ibm-cloud-sdk-core 3.21.0__tar.gz → 3.22.1__tar.gz

{ibm_cloud_sdk_core-3.21.0/ibm_cloud_sdk_core.egg-info → ibm_cloud_sdk_core-3.22.1}/PKG-INFO

@@ -1,6 +1,6 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.2
 Name: ibm-cloud-sdk-core
-Version: 3.21.0
+Version: 3.22.1
 Summary: Core library used by SDKs for IBM Cloud Services
 Author-email: IBM <devxsdk@us.ibm.com>
 Project-URL: Repository, https://github.com/IBM/python-sdk-core
@@ -12,11 +12,11 @@ Project-URL: License, https://github.com/IBM/python-sdk-core/blob/main/LICENSE
 Keywords: ibm,cloud,ibm cloud services
 Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Environment :: Console
 Classifier: Intended Audience :: Developers
@@ -25,7 +25,7 @@ Classifier: Operating System :: OS Independent
 Classifier: Topic :: Software Development :: Libraries
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
-Requires-Python: >=3.8
+Requires-Python: >=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: requests<3.0.0,>=2.31.0
@@ -49,12 +49,12 @@ Requires-Dist: twine; extra == "publish"
 [![CLA assistant](https://cla-assistant.io/readme/badge/ibm/python-sdk-core)](https://cla-assistant.io/ibm/python-sdk-core)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
 
-# IBM Python SDK Core Version 3.21.0
+# IBM Python SDK Core Version 3.22.1
 This project contains core functionality required by Python code generated by the IBM Cloud OpenAPI SDK Generator
 (openapi-sdkgen).
 
 # Python Version
-The current minimum Python version supported is 3.8.
+The current minimum Python version supported is 3.9.
 
