From 720dab5e470aadbce1e27a6d142bf9ceccc7268f Mon Sep 17 00:00:00 2001 From: Adrian Gonzalez-Martin Date: Tue, 26 Jul 2022 10:22:07 +0100 Subject: [PATCH 1/8] Pass down the verify flag to requests --- templates/python/auth/openid.py | 2 +- templates/python/setup.mustache | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/python/auth/openid.py b/templates/python/auth/openid.py index 22e5e2e..2eb47f8 100644 --- a/templates/python/auth/openid.py +++ b/templates/python/auth/openid.py @@ -43,7 +43,6 @@ def __init__(self, config: Configuration): super().__init__(config) if not config.verify_ssl: - os.environ["CURL_CA_BUNDLE"] = "" urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) if config.oidc_server is None: @@ -66,6 +65,7 @@ def __init__(self, config: Configuration): self._app = RemoteApp( framework=OIDCIntegration, + client_kwargs={"verify": config.verify_ssl}, client_id=config.oidc_client_id, client_secret=config.oidc_client_secret, server_metadata_url=server_metadata_url, diff --git a/templates/python/setup.mustache b/templates/python/setup.mustache index 021bedc..d9a263f 100644 --- a/templates/python/setup.mustache +++ b/templates/python/setup.mustache @@ -23,7 +23,7 @@ REQUIRES = [ "urllib3>=1.23", "Authlib<=0.16.0", ] - + {{#asyncio}} REQUIRES.append("aiohttp") {{/asyncio}} From 1fa78177b4411cc8ca88c294551222e08ceaa647 Mon Sep 17 00:00:00 2001 From: Adrian Gonzalez-Martin Date: Tue, 26 Jul 2022 10:23:37 +0100 Subject: [PATCH 2/8] Regenerate Python package --- python/licenses/license.txt | 10 +++++----- python/licenses/license_info.csv | 8 ++++---- python/seldon_deploy_sdk/auth/openid.py | 2 +- python/setup.py | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/python/licenses/license.txt b/python/licenses/license.txt index fc46ab2..2aecc4a 100644 --- a/python/licenses/license.txt +++ b/python/licenses/license.txt @@ -33,7 +33,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. certifi -2022.9.24 +2022.6.15 Mozilla Public License 2.0 (MPL 2.0) This package contains a modified version of ca-bundle.crt: @@ -43,7 +43,7 @@ Certificate data from Mozilla as of: Thu Nov 3 19:04:19 2011# This is a bundle of X.509 certificates of public Certificate Authorities (CA). These were automatically extracted from Mozilla's root certificates file (certdata.txt). This file can be found in the mozilla source tree: -https://hg.mozilla.org/mozilla-central/file/tip/security/nss/lib/ckfw/builtins/certdata.txt +http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1# It contains the certificates in PEM format and therefore can be directly used with curl / libcurl / php_curl, or with an Apache+mod_ssl webserver for SSL client authentication. @@ -90,7 +90,7 @@ documentation is licensed as follows: cryptography -38.0.1 +37.0.4 Apache Software License; BSD License This software is made available under the terms of *either* of the licenses found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made @@ -191,7 +191,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The above BSD License Applies to all code, even that also covered by Apache 2.0. seldon-deploy-sdk -2.0.0.dev0 +1.5.0 UNKNOWN UNKNOWN @@ -219,7 +219,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. urllib3 -1.26.12 +1.26.11 MIT License MIT License diff --git a/python/licenses/license_info.csv b/python/licenses/license_info.csv index ed3fd2e..57979a8 100644 --- a/python/licenses/license_info.csv +++ b/python/licenses/license_info.csv @@ -1,10 +1,10 @@ "Name","Version","License" "Authlib","0.15.5","BSD License" -"certifi","2022.9.24","Mozilla Public License 2.0 (MPL 2.0)" +"certifi","2022.6.15","Mozilla Public License 2.0 (MPL 2.0)" "cffi","1.15.1","MIT License" -"cryptography","38.0.1","Apache Software License; BSD