ibm-cloud-sdk-core 3.19.0__tar.gz → 3.19.2__tar.gz

{ibm-cloud-sdk-core-3.19.0/ibm_cloud_sdk_core.egg-info → ibm-cloud-sdk-core-3.19.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ibm-cloud-sdk-core
-Version: 3.19.0
+Version: 3.19.2
 Summary: Core library used by SDKs for IBM Cloud Services
 Home-page: https://github.com/IBM/python-sdk-core
 Author: IBM
@@ -29,7 +29,7 @@ License-File: LICENSE
 [![CLA assistant](https://cla-assistant.io/readme/badge/ibm/python-sdk-core)](https://cla-assistant.io/ibm/python-sdk-core)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
 
-# IBM Python SDK Core Version 3.19.0
+# IBM Python SDK Core Version 3.19.2
 This project contains core functionality required by Python code generated by the IBM Cloud OpenAPI SDK Generator
 (openapi-sdkgen).
 

{ibm-cloud-sdk-core-3.19.0 → ibm-cloud-sdk-core-3.19.2}/README.md

@@ -4,7 +4,7 @@
 [![CLA assistant](https://cla-assistant.io/readme/badge/ibm/python-sdk-core)](https://cla-assistant.io/ibm/python-sdk-core)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
 
-# IBM Python SDK Core Version 3.19.0
+# IBM Python SDK Core Version 3.19.2
 This project contains core functionality required by Python code generated by the IBM Cloud OpenAPI SDK Generator
 (openapi-sdkgen).
 

{ibm-cloud-sdk-core-3.19.0 → ibm-cloud-sdk-core-3.19.2}/ibm_cloud_sdk_core/base_service.py

@@ -108,7 +108,7 @@ class BaseService:
         self.enable_gzip_compression = enable_gzip_compression
         self._set_user_agent_header(self._build_user_agent())
         self.retry_config = None
-        self.http_adapter = SSLHTTPAdapter()
+        self.http_adapter = SSLHTTPAdapter(_disable_ssl_verification=self.disable_ssl_verification)
         if not self.authenticator:
             raise ValueError('authenticator must be provided')
         if not isinstance(self.authenticator, Authenticator):
@@ -138,14 +138,16 @@ class BaseService:
             # Omitting this will default to all methods except POST
             allowed_methods=['HEAD', 'GET', 'PUT', 'DELETE', 'OPTIONS', 'TRACE', 'POST'],
         )
-        self.http_adapter = SSLHTTPAdapter(max_retries=self.retry_config)
+        self.http_adapter = SSLHTTPAdapter(
+            max_retries=self.retry_config, _disable_ssl_verification=self.disable_ssl_verification
+        )
         self.http_client.mount('http://', self.http_adapter)
         self.http_client.mount('https://', self.http_adapter)
 
     def disable_retries(self):
         """Remove retry config from http_adapter"""
         self.retry_config = None
-        self.http_adapter = SSLHTTPAdapter()
+        self.http_adapter = SSLHTTPAdapter(_disable_ssl_verification=self.disable_ssl_verification)
         self.http_client.mount('http://', self.http_adapter)
         self.http_client.mount('https://', self.http_adapter)
 
@@ -223,8 +225,18 @@ class BaseService:
         Keyword Arguments:
             status: set to true to disable ssl verification (default: {False})
         """
+        if self.disable_ssl_verification == status:
+            # Do nothing if the state doesn't change.
+            return
+
         self.disable_ssl_verification = status
 
+        self.http_adapter = SSLHTTPAdapter(
+            max_retries=self.retry_config, _disable_ssl_verification=self.disable_ssl_verification
+        )
+        self.http_client.mount('http://', self.http_adapter)
+        self.http_client.mount('https://', self.http_adapter)
+
     def set_service_url(self, service_url: str) -> None:
         """Set the url the service will make HTTP requests too.
 