 ## Installation
 
@@ -68,7 +68,8 @@ python -m pip install --upgrade ibm-cloud-sdk-core
 The python-sdk-core project supports the following types of authentication:
 - Basic Authentication
 - Bearer Token Authentication
-- Identity and Access Management (IAM) Authentication
+- Identity and Access Management (IAM) Authentication (grant type: apikey)
+- Identity and Access Management (IAM) Authentication (grant type: assume)
 - Container Authentication
 - VPC Instance Authentication
 - Cloud Pak for Data Authentication
@@ -114,12 +115,12 @@ When running your application, you should see output like this if debug logging
 ```
 2024-09-16 15:44:45,174 [ibm-cloud-sdk-core:DEBUG] Get authenticator from environment, key=global_search
 2024-09-16 15:44:45,175 [ibm-cloud-sdk-core:DEBUG] Set service URL: https://api.global-search-tagging.cloud.ibm.com
-2024-09-16 15:44:45,175 [ibm-cloud-sdk-core:DEBUG] Set User-Agent: ibm-python-sdk-core-3.21.0 os.name=Linux os.version=6.10.9-100.fc39.x86_64 python.version=3.12.5
+2024-09-16 15:44:45,175 [ibm-cloud-sdk-core:DEBUG] Set User-Agent: ibm-python-sdk-core-3.22.1 os.name=Linux os.version=6.10.9-100.fc39.x86_64 python.version=3.12.5
 2024-09-16 15:44:45,181 [ibm-cloud-sdk-core:DEBUG] Configuring BaseService instance with service name: global_search
 2024-09-16 15:44:45,181 [ibm-cloud-sdk-core:DEBUG] Performing synchronous token fetch
 2024-09-16 15:44:45,182 [ibm-cloud-sdk-core:DEBUG] Invoking IAM get_token operation: https://iam.cloud.ibm.com/identity/token
 2024-09-16 15:44:45,182 [urllib3.connectionpool:DEBUG] Starting new HTTPS connection (1): iam.cloud.ibm.com:443
-send: b'POST /identity/token HTTP/1.1\r\nHost: iam.cloud.ibm.com\r\nUser-Agent: ibm-python-sdk-core/iam-authenticator-3.21.0 os.name=Linux os.version=6.10.9-100.fc39.x86_64 python.version=3.12.5\r\nAccept-Encoding: gzip, deflate\r\nAccept: application/json\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 135\r\n\r\n'
+send: b'POST /identity/token HTTP/1.1\r\nHost: iam.cloud.ibm.com\r\nUser-Agent: ibm-python-sdk-core/iam-authenticator-3.22.1 os.name=Linux os.version=6.10.9-100.fc39.x86_64 python.version=3.12.5\r\nAccept-Encoding: gzip, deflate\r\nAccept: application/json\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 135\r\n\r\n'
 send: b'grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=[redacted]&response_type=cloud_iam'
 reply: 'HTTP/1.1 200 OK\r\n'
 header: Content-Type: application/json

{ibm_cloud_sdk_core-3.21.0 → ibm_cloud_sdk_core-3.22.1}/README.md

@@ -4,12 +4,12 @@
 [![CLA assistant](https://cla-assistant.io/readme/badge/ibm/python-sdk-core)](https://cla-assistant.io/ibm/python-sdk-core)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
 
-# IBM Python SDK Core Version 3.21.0
+# IBM Python SDK Core Version 3.22.1
 This project contains core functionality required by Python code generated by the IBM Cloud OpenAPI SDK Generator
 (openapi-sdkgen).
 
 # Python Version
-The current minimum Python version supported is 3.8.
+The current minimum Python version supported is 3.9.
 
 ## Installation
 
@@ -23,7 +23,8 @@ python -m pip install --upgrade ibm-cloud-sdk-core
 The python-sdk-core project supports the following types of authentication:
 - Basic Authentication
 - Bearer Token Authentication
-- Identity and Access Management (IAM) Authentication
+- Identity and Access Management (IAM) Authentication (grant type: apikey)
+- Identity and Access Management (IAM) Authentication (grant type: assume)
 - Container Authentication
 - VPC Instance Authentication
 - Cloud Pak for Data Authentication
@@ -69,12 +70,12 @@ When running your application, you should see output like this if debug logging
 ```
 2024-09-16 15:44:45,174 [ibm-cloud-sdk-core:DEBUG] Get authenticator from environment, key=global_search
 2024-09-16 15:44:45,175 [ibm-cloud-sdk-core:DEBUG] Set service URL: https://api.global-search-tagging.cloud.ibm.com
-2024-09-16 15:44:45,175 [ibm-cloud-sdk-core:DEBUG] Set User-Agent: ibm-python-sdk-core-3.21.0 os.name=Linux os.version=6.10.9-100.fc39.x86_64 python.version=3.12.5
+2024-09-16 15:44:45,175 [ibm-cloud-sdk-core:DEBUG] Set User-Agent: ibm-python-sdk-core-3.22.1 os.name=Linux os.version=6.10.9-100.fc39.x86_64 python.version=3.12.5
 2024-09-16 15:44:45,181 [ibm-cloud-sdk-core:DEBUG] Configuring BaseService instance with service name: global_search
 2024-09-16 15:44:45,181 [ibm-cloud-sdk-core:DEBUG] Performing synchronous token fetch
 2024-09-16 15:44:45,182 [ibm-cloud-sdk-core:DEBUG] Invoking IAM get_token operation: https://iam.cloud.ibm.com/identity/token
 2024-09-16 15:44:45,182 [urllib3.connectionpool:DEBUG] Starting new HTTPS connection (1): iam.cloud.ibm.com:443
-send: b'POST /identity/token HTTP/1.1\r\nHost: iam.cloud.ibm.com\r\nUser-Agent: ibm-python-sdk-core/iam-authenticator-3.21.0 os.name=Linux os.version=6.10.9-100.fc39.x86_64 python.version=3.12.5\r\nAccept-Encoding: gzip, deflate\r\nAccept: application/json\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 135\r\n\r\n'
+send: b'POST /identity/token HTTP/1.1\r\nHost: iam.cloud.ibm.com\r\nUser-Agent: ibm-python-sdk-core/iam-authenticator-3.22.1 os.name=Linux os.version=6.10.9-100.fc39.x86_64 python.version=3.12.5\r\nAccept-Encoding: gzip, deflate\r\nAccept: application/json\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 135\r\n\r\n'
 send: b'grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=[redacted]&response_type=cloud_iam'
 reply: 'HTTP/1.1 200 OK\r\n'
 header: Content-Type: application/json

{ibm_cloud_sdk_core-3.21.0 → ibm_cloud_sdk_core-3.22.1}/ibm_cloud_sdk_core/__init__.py