License" +"cryptography","37.0.4","Apache Software License; BSD License" "pycparser","2.21","BSD License" "python-dateutil","2.8.2","Apache Software License; BSD License" -"seldon-deploy-sdk","2.0.0.dev0","UNKNOWN" +"seldon-deploy-sdk","1.5.0","UNKNOWN" "six","1.16.0","MIT License" -"urllib3","1.26.12","MIT License" \ No newline at end of file +"urllib3","1.26.11","MIT License" \ No newline at end of file diff --git a/python/seldon_deploy_sdk/auth/openid.py b/python/seldon_deploy_sdk/auth/openid.py index 22e5e2e..2eb47f8 100644 --- a/python/seldon_deploy_sdk/auth/openid.py +++ b/python/seldon_deploy_sdk/auth/openid.py @@ -43,7 +43,6 @@ def __init__(self, config: Configuration): super().__init__(config) if not config.verify_ssl: - os.environ["CURL_CA_BUNDLE"] = "" urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) if config.oidc_server is None: @@ -66,6 +65,7 @@ def __init__(self, config: Configuration): self._app = RemoteApp( framework=OIDCIntegration, + client_kwargs={"verify": config.verify_ssl}, client_id=config.oidc_client_id, client_secret=config.oidc_client_secret, server_metadata_url=server_metadata_url, diff --git a/python/setup.py b/python/setup.py index 2b1fe81..cb71aee 100644 --- a/python/setup.py +++ b/python/setup.py @@ -29,7 +29,7 @@ "urllib3>=1.23", "Authlib<=0.16.0", ] - + setup( name=NAME, From 5cf242575f14958c4efe94a53134371689fc49b4 Mon Sep 17 00:00:00 2001 From: Adrian Gonzalez-Martin Date: Tue, 26 Jul 2022 12:23:06 +0100 Subject: [PATCH 3/8] Update Authlib package --- python/licenses/license.txt | 2 +- python/licenses/license_info.csv | 2 +- python/seldon_deploy_sdk/auth/openid.py | 11 ++++------- python/setup.py | 2 +- templates/python/auth/openid.py | 11 ++++------- templates/python/setup.mustache | 2 +- 6 files changed, 12 insertions(+), 18 deletions(-) diff --git a/python/licenses/license.txt b/python/licenses/license.txt index 2aecc4a..9821530 100644 --- a/python/licenses/license.txt +++ b/python/licenses/license.txt @@ -1,5 +1,5 @@ Authlib -0.15.5 +1.0.1 BSD License BSD 3-Clause License diff --git a/python/licenses/license_info.csv b/python/licenses/license_info.csv index 57979a8..e57a5ec 100644 --- a/python/licenses/license_info.csv +++ b/python/licenses/license_info.csv @@ -1,5 +1,5 @@ "Name","Version","License" -"Authlib","0.15.5","BSD License" +"Authlib","1.0.1","BSD License" "certifi","2022.6.15","Mozilla Public License 2.0 (MPL 2.0)" "cffi","1.15.1","MIT License" "cryptography","37.0.4","Apache Software License; BSD License" diff --git a/python/seldon_deploy_sdk/auth/openid.py b/python/seldon_deploy_sdk/auth/openid.py index 2eb47f8..3d83e6f 100644 --- a/python/seldon_deploy_sdk/auth/openid.py +++ b/python/seldon_deploy_sdk/auth/openid.py @@ -4,7 +4,7 @@ from typing import Dict from urllib.parse import urlencode -from authlib.integrations.base_client import FrameworkIntegration, RemoteApp +from authlib.integrations.base_client import FrameworkIntegration, OAuth2Mixin from authlib.integrations.requests_client import OAuth2Session from ..configuration import Configuration @@ -21,10 +21,6 @@ ACCESS_TOKEN_FIELD = "access_token" -class OIDCIntegration(FrameworkIntegration): - oauth2_client_cls = OAuth2Session - - def _get_token(token: Dict[str, str]) -> str: if ID_TOKEN_FIELD not in token: logger.info( @@ -63,14 +59,15 @@ def __init__(self, config: Configuration): server_metadata_url = f"{config.oidc_server}/.well-known/openid-configuration" - self._app = RemoteApp( - framework=OIDCIntegration, + self._app = OAuth2Mixin( + framework=FrameworkIntegration, client_kwargs={"verify": config.verify_ssl}, client_id=config.oidc_client_id, client_secret=config.oidc_client_secret, server_metadata_url=server_metadata_url, access_token_params=access_token_params, ) + self._app.client_cls = OAuth2Session self._app.load_server_metadata() @_soft_deprecate # type: ignore diff --git a/python/setup.py b/python/setup.py index cb71aee..e989a64 100644 --- a/python/setup.py +++ b/python/setup.py @@ -27,7 +27,7 @@ "python-dateutil>=2.1", "six>=1.10", "urllib3>=1.23", - "Authlib<=0.16.0", + "Authlib==1.0.1", ] diff --git a/templates/python/auth/openid.py b/templates/python/auth/openid.py index 2eb47f8..3d83e6f 100644 --- a/templates/python/auth/openid.py +++ b/templates/python/auth/openid.py @@ -4,7 +4,7 @@ from typing import Dict from urllib.parse import urlencode -from authlib.integrations.base_client import FrameworkIntegration, RemoteApp +from authlib.integrations.base_client import FrameworkIntegration, OAuth2Mixin from authlib.integrations.requests_client import OAuth2Session from ..configuration import Configuration @@ -21,10 +21,6 @@ ACCESS_TOKEN_FIELD = "access_token" -class OIDCIntegration(FrameworkIntegration): - oauth2_client_cls = OAuth2Session - - def _get_token(token: Dict[str, str]) -> str: if ID_TOKEN_FIELD not in token: logger.info( @@ -63,14 +59,15 @@ def __init__(self, config: Configuration): server_metadata_url = f"{config.oidc_server}/.well-known/openid-configuration" - self._app = RemoteApp( - framework=OIDCIntegration, + self._app = OAuth2Mixin( + framework=FrameworkIntegration, client_kwargs={"verify": config.verify_ssl}, client_id=config.oidc_client_id, client_secret=config.oidc_client_secret, server_metadata_url=server_metadata_url, access_token_params=access_token_params, ) + self._app.client_cls = OAuth2Session self._app.load_server_metadata() @_soft_deprecate # type: ignore diff --git a/templates/python/setup.mustache b/templates/python/setup.mustache index d9a263f..df1f07f 100644 --- a/templates/python/setup.mustache +++ b/templates/python/setup.mustache @@ -21,7 +21,7 @@ REQUIRES = [ "python-dateutil>=2.1", "six>=1.10", "urllib3>=1.23", - "Authlib<=0.16.0", + "Authlib==1.0.1", ] {{#asyncio}} From 7ceaf01189a158eb2b5fac8391739c5b161ea926 Mon Sep 17 00:00:00 2001 From: Adrian Gonzalez-Martin Date: Tue, 26 Jul 2022 12:27:09 +0100 Subject: [PATCH 4/8] Use webbrowser package to open URL automatically --- python/seldon_deploy_sdk/auth/openid.py | 3 +++ templates/python/auth/openid.py | 3 +++ 2 files changed, 6 insertions(+) diff --git a/python/seldon_deploy_sdk/auth/openid.py b/python/seldon_deploy_sdk/auth/openid.py index 3d83e6f..c73720a 100644 --- a/python/seldon_deploy_sdk/auth/openid.py +++ b/python/seldon_deploy_sdk/auth/openid.py @@ -1,6 +1,7 @@ import logging import os import urllib3 +import webbrowser from typing import Dict from urllib.parse import urlencode @@ -106,6 +107,8 @@ def _use_authorization_code(self): state=self._AuthCodeState, scope=self._config.scope, )["url"] + + webbrowser.open_new_tab(request_url) print( "Please copy the following URL into a browser to log in.", "You will be redirected and shown a code to copy and paste here.", diff --git a/templates/python/auth/openid.py b/templates/python/auth/openid.py index 3d83e6f..c73720a 100644 --- a/templates/python/auth/openid.py +++ b/templates/python/auth/openid.py @@ -1,6 +1,7 @@ import logging import os import urllib3 +import webbrowser from typing import Dict from urllib.parse import urlencode @@ -106,6 +107,8 @@ def _use_authorization_code(self): state=self._AuthCodeState, scope=self._config.scope, )["url"] + + webbrowser.open_new_tab(request_url) print( "Please copy the following URL into a browser to log in.", "You will be redirected and shown a code to copy and paste here.", From 0e0aea06b1a6dda3715e04032d68f6062bfcd800 Mon Sep 17 00:00:00 2001 From: Adrian Gonzalez-Martin Date: Tue, 26 Jul 2022 12:33:02 +0100 Subject: [PATCH 