{ibm-cloud-sdk-core-3.19.0 → ibm-cloud-sdk-core-3.19.2}/ibm_cloud_sdk_core/token_managers/iam_request_based_token_manager.py

@@ -1,6 +1,6 @@
 # coding: utf-8
 
-# Copyright 2019 IBM All Rights Reserved.
+# Copyright 2019, 2024 IBM All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -63,6 +63,7 @@ class IAMRequestBasedTokenManager(JWTTokenManager):
 
     DEFAULT_IAM_URL = 'https://iam.cloud.ibm.com'
     OPERATION_PATH = "/identity/token"
+    IAM_EXPIRATION_WINDOW = 10
 
     def __init__(
         self,
@@ -167,3 +168,19 @@ class IAMRequestBasedTokenManager(JWTTokenManager):
             value: A space seperated string that makes up the scope parameter.
         """
         self.scope = value
+
+    def _is_token_expired(self) -> bool:
+        """
+        Returns true iff the current cached token is expired.
+        We'll consider an access token as expired when we reach its IAM server-reported expiration time
+        minus our expiration window (10 secs).
+        We do this to avoid using an access token that might expire in the middle of a long-running transaction
+        within an IBM Cloud service.
+
+        Returns
+        -------
+        bool
+            True if token is expired; False otherwise
+        """
+        current_time = self._get_current_time()
+        return current_time >= (self.expire_time - self.IAM_EXPIRATION_WINDOW)

{ibm-cloud-sdk-core-3.19.0 → ibm-cloud-sdk-core-3.19.2}/ibm_cloud_sdk_core/token_managers/vpc_instance_token_manager.py

@@ -1,6 +1,6 @@
 # coding: utf-8
 
-# Copyright 2021, 2023 IBM All Rights Reserved.
+# Copyright 2021, 2024 IBM All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -55,6 +55,7 @@ class VPCInstanceTokenManager(JWTTokenManager):
     METADATA_SERVICE_VERSION = '2022-03-01'
     DEFAULT_IMS_ENDPOINT = 'http://169.254.169.254'
     TOKEN_NAME = 'access_token'
+    IAM_EXPIRATION_WINDOW = 10
 
     def __init__(
         self, iam_profile_crn: Optional[str] = None, iam_profile_id: Optional[str] = None, url: Optional[str] = None
@@ -152,3 +153,19 @@ class VPCInstanceTokenManager(JWTTokenManager):
         logger.debug('Returned from VPC \'create_access_token\' operation."')
 
         return response['access_token']
+
+    def _is_token_expired(self) -> bool:
+        """
+        Returns true iff the current cached token is expired.
+        We'll consider an access token as expired when we reach its IAM server-reported expiration time
+        minus our expiration window (10 secs).
+        We do this to avoid using an access token that might expire in the middle of a long-running transaction
+        within an IBM Cloud service.
+
+        Returns
+        -------
+        bool
+            True if token is expired; False otherwise
+        """
+        current_time = self._get_current_time()
+        return current_time >= (self.expire_time - self.IAM_EXPIRATION_WINDOW)

{ibm-cloud-sdk-core-3.19.0 → ibm-cloud-sdk-core-3.19.2}/ibm_cloud_sdk_core/utils.py

@@ -25,7 +25,7 @@ from os.path import isfile, join, expanduser
 from typing import List, Union
 from urllib.parse import urlparse, parse_qs
 
-from requests.adapters import HTTPAdapter
+from requests.adapters import HTTPAdapter, DEFAULT_POOLBLOCK
 from urllib3.util.ssl_ import create_urllib3_context
 
 import dateutil.parser as date_parser
@@ -35,14 +35,21 @@ class SSLHTTPAdapter(HTTPAdapter):
     """Wraps the original HTTP adapter and adds additional SSL context."""
 
     def __init__(self, *args, **kwargs):
+        self._disable_ssl_verification = kwargs.pop('_disable_ssl_verification', None)
+
         super().__init__(*args, **kwargs)
 
-    # pylint: disable=arguments-differ
-    def init_poolmanager(self, connections, maxsize, block):
-        """Extends the parent's method by adding minimum SSL version to the args."""
+    def init_poolmanager(self, connections, maxsize, block=DEFAULT_POOLBLOCK, **pool_kwargs):
+        """Create and use custom SSL configuration."""
+
         ssl_context = create_urllib3_context()
         ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
-        super().init_poolmanager(connections, maxsize, block, ssl_context=ssl_context)
+
+        if self._disable_ssl_verification:
+            ssl_context.check_hostname = False
+            ssl_context.verify_mode = ssl.CERT_NONE
+
+        super().init_poolmanager(connections, maxsize, block, ssl_context=ssl_context, **pool_kwargs)
 
 
 class GzipStream(io.RawIOBase):
@@ -60,7 +67,7 @@ class GzipStream(io.RawIOBase):
                It can be a file-like object, bytes or string.
     """
 
