Added support for private key content for set_auth() (#198)

Author: lu-ohai

ads/common/auth.py

@@ -7,7 +7,7 @@
 import copy
 import os
 from dataclasses import dataclass
-from typing import Any, Callable, Dict, Optional
+from typing import Any, Callable, Dict, Optional, Union
 
 import ads.telemetry
 import oci
@@ -45,7 +45,7 @@ class AuthState(metaclass=SingletonMeta):
     oci_cli_auth: str = None
     oci_config_path: str = None
     oci_key_profile: str = None
-    oci_config: str = None
+    oci_config: Dict = None
     oci_signer: Any = None
     oci_signer_callable: Callable = None
     oci_signer_kwargs: Dict = None
@@ -65,8 +65,6 @@ def __post_init__(self):
             "OCI_CONFIG_PROFILE", DEFAULT_PROFILE
         )
         self.oci_config = self.oci_config or {}
-        self.oci_signer = self.oci_signer
-        self.oci_signer_callable = self.oci_signer_callable
         self.oci_signer_kwargs = self.oci_signer_kwargs or {}
         self.oci_client_kwargs = self.oci_client_kwargs or {}
 
@@ -82,15 +80,14 @@ def set_auth(
     client_kwargs: Optional[Dict] = {},
 ) -> None:
     """
-    Save type of authentication, profile, config location, config (keypair identity) or signer, which will be used
-    when actual creation of config or signer happens.
+    Sets the default authentication type.
 
     Parameters
     ----------
     auth: Optional[str], default 'api_key'
         'api_key', 'resource_principal' or 'instance_principal'. Enable/disable resource principal identity,
          instance principal or keypair identity in a notebook session
-    oci_config_location: Optional[str], default oci.config.DEFAULT_LOCATION, which is '~/.oci/config'
+    oci_config_location: Optional[str], default '~/.oci/config'
         config file location
     profile: Optional[str], default is DEFAULT_PROFILE, which is 'DEFAULT'
          profile name for api keys config file
@@ -121,10 +118,46 @@ def set_auth(
     >>> other_config = oci.config.from_file("other_config_location", "OTHER_PROFILE") # Create non-default config
     >>> ads.set_auth(config=other_config) # Set api keys type of authentication based on provided config
 
+    >>> config={
+    ...     user=ocid1.user.oc1..<unique_ID>,
+    ...     fingerprint=<fingerprint>,
+    ...     tenancy=ocid1.tenancy.oc1..<unique_ID>,
+    ...     region=us-ashburn-1,
+    ...     key_content=<private key content>,
+    ... }
+    >>> ads.set_auth(config=config) # Set api key authentication using private key content based on provided config
+
+    >>> config={
+    ...     user=ocid1.user.oc1..<unique_ID>,
+    ...     fingerprint=<fingerprint>,
+    ...     tenancy=ocid1.tenancy.oc1..<unique_ID>,
+    ...     region=us-ashburn-1,
+    ...     key_file=~/.oci/oci_api_key.pem,
+    ... }
+    >>> ads.set_auth(config=config) # Set api key authentication using private key file location based on provided config
+
     >>> ads.set_auth("resource_principal")  # Set resource principal authentication
 
     >>> ads.set_auth("instance_principal")  # Set instance principal authentication
 
+    >>> singer = oci.signer.Signer(
+    ...     user=ocid1.user.oc1..<unique_ID>,
+    ...     fingerprint=<fingerprint>,
+    ...     tenancy=ocid1.tenancy.oc1..<unique_ID>,
+    ...     region=us-ashburn-1,
+    ...     private_key_content=<private key content>,
+    ... )
+    >>> ads.set_auth(singer=singer) # Set api keys authentication with private key content based on provided signer
+
+    >>> singer = oci.signer.Signer(
+    ...     user=ocid1.user.oc1..<unique_ID>,
+    ...     fingerprint=<fingerprint>,
+    ...     tenancy=ocid1.tenancy.oc1..<unique_ID>,
+    ...     region=us-ashburn-1,
+    ...     private_key_file_location=<private key content>,
+    ... )
+    >>> ads.set_auth(singer=singer) # Set api keys authentication with private key file location based on provided signer
+
     >>> singer = oci.auth.signers.get_resource_principals_signer()
     >>> ads.auth.create_signer(config={}, singer=signer) # resource principals authentication dictionary created
 