@@ -18,6 +18,7 @@ classes:
     BaseService: Abstract class for common functionality between each service.
     DetailedResponse: The object returned from successful service operations.
     IAMTokenManager: Requests and refreshes IAM tokens using an apikey, and optionally a client_id and client_secret.
+    IAMAssumeTokenManager: Requests and refreshes IAM tokens using an apikey and a trusted profile.
     JWTTokenManager: Abstract class for common functionality between each JWT token manager.
     CP4DTokenManager: Requests and refreshes CP4D tokens given a username and password.
     ApiException: Custom exception class for errors returned from service operations.
@@ -39,6 +40,7 @@ functions:
 from .base_service import BaseService
 from .detailed_response import DetailedResponse
 from .token_managers.iam_token_manager import IAMTokenManager
+from .token_managers.iam_assume_token_manager import IAMAssumeTokenManager
 from .token_managers.jwt_token_manager import JWTTokenManager
 from .token_managers.cp4d_token_manager import CP4DTokenManager
 from .token_managers.container_token_manager import ContainerTokenManager

{ibm_cloud_sdk_core-3.21.0 → ibm_cloud_sdk_core-3.22.1}/ibm_cloud_sdk_core/authenticators/__init__.py

@@ -39,6 +39,7 @@ from .bearer_token_authenticator import BearerTokenAuthenticator
 from .container_authenticator import ContainerAuthenticator
 from .cp4d_authenticator import CloudPakForDataAuthenticator
 from .iam_authenticator import IAMAuthenticator
+from .iam_assume_authenticator import IAMAssumeAuthenticator
 from .vpc_instance_authenticator import VPCInstanceAuthenticator
 from .no_auth_authenticator import NoAuthAuthenticator
 from .mcsp_authenticator import MCSPAuthenticator

{ibm_cloud_sdk_core-3.21.0 → ibm_cloud_sdk_core-3.22.1}/ibm_cloud_sdk_core/authenticators/authenticator.py

@@ -24,6 +24,7 @@ class Authenticator(ABC):
     AUTHTYPE_BASIC = 'basic'
     AUTHTYPE_BEARERTOKEN = 'bearerToken'
     AUTHTYPE_IAM = 'iam'
+    AUTHTYPE_IAM_ASSUME = 'iamAssume'
     AUTHTYPE_CONTAINER = 'container'
     AUTHTYPE_CP4D = 'cp4d'
     AUTHTYPE_VPC = 'vpc'

{ibm_cloud_sdk_core-3.21.0 → ibm_cloud_sdk_core-3.22.1}/ibm_cloud_sdk_core/authenticators/container_authenticator.py

@@ -66,6 +66,7 @@ class ContainerAuthenticator(IAMRequestBasedAuthenticator):
 
     def __init__(
         self,
+        *,
         cr_token_filename: Optional[str] = None,
         iam_profile_name: Optional[str] = None,
         iam_profile_id: Optional[str] = None,

ibm_cloud_sdk_core-3.22.1/ibm_cloud_sdk_core/authenticators/iam_assume_authenticator.py