5/8] Export AuthMethod in main package --- README.md | 4 ++-- python/seldon_deploy_sdk/auth/__init__.py | 3 ++- templates/python/auth/__init__.py | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9e26a22..4758f54 100644 --- a/README.md +++ b/README.md @@ -23,14 +23,14 @@ You can see an example usage below: ```python from seldon_deploy_sdk import EnvironmentApi, Configuration, ApiClient -from seldon_deploy_sdk.auth import OIDCAuthenticator +from seldon_deploy_sdk.auth import AuthMethod, OIDCAuthenticator config = Configuration() config.host = "http://X.X.X.X/seldon-deploy/api/v1alpha1" config.oidc_client_id = "sd-api" config.oidc_client_secret = "sd-api-secret" config.oidc_server = "http://X.X.X.X/auth/realms/deploy-realm" -config.auth_method = "auth_code" +config.auth_method = AuthMethod.AUTH_CODE auth = OIDCAuthenticator(config) config.id_token = auth.authenticate() diff --git a/python/seldon_deploy_sdk/auth/__init__.py b/python/seldon_deploy_sdk/auth/__init__.py index 11cf15e..b9f75a2 100644 --- a/python/seldon_deploy_sdk/auth/__init__.py +++ b/python/seldon_deploy_sdk/auth/__init__.py @@ -1,4 +1,5 @@ +from .base import AuthMethod from .session import SessionAuthenticator from .openid import OIDCAuthenticator -__all__ = ["SessionAuthenticator", "OIDCAuthenticator"] +__all__ = ["AuthMethod", "SessionAuthenticator", "OIDCAuthenticator"] diff --git a/templates/python/auth/__init__.py b/templates/python/auth/__init__.py index 11cf15e..b9f75a2 100644 --- a/templates/python/auth/__init__.py +++ b/templates/python/auth/__init__.py @@ -1,4 +1,5 @@ +from .base import AuthMethod from .session import SessionAuthenticator from .openid import OIDCAuthenticator -__all__ = ["SessionAuthenticator", "OIDCAuthenticator"] +__all__ = ["AuthMethod", "SessionAuthenticator", "OIDCAuthenticator"] From 212ea68b4e0430c03bd0af77a31360f79a66d018 Mon Sep 17 00:00:00 2001 From: Adrian Gonzalez-Martin Date: Tue, 26 Jul 2022 15:51:51 +0100 Subject: [PATCH 6/8] Changed prompt message --- python/seldon_deploy_sdk/auth/openid.py | 9 ++++++--- templates/python/auth/openid.py | 9 ++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/python/seldon_deploy_sdk/auth/openid.py b/python/seldon_deploy_sdk/auth/openid.py index c73720a..78c2c7c 100644 --- a/python/seldon_deploy_sdk/auth/openid.py +++ b/python/seldon_deploy_sdk/auth/openid.py @@ -110,9 +110,12 @@ def _use_authorization_code(self): webbrowser.open_new_tab(request_url) print( - "Please copy the following URL into a browser to log in.", - "You will be redirected and shown a code to copy and paste here.", - f"\n\n\t'{request_url}'\n\n", + "The following URL should have opened now on a new tab, where you " + "will be able to log in.\n" + "If it hasn't, please copy the following URL into a browser.\n" + "Once you have logged in, you will be redirected and will be shown a code " + "to copy and paste below." + f"\n\n\t{request_url}\n\n" ) response_code = self._get_response_code() response_code_query = urlencode({"code": response_code}) diff --git a/templates/python/auth/openid.py b/templates/python/auth/openid.py index c73720a..78c2c7c 100644 --- a/templates/python/auth/openid.py +++ b/templates/python/auth/openid.py @@ -110,9 +110,12 @@ def _use_authorization_code(self): webbrowser.open_new_tab(request_url) print( - "Please copy the following URL into a browser to log in.", - "You will be redirected and shown a code to copy and paste here.", - f"\n\n\t'{request_url}'\n\n", + "The following URL should have opened now on a new tab, where you " + "will be able to log in.\n" + "If it hasn't, please copy the following URL into a browser.