1) Fixed a problem where the HTTP host header was not being added in request(on-premise only)

pengfei0107 · pengfei0107 · commit d2f8590a53f8 · 2020-06-06T23:55:26.000+08:00
2) Add a lock to the internal cache that caches request signature
3) Fix some document and test issues
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -55,6 +55,9 @@ _____
   start time if both of them are specified, throw IAE if end time is smaller
   than start time.
 * Changed min/max implementation to make them deterministic.
+* On-premise only. Fixed a problem where the HTTP Host header was not being
+  adding in all request cases. This prevented use of an intermediate proxy such
+  as Nginx, which validates headers.
 
 Removed
 _______
diff --git a/examples/utils.py b/examples/utils.py
@@ -51,7 +51,7 @@ def generate_authorization_provider(tenant_id):
                 region = endpoint
             provider = SignatureProvider.create_with_instance_principal(
                 region=region)
-        elif principal == 'resource principals':
+        elif principal == 'resource principal':
             provider = SignatureProvider.create_with_resource_principal()
         else:
             raise IllegalArgumentException('Must specify the principal.')
diff --git a/src/borneo/common.py b/src/borneo/common.py
@@ -539,10 +539,13 @@ class Memoize(object):
     def __init__(self, duration=60):
         self._cache = {}
         self._duration = duration
+        self.lock = Lock()
 
+    @synchronized
     def set(self, key, value):
         self._cache[key] = {'value': value, 'time': time()}
 
+    @synchronized
     def get(self, key):
         if key in self._cache and not self._is_obsolete(self._cache[key]):
             return self._cache[key]['value']
@@ -1203,14 +1206,14 @@ class ResourcePrincipalClaimKeys(object):
     """
     The claim name that the RPST holds for the resource compartment. This can be
     passed to
-    :py:method:`borneo.iam.SignatureProvider.get_resource_principal_claim` to
+    :py:meth:`borneo.iam.SignatureProvider.get_resource_principal_claim` to
     retrieve the resource's compartment OCID.
     """
     TENANT_ID_CLAIM_KEY = 'res_tenant'
     """
     The claim name that the RPST holds for the resource tenancy. This can be
     passed to
-    :py:method:`borneo.iam.SignatureProvider.get_resource_principal_claim` to
+    :py:meth:`borneo.iam.SignatureProvider.get_resource_principal_claim` to
     retrieve the resource's tenancy OCID.
     """
 
diff --git a/src/borneo/iam/iam.py b/src/borneo/iam/iam.py
@@ -6,7 +6,7 @@
 #
 
 from os import path
-from requests import Request, Session
+from requests import Request
 from threading import Timer
 try:
     import oci
@@ -17,7 +17,6 @@
 from borneo.common import CheckValue, HttpConstants, LogUtils, Memoize
 from borneo.config import Region, Regions
 from borneo.exception import IllegalArgumentException
-from borneo.http import RequestUtils
 
 
 class SignatureProvider(AuthorizationProvider):
@@ -209,8 +208,6 @@ def __init__(self, provider=None, config_file=None, profile_name=None,
         self._service_url = None
         self._logger = None
         self._logutils = LogUtils()
-        self._sess = Session()
-        self._request_utils = RequestUtils(self._sess, self._logutils)
 
     def close(self):
         """
@@ -257,7 +254,6 @@ def set_logger(self, logger):
         CheckValue.check_logger(logger, 'logger')
         self._logger = logger
         self._logutils = LogUtils(logger)
-        self._request_utils = RequestUtils(self._sess, self._logutils)
         return self
 
     def set_required_headers(self, request, auth_string, headers):
diff --git a/src/borneo/kv/kv.py b/src/borneo/kv/kv.py
@@ -330,7 +330,7 @@ def _schedule_refresh(self):
     def _send_request(self, auth_header, service_name):
         # Send HTTPS request to login/renew/logout service location with proper
         # authentication information.
-        headers = {'Authorization': auth_header}
+        headers = {'Host': self._url.hostname, 'Authorization': auth_header}
         return self._request_utils.do_get_request(
             self._url.geturl() + self._base_path + service_name, headers,
             StoreAccessTokenProvider._HTTP_TIMEOUT_MS)
diff --git a/test/testutils.py b/test/testutils.py
@@ -157,7 +157,7 @@ def generate_authorization_provider(tenant_id):
                 region = endpoint
             authorization_provider = (
                 SignatureProvider.create_with_instance_principal(region=region))
-        elif iam_principal() == 'resource principals':
+        elif iam_principal() == 'resource principal':
             authorization_provider = (
                 SignatureProvider.create_with_resource_principal())
         else:
