Merge pull request #286 from IBM-Cloud/release-v0.8.0-promotion

Release v0.8.0 promotion

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2021-09-16T21:05:25Z",
+  "generated_at": "2021-10-06T19:12:04Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -87,63 +87,63 @@
         "hashed_secret": "c2df5d3d760ff42f33fb38e2534d4c1b7ddde3ab",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 29,
+        "line_number": 30,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "c287d1da815abde11f19d14ab6f9dba01f57698e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 30,
+        "line_number": 31,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "41aaaaa69550b140807e70dcc170a497dbeadf0d",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 33,
+        "line_number": 34,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "ca51a3e5092ede254e7121c4fc9fb07a0a55f2a0",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 34,
+        "line_number": 35,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "d327b16674fb457f595a2bc5cdbd98f8143632be",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 35,
+        "line_number": 36,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "3c81615afb40d1889fc2e1fff551a8b59b4e80ce",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 36,
+        "line_number": 37,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "3438d9111af8058916e075b463bd7a6583cbf012",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 233,
+        "line_number": 247,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "53213c46677ac6f5576c44a4cbbdbe186d67cb00",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 235,
+        "line_number": 249,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -153,7 +153,7 @@
         "hashed_secret": "c8f0df25bade89c1873f5f01b85bcfb921443ac6",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 19,
+        "line_number": 20,
         "type": "JSON Web Token",
         "verified_result": null
       }
@@ -168,12 +168,30 @@
         "verified_result": null
       }
     ],
+    "bluemix/authentication/vpc/vpc_test.go": [
+      {
+        "hashed_secret": "baa11828b713288370b2ae5b7dd012ab8e875ca7",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 19,
+        "type": "JSON Web Token",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "c8f0df25bade89c1873f5f01b85bcfb921443ac6",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 20,
+        "type": "JSON Web Token",
+        "verified_result": null
+      }
+    ],
     "bluemix/configuration/core_config/bx_config_test.go": [
       {
         "hashed_secret": "9507a758af9127f99a700b500657fd558b705dc9",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 274,
+        "line_number": 303,
         "type": "JSON Web Token",
         "verified_result": null
       }

.travis.yml

@@ -0,0 +1,32 @@
+language: go
+dist: bionic
+go:
+- '1.16.x'
+- '1.17.x'
+addons:
+  apt:
+    packages:
+      - python3 
+      - python3-pip 
+      - python3-setuptools
+
+env:
+  global:
+    - GO111MODULE="off"
+
+before_install:
+  - sudo apt-get update && sudo apt-get upgrade -y openssl
+
+install:
+  # Required to install detect-secrets
+  - sudo chmod o+rwx /usr/lib/python3/dist-packages/
+  - python3 -m pip install -U pip
+  - pip3 install --upgrade "git+https://github.com/ibm/detect-secrets.git@master#egg=detect-secrets"
+  - go get -u github.com/kardianos/govendor
+
+before_script:
+  - bin/detect_secrets.sh
+  - govendor sync
+
+script:
+  - go test $(go list ./... | grep -v "plugin_examples" | grep -v "vendor")

CODEOWNERS

@@ -0,0 +1,2 @@
+# Global repo owners
+*       @jorge-ibm @steveclay @boyang9527

bin/detect_secrets.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env python3
+import subprocess
+import json
+
+print(subprocess.run(['detect-secrets', 'scan', '--update', '.secrets.baseline']))
+
+found_secrets = []
+
+with open('.secrets.baseline', 'r') as f:
+    baseline = json.loads(f.read())
+    for file, secrets in baseline['results'].items():
+        for secret in secrets:
+            if secret.get('is_secret', True):
+                found_secrets.append((file, secret))
+
+if found_secrets:
+    print('Secrets were found in the source code!')
+    print('If these contain false positives, they can be marked as such with the `detect-secrets audit .secrets.baseline` command and committing the updated baseline file into the application repo.')
+    print('Read more about the tool at https://github.com/ibm/detect-secrets\n\n')
+    print('FOUND SECRETS:')
+    for secret in found_secrets:
+        print('File: ' + secret[0] + ' Line: ' + str(secret[1]['line_number']) + ' Type: ' + secret[1]['type'])
+    print('failure')
+    exit(1)
+else:
+    print('NO SECRETS FOUND')
+    print('success')

