From dddebe87e62dfefa79e03240ad48c8e0b351a6ed Mon Sep 17 00:00:00 2001
From: "Zhang Rong(Jon)" <rong.zhang@windriver.com>
Date: Wed, 22 May 2024 16:56:28 +0800
Subject: [PATCH] Refine the auth provider

This commit will refine auth provider, to make the auth
can disable from the source code and without exception.
Move the global scope methods into the class.

Test Plan:
1. Enabling the authentication worked correctly.
2. Disabling the authentication worked as expected without any
exceptions.

Issue-ID: INF-462

Change-Id: Ief69016ed73a525ca8e6a12eda959cb1422968f6
Signed-off-by: Zhang Rong(Jon) <rong.zhang@windriver.com>
---
 o2app/entrypoints/flask_application.py |  8 ++++----
 o2common/authmw/authprov.py            | 16 +++++++---------
 2 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/o2app/entrypoints/flask_application.py b/o2app/entrypoints/flask_application.py
index c7e0ef9..d55b50a 100644
--- a/o2app/entrypoints/flask_application.py
+++ b/o2app/entrypoints/flask_application.py
@@ -25,8 +25,10 @@ from o2common.authmw import authprov
 from o2common.config.config import get_review_url
 from o2common.helper import o2logging
 
+AUTH_ENABLED = True
+FLASK_API_VERSION = '1.0.0'
+
 # apibase = config.get_o2ims_api_base()
-auth = True
 app = Flask(__name__)
 logger = o2logging.get_logger(__name__)
 
@@ -39,9 +41,7 @@ def _get_k8s_url():
         raise Exception('Get k8s token review url failed')
 
 
-FLASK_API_VERSION = '1.0.0'
-
-if auth:
+if AUTH_ENABLED:
     # perform service account identity&privilege check.
     _get_k8s_url()
     ad = authprov.auth_definer('ad')
diff --git a/o2common/authmw/authprov.py b/o2common/authmw/authprov.py
index c6f5646..11243df 100644
--- a/o2common/authmw/authprov.py
+++ b/o2common/authmw/authprov.py
@@ -24,14 +24,6 @@ from o2common.config.config import get_reviewer_token
 ssl._create_default_https_context = ssl._create_unverified_context
 logger = o2logging.get_logger(__name__)
 
-# read the conf from config file
-auth_prv_conf = get_auth_provider()
-
-try:
-    token_review_url = get_review_url()
-except Exception:
-    raise Exception('Get k8s token review url failed')
-
 
 class K8SAuthenticaException(Exception):
     def __init__(self, value):
@@ -48,6 +40,8 @@ class auth_definer():
     def __init__(self, name):
         super().__init__()
         self.name = name
+        # read the conf from config file
+        auth_prv_conf = get_auth_provider()
         if auth_prv_conf == 'k8s':
             self.obj = k8s_auth_provider('k8s')
         else:
@@ -71,6 +65,10 @@ class k8s_auth_provider(auth_definer):
 
     def __init__(self, name):
         self.name = name
+        try:
+            self.token_review_url = get_review_url()
+        except Exception:
+            raise Exception('Failed to get k8s token review url.')
 
     def tokenissue(self, **args2):
         pass
@@ -105,7 +103,7 @@ class k8s_auth_provider(auth_definer):
                   'Content-Type': 'application/json'}
         try:
             req = urllib.request.Request(
-                token_review_url, data=binary_data, headers=header)
+                self.token_review_url, data=binary_data, headers=header)
             response = urllib.request.urlopen(req)
             data = json.load(response)
             if data['status']['authenticated'] is True:
-- 
2.16.6