@@ -0,0 +1,146 @@
+# coding: utf-8
+
+# Copyright 2024 IBM All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from typing import Any, Dict, Optional
+
+from ibm_cloud_sdk_core.authenticators.iam_authenticator import IAMAuthenticator
+from ibm_cloud_sdk_core.token_managers.iam_assume_token_manager import IAMAssumeTokenManager
+
+from .authenticator import Authenticator
+from .iam_request_based_authenticator import IAMRequestBasedAuthenticator
+
+
+class IAMAssumeAuthenticator(IAMRequestBasedAuthenticator):
+    """IAMAssumeAuthenticator obtains an IAM access token using the IAM "get-token" operation's
+    "assume" grant type. The authenticator obtains an initial IAM access token from a
+    user-supplied apikey, then exchanges this initial IAM access token for another IAM access token
+    that has "assumed the identity" of the specified trusted profile.
+
+    The bearer token will be sent as an Authorization header in the form:
+
+        Authorization: Bearer <bearer-token>
+
+    Args:
+        apikey: The IAM api key.
+
+    Keyword Args:
+        iam_profile_id: the ID of the trusted profile
+        iam_profile_crn: the CRN of the trusted profile
+        iam_profile_name: the name of the trusted profile (must be used together with `iam_account_id`)
+        iam_account_id: the ID of the trusted profile (must be used together with `iam_profile_name`)
+        url: The URL representing the IAM token service endpoint. If not specified, a suitable default value is used.
+        client_id: The client_id and client_secret fields are used to form
+            a "basic" authorization header for IAM token requests. Defaults to None.
+        client_secret: The client_id and client_secret fields are used to form
+            a "basic" authorization header for IAM token requests. Defaults to None.
+        disable_ssl_verification: A flag that indicates whether verification of
+            the server's SSL certificate should be disabled or not. Defaults to False.
+        headers: Default headers to be sent with every IAM token request. Defaults to None.
+        proxies: Dictionary for mapping request protocol to proxy URL. Defaults to None.
+        proxies.http (optional): The proxy endpoint to use for HTTP requests.
+        proxies.https (optional): The proxy endpoint to use for HTTPS requests.
+        scope: The "scope" to use when fetching the bearer token from the IAM token server.
+            This can be used to obtain an access token with a specific scope.
+
+    Attributes:
+        token_manager (IAMTokenManager): Retrieves and manages IAM tokens from the endpoint specified by the url.
+
+    Raises:
+        TypeError: The `disable_ssl_verification` is not a bool.
+        ValueError: The `apikey`, `client_id`, and/or `client_secret` are not valid for IAM token requests or the
+            following keyword arguments are incorrectly specified:
+            `iam_profile_id`, `iam_profile_crn`, `iam_profile_name`, `iam_account_id`.
+    """
+
+    def __init__(
+        self,
+        apikey: str,
+        *,
+        iam_profile_id: Optional[str] = None,
+        iam_profile_crn: Optional[str] = None,
+        iam_profile_name: Optional[str] = None,
+        iam_account_id: Optional[str] = None,
+        url: Optional[str] = None,
+        client_id: Optional[str] = None,
+        client_secret: Optional[str] = None,
+        disable_ssl_verification: bool = False,
+        headers: Optional[Dict[str, str]] = None,
+        proxies: Optional[Dict[str, str]] = None,
+        scope: Optional[str] = None,
+    ) -> None:
+        # Check the type of `disable_ssl_verification`. Must be a bool.
+        if not isinstance(disable_ssl_verification, bool):
+            raise TypeError('disable_ssl_verification must be a bool')
+
+        self.token_manager = IAMAssumeTokenManager(
+            apikey,
+            iam_profile_id=iam_profile_id,
+            iam_profile_crn=iam_profile_crn,
+            iam_profile_name=iam_profile_name,
+            iam_account_id=iam_account_id,
+            url=url,
+            client_id=client_id,
+            client_secret=client_secret,
+            disable_ssl_verification=disable_ssl_verification,
+            headers=headers,
+            proxies=proxies,
+            scope=scope,
+        )
+
+        self.validate()
+
+    # Disable all setter methods, inherited from the parent class.
+    def __getattribute__(self, name: str) -> Any:
+        if name.startswith("set_"):
+            raise AttributeError(f"'{self.__class__.__name__}' has no attribute '{name}'")
+
+        return super().__getattribute__(name)
+
+    def authentication_type(self) -> str:
+        """Returns this authenticator's type ('iamAssume')."""
+        return Authenticator.AUTHTYPE_IAM_ASSUME
+
+    def validate(self) -> None:
+        """Validates the provided IAM related arguments.
+
+        Ensure the following:
+        - `apikey` of the IAMTokenManager is not `None`, and has no bad characters
+        - both `client_id` and `client_secret` are set if either of them are defined
+        - the correct number and type of IAM profile and IAM account options are specified
+
+        Raises:
+            ValueError: The apikey, client_id, and/or client_secret are not valid for IAM token requests.
+        """
+        # Create a temporary IAM authenticator that we can use to validate our delegate.
+        tmp_authenticator = IAMAuthenticator("")
+        tmp_authenticator.token_manager = self.token_manager.iam_delegate
+        tmp_authenticator.validate()
+        del tmp_authenticator
+
+        # Only one of the following arguments must be specified.
+        mutually_exclusive_attributes = [
+            self.token_manager.iam_profile_id,
+            self.token_manager.iam_profile_crn,
+            self.token_manager.iam_profile_name,
+        ]
+        if list(map(bool, mutually_exclusive_attributes)).count(True) != 1:
+            raise ValueError(
+                'Exactly one of `iam_profile_id`, `iam_profile_crn`, or `iam_profile_name` must be specified.'
+            )
+
+        # `iam_account_id` must be specified iff `iam_profile_name` is used.
+        if self.token_manager.iam_profile_name and not self.token_manager.iam_account_id:
+            raise ValueError('`iam_profile_name` and `iam_account_id` must be provided together, or not at all.')

