feat: Add verify_ssl option to generated Client, allowing users to ignore ssl verification (#497). Thanks @rtaycher!

rtaycher · dbanty · web-flow · commit 5861c7c307a9 · 2021-09-25T14:57:26.000-06:00
Co-authored-by: Dylan Anthony &lt;43723790+dbanty@users.noreply.github.com&gt;
diff --git a/end_to_end_tests/golden-record/README.md b/end_to_end_tests/golden-record/README.md
@@ -41,6 +41,26 @@ my_data: MyDataModel = await get_my_data_model.asyncio(client=client)
 response: Response[MyDataModel] = await get_my_data_model.asyncio_detailed(client=client)
 ```
 
+By default, when you're calling an HTTPS API it will attempt to verify that SSL is working correctly. Using certificate verification is highly recommended most of the time, but sometimes you may need to authenticate to a server (especially an internal server) using a custom certificate bundle.
+
+```python
+client = AuthenticatedClient(
+    base_url="https://internal_api.example.com", 
+    token="SuperSecretToken",
+    verify_ssl="/path/to/certificate_bundle.pem",
+)
+```
+
+You can also disable certificate validation altogether, but beware that **this is a security risk**.
+
+```python
+client = AuthenticatedClient(
+    base_url="https://internal_api.example.com", 
+    token="SuperSecretToken", 
+    verify_ssl=False
+)
+```
+
 Things to know:
 1. Every path/method combo becomes a Python module with four functions:
     1. `sync`: Blocking request that returns parsed data (if successful) or `None`
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/default/get_common_parameters.py b/end_to_end_tests/golden-record/my_test_api_client/api/default/get_common_parameters.py
@@ -27,6 +27,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "params": params,
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/default/post_common_parameters.py b/end_to_end_tests/golden-record/my_test_api_client/api/default/post_common_parameters.py
@@ -27,6 +27,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "params": params,
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/location/get_location_query_optionality.py b/end_to_end_tests/golden-record/my_test_api_client/api/location/get_location_query_optionality.py
@@ -48,6 +48,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "params": params,
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/parameters/delete_common_parameters_overriding_param.py b/end_to_end_tests/golden-record/my_test_api_client/api/parameters/delete_common_parameters_overriding_param.py
@@ -28,6 +28,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "params": params,
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/parameters/get_common_parameters_overriding_param.py b/end_to_end_tests/golden-record/my_test_api_client/api/parameters/get_common_parameters_overriding_param.py
@@ -28,6 +28,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "params": params,
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/parameters/get_same_name_multiple_locations_param.py b/end_to_end_tests/golden-record/my_test_api_client/api/parameters/get_same_name_multiple_locations_param.py
@@ -36,6 +36,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "params": params,
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/parameters/multiple_path_parameters.py b/end_to_end_tests/golden-record/my_test_api_client/api/parameters/multiple_path_parameters.py
@@ -26,6 +26,7 @@ def _get_kwargs(
         "headers": headers,
         "cookies": cookies,
         "timeout": client.get_timeout(),
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tag1/get_tag_with_number.py b/end_to_end_tests/golden-record/my_test_api_client/api/tag1/get_tag_with_number.py
@@ -20,6 +20,7 @@ def _get_kwargs(
         "headers": headers,
         "cookies": cookies,
         "timeout": client.get_timeout(),
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/defaults_tests_defaults_post.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/defaults_tests_defaults_post.py
@@ -80,6 +80,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "params": params,
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/get_basic_list_of_booleans.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/get_basic_list_of_booleans.py
@@ -20,6 +20,7 @@ def _get_kwargs(
         "headers": headers,
         "cookies": cookies,
         "timeout": client.get_timeout(),
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/get_basic_list_of_floats.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/get_basic_list_of_floats.py
@@ -20,6 +20,7 @@ def _get_kwargs(
         "headers": headers,
         "cookies": cookies,
         "timeout": client.get_timeout(),
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/get_basic_list_of_integers.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/get_basic_list_of_integers.py