bluemix/authentication/errors.go

@@ -71,3 +71,15 @@ func (e ExternalAuthenticationError) Error() string {
 	return T("External authentication failed. Error code: {{.ErrorCode}}, message: {{.Message}}",
 		map[string]interface{}{"ErrorCode": e.ErrorCode, "Message": e.ErrorMessage})
 }
+
+type SessionInactiveError struct {
+	Description string
+}
+
+func NewSessionInactiveError(description string) *SessionInactiveError {
+	return &SessionInactiveError{Description: description}
+}
+
+func (e *SessionInactiveError) Error() string {
+	return T("Session inactive: ") + e.Description
+}

bluemix/authentication/iam/iam.go

@@ -21,6 +21,7 @@ const (
 	crTokenParam           = "cr_token"
 	profileIDParam         = "profile_id"
 	profileNameParam       = "profile_name"
+	profileCRNParam        = "profile_crn"
 )
 
 // Grant types
@@ -44,6 +45,13 @@ const (
 	ResponseTypeDelegatedRefreshToken authentication.ResponseType = "delegated_refresh_token" // #nosec G101
 )
 
+const  (
+	InvalidTokenErrorCode           = "BXNIM0407E"
+	RefreshTokenExpiryErrorCode     = "BXNIM0408E"
+	ExternalAuthenticationErrorCode = "BXNIM0400E"
+	SessionInactiveErrorCode        = "BXNIM0439E"
+)
+
 type MFAVendor string
 
 func (m MFAVendor) String() string {
@@ -85,7 +93,17 @@ func APIKeyTokenRequest(apikey string, opts ...authentication.TokenOption) *auth
 	return r
 }
 
+// CRTokenRequest builds a 'TokenRequest' struct from the user input. The value of 'crToken' is set as the value of the 'cr_token' form
+// parameter of the request. 'profileID' and 'profileName' are optional parameters used to set the 'profile_id' and 'profile_name' form parameters
+// in the request, respectively.
 func CRTokenRequest(crToken string, profileID string, profileName string, opts ...authentication.TokenOption) *authentication.TokenRequest {
+	return CRTokenRequestWithCRN(crToken, profileID, profileName, "", opts...)
+}
+
+// CRTokenRequestWithCRN builds a 'TokenRequest' struct from the user input. The value of 'crToken' is set as the value of the 'cr_token' form
+// parameter of the request. 'profileID', 'profileName', and 'profileCRN' are optional parameters used to set the 'profile_id', 'profile_name',
+// and 'profile_crn' form parameters in the request, respectively.
+func CRTokenRequestWithCRN(crToken string, profileID string, profileName string, profileCRN string, opts ...authentication.TokenOption) *authentication.TokenRequest {
 	r := authentication.NewTokenRequest(GrantTypeCRToken)
 	r.SetTokenParam(crTokenParam, crToken)
 
@@ -95,6 +113,9 @@ func CRTokenRequest(crToken string, profileID string, profileName string, opts .
 	if profileName != "" {
 		r.SetTokenParam(profileNameParam, profileName)
 	}
+	if profileCRN != "" {
+		r.SetTokenParam(profileCRNParam, profileCRN)
+	}
 
 	for _, o := range opts {
 		r.WithOption(o)
@@ -325,12 +346,14 @@ func (c *client) doRequest(r *rest.Request, respV interface{}) error {
 		if jsonErr := json.Unmarshal([]byte(err.Message), &apiErr); jsonErr == nil {
 			switch apiErr.ErrorCode {
 			case "":
-			case "BXNIM0407E":
+			case InvalidTokenErrorCode:
 				return authentication.NewInvalidTokenError(apiErr.errorMessage())
-			case "BXNIM0408E":
+			case RefreshTokenExpiryErrorCode:
 				return authentication.NewRefreshTokenExpiryError(apiErr.errorMessage())
-			case "BXNIM0400E":
+			case ExternalAuthenticationErrorCode:
 				return &authentication.ExternalAuthenticationError{ErrorCode: apiErr.Requirements.ErrorCode, ErrorMessage: apiErr.Requirements.ErrorMessage}
+			case SessionInactiveErrorCode:
+				return authentication.NewSessionInactiveError(apiErr.errorMessage())
 			default:
 				return authentication.NewServerError(err.StatusCode, apiErr.ErrorCode, apiErr.errorMessage())
 			}