{ibm_cloud_sdk_core-3.21.0 → ibm_cloud_sdk_core-3.22.1}/ibm_cloud_sdk_core/base_service.py

@@ -508,4 +508,4 @@ class BaseService:
 
     @staticmethod
     def _encode_path_vars(*args) -> None:
-        return (requests.utils.quote(x, safe='') for x in args)
+        return BaseService.encode_path_vars(*args)

{ibm_cloud_sdk_core-3.21.0 → ibm_cloud_sdk_core-3.22.1}/ibm_cloud_sdk_core/get_authenticator.py

@@ -21,6 +21,7 @@ from .authenticators import (
     ContainerAuthenticator,
     CloudPakForDataAuthenticator,
     IAMAuthenticator,
+    IAMAssumeAuthenticator,
     NoAuthAuthenticator,
     VPCInstanceAuthenticator,
     MCSPAuthenticator,
@@ -55,6 +56,7 @@ def get_authenticator_from_environment(service_name: str) -> Authenticator:
     return authenticator
 
 
+# pylint: disable=too-many-branches
 def __construct_authenticator(config: dict) -> Authenticator:
     # Determine the authentication type if not specified explicitly.
     if config.get('AUTH_TYPE'):
@@ -104,6 +106,19 @@ def __construct_authenticator(config: dict) -> Authenticator:
             disable_ssl_verification=config.get('AUTH_DISABLE_SSL', 'false').lower() == 'true',
             scope=config.get('SCOPE'),
         )
+    elif auth_type == Authenticator.AUTHTYPE_IAM_ASSUME.lower():
+        authenticator = IAMAssumeAuthenticator(
+            apikey=config.get('APIKEY'),
+            iam_profile_id=config.get('IAM_PROFILE_ID'),
+            iam_profile_crn=config.get('IAM_PROFILE_CRN'),
+            iam_profile_name=config.get('IAM_PROFILE_NAME'),
+            iam_account_id=config.get('IAM_ACCOUNT_ID'),
+            url=config.get('AUTH_URL'),
+            client_id=config.get('CLIENT_ID'),
+            client_secret=config.get('CLIENT_SECRET'),
+            disable_ssl_verification=config.get('AUTH_DISABLE_SSL', 'false').lower() == 'true',
+            scope=config.get('SCOPE'),
+        )
     elif auth_type == Authenticator.AUTHTYPE_VPC.lower():
         authenticator = VPCInstanceAuthenticator(
             iam_profile_crn=config.get('IAM_PROFILE_CRN'),

{ibm_cloud_sdk_core-3.21.0 → ibm_cloud_sdk_core-3.22.1}/ibm_cloud_sdk_core/token_managers/container_token_manager.py

@@ -85,6 +85,7 @@ class ContainerTokenManager(IAMRequestBasedTokenManager):
 
     def __init__(
         self,
+        *,
         cr_token_filename: Optional[str] = None,
         iam_profile_name: Optional[str] = None,
         iam_profile_id: Optional[str] = None,

ibm_cloud_sdk_core-3.22.1/ibm_cloud_sdk_core/token_managers/iam_assume_token_manager.py