-    def __init__(self, source: Union[io.IOBase, bytes, str]) -> 'GzipStream':
+    def __init__(self, source: Union[io.IOBase, bytes, str]):
         self.buffer = b''
 
         if isinstance(source, io.IOBase):

ibm-cloud-sdk-core-3.19.2/ibm_cloud_sdk_core/version.py

@@ -0,0 +1 @@
+__version__ = '3.19.2'

{ibm-cloud-sdk-core-3.19.0 → ibm-cloud-sdk-core-3.19.2/ibm_cloud_sdk_core.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ibm-cloud-sdk-core
-Version: 3.19.0
+Version: 3.19.2
 Summary: Core library used by SDKs for IBM Cloud Services
 Home-page: https://github.com/IBM/python-sdk-core
 Author: IBM
@@ -29,7 +29,7 @@ License-File: LICENSE
 [![CLA assistant](https://cla-assistant.io/readme/badge/ibm/python-sdk-core)](https://cla-assistant.io/ibm/python-sdk-core)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
 
-# IBM Python SDK Core Version 3.19.0
+# IBM Python SDK Core Version 3.19.2
 This project contains core functionality required by Python code generated by the IBM Cloud OpenAPI SDK Generator
 (openapi-sdkgen).
 

{ibm-cloud-sdk-core-3.19.0 → ibm-cloud-sdk-core-3.19.2}/ibm_cloud_sdk_core.egg-info/SOURCES.txt

@@ -62,4 +62,5 @@ test/test_vpc_instance_token_manager.py
 test_integration/__init__.py
 test_integration/test_cp4d_authenticator_integration.py
 test_integration/test_iam_authenticator_integration.py
-test_integration/test_mcsp_authenticator_integration.py
+test_integration/test_mcsp_authenticator_integration.py
+test_integration/test_ssl_verification.py

{ibm-cloud-sdk-core-3.19.0 → ibm-cloud-sdk-core-3.19.2}/requirements-dev.txt

@@ -3,4 +3,4 @@ pylint>=3.0.0,<4.0.0
 pytest>=7.4.2,<8.0.0
 pytest-cov>=4.1.0,<5.0.0
 responses>=0.23.3,<1.0.0
-black>=23.9.1
+black>=24.0.0,<25.0.0

{ibm-cloud-sdk-core-3.19.0 → ibm-cloud-sdk-core-3.19.2}/setup.py

@@ -19,7 +19,7 @@ import pkg_resources
 from setuptools import setup, find_packages
 from setuptools.command.test import test as TestCommand
 
-__version__ = '3.19.0'
+__version__ = '3.19.2'
 
 if sys.argv[-1] == 'publish':
     # test server

{ibm-cloud-sdk-core-3.19.0 → ibm-cloud-sdk-core-3.19.2}/test/test_container_token_manager.py

@@ -1,3 +1,19 @@
+# coding: utf-8
+
+# Copyright 2021, 2024 IBM All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 # pylint: disable=missing-docstring
 import json
 import os
@@ -17,6 +33,7 @@ TEST_REFRESH_TOKEN = 'Xj7Gle500MachEOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI
 MOCK_IAM_PROFILE_NAME = 'iam-user-123'
 MOCK_CLIENT_ID = 'client-id-1'
 MOCK_CLIENT_SECRET = 'client-secret-1'
+EXPIRATION_WINDOW = 10
 
 cr_token_file = os.path.join(os.path.dirname(__file__), '../resources/cr-token.txt')
 
@@ -169,18 +186,22 @@ def test_get_token_success():
     assert access_token == TEST_ACCESS_TOKEN_1
     assert token_manager.access_token == TEST_ACCESS_TOKEN_1
 
-    # Verify the token manager return the cached value.
-    # Before we call the `get_token` again, set the expiration and time.
-    # This is necessary because we are using a fix JWT response.
-    token_manager.expire_time = _get_current_time() + 3600
-    token_manager.refresh_time = _get_current_time() + 3600
+    # Verify that the token manager returns the cached value.
+    # Before we call `get_token` again, set the expiration and refresh time
+    # so that we do not fetch a new access token.
+    # This is necessary because we are using a fixed JWT response.
+    token_manager.expire_time = _get_current_time() + 1000
+    token_manager.refresh_time = _get_current_time() + 1000
     token_manager.set_scope('send-second-token')
     access_token = token_manager.get_token()
     assert access_token == TEST_ACCESS_TOKEN_1
     assert token_manager.access_token == TEST_ACCESS_TOKEN_1
 