@@ -157,22 +190,15 @@ def set_auth(
 
     auth_state.oci_config = config
     auth_state.oci_key_profile = profile
-    if auth == AuthType.API_KEY and not signer and not signer_callable:
-        if os.path.exists(os.path.expanduser(oci_config_location)):
-            auth_state.oci_config_path = oci_config_location
-        else:
-            raise ValueError(
-                f"{oci_config_location} path does not exist, please provide existing path to config file."
-            )
-
+    auth_state.oci_config_path = oci_config_location
     auth_state.oci_signer = signer
     auth_state.oci_signer_callable = signer_callable
     auth_state.oci_signer_kwargs = signer_kwargs
     auth_state.oci_client_kwargs = client_kwargs
 
 
 def api_keys(
-    oci_config: str = os.path.join(os.path.expanduser("~"), ".oci", "config"),
+    oci_config: Union[str, Dict] = os.path.expanduser(DEFAULT_LOCATION),
     profile: str = DEFAULT_PROFILE,
     client_kwargs: Dict = None,
 ) -> Dict:
@@ -182,8 +208,8 @@ def api_keys(
 
     Parameters
     ----------
-    oci_config: Optional[str], default is $HOME/.oci/config
-        OCI authentication config file location.
+    oci_config: Optional[Union[str, Dict]], default is ~/.oci/config
+        OCI authentication config file location or a dictionary with config attributes.
     profile: Optional[str], is DEFAULT_PROFILE, which is 'DEFAULT'
         Profile name to select from the config file.
     client_kwargs: Optional[Dict], default None
@@ -205,7 +231,10 @@ def api_keys(
     >>> oc.OCIClientFactory(**auth).object_storage # Creates Object storage client with timeout set to 6000 using API Key authentication
     """
     signer_args = dict(
-        oci_config_location=oci_config,
+        oci_config=oci_config if isinstance(oci_config, Dict) else {},
+        oci_config_location=oci_config
+        if isinstance(oci_config, str)
+        else os.path.expanduser(DEFAULT_LOCATION),
         oci_key_profile=profile,
         client_kwargs=client_kwargs,
     )
@@ -291,6 +320,24 @@ def create_signer(
     >>> config = oci.config.from_file("other_config_location", "OTHER_PROFILE")
     >>> auth = ads.auth.create_signer(config=config) # api_key type of authentication dictionary created based on provided config
 
+    >>> config={
+    ...     user=ocid1.user.oc1..<unique_ID>,
+    ...     fingerprint=<fingerprint>,
+    ...     tenancy=ocid1.tenancy.oc1..<unique_ID>,
+    ...     region=us-ashburn-1,
+    ...     key_content=<private key content>,
+    ... }
+    >>> auth = ads.auth.create_signer(config=config) # api_key type of authentication dictionary with private key content created based on provided config
+
+    >>> config={
+    ...     user=ocid1.user.oc1..<unique_ID>,
+    ...     fingerprint=<fingerprint>,
+    ...     tenancy=ocid1.tenancy.oc1..<unique_ID>,
+    ...     region=us-ashburn-1,
+    ...     key_file=~/.oci/oci_api_key.pem,
+    ... }
+    >>> auth = ads.auth.create_signer(config=config) # api_key type of authentication dictionary with private key file location created based on provided config
+
     >>> singer = oci.auth.signers.get_resource_principals_signer()
     >>> auth = ads.auth.create_signer(config={}, signer=signer) # resource principals authentication dictionary created
 
@@ -482,8 +529,8 @@ def create_signer(self) -> Dict:
         Signer constructed from the `oci_config` provided. If not 'oci_config', configuration will be
         constructed from 'oci_config_location' and 'oci_key_profile' in place.
 