@@ -0,0 +1,150 @@
+# coding: utf-8
+
+# Copyright 2024 IBM All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from typing import Any, Dict, Optional
+
+from ibm_cloud_sdk_core.token_managers.iam_token_manager import IAMTokenManager
+
+from .iam_request_based_token_manager import IAMRequestBasedTokenManager
+from ..private_helpers import _build_user_agent
+
+
+# pylint: disable=too-many-instance-attributes
+class IAMAssumeTokenManager(IAMRequestBasedTokenManager):
+    """The IAMAssumeTokenManager takes an api key and information about a trusted profile then performs the necessary
+    interactions with the IAM token service to obtain and store a suitable bearer token. This token "assumes" the
+    identity of the provided trusted profile.
+
+    Attributes:
+        iam_profile_id (str): the ID of the trusted profile
+        iam_profile_crn (str): the CRN of the trusted profile
+        iam_profile_name (str): the name of the trusted profile (must be used together with `iam_account_id`)
+        iam_account_id (str): the ID of the trusted profile (must be used together with `iam_profile_name`)
+        iam_delegate (IAMTokenManager): an IAMTokenManager instance used to obtain the user's IAM access token
+            from the `apikey`.
+        url (str): The IAM endpoint to token requests.
+        headers (dict): Default headers to be sent with every IAM token request.
+        proxies (dict): Proxies to use for communicating with IAM.
+        proxies.http (str): The proxy endpoint to use for HTTP requests.
+        proxies.https (str): The proxy endpoint to use for HTTPS requests.
+        http_config (dict): A dictionary containing values that control the timeout, proxies, and etc of HTTP requests.
+
+    Args:
+        apikey: A generated APIKey from IBM Cloud.
+
+    Keyword Args:
+        iam_profile_id: the ID of the trusted profile
+        iam_profile_crn: the CRN of the trusted profile
+        iam_profile_name: the name of the trusted profile (must be used together with `iam_account_id`)
+        iam_account_id: the ID of the trusted profile (must be used together with `iam_profile_name`)
+        url: The IAM endpoint to token requests. Defaults to None.
+        client_id: The client_id and client_secret fields are used to form
+            a "basic auth" Authorization header for interactions with the IAM token server.
+            Defaults to None.
+        client_secret: The client_id and client_secret fields are used to form
+            a "basic auth" Authorization header for interactions with the IAM token server.
+            Defaults to None.
+        disable_ssl_verification: A flag that indicates whether verification of
+            the server's SSL certificate should be disabled or not. Defaults to False.
+        headers: Default headers to be sent with every IAM token request. Defaults to None.
+        proxies: Proxies to use for communicating with IAM. Defaults to None.
+        proxies.http: The proxy endpoint to use for HTTP requests.
+        proxies.https: The proxy endpoint to use for HTTPS requests.
+        scope: The "scope" to use when fetching the bearer token from the IAM token server.
+            This can be used to obtain an access token with a specific scope.
+    """
+
+    def __init__(
+        self,
+        apikey: str,
+        *,
+        iam_profile_id: Optional[str] = None,
+        iam_profile_crn: Optional[str] = None,
+        iam_profile_name: Optional[str] = None,
+        iam_account_id: Optional[str] = None,
+        url: Optional[str] = None,
+        client_id: Optional[str] = None,
+        client_secret: Optional[str] = None,
+        disable_ssl_verification: bool = False,
+        headers: Optional[Dict[str, str]] = None,
+        proxies: Optional[Dict[str, str]] = None,
+        scope: Optional[str] = None,
+    ) -> None:
+        super().__init__(
+            url=url,
+            disable_ssl_verification=disable_ssl_verification,
+            headers=headers,
+            proxies=proxies,
+        )
+
+        self.iam_profile_id = iam_profile_id
+        self.iam_profile_crn = iam_profile_crn
+        self.iam_profile_name = iam_profile_name
+        self.iam_account_id = iam_account_id
+
+        # Create an IAMTokenManager instance that will be used to obtain an IAM access token
+        # for the IAM "assume" token exchange. We use the same configuration that's provided
+        # for this class, as they have a lot in common.
+        self.iam_delegate = IAMTokenManager(
+            apikey=apikey,
+            url=url,
+            client_id=client_id,
+            client_secret=client_secret,
+            disable_ssl_verification=disable_ssl_verification,
+            headers=headers,
+            proxies=proxies,
+            scope=scope,
+        )
+
+        self.request_payload['grant_type'] = 'urn:ibm:params:oauth:grant-type:assume'
+        self._set_user_agent(_build_user_agent('iam-assume-authenticator'))
+
+    # Disable all setter methods, inherited from the parent class.
+    def __getattribute__(self, name: str) -> Any:
+        if name.startswith("set_"):
+            raise AttributeError(f"'{self.__class__.__name__}' has no attribute '{name}'")
+
+        return super().__getattribute__(name)
+
+    def request_token(self) -> Dict:
+        """Retrieves a standard IAM access token by using the IAM token manager
+        then obtains another access token for the assumed identity.
+
+        Returns:
+            A dictionary that contains the access token of the assumed IAM identity.
+        """
+        # Fetch the user's original IAM access token before trying to assume.
+        self.request_payload['access_token'] = self.iam_delegate.get_token()
+
+        if self.iam_profile_crn:
+            self.request_payload['profile_crn'] = self.iam_profile_crn
+        if self.iam_profile_id:
+            self.request_payload['profile_id'] = self.iam_profile_id
+        else:
+            self.request_payload['profile_name'] = self.iam_profile_name
+            self.request_payload['account'] = self.iam_account_id
+
+        # Make sure that the unsupported attributes will never be included in the requests.
+        self.client_id = None
+        self.client_secret = None
+        self.scope = None
+
+        return super().request_token()
+
+    def _save_token_info(self, token_response: Dict) -> None:
+        super()._save_token_info(token_response)
+        # Set refresh token to None unconditionally.
+        self.refresh_token = None

