Alert - Support for authentication when calling receiver endpoint. #560
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,4 @@ | ||
| from abc import abstractmethod | ||
| import json | ||
| import logging | ||
| import os | ||
|
|
@@ -53,31 +54,66 @@ class AlertReceiverAuthentication: | |
| Class to store authentication information for securely sending events to the alert receiver. | ||
| """ | ||
|
|
||
| authentication_config: dict = None | ||
| authentication_scheme: str = None | ||
|
|
||
| class AlertReceiverAuthenticationInterface: | ||
| def __init__(self, alert_receiver_config: dict, authentication_key: str): | ||
| self.authentication_config = alert_receiver_config.get(authentication_key) | ||
|
|
||
| if self.authentication_config is None: | ||
| raise ConfigurationError( | ||
| f"No authentication configuration found ({authentication_key})." | ||
| ) | ||
|
|
||
| self.authentication_scheme = self.authentication_config.get( | ||
| "authentication_scheme", self.authentication_scheme | ||
| ) | ||
| self._validate_authentication_scheme() | ||
|
|
||
| def _validate_authentication_scheme(self) -> None: | ||
| if not self.authentication_scheme: | ||
| raise ConfigurationError( | ||
| "The authentication scheme cannot be null or empty." | ||
| ) | ||
|
|
||
| if " " in self.authentication_scheme: | ||
|
There was a problem hiding this comment. You might want to check that it contains only a-zA-Z or something like that. ( |
||
| raise ConfigurationError( | ||
| "The authentication scheme cannot contain any space." | ||
| ) | ||
|
|
||
| @abstractmethod | ||
| def get_header(self) -> dict: | ||
| pass | ||
|
|
||
| class AlertReceiverNoneAuthentication(AlertReceiverAuthenticationInterface): | ||
| """ | ||
| Placeholder class for AlertReceiver without authentication. | ||
| """ | ||
| def __init__(self, alert_receiver_config: dict): | ||
| pass | ||
|
|
||
| def get_header(self) -> dict: | ||
| return {} | ||
|
There was a problem hiding this comment. This could be the default implementation (instead of |
||
|
|
||
| class AlertReceiverBasicAuthentication(AlertReceiverAuthenticationInterface): | ||
| """ | ||
| Class to store authentication information for basic authentication type with username and password. | ||
| """ | ||
|
|
||
| username: str | ||
| password: str | ||
| authentication_scheme: str = "Basic" | ||
|
|
||
| def __init__(self, alert_receiver_config: dict): | ||
| super().__init__(alert_receiver_config, "receiver_authentication_basic") | ||
|
|
||
| username_env = self.authentication_config.get("username_env") | ||
| password_env = self.authentication_config.get("password_env") | ||
|
|
||
| if ( | ||
| username_env is None or password_env is None | ||
| ): # This should not happen since it is included in the json validation | ||
| raise ConfigurationError( | ||
| "No username_env or password_env configuration found." | ||
| ) | ||
|
|
@@ -90,50 +126,37 @@ def __init__(self, alert_receiver_config: dict): | |
| f"No username or password found from environmental variables {username_env} and {password_env}." | ||
| ) | ||
|
|
||
| def get_header(self) -> dict: | ||
| return { | ||
| "Authorization": f"{self.authentication_scheme} {self.username}:{self.password}" | ||
| } | ||
|
|
||
| class AlertReceiverBearerAuthentication(AlertReceiverAuthenticationInterface): | ||
| """ | ||
| Class to store authentication information for bearer authentication type which uses a token. | ||
| """ | ||
|
|
||
| token: str | ||
| authentication_scheme: str = "Bearer" # default is bearer | ||
|
|
||
| def __init__(self, alert_receiver_config: dict): | ||
| super().__init__(alert_receiver_config, "receiver_authentication_bearer") | ||
|
|
||
| token_env = self.authentication_config.get("token_env") | ||
| token_file = self.authentication_config.get("token_file") | ||
|
|
||
| if ( | ||
| token_env is None and token_file is None | ||
| ): # This should not happen since it is included in the json validation | ||
| raise ConfigurationError( | ||
| "No token_env and token_file configuration found." | ||
| ) | ||
|
|
||
| if ( | ||
| token_env is not None and token_file is not None | ||
| ): # This should not happen since it is included in the json validation | ||
| raise ConfigurationError( | ||
| "Both token_env and token_file configuration found. Only one can be given." | ||
| ) | ||
|
|
||
| if token_env is not None: | ||
|
|
@@ -154,58 +177,37 @@ def __init__(self, alert_receiver_config: dict): | |
| f"An error occurred while loading the token file {token_file}: {str(err)}" | ||
| ) | ||
|
|
||
| def get_header(self) -> dict: | ||
| return {"Authorization": f"{self.authentication_scheme} {self.token}"} | ||
|
|
||
| init_map = { | ||
| "basic": AlertReceiverBasicAuthentication, | ||
| "bearer": AlertReceiverBearerAuthentication, | ||
| "none": AlertReceiverNoneAuthentication, | ||
| } | ||
|
|
||
| _authentication_instance = None | ||
|
|
||
| def __init__(self, alert_receiver_config: dict): | ||
| self.authentication_type = alert_receiver_config.get( | ||
| "receiver_authentication_type", "none" | ||
| ) | ||
| self.__init_authentication_instance(alert_receiver_config) | ||
|
|
||
| def __init_authentication_instance(self, alert_receiver_config: dict): | ||
| authentication_class = self.__get_authentication_class() | ||
| self._authentication_instance = authentication_class(alert_receiver_config) | ||
|
|
||
| def __get_authentication_class(self): | ||
| if self.authentication_type not in AlertReceiverAuthentication.init_map.keys(): | ||
| raise ConfigurationError( | ||
| f"No authentication type found. Valid values are {list(AlertReceiverAuthentication.init_map.keys())}" | ||
| ) # hopefully this never happens | ||
|
|
||
| return self.init_map.get(self.authentication_type) | ||
|
There was a problem hiding this comment. try:
return self.init_map[self.authentication_type]
except KeyError:
raise ConfigurationError(...)This is a Python paradigm called EAFP. For context, see https://sauravmaheshkar.github.io/blog/Introduction-To-Duck-Typing-and-EAFP/. One benefit is that EAFP gets ride of many TOCTOU race conditions (although not the case here, as the state is purely local). There was a problem hiding this comment. I was not aware of this python principle. Thank you. |
||
|
|
||
| def get_auth_header(self) -> dict: | ||
| return self._authentication_instance.get_header() | ||
|
|
||
|
|
||
| class Alert: | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
authentication_keysounds like a credentialThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I agree. It will be called
authentication_config_key.