     # Force expiration to get the second token.
-    token_manager.expire_time = _get_current_time() - 1
+    # We'll set the expiration time to be current-time + EXPIRATION_WINDOW (10 secs)
+    # because we want the access token to be considered as "expired"
+    # when we reach the IAM-server reported expiration time minus 10 secs.
+    token_manager.expire_time = _get_current_time() + EXPIRATION_WINDOW
     access_token = token_manager.get_token()
     assert access_token == TEST_ACCESS_TOKEN_2
     assert token_manager.access_token == TEST_ACCESS_TOKEN_2
@@ -206,17 +227,21 @@ def test_authenticate_success():
     authenticator.authenticate(request)
     assert request['headers']['Authorization'] == 'Bearer ' + TEST_ACCESS_TOKEN_1
 
-    # Verify the token manager return the cached value.
-    # Before we call the `get_token` again, set the expiration and time.
-    # This is necessary because we are using a fix JWT response.
-    authenticator.token_manager.expire_time = _get_current_time() + 3600
-    authenticator.token_manager.refresh_time = _get_current_time() + 3600
+    # Verify that the token manager returns the cached value.
+    # Before we call `get_token` again, set the expiration and refresh time
+    # so that we do not fetch a new access token.
+    # This is necessary because we are using a fixed JWT response.
+    authenticator.token_manager.expire_time = _get_current_time() + 1000
+    authenticator.token_manager.refresh_time = _get_current_time() + 1000
     authenticator.token_manager.set_scope('send-second-token')
     authenticator.authenticate(request)
     assert request['headers']['Authorization'] == 'Bearer ' + TEST_ACCESS_TOKEN_1
 
     # Force expiration to get the second token.
-    authenticator.token_manager.expire_time = _get_current_time() - 1
+    # We'll set the expiration time to be current-time + EXPIRATION_WINDOW (10 secs)
+    # because we want the access token to be considered as "expired"
+    # when we reach the IAM-server reported expiration time minus 10 secs.
+    authenticator.token_manager.expire_time = _get_current_time() + EXPIRATION_WINDOW
     authenticator.authenticate(request)
     assert request['headers']['Authorization'] == 'Bearer ' + TEST_ACCESS_TOKEN_2
 

{ibm-cloud-sdk-core-3.19.0 → ibm-cloud-sdk-core-3.19.2}/test/test_iam_token_manager.py

@@ -1,3 +1,19 @@
+# coding: utf-8
+
+# Copyright 2021, 2024 IBM All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 # pylint: disable=missing-docstring
 import os
 import time
@@ -8,6 +24,16 @@ import responses
 
 from ibm_cloud_sdk_core import IAMTokenManager, ApiException, get_authenticator_from_environment
 