{ibm_cloud_sdk_core-3.21.0 → ibm_cloud_sdk_core-3.22.1}/ibm_cloud_sdk_core/token_managers/iam_request_based_token_manager.py

@@ -70,6 +70,7 @@ class IAMRequestBasedTokenManager(JWTTokenManager):
 
     def __init__(
         self,
+        *,
         url: Optional[str] = None,
         client_id: Optional[str] = None,
         client_secret: Optional[str] = None,

ibm_cloud_sdk_core-3.22.1/ibm_cloud_sdk_core/version.py

@@ -0,0 +1 @@
+__version__ = '3.22.1'

{ibm_cloud_sdk_core-3.21.0 → ibm_cloud_sdk_core-3.22.1/ibm_cloud_sdk_core.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.2
 Name: ibm-cloud-sdk-core
-Version: 3.21.0
+Version: 3.22.1
 Summary: Core library used by SDKs for IBM Cloud Services
 Author-email: IBM <devxsdk@us.ibm.com>
 Project-URL: Repository, https://github.com/IBM/python-sdk-core
@@ -12,11 +12,11 @@ Project-URL: License, https://github.com/IBM/python-sdk-core/blob/main/LICENSE
 Keywords: ibm,cloud,ibm cloud services
 Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Classifier: Development Status :: 5 - Production/Stable
 Classifier: Environment :: Console
 Classifier: Intended Audience :: Developers
@@ -25,7 +25,7 @@ Classifier: Operating System :: OS Independent
 Classifier: Topic :: Software Development :: Libraries
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
-Requires-Python: >=3.8
+Requires-Python: >=3.9
 Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: requests<3.0.0,>=2.31.0
@@ -49,12 +49,12 @@ Requires-Dist: twine; extra == "publish"
 [![CLA assistant](https://cla-assistant.io/readme/badge/ibm/python-sdk-core)](https://cla-assistant.io/ibm/python-sdk-core)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
 
-# IBM Python SDK Core Version 3.21.0
+# IBM Python SDK Core Version 3.22.1
 This project contains core functionality required by Python code generated by the IBM Cloud OpenAPI SDK Generator
 (openapi-sdkgen).
 
 # Python Version
-The current minimum Python version supported is 3.8.
+The current minimum Python version supported is 3.9.
 
