checkpoint for experimental Gateway Service

Author: qrkourier

netfoundry/ctl.py

@@ -1153,6 +1153,7 @@ def use_organization(cli, spinner: object = None, prompt: bool = True):
                 expiry_minimum=0,
                 proxy=cli.config.general.proxy,
                 logger=cli.log,
+                gateway="gatewayv2",
             )
     except NFAPINoCredentials:
         if prompt:
@@ -1177,6 +1178,7 @@ def use_organization(cli, spinner: object = None, prompt: bool = True):
                         expiry_minimum=0,
                         proxy=cli.config.general.proxy,
                         logger=cli.log,
+                        gateway="gatewayv2",
                     )
             except PyJWTError:
                 spinner.fail("Not a valid token")

netfoundry/network_group.py

@@ -149,7 +149,7 @@ def find_latest_network_version(self, network_versions: list = list(), is_active
 
     find_latest_product_version = find_latest_network_version
 
-    def create_network(self, name: str, network_group_id: str = None, location: str = "us-ashburn-1", provider: str = "OCI", version: str = None, size: str = "medium", wait: int = 1200, sleep: int = 10, **kwargs):
+    def create_network(self, name: str, network_group_id: str = None, location: str = "eu-amsterdam-1", provider: str = "OCI", version: str = None, size: str = "medium", wait: int = 1200, sleep: int = 10, **kwargs):
         """
         Create a network in this network group.
 

netfoundry/organization.py

@@ -43,8 +43,10 @@ def __init__(self,
                  log_file: str = None,
                  debug: bool = False,
                  logger: logging.Logger = None,
-                 proxy: str = None):
+                 proxy: str = None,
+                 gateway: str = "gateway"):
         """Initialize an instance of organization."""
+        self.gateway = gateway
         # set debug and file if specified and let the calling application dictate logging handlers
         self.log_file = log_file
         self.debug = debug
@@ -249,7 +251,8 @@ def __init__(self,
                 self.logger.warning(f"unexpected environment '{self.environment}'")
 
         if self.environment and not self.audience:
-            self.audience = f'https://gateway.{self.environment}.netfoundry.io/'
+            self.audience = f'https://{self.gateway}.{self.environment}.netfoundry.io/'
+            self.logger.debug(f"computed audience URL from gateway and environment: {self.audience}")
 
         if self.environment and self.audience:
             if not re.search(self.environment, self.audience):
@@ -284,15 +287,15 @@ def __init__(self,
             # extract the environment name from the authorization URL aka token API endpoint
             if self.environment is None:
                 self.environment = re.sub(r'https://netfoundry-([^-]+)-.*', r'\1', token_endpoint, re.IGNORECASE)
-                self.logger.debug(f"using environment parsed from token_endpoint URL {self.environment}")
+                self.logger.debug(f"using environment parsed from authenticationUrl: {self.environment}")
             # re: scope: we're not using scopes with Cognito, but a non-empty value is required;
             #  hence "/ignore-scope"
-            scope = "https://gateway."+self.environment+".netfoundry.io//ignore-scope"
+            scope = f"https://{self.gateway}.{self.environment}.netfoundry.io//ignore-scope"
+            self.logger.debug(f"computed scope URL from gateway and environment: {scope}")
             # we can gather the URL of the API from the first part of the scope string by
             #  dropping the scope suffix
             self.audience = scope.replace(r'/ignore-scope', '')
-            self.logger.debug(f"using audience parsed from token_endpoint URL {self.audience}")
-            # e.g. https://gateway.production.netfoundry.io/
+            self.logger.debug(f"using audience parsed from authenticationUrl: {self.audience}")
             assertion = {
                 "scope": scope,
                 "grant_type": "client_credentials"

netfoundry/utility.py

@@ -185,7 +185,7 @@ def jwt_environment(setup: object):
 
     else:
         if re.match(r'https://cognito-', iss):
-            environment = re.sub(r'https://gateway\.([^.]+)\.netfoundry\.io.*', r'\1', claim['scope'])
+            environment = re.sub(f'https://{setup.gateway}\.([^.]+)\.netfoundry\.io.*', r'\1', claim['scope'])
             setup.logger.debug(f"matched Cognito issuer URL convention, found environment '{environment}'")
         elif re.match(r'.*\.auth0\.com', iss):
             environment = re.sub(r'https://netfoundry-([^.]+)\.auth0\.com.*', r'\1', claim['iss'])