac/adapters.py b/hvac/adapters.py
@@ -0,0 +1,203 @@
+# coding=utf-8
+"""
+HTTP Client Library Adapters
+
+"""
+import logging
+
+import requests
+import requests.exceptions
+
+from hvac import utils
+from abc import ABCMeta, abstractmethod
+
+logger = logging.getLogger(__name__)
+
+
+class Adapter(object):
+    """Abstract base class used when constructing adapters for use with the Client class."""
+    __metaclass__ = ABCMeta
+
+    @staticmethod
+    def urljoin(*args):
+        """Joins given arguments into a url. Trailing and leading slashes are stripped for each argument.
+
+        :param args: Multiple parts of a URL to be combined into one string.
+        :type args: str
+        :return: Full URL combining all provided arguments
+        :rtype: str
+        """
+
+        return '/'.join(map(lambda x: str(x).strip('/'), args))
+
+    @abstractmethod
+    def close(self):
+        raise NotImplemented
+
+    @abstractmethod
+    def get(self, url, **kwargs):
+        raise NotImplemented
+
+    @abstractmethod
+    def post(self, url, **kwargs):
+        raise NotImplemented
+
+    @abstractmethod
+    def put(self, url, **kwargs):
+        raise NotImplemented
+
+    @abstractmethod
+    def delete(self, url, **kwargs):
+        raise NotImplemented
+
+    @abstractmethod
+    def request(self, method, url, headers=None, **kwargs):
+        raise NotImplemented
+
+
+class Request(Adapter):
+    """The Request adapter class"""
+
+    def __init__(self, base_uri='http://localhost:8200', token=None, cert=None, verify=True, timeout=30, proxies=None,
+                 allow_redirects=True, session=None):
+        """Create a new request adapter instance.
+
+        :param base_uri: Base URL for the Vault instance being addressed.
+        :type base_uri: str
+        :param token: Authentication token to include in requests sent to Vault.
+        :type token: str
+        :param cert: Certificates for use in requests sent to the Vault instance. This should be a tuple with the
+            certificate and then key.
+        :type cert: tuple
+        :param verify: Flag to indicate whether TLS verification should be performed when sending requests to Vault.
+        :type verify: bool
+        :param timeout: The timeout value for requests sent to Vault.
+        :type timeout: int
+        :param proxies: Proxies to use when preforming requests.
+            See: http://docs.python-requests.org/en/master/user/advanced/#proxies
+        :type proxies: dict
+        :param allow_redirects: Whether to follow redirects when sending requests to Vault.
+        :type allow_redirects: bool
+        :param session: Optional session object to use when performing request.
+        :type session: request.Session
+        """
+        if not session:
+            session = requests.Session()
+
+        self.base_uri = base_uri
+        self.token = token
+        self.session = session
+        self.allow_redirects = allow_redirects
+
+        self._kwargs = {
+            'cert': cert,
+            'verify': verify,
+            'timeout': timeout,
+            'proxies': proxies,
+        }
+
+    def close(self):
+        """Close the underlying Requests session.
+        """
+        self.session.close()
+
+    def get(self, url, **kwargs):
+        """Performs a GET request.
+
+        :param url: Partial URL path to send the request to. This will be joined to the end of the instance's base_uri
+            attribute.
+        :type url: str
+        :param kwargs: Additional keyword arguments to include in the requests call.
+        :type kwargs: dict
+        :return: The response of the request.
+        :rtype: requests.Response
+        """
+        return self.request('get', url, **kwargs)
+
+    def post(self, url, **kwargs):
+        """Performs a POST request.
+
+        :param url: Partial URL path to send the request to. This will be joined to the end of the instance's base_uri
+            attribute.
+        :type url: str
+        :param kwargs: Additional keyword arguments to include in the requests call.
+        :type kwargs: dict
+        :return: The response of the request.
+        :rtype: requests.Response
+        """
+        return self.request('post', url, **kwargs)
+
+    def put(self, url, **kwargs):
+        """Performs a PUT request.
+
+        :param url: Partial URL path to send the request to. This will be joined to the end of the instance's base_uri
+            attribute.
+        :type url: str
+        :param kwargs: Additional keyword arguments to include in the requests call.
+        :type kwargs: dict
+        :return: The response of the request.
+        :rtype: requests.Response
+        """
+        return self.request('put', url, **kwargs)
+
+    def delete(self, url, **kwargs):
+        """Performs a DELETE request.
+
+        :param url: Partial URL path to send the request to. This will be joined to the end of the instance's base_uri
+            attribute.
+        :type url: str
+        :param kwargs: Additional keyword arguments to include in the requests call.
+        :type kwargs: dict
+        :return: The response of the request.
+        :rtype: requests.Response
+        """
+        return self.request('delete', url, **kwargs)
+
+    def request(self, method, url, headers=None, **kwargs):
+        """
+
+        :param method: HTTP method to use with the request. E.g., GET, POST, etc.
+        :type method: str
+        :param url: Partial URL path to send the request to. This will be joined to the end of the instance's base_uri
+            attribute.
+        :type url: str
+        :param headers: Additional headers to include with the request.
+        :type headers: dict
+        :param kwargs: Additional keyword arguments to include in the requests call.
+        :type kwargs: dict
+        :return: The response of the request.
+        :rtype: requests.Response
+        """
+        url = self.urljoin(self.base_uri, url)
+
+        if not headers:
+            headers = {}
+
+        if self.token:
+            headers['X-Vault-Token'] = self.token
+
+        wrap_ttl = kwargs.pop('wrap_ttl', None)
+        if wrap_ttl:
+            headers['X-Vault-Wrap-TTL'] = str(wrap_ttl)
+
+        _kwargs = self._kwargs.copy()
+        _kwargs.update(kwargs)
+
+        response = self.session.request(method, url, headers=headers,
+                                        allow_redirects=False, **_kwargs)
+
+        # NOTE(ianunruh): workaround for https://github.com/ianunruh/hvac/issues/51
+        while response.is_redirect and self.allow_redirects:
+            url = self.urljoin(self.base_uri, response.headers['Location'])
+            response = self.session.request(method, url, headers=headers,
+                                            allow_redirects=False, **_kwargs)
+
+        if response.status_code >= 400 and response.status_code < 600:
+            text = errors = None
+            if response.headers.get('Content-Type') == 'application/json':
+                errors = response.json().get('errors')
+            if errors is None:
+                text = response.text
+            utils.raise_for_error(response.status_code, text, errors=errors)
+
+        return response
diff --git a/hvac/aws_utils.py b/hvac/aws_utils.py
@@ -1,6 +1,7 @@
 import hmac
 from datetime import datetime
 from hashlib import sha256
+import requests
 
