Skip to content

feat(api): added support for tls client authentication against revers… #3111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(api): added support for tls client authentication against revers… #3111

wants to merge 1 commit into from

Conversation

mgrechukh
Copy link

Certain reverse proxies may require TLS client pre-authentication in addition to further API authentication on application level. To facilitate CLI work in such environment, relevant config options added.

@codecov Codecov
Copy link

codecov bot commented Jan 30, 2025

Codecov Report

Attention: Patch coverage is 90.90909% with 2 lines in your changes missing coverage. Please review.

Project coverage is 97.26%. Comparing base (edd01a5) to head (b0e9374).

Files with missing lines Patch % Lines
gitlab/client.py 50.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3111      +/-   ##
==========================================
- Coverage   97.28%   97.26%   -0.03%     
==========================================
  Files          97       97              
  Lines        6006     6028      +22     
==========================================
+ Hits         5843     5863      +20     
- Misses        163      165       +2
Flag Coverage Δ
api_func_v4 83.60% <90.90%> (+0.02%) ⬆️
cli_func_v4 84.58% <90.90%> (+0.02%) ⬆️
unit 90.12% <90.90%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
gitlab/config.py 100.00% <100.00%> (ø)
gitlab/client.py 98.38% <50.00%> (-0.36%) ⬇️

nejch
nejch requested changes Feb 4, 2025
View reviewed changes
Copy link
Member

@nejch nejch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for this contribution @mgrechukh!

Normally I'd say this is a perfect use for a custom session - but for the CLI, we'd really need this.

Would you be able to add a small test with a matcher to ensure the cert is passed?
https://github.com/getsentry/responses?tab=readme-ov-file#request-keyword-arguments-matcher

We should have examples from before in our tests for similar mocks, but let me know if it gets too difficult.

I'm also still thinking about the exact interface here. requests can take a tuple but also just a string to a combined cert file. httpx for example would only take the entire cert chain https://www.python-httpx.org/advanced/ssl/#client-side-certificates and not a tuple.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nejch nejch nejch requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mgrechukh @nejch