feat(MCSPAuthenticator): add new authenticator for Multi-Cloud Saas Platform

[padamstx]

This commit introduces the new MCSPAuthenticator that can be used to exchange an apikey for an MCSP access token using the Multi-Cloud Saas Platform authentication token server's 'POST /siusermgr/api/1.0/apikeys/token' operation.

[pyrooka]

One question that's slightly related to this. Currently, when the AUTHTYPE is not specified we try to determine it based on the existence of the APIKEY: if it's found, then we use IAM, otherwise the container auth. However the CP4D and the MCSP authenticators also use apikey, so I am not sure if the current approach is quite correct. WDYT?

[dpopp07]

if it's found, then we use IAM, otherwise the container auth

I think that's an intentional priority we built into the code based on which authenticators are most common in practice and I think the other cores will do the same thing (though I could be wrong on that).

It is worth considering how good of an experience that is because implicit behavior can often be a source of confusion for users but if we're doing this in every core, altering the behavior would be a breaking change as users could be relying on this implicit behavior.

[padamstx]

I think that's an intentional priority we built into the code based on which authenticators are most common in practice and I think the other cores will do the same thing

correct, this is intentional, and we have the same logic in the other cores as well

the net result is... to use IAM, just configure the APIKEY config property at a minimum; to use one of the other authenticators that support APIKEY, you'd need to also set AUTH_TYPE to indicate which one to use.

[pyrooka]

Okay thanks, it makes sense!

[ibm-devx-sdk]

:tada: This PR is included in version 3.18.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: