feat(IdP): support dynamically loaded IdP plugins

Brooke-white · Brooke-white · commit 8e5270e93350 · 2021-02-15T09:21:34.000-08:00
diff --git a/redshift_connector/__init__.py b/redshift_connector/__init__.py
@@ -1,6 +1,7 @@
 import logging
 import typing
 
+from redshift_connector import plugin
 from redshift_connector.config import DEFAULT_PROTOCOL_VERSION
 from redshift_connector.core import BINARY, Connection, Cursor
 from redshift_connector.error import (
diff --git a/redshift_connector/iam_helper.py b/redshift_connector/iam_helper.py
@@ -11,15 +11,7 @@
     CredentialsHolder,
 )
 from redshift_connector.error import InterfaceError
-from redshift_connector.plugin import (
-    AdfsCredentialsProvider,
-    AzureCredentialsProvider,
-    BrowserAzureCredentialsProvider,
-    BrowserSamlCredentialsProvider,
-    OktaCredentialsProvider,
-    PingCredentialsProvider,
-    SamlCredentialsProvider,
-)
+from redshift_connector.plugin import SamlCredentialsProvider
 from redshift_connector.redshift_property import RedshiftProperty
 
 _logger: logging.Logger = logging.getLogger(__name__)
@@ -30,6 +22,14 @@ class SSLMode(Enum):
     VERIFY_FULL: str = "verify-full"
 
 
+def dynamic_plugin_import(name: str):
+    components = name.split(".")
+    mod = __import__(components[0])
+    for comp in components[1:]:
+        mod = getattr(mod, comp)
+    return mod
+
+
 # Helper function to handle IAM connection properties. If any IAM related connection property
 # is specified, all other <b>required</b> IAM properties must be specified
 def set_iam_properties(
@@ -226,29 +226,27 @@ def set_iam_properties(
 
 # Helper function to create the appropriate credential providers.
 def set_iam_credentials(info: RedshiftProperty) -> None:
-    provider: typing.Optional[typing.Union[SamlCredentialsProvider, AWSCredentialsProvider]] = None
+    klass: typing.Optional[SamlCredentialsProvider] = None
+    provider: typing.Union[SamlCredentialsProvider, AWSCredentialsProvider]
     # case insensitive comparison
     if info.credentials_provider is not None:
-        if info.credentials_provider.lower() == "OktaCredentialsProvider".lower():
-            provider = OktaCredentialsProvider()
-            provider.add_parameter(info)
-        elif info.credentials_provider.lower() == "AzureCredentialsProvider".lower():
-            provider = AzureCredentialsProvider()
-            provider.add_parameter(info)
-        elif info.credentials_provider.lower() == "BrowserAzureCredentialsProvider".lower():
-            provider = BrowserAzureCredentialsProvider()
-            provider.add_parameter(info)
-        elif info.credentials_provider.lower() == "PingCredentialsProvider".lower():
-            provider = PingCredentialsProvider()
-            provider.add_parameter(info)
-        elif info.credentials_provider.lower() == "BrowserSamlCredentialsProvider".lower():
-            provider = BrowserSamlCredentialsProvider()
-            provider.add_parameter(info)
-        elif info.credentials_provider.lower() == "AdfsCredentialsProvider".lower():
-            provider = AdfsCredentialsProvider()
-            provider.add_parameter(info)
-        else:
-            raise InterfaceError("Invalid credentials provider" + info.credentials_provider)
+        try:
+            klass = dynamic_plugin_import(info.credentials_provider)
+            provider = klass()  # type: ignore
+            provider.add_parameter(info)  # type: ignore
+        except (AttributeError, ModuleNotFoundError):
+            _logger.debug("Failed to load user defined plugin: {}".format(info.credentials_provider))
+            try:
+                klass = dynamic_plugin_import("redshift_connector.plugin.{}".format(info.credentials_provider))
+                provider = klass()  # type: ignore
+                provider.add_parameter(info)  # type: ignore
+            except (AttributeError, ModuleNotFoundError):
+                _logger.debug(
+                    "Failed to load pre-defined IdP plugin from redshift_connector.plugin: {}".format(
+                        info.credentials_provider
+                    )
+                )
+                raise InterfaceError("Invalid credentials provider " + info.credentials_provider)
     else:  # indicates AWS Credentials will be used
         provider = AWSCredentialsProvider()
         provider.add_parameter(info)
diff --git a/redshift_connector/plugin/__init__.py b/redshift_connector/plugin/__init__.py
@@ -1,7 +1,7 @@
-from .adfs_credentials_provider import *
-from .azure_credentials_provider import *
-from .browser_azure_credentials_provider import *
-from .browser_saml_credentials_provider import *
-from .okta_credentials_provider import *
-from .ping_credentials_provider import *
-from .saml_credentials_provider import *
+from .adfs_credentials_provider import AdfsCredentialsProvider
+from .azure_credentials_provider import AzureCredentialsProvider
+from .browser_azure_credentials_provider import BrowserAzureCredentialsProvider
+from .browser_saml_credentials_provider import BrowserSamlCredentialsProvider
+from .okta_credentials_provider import OktaCredentialsProvider
+from .ping_credentials_provider import PingCredentialsProvider
+from .saml_credentials_provider import SamlCredentialsProvider
