Add IAM support

[lpatino10]

This PR adds in support for IAM in the core of the SDK. With these changes, users have the option of authenticating with Watson services using IAM tokens, which they can manage themselves or let the new IamTokenManager class handle.

Shout out to @dpopp07 for leading the way for this in the Node SDK. Definitely leaned on your changes for my implementation 😉

[codecov-io]

Codecov Report

Merging #929 into develop will increase coverage by 0.01%.
The diff coverage is 39.56%.

@@              Coverage Diff              @@
##             develop     #929      +/-   ##
=============================================
+ Coverage      38.77%   38.79%   +0.01%     
- Complexity      1421     1438      +17     
=============================================
  Files            559      562       +3     
  Lines          14261    14398     +137     
  Branches         831      842      +11     
=============================================
+ Hits            5530     5586      +56     
- Misses          8415     8487      +72     
- Partials         316      325       +9

Impacted Files	Coverage Δ	Complexity Δ
...oud/language_translator/v2/LanguageTranslator.java	38.66% <0%> (-1.62%)	8 <0> (ø)
...guage_classifier/v1/NaturalLanguageClassifier.java	58.66% <0%> (-2.45%)	8 <0> (ø)
...eveloper_cloud/speech_to_text/v1/SpeechToText.java	75.43% <0%> (-0.67%)	47 <0> (ø)
...watson/developer_cloud/assistant/v1/Assistant.java	3.41% <0%> (-0.02%)	7 <0> (ø)
...cloud/visual_recognition/v3/VisualRecognition.java	63.23% <0%> (-1.43%)	12 <0> (ø)
...developer_cloud/tone_analyzer/v3/ToneAnalyzer.java	51.21% <0%> (-4.05%)	4 <0> (ø)
...watson/developer_cloud/discovery/v1/Discovery.java	55.63% <0%> (-0.31%)	51 <0> (ø)
...eveloper_cloud/text_to_speech/v1/TextToSpeech.java	73.77% <0%> (-1.86%)	19 <0> (ø)
.../developer_cloud/conversation/v1/Conversation.java	3.41% <0%> (-0.02%)	7 <0> (ø)
...understanding/v1/NaturalLanguageUnderstanding.java	56% <0%> (-3.58%)	8 <0> (ø)
... and 10 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 55f9868...f44c5af. Read the comment docs.

[mamoonraja]

can you review this one more time before merging?

[germanattanasio]

We probably want to update the README with examples of how to use IAM.

[germanattanasio]

What about the iam_url? When running on stage1 we need to use a different IAM server

[germanattanasio]

We need an CredentialUtils.getIAMUrl(name);

[dpopp07]

The URL to the IAM endpoint is not present in the VCAP credentials is it? There would be something like "url": "https://gateway-s.watsonplatform.net/assistant/api" but the SDK would have to parse out any info and build the token service URL from there. Is that in the scope of the SDKs? I don't believe I'm doing that in Node.

[germanattanasio]

We need to add the URL to the VCAP services.

[dpopp07]

My apologies for the confusion, I am doing this in Node. Sounds good 👍

[germanattanasio]

"Bearer " should be a constant

[germanattanasio]

They just need to provide iam_api_key. iam_url (optional) and access_token (optional).

[germanattanasio]

use a constant for the URL

[germanattanasio]

All the strings here should be constants

[germanattanasio]

We probably want to update the README with examples of how to use IAM.

[dpopp07]

@lpatino10 thanks for the shout out 😛

This all looks good to me, as far as the IAM logic goes. Since you're using a builder for the token options, I want to make sure it is clear to the users that they have to manage everything if they use the accessToken() method. It looks like you did a good job of including that in the comments - but I agree with German's suggestion of including examples in the README and maybe reiterating that fact.

[dpopp07]

If someone is still maintaining this thousands of years from now, I hope they remember to change this expiration time!

[dpopp07]

Even if the IAM API key is being pulled from VCAP credentials, the IAM URL is still optional, right? I think the tokenManager should still be created if there is an IAM API key but no IAM URL

[germanattanasio]

true

[dpopp07]

@lpatino10 will you address this? As far as I can see, that is all that's left to be done

[lpatino10]

Oops, I missed this one. Making the change now.

[dpopp07]

Just had a few suggestions on the documentation

[dpopp07]

This is a bit nit-picky, but I would change this to something like "the IAM API key and optionally the IAM service URL, or an IAM access token. The user would not pass in all three, so "and" may be the wrong word to use. Sorry to sound like grammar 👮

[lpatino10]

No that's helpful! I was struggling to think of how to convey what was optional or not. I like your idea 👍

[dpopp07]

Maybe note here that URL is optional and give the default value

[dpopp07]

I think "assuming" is more clear here than "taking". Just my opinion

[dpopp07]

If the user passes in an access token, there is no need to provide the URL. They will be making the service requests, so the URL would never be used.

[dpopp07]

See comments above

[dpopp07]

I like that you point this out to the user!

[dpopp07]

Nice! Looks good to me