\n" + "Once you have logged in, you will be redirected and will be shown a code " + "to copy and paste below." + f"\n\n\t{request_url}\n\n" ) response_code = self._get_response_code() response_code_query = urlencode({"code": response_code}) From 1c46a713f58208944d5410cceedaf47a289db469 Mon Sep 17 00:00:00 2001 From: Adrian Gonzalez-Martin Date: Wed, 27 Jul 2022 09:01:03 +0100 Subject: [PATCH 7/8] Allow for patch versions in Authlib --- python/setup.py | 2 +- templates/python/setup.mustache | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/python/setup.py b/python/setup.py index e989a64..f539cb9 100644 --- a/python/setup.py +++ b/python/setup.py @@ -27,7 +27,7 @@ "python-dateutil>=2.1", "six>=1.10", "urllib3>=1.23", - "Authlib==1.0.1", + "Authlib>=1.0.0,<1.1.0", ] diff --git a/templates/python/setup.mustache b/templates/python/setup.mustache index df1f07f..9763da3 100644 --- a/templates/python/setup.mustache +++ b/templates/python/setup.mustache @@ -21,7 +21,7 @@ REQUIRES = [ "python-dateutil>=2.1", "six>=1.10", "urllib3>=1.23", - "Authlib==1.0.1", + "Authlib>=1.0.0,<1.1.0", ] {{#asyncio}} From 44c13d3b6ece908afbbf47206e612b86221a86f0 Mon Sep 17 00:00:00 2001 From: Adrian Gonzalez-Martin Date: Tue, 1 Nov 2022 11:52:43 +0000 Subject: [PATCH 8/8] re-gen licenses --- python/licenses/license.txt | 10 +++++----- python/licenses/license_info.csv | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/python/licenses/license.txt b/python/licenses/license.txt index 9821530..77d7522 100644 --- a/python/licenses/license.txt +++ b/python/licenses/license.txt @@ -33,7 +33,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. certifi -2022.6.15 +2022.9.24 Mozilla Public License 2.0 (MPL 2.0) This package contains a modified version of ca-bundle.crt: @@ -43,7 +43,7 @@ Certificate data from Mozilla as of: Thu Nov 3 19:04:19 2011# This is a bundle of X.509 certificates of public Certificate Authorities (CA). These were automatically extracted from Mozilla's root certificates file (certdata.txt). This file can be found in the mozilla source tree: -http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1# +https://hg.mozilla.org/mozilla-central/file/tip/security/nss/lib/ckfw/builtins/certdata.txt It contains the certificates in PEM format and therefore can be directly used with curl / libcurl / php_curl, or with an Apache+mod_ssl webserver for SSL client authentication. @@ -90,7 +90,7 @@ documentation is licensed as follows: cryptography -37.0.4 +38.0.1 Apache Software License; BSD License This software is made available under the terms of *either* of the licenses found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made @@ -191,7 +191,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The above BSD License Applies to all code, even that also covered by Apache 2.0. seldon-deploy-sdk -1.5.0 +2.0.0.dev0 UNKNOWN UNKNOWN @@ -219,7 +219,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. urllib3 -1.26.11 +1.26.12 MIT License MIT License diff --git a/python/licenses/license_info.csv b/python/licenses/license_info.csv index e57a5ec..d4ead39 100644 --- a/python/licenses/license_info.csv +++ b/python/licenses/license_info.csv @@ -1,10 +1,10 @@ "Name","Version","License" "Authlib","1.0.1","BSD License" -"certifi","2022.6.15","Mozilla Public License 2.0 (MPL 2.0)" +"certifi","2022.9.24","Mozilla Public License 2.0 (MPL 2.0)" "cffi","1.15.1","MIT License" -"cryptography","37.0.4","Apache Software License; BSD License" +"cryptography","38.0.1","Apache Software License; BSD License" "pycparser","2.21","BSD License" "python-dateutil","2.8.2","Apache Software License; BSD License" -"seldon-deploy-sdk","1.5.0","UNKNOWN" +"seldon-deploy-sdk","2.0.0.dev0","UNKNOWN" "six","1.16.0","MIT License" -"urllib3","1.26.11","MIT License" \ No newline at end of file +"urllib3","1.26.12","MIT License" \ No newline at end of file