 ## Installation
 
@@ -68,7 +68,8 @@ python -m pip install --upgrade ibm-cloud-sdk-core
 The python-sdk-core project supports the following types of authentication:
 - Basic Authentication
 - Bearer Token Authentication
-- Identity and Access Management (IAM) Authentication
+- Identity and Access Management (IAM) Authentication (grant type: apikey)
+- Identity and Access Management (IAM) Authentication (grant type: assume)
 - Container Authentication
 - VPC Instance Authentication
 - Cloud Pak for Data Authentication
@@ -114,12 +115,12 @@ When running your application, you should see output like this if debug logging
 ```
 2024-09-16 15:44:45,174 [ibm-cloud-sdk-core:DEBUG] Get authenticator from environment, key=global_search
 2024-09-16 15:44:45,175 [ibm-cloud-sdk-core:DEBUG] Set service URL: https://api.global-search-tagging.cloud.ibm.com
-2024-09-16 15:44:45,175 [ibm-cloud-sdk-core:DEBUG] Set User-Agent: ibm-python-sdk-core-3.21.0 os.name=Linux os.version=6.10.9-100.fc39.x86_64 python.version=3.12.5
+2024-09-16 15:44:45,175 [ibm-cloud-sdk-core:DEBUG] Set User-Agent: ibm-python-sdk-core-3.22.1 os.name=Linux os.version=6.10.9-100.fc39.x86_64 python.version=3.12.5
 2024-09-16 15:44:45,181 [ibm-cloud-sdk-core:DEBUG] Configuring BaseService instance with service name: global_search
 2024-09-16 15:44:45,181 [ibm-cloud-sdk-core:DEBUG] Performing synchronous token fetch
 2024-09-16 15:44:45,182 [ibm-cloud-sdk-core:DEBUG] Invoking IAM get_token operation: https://iam.cloud.ibm.com/identity/token
 2024-09-16 15:44:45,182 [urllib3.connectionpool:DEBUG] Starting new HTTPS connection (1): iam.cloud.ibm.com:443
-send: b'POST /identity/token HTTP/1.1\r\nHost: iam.cloud.ibm.com\r\nUser-Agent: ibm-python-sdk-core/iam-authenticator-3.21.0 os.name=Linux os.version=6.10.9-100.fc39.x86_64 python.version=3.12.5\r\nAccept-Encoding: gzip, deflate\r\nAccept: application/json\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 135\r\n\r\n'
+send: b'POST /identity/token HTTP/1.1\r\nHost: iam.cloud.ibm.com\r\nUser-Agent: ibm-python-sdk-core/iam-authenticator-3.22.1 os.name=Linux os.version=6.10.9-100.fc39.x86_64 python.version=3.12.5\r\nAccept-Encoding: gzip, deflate\r\nAccept: application/json\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 135\r\n\r\n'
 send: b'grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=[redacted]&response_type=cloud_iam'
 reply: 'HTTP/1.1 200 OK\r\n'
 header: Content-Type: application/json

{ibm_cloud_sdk_core-3.21.0 → ibm_cloud_sdk_core-3.22.1}/ibm_cloud_sdk_core.egg-info/SOURCES.txt

@@ -23,6 +23,7 @@ ibm_cloud_sdk_core/authenticators/basic_authenticator.py
 ibm_cloud_sdk_core/authenticators/bearer_token_authenticator.py
 ibm_cloud_sdk_core/authenticators/container_authenticator.py
 ibm_cloud_sdk_core/authenticators/cp4d_authenticator.py
+ibm_cloud_sdk_core/authenticators/iam_assume_authenticator.py
 ibm_cloud_sdk_core/authenticators/iam_authenticator.py
 ibm_cloud_sdk_core/authenticators/iam_request_based_authenticator.py
 ibm_cloud_sdk_core/authenticators/mcsp_authenticator.py
@@ -31,6 +32,7 @@ ibm_cloud_sdk_core/authenticators/vpc_instance_authenticator.py
 ibm_cloud_sdk_core/token_managers/__init__.py
 ibm_cloud_sdk_core/token_managers/container_token_manager.py
 ibm_cloud_sdk_core/token_managers/cp4d_token_manager.py
+ibm_cloud_sdk_core/token_managers/iam_assume_token_manager.py
 ibm_cloud_sdk_core/token_managers/iam_request_based_token_manager.py
 ibm_cloud_sdk_core/token_managers/iam_token_manager.py
 ibm_cloud_sdk_core/token_managers/jwt_token_manager.py
@@ -48,6 +50,8 @@ test/test_cp4d_authenticator.py
 test/test_cp4d_token_manager.py
 test/test_detailed_response.py
 test/test_http_adapter.py
+test/test_iam_assume_authenticator.py
+test/test_iam_assume_token_manager.py
 test/test_iam_authenticator.py
 test/test_iam_token_manager.py
 test/test_jwt_token_manager.py

{ibm_cloud_sdk_core-3.21.0 → ibm_cloud_sdk_core-3.22.1}/pyproject.toml

@@ -1,20 +1,20 @@
 [project]
 name = "ibm-cloud-sdk-core"
-version = "3.21.0"
+version = "3.22.1"
 authors = [
     { name="IBM", email="devxsdk@us.ibm.com" }
 ]
 description = "Core library used by SDKs for IBM Cloud Services"
 readme = "README.md"
-requires-python = ">=3.8"
+requires-python = ">=3.9"
 classifiers = [
     "Programming Language :: Python",
     "Programming Language :: Python :: 3",
-    "Programming Language :: Python :: 3.8",
     "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
     "Development Status :: 5 - Production/Stable",
     "Environment :: Console",
     "Intended Audience :: Developers",

{ibm_cloud_sdk_core-3.21.0 → ibm_cloud_sdk_core-3.22.1}/test/test_authenticator.py

@@ -19,3 +19,5 @@ def test_authenticator():
     authenticator = TestAuthenticator()
     assert authenticator is not None
     assert authenticator.authentication_type() == Authenticator.AUTHTYPE_UNKNOWN
+    assert authenticator.validate() is None
+    assert authenticator.authenticate(None) is None