Skip to content

Allow unverified SSL and additional HTTP headers#89

Open
jlubawy wants to merge 2 commits intokiwitcms:masterfrom
jlubawy:jlubawy/http-modifications
Open

Allow unverified SSL and additional HTTP headers#89
jlubawy wants to merge 2 commits intokiwitcms:masterfrom
jlubawy:jlubawy/http-modifications

Conversation

@jlubawy
Copy link

@jlubawy jlubawy commented Mar 5, 2025

Hi, thank you for creating this API client and Kiwi TCMS itself.

I've added two new features that I've found useful:

  1. Allow unverified SSL connection (example use-case is when running Kiwi locally, if self-signed certificate is not trusted)
  2. Allow passing additional headers in HTTP requests. This is useful for cases where you may need to authenticate with a proxy for example (Proxy-Authorization header).

The changes should be backwards compatible due to setting default values for these new parameters.

Please let me know if there is anything you'd like to change though before you'd consider merging.

atodorov
atodorov requested changes Mar 7, 2025
View reviewed changes
Copy link
Member

@atodorov atodorov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this contribution. It needs some changes to make it better.

tcms_api/xmlrpc.py
ssl._create_default_https_context = ssl._create_unverified_context

if len(extra_headers) > 0:
self.transport._headers += extra_headers
Copy link
Member

@atodorov atodorov Mar 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This possibly overrides an existing value set for this attribute.

You can pass headers in Transport.__init__() so better add this in lines 128 & 130.

tcms_api/xmlrpc.py
url,
allow_unverified_ssl: bool = False,
extra_headers: list[tuple[str, str]] = [],
):
Copy link
Member

@atodorov atodorov Mar 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will have to define these for the inherited class TCMSKerbXmlrpc, and take care to pass them down appropriately otherwise we have broken method signatures in the inheritance chain.

tcms_api/xmlrpc.py
raise RuntimeError("Unrecognized URL scheme")

if allow_unverified_ssl:
ssl._create_default_https_context = ssl._create_unverified_context
Copy link
Member

@atodorov atodorov Mar 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is modifying the global state of the ssl module which potentially can lead to side effects depending on how that module and the tcms_api module are used by the developer. This could lead to very difficult to debug issues.

This also affects the SSL module even if for whatever reason the user is connecting to a plain-text endpoint (e.g. reusing the same code base).

Instead of doing it like this, see the context argument of SafeTransport.__init__().

@jlubawy
Copy link
Author

jlubawy commented Mar 11, 2025

Thank you for your review and comments. I'll try to make your suggestions and will let you know if I have any questions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@atodorov atodorov atodorov requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jlubawy @atodorov