+# pylint: disable=line-too-long
+TEST_ACCESS_TOKEN_1 = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImhlbGxvIiwicm9sZSI6InVzZXIiLCJwZXJtaXNzaW9ucyI6WyJhZG1pbmlzdHJhdG9yIiwiZGVwbG95bWVudF9hZG1pbiJdLCJzdWIiOiJoZWxsbyIsImlzcyI6IkpvaG4iLCJhdWQiOiJEU1giLCJ1aWQiOiI5OTkiLCJpYXQiOjE1NjAyNzcwNTEsImV4cCI6MTU2MDI4MTgxOSwianRpIjoiMDRkMjBiMjUtZWUyZC00MDBmLTg2MjMtOGNkODA3MGI1NDY4In0.cIodB4I6CCcX8vfIImz7Cytux3GpWyObt9Gkur5g1QI'
+TEST_ACCESS_TOKEN_2 = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IjIzMDQ5ODE1MWMyMTRiNzg4ZGQ5N2YyMmI4NTQxMGE1In0.eyJ1c2VybmFtZSI6ImR1bW15Iiwicm9sZSI6IkFkbWluIiwicGVybWlzc2lvbnMiOlsiYWRtaW5pc3RyYXRvciIsIm1hbmFnZV9jYXRhbG9nIl0sInN1YiI6ImFkbWluIiwiaXNzIjoic3NzIiwiYXVkIjoic3NzIiwidWlkIjoic3NzIiwiaWF0IjozNjAwLCJleHAiOjE2MjgwMDcwODF9.zvUDpgqWIWs7S1CuKv40ERw1IZ5FqSFqQXsrwZJyfRM'
+TEST_REFRESH_TOKEN = 'Xj7Gle500MachEOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImhlbGxvIiwicm9sZSI6InVzZXIiLCJwZXJtaXNzaW9ucyI6WyJhZG1pbmlzdHJhdG9yIiwiZGVwbG95bWVudF9hZG1pbiJdLCJzdWIiOiJoZWxsbyIsImlzcyI6IkpvaG4iLCJhdWQiOiJEU1giLCJ1aWQiOiI5OTkiLCJpYXQiOjE1NjAyNzcwNTEsImV4cCI6MTU2MDI4MTgxOSwianRpIjoiMDRkMjBiMjUtZWUyZC00MDBmLTg2MjMtOGNkODA3MGI1NDY4In0.cIodB4I6CCcX8vfIImz7Cytux3GpWyObt9Gkur5g1QI'
+EXPIRATION_WINDOW = 10
+
+
+def _get_current_time() -> int:
+    return int(time.time())
+
 
 def get_access_token() -> str:
     access_token_layout = {
@@ -268,6 +294,62 @@ def test_request_token_auth_in_setter_scope():
     assert 'scope=john+snow' in responses.calls[0].response.request.body
 
 
+@responses.activate
+def test_get_token_success():
+    iam_url = "https://iam.cloud.ibm.com/identity/token"
+
+    # Create two mock responses with different access tokens.
+    response1 = """{
+        "access_token": "%s",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": 1600003600,
+        "refresh_token": "jy4gl91BQ"
+    }""" % (
+        TEST_ACCESS_TOKEN_1
+    )
+    response2 = """{
+        "access_token": "%s",
+        "token_type": "Bearer",
+        "expires_in": 3600,
+        "expiration": 1600007200,
+        "refresh_token": "jy4gl91BQ"
+    }""" % (
+        TEST_ACCESS_TOKEN_2
+    )
+
+    token_manager = IAMTokenManager("iam_apikey")
+
+    access_token = token_manager.access_token
+    assert access_token is None
+
+    responses.add(responses.POST, url=iam_url, body=response1, status=200)
+    access_token = token_manager.get_token()
+    assert access_token == TEST_ACCESS_TOKEN_1
+    assert token_manager.access_token == TEST_ACCESS_TOKEN_1
+
+    # Verify that the token manager returns the cached value.
+    # Before we call `get_token` again, set the expiration and refresh time
+    # so that we do not fetch a new access token.
+    # This is necessary because we are using a fixed JWT response.
+    token_manager.expire_time = _get_current_time() + 1000
+    token_manager.refresh_time = _get_current_time() + 1000
+    access_token = token_manager.get_token()
+    assert access_token == TEST_ACCESS_TOKEN_1
+    assert token_manager.access_token == TEST_ACCESS_TOKEN_1
+
+    # Force expiration to get the second token.
+    # We'll set the expiration time to be current-time + EXPIRATION_WINDOW (10 secs)
+    # because we want the access token to be considered as "expired"
+    # when we reach the IAM-server reported expiration time minus 10 secs.
+    responses.add(responses.POST, url=iam_url, body=response2, status=200)
+    token_manager.expire_time = _get_current_time() + EXPIRATION_WINDOW
+    token_manager.refresh_time = _get_current_time() + 1000
+    access_token = token_manager.get_token()
+    assert access_token == TEST_ACCESS_TOKEN_2
+    assert token_manager.access_token == TEST_ACCESS_TOKEN_2
+
+
 @responses.activate
 def test_get_refresh_token():
     iam_url = "https://iam.cloud.ibm.com/identity/token"

{ibm-cloud-sdk-core-3.19.0 → ibm-cloud-sdk-core-3.19.2}/test/test_vpc_instance_token_manager.py

@@ -1,6 +1,6 @@
 # coding: utf-8
 
-# Copyright 2021 IBM All Rights Reserved.
+# Copyright 2021, 2024 IBM All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@
 # pylint: disable=missing-docstring
 import json
 import logging
+import time
 
 import pytest
 import responses
@@ -25,11 +26,17 @@ from ibm_cloud_sdk_core import ApiException, VPCInstanceTokenManager
 
 
 # pylint: disable=line-too-long
-TEST_ACCESS_TOKEN = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImhlbGxvIiwicm9sZSI6InVzZXIiLCJwZXJtaXNzaW9ucyI6WyJhZG1pbmlzdHJhdG9yIiwiZGVwbG95bWVudF9hZG1pbiJdLCJzdWIiOiJoZWxsbyIsImlzcyI6IkpvaG4iLCJhdWQiOiJEU1giLCJ1aWQiOiI5OTkiLCJpYXQiOjE1NjAyNzcwNTEsImV4cCI6MTU2MDI4MTgxOSwianRpIjoiMDRkMjBiMjUtZWUyZC00MDBmLTg2MjMtOGNkODA3MGI1NDY4In0.cIodB4I6CCcX8vfIImz7Cytux3GpWyObt9Gkur5g1QI'
+TEST_ACCESS_TOKEN_1 = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6ImhlbGxvIiwicm9sZSI6InVzZXIiLCJwZXJtaXNzaW9ucyI6WyJhZG1pbmlzdHJhdG9yIiwiZGVwbG95bWVudF9hZG1pbiJdLCJzdWIiOiJoZWxsbyIsImlzcyI6IkpvaG4iLCJhdWQiOiJEU1giLCJ1aWQiOiI5OTkiLCJpYXQiOjE1NjAyNzcwNTEsImV4cCI6MTU2MDI4MTgxOSwianRpIjoiMDRkMjBiMjUtZWUyZC00MDBmLTg2MjMtOGNkODA3MGI1NDY4In0.cIodB4I6CCcX8vfIImz7Cytux3GpWyObt9Gkur5g1QI'
+TEST_ACCESS_TOKEN_2 = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6IjIzMDQ5ODE1MWMyMTRiNzg4ZGQ5N2YyMmI4NTQxMGE1In0.eyJ1c2VybmFtZSI6ImR1bW15Iiwicm9sZSI6IkFkbWluIiwicGVybWlzc2lvbnMiOlsiYWRtaW5pc3RyYXRvciIsIm1hbmFnZV9jYXRhbG9nIl0sInN1YiI6ImFkbWluIiwiaXNzIjoic3NzIiwiYXVkIjoic3NzIiwidWlkIjoic3NzIiwiaWF0IjozNjAwLCJleHAiOjE2MjgwMDcwODF9.zvUDpgqWIWs7S1CuKv40ERw1IZ5FqSFqQXsrwZJyfRM'
 TEST_TOKEN = 'abc123'
 TEST_IAM_TOKEN = 'iam-abc123'
 TEST_IAM_PROFILE_CRN = 'crn:iam-profile:123'
 TEST_IAM_PROFILE_ID = 'iam-id-123'
+EXPIRATION_WINDOW = 10
+
+
+def _get_current_time() -> int:
+    return int(time.time())
 
 
 def test_constructor():
@@ -272,7 +279,7 @@ def test_access_token():
         'access_token': TEST_TOKEN,
     }
     response_iam = {
-        'access_token': TEST_ACCESS_TOKEN,
+        'access_token': TEST_ACCESS_TOKEN_1,
     }
 
     responses.add(
@@ -290,6 +297,54 @@ def test_access_token():
     assert token_manager.refresh_time == 0
 