-        Resturns
-        --------
+        Returns
+        -------
         dict
             Contains keys - config, signer and client_kwargs.
 
@@ -506,15 +553,18 @@ def create_signer(self) -> Dict:
             configuration = ads.telemetry.update_oci_client_config(
                 oci.config.from_file(self.oci_config_location, self.oci_key_profile)
             )
+
+        oci.config.validate_config(configuration)
         logger.info(f"Using 'api_key' authentication.")
         return {
             "config": configuration,
             "signer": oci.signer.Signer(
-                configuration["tenancy"],
-                configuration["user"],
-                configuration["fingerprint"],
-                configuration["key_file"],
-                configuration.get("pass_phrase"),
+                tenancy=configuration["tenancy"],
+                user=configuration["user"],
+                fingerprint=configuration["fingerprint"],
+                private_key_file_location=configuration.get("key_file"),
+                pass_phrase= configuration.get("pass_phrase"),
+                private_key_content=configuration.get("key_content")
             ),
             "client_kwargs": self.client_kwargs,
         }
@@ -544,8 +594,8 @@ def create_signer(self) -> Dict:
         """
         Creates Resource Principal signer with extra arguments necessary for creating clients.
 
-        Resturns
-        --------
+        Returns
+        -------
         dict
             Contains keys - config, signer and client_kwargs.
 
@@ -600,8 +650,8 @@ def create_signer(self) -> Dict:
         Signer instantiated from the `signer_callable` or if the `signer` provided is will be return by this method.
         If `signer_callable` or `signer` not provided new signer will be created in place.
 
-        Resturns
-        --------
+        Returns
+        -------
         dict
             Contains keys - config, signer and client_kwargs.
 

docs/source/user_guide/cli/authentication.rst

@@ -82,6 +82,21 @@ The ``~/.oci/config`` configuration allow for multiple configurations to be stor
   ads.set_auth("api_key") # default signer is set to API Keys
   ads.set_auth("api_key", profile = "TEST") # default signer is set to API Keys and to use TEST profile
   ads.set_auth("api_key", oci_config_location = "~/.test_oci/config") # default signer is set to API Keys and to use non-default oci_config_location
+  private_key_content = """
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIBIjANBgkqhkiG9w0BAQE...
+  ...
+  -----END RSA PRIVATE KEY-----
+  """
+  config = dict(
+    user="ocid1.user.oc1..xxx",
+    fingerprint="35:67:25:90:89:87:45:78:bf:4h:g5:13:16:32:4d:f4",
+    tenancy="ocid1.tenancy.oc1..xxx",
+    region="us-ashburn-1",
+    key_content=private_key_content,
+  )
+  ads.set_auth(config = config) # default signer is set to API Keys with private key content
+  
   ads.set_auth("resource_principal")  # default signer is set to resource principal authentication
   ads.set_auth("instance_principal")  # default signer is set to instance principal authentication
 
@@ -121,7 +136,7 @@ In the this example, the default authentication uses API keys specified with the
   os_auth = authutil.resource_principal() # use resource principal to as the preferred way to access object store
 
 
-More signers can be created using the ``create_signer()`` method. With the ``auth_type`` parameter set to ``instance_principal``, the method will return a signer that uses instance principals. For other signers there are ``signer`` or ``signer_callable`` parameters. Here are examples:
+More signers can be created using the ``create_signer()`` method. With the ``auth_type`` parameter set to ``instance_principal``, the method will return a signer that uses instance principals. For other signers there are ``signer``, ``signer_callable`` or ``signer_kwargs`` parameters. Here are examples:
 
 .. code-block:: python