 
 class SigV4Auth(object):
@@ -40,3 +41,28 @@ def add_auth(self, request):
         authorization = '{0} Credential={1}/{2}, SignedHeaders={3}, Signature={4}'.format(
             algorithm, self.access_key, credential_scope, signed_headers, signature)
         request.headers['Authorization'] = authorization
+
+
+def generate_sigv4_auth_request(header_value=None):
+    """Helper function to prepare a AWS API request to subsequently generate a "AWS Signature Version 4" header.
+
+    :param header_value: Vault allows you to require an additional header, X-Vault-AWS-IAM-Server-ID, to be present
+        to mitigate against different types of replay attacks. Depending on the configuration of the AWS auth
+        backend, providing a argument to this optional parameter may be required.
+    :type header_value: str
+    :return: A PreparedRequest instance, optionally containing the provided header value under a
+        'X-Vault-AWS-IAM-Server-ID' header name pointed to AWS's simple token service with action "GetCallerIdentity"
+    :rtype: requests.PreparedRequest
+    """
+    request = requests.Request(
+        method='POST',
+        url='https://sts.amazonaws.com/',
+        headers={'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8', 'Host': 'sts.amazonaws.com'},
+        data='Action=GetCallerIdentity&Version=2011-06-15',
+    )
+
+    if header_value:
+        request.headers['X-Vault-AWS-IAM-Server-ID'] = header_value
+
+    prepared_request = request.prepare()
+    return prepared_request
diff --git a/hvac/tests/test_adapters.py b/hvac/tests/test_adapters.py
@@ -3,10 +3,10 @@
 import requests_mock
 from parameterized import parameterized
 
-from hvac import Client
+from hvac import adapters
 
 
-class TestClient(TestCase):
+class TestRequest(TestCase):
     """Unit tests providing coverage for requests-related methods in the hvac Client class."""
 
     @parameterized.expand([
@@ -22,8 +22,8 @@ def test___request(self, test_label, test_url, requests_mocker):
             method='GET',
             url=mock_url,
         )
-        client = Client(url=test_url)
-        response = client._get(
+        adapter = adapters.Request(base_uri=test_url)
+        response = adapter.get(
             url='v1/sys/health',
         )
         self.assertEquals(
diff --git a/hvac/utils.py b/hvac/utils.py
diff --git a/hvac/v1/__init__.py b/hvac/v1/__init__.py