     token_manager.get_token()
-    assert token_manager.access_token == TEST_ACCESS_TOKEN
+    assert token_manager.access_token == TEST_ACCESS_TOKEN_1
     assert token_manager.expire_time > 0
     assert token_manager.refresh_time > 0
+
+
+@responses.activate
+def test_get_token_success():
+    token_manager = VPCInstanceTokenManager()
+
+    # Mock the retrieve instance identity token method.
+    def mock_retrieve_instance_identity_token():
+        return TEST_TOKEN
+
+    token_manager.retrieve_instance_identity_token = mock_retrieve_instance_identity_token
+
+    response1 = {
+        'access_token': TEST_ACCESS_TOKEN_1,
+    }
+    response2 = {
+        'access_token': TEST_ACCESS_TOKEN_2,
+    }
+
+    responses.add(
+        responses.POST, 'http://169.254.169.254/instance_identity/v1/iam_token', body=json.dumps(response1), status=200
+    )
+
+    access_token = token_manager.get_token()
+    assert access_token == TEST_ACCESS_TOKEN_1
+    assert token_manager.access_token == TEST_ACCESS_TOKEN_1
+
+    # Verify that the token manager returns the cached value.
+    # Before we call `get_token` again, set the expiration and refresh time
+    # so that we do not fetch a new access token.
+    # This is necessary because we are using a fixed JWT response.
+    token_manager.expire_time = _get_current_time() + 1000
+    token_manager.refresh_time = _get_current_time() + 1000
+    access_token = token_manager.get_token()
+    assert access_token == TEST_ACCESS_TOKEN_1
+    assert token_manager.access_token == TEST_ACCESS_TOKEN_1
+
+    # Force expiration to get the second token.
+    # We'll set the expiration time to be current-time + EXPIRATION_WINDOW (10 secs)
+    # because we want the access token to be considered as "expired"
+    # when we reach the IAM-server reported expiration time minus 10 secs.
+    responses.add(
+        responses.POST, 'http://169.254.169.254/instance_identity/v1/iam_token', body=json.dumps(response2), status=200
+    )
+    token_manager.expire_time = _get_current_time() + EXPIRATION_WINDOW
+    access_token = token_manager.get_token()
+    assert access_token == TEST_ACCESS_TOKEN_2
+    assert token_manager.access_token == TEST_ACCESS_TOKEN_2

ibm-cloud-sdk-core-3.19.2/test_integration/test_ssl_verification.py

@@ -0,0 +1,62 @@
+# pylint: disable=missing-docstring
+import os
+import threading
+from http.server import HTTPServer, SimpleHTTPRequestHandler
+from ssl import PROTOCOL_TLS_SERVER, SSLContext
+
+import pytest
+from requests.exceptions import SSLError
+
+from ibm_cloud_sdk_core.base_service import BaseService
+from ibm_cloud_sdk_core.authenticators import NoAuthAuthenticator
+
+
+# The certificate files that are used in this tests are generated by this command:
+# openssl req \
+#    -new \
+#    -newkey rsa:4096 \
+#    -days 36500 \
+#    -nodes \
+#    -x509 \
+#    -subj "/C=US/CN=localhost" \
+#    -keyout test_ssl.key \
+#    -out test_ssl.cert
+
+
+def test_ssl_verification():
+    # Load the certificate and the key files.
+    cert = os.path.join(os.path.dirname(__file__), '../resources/test_ssl.cert')
+    key = os.path.join(os.path.dirname(__file__), '../resources/test_ssl.key')
+
+    # Build the SSL context for the server.
+    ssl_context = SSLContext(PROTOCOL_TLS_SERVER)
+    ssl_context.load_cert_chain(certfile=cert, keyfile=key)
+
+    # Create and start the server on a separate thread.
+    server = HTTPServer(('127.0.0.1', 3333), SimpleHTTPRequestHandler)
+    server.socket = ssl_context.wrap_socket(server.socket, server_side=True)
+    t = threading.Thread(target=server.serve_forever)
+    t.start()
+
+    # We run everything in a big try-except-finally block to make sure we always
+    # shutdown the HTTP server gracefully.
+    try:
+        service = BaseService(service_url='https://127.0.0.1:3333', authenticator=NoAuthAuthenticator())
+        #
+        # First call the server with the default configuration.
+        # It should fail due to the invalid SSL cert.
+        assert service.disable_ssl_verification is False
+        prepped = service.prepare_request('GET', url='/')
+        with pytest.raises(SSLError):
+            res = service.send(prepped)
+
+        # Now disable the SSL verification. The request shouldn't raise any issue.
+        service.set_disable_ssl_verification(True)
+        assert service.disable_ssl_verification is True
+        prepped = service.prepare_request('GET', url='/')
+        res = service.send(prepped)
+        assert res is not None
+    except Exception:  # pylint: disable=try-except-raise
+        raise
+    finally:
+        server.shutdown()

ibm-cloud-sdk-core-3.19.0/ibm_cloud_sdk_core/version.py

@@ -1 +0,0 @@
-__version__ = '3.19.0'