@@ -20,6 +20,7 @@ def _get_kwargs(
         "headers": headers,
         "cookies": cookies,
         "timeout": client.get_timeout(),
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/get_basic_list_of_strings.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/get_basic_list_of_strings.py
@@ -20,6 +20,7 @@ def _get_kwargs(
         "headers": headers,
         "cookies": cookies,
         "timeout": client.get_timeout(),
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/get_user_list.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/get_user_list.py
@@ -44,6 +44,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "params": params,
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/int_enum_tests_int_enum_post.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/int_enum_tests_int_enum_post.py
@@ -31,6 +31,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "params": params,
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/json_body_tests_json_body_post.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/json_body_tests_json_body_post.py
@@ -26,6 +26,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "json": json_json_body,
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/no_response_tests_no_response_get.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/no_response_tests_no_response_get.py
@@ -20,6 +20,7 @@ def _get_kwargs(
         "headers": headers,
         "cookies": cookies,
         "timeout": client.get_timeout(),
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/octet_stream_tests_octet_stream_get.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/octet_stream_tests_octet_stream_get.py
@@ -21,6 +21,7 @@ def _get_kwargs(
         "headers": headers,
         "cookies": cookies,
         "timeout": client.get_timeout(),
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/post_form_data.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/post_form_data.py
@@ -23,6 +23,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "data": form_data.to_dict(),
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/test_inline_objects.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/test_inline_objects.py
@@ -26,6 +26,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "json": json_json_body,
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/token_with_cookie_auth_token_with_cookie_get.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/token_with_cookie_auth_token_with_cookie_get.py
@@ -23,6 +23,7 @@ def _get_kwargs(
         "headers": headers,
         "cookies": cookies,
         "timeout": client.get_timeout(),
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/unsupported_content_tests_unsupported_content_get.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/unsupported_content_tests_unsupported_content_get.py
@@ -20,6 +20,7 @@ def _get_kwargs(
         "headers": headers,
         "cookies": cookies,
         "timeout": client.get_timeout(),
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/upload_file_tests_upload_post.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/upload_file_tests_upload_post.py
@@ -30,6 +30,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "files": multipart_multipart_data,
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/tests/upload_multiple_files_tests_upload_post.py b/end_to_end_tests/golden-record/my_test_api_client/api/tests/upload_multiple_files_tests_upload_post.py
@@ -33,6 +33,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "files": multipart_multipart_data,
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/api/true_/false_.py b/end_to_end_tests/golden-record/my_test_api_client/api/true_/false_.py
@@ -27,6 +27,7 @@ def _get_kwargs(
         "cookies": cookies,
         "timeout": client.get_timeout(),
         "params": params,
+        "verify": client.verify_ssl,
     }
 
 
diff --git a/end_to_end_tests/golden-record/my_test_api_client/client.py b/end_to_end_tests/golden-record/my_test_api_client/client.py
@@ -1,4 +1,5 @@
-from typing import Dict
+import ssl
+from typing import Dict, Union
 
 import attr
 
@@ -11,6 +12,7 @@ class Client:
     cookies: Dict[str, str] = attr.ib(factory=dict, kw_only=True)
     headers: Dict[str, str] = attr.ib(factory=dict, kw_only=True)
     timeout: float = attr.ib(5.0, kw_only=True)
+    verify_ssl: Union[str, bool, ssl.SSLContext] = attr.ib(True, kw_only=True)
 
     def get_headers(self) -> Dict[str, str]:
         """Get headers to be used in all endpoints"""
diff --git a/openapi_python_client/templates/README.md.jinja b/openapi_python_client/templates/README.md.jinja
@@ -41,6 +41,26 @@ my_data: MyDataModel = await get_my_data_model.asyncio(client=client)
 response: Response[MyDataModel] = await get_my_data_model.asyncio_detailed(client=client)
 ```
 
+By default, when you're calling an HTTPS API it will attempt to verify that SSL is working correctly. Using certificate verification is highly recommended most of the time, but sometimes you may need to authenticate to a server (especially an internal server) using a custom certificate bundle.
+
+```python
+client = AuthenticatedClient(
+    base_url="https://internal_api.example.com", 
+    token="SuperSecretToken",
+    verify_ssl="/path/to/certificate_bundle.pem",
+)
+```
+
+You can also disable certificate validation altogether, but beware that **this is a security risk**.
+
+```python
+client = AuthenticatedClient(
+    base_url="https://internal_api.example.com", 
+    token="SuperSecretToken", 
+    verify_ssl=False
+)
+```
+
 Things to know:
 1. Every path/method combo becomes a Python module with four functions:
     1. `sync`: Blocking request that returns parsed data (if successful) or `None`
diff --git a/openapi_python_client/templates/client.py.jinja b/openapi_python_client/templates/client.py.jinja
@@ -1,5 +1,5 @@
-from typing import Dict
-
+import ssl
+from typing import Dict, Union
 import attr
 
 @attr.s(auto_attribs=True)
@@ -10,6 +10,7 @@ class Client:
     cookies: Dict[str, str] = attr.ib(factory=dict, kw_only=True)
     headers: Dict[str, str] = attr.ib(factory=dict, kw_only=True)
     timeout: float = attr.ib(5.0, kw_only=True)
+    verify_ssl: Union[str, bool, ssl.SSLContext] = attr.ib(True, kw_only=True)
 
     def get_headers(self) -> Dict[str, str]:
         """ Get headers to be used in all endpoints """
diff --git a/openapi_python_client/templates/endpoint_module.py.jinja b/openapi_python_client/templates/endpoint_module.py.jinja
@@ -52,6 +52,7 @@ def _get_kwargs(
         {% if endpoint.query_parameters %}
         "params": params,
         {% endif %}
+        "verify": client.verify_ssl,
     }
 
 

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ def _get_kwargs(`
`27`	`27`	`"cookies": cookies,`
`28`	`28`	`"timeout": client.get_timeout(),`
`29`	`29`	`"params": params,`
	`30`	`+ "verify": client.verify_ssl,`
`30`	`31`	`}`
`31`	`32`
`32`	`33`
Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,7 @@ def _get_kwargs(`
`48`	`48`	`"cookies": cookies,`
`49`	`49`	`"timeout": client.get_timeout(),`
`50`	`50`	`"params": params,`
	`51`	`+ "verify": client.verify_ssl,`
`51`	`52`	`}`
`52`	`53`
`53`	`54`
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@ def _get_kwargs(`
`28`	`28`	`"cookies": cookies,`
`29`	`29`	`"timeout": client.get_timeout(),`
`30`	`30`	`"params": params,`
	`31`	`+ "verify": client.verify_ssl,`
`31`	`32`	`}`
`32`	`33`
`33`	`34`
Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,7 @@ def _get_kwargs(`
`36`	`36`	`"cookies": cookies,`
`37`	`37`	`"timeout": client.get_timeout(),`
`38`	`38`	`"params": params,`
	`39`	`+ "verify": client.verify_ssl,`
`39`	`40`	`}`
`40`	`41`
`41`	`42`
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@ def _get_kwargs(`
`26`	`26`	`"headers": headers,`
`27`	`27`	`"cookies": cookies,`
`28`	`28`	`"timeout": client.get_timeout(),`
	`29`	`+ "verify": client.verify_ssl,`
`29`	`30`	`}`
`30`	`31`
`31`	`32`
Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ def _get_kwargs(`
`20`	`20`	`"headers": headers,`
`21`	`21`	`"cookies": cookies,`
`22`	`22`	`"timeout": client.get_timeout(),`
	`23`	`+ "verify": client.verify_ssl,`
`23`	`24`	`}`
`24`	`25`
`25`	`26`
Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,7 @@ def _get_kwargs(`
`80`	`80`	`"cookies": cookies,`
`81`	`81`	`"timeout": client.get_timeout(),`
`82`	`82`	`"params": params,`
	`83`	`+ "verify": client.verify_ssl,`
`83`	`84`	`}`
`84`	`85`
`85`	`86`
Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,7 @@ def _get_kwargs(`
`44`	`44`	`"cookies": cookies,`
`45`	`45`	`"timeout": client.get_timeout(),`
`46`	`46`	`"params": params,`
	`47`	`+ "verify": client.verify_ssl,`
`47`	`48`	`}`
`48`	`49`
`49`	`50`
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,7 @@ def _get_kwargs(`
`31`	`31`	`"cookies": cookies,`
`32`	`32`	`"timeout": client.get_timeout(),`
`33`	`33`	`"params": params,`
	`34`	`+ "verify": client.verify_ssl,`
`34`	`35`	`}`
`35`	`36`
`36`	`37`
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@ def _get_kwargs(`
`21`	`21`	`"headers": headers,`
`22`	`22`	`"cookies": cookies,`
`23`	`23`	`"timeout": client.get_timeout(),`
	`24`	`+ "verify": client.verify_ssl,`
`24`	`25`	`}`
`25`	`26`
`26`	`27`