Internal transport discussion #1
Assignees
Labels
Comments
|
@jonparrott the "Bind credentials to http" describes binding an |
|
@dhermes updated. |
This was referenced Sep 27, 2016
Closed
|
Resolved, at least for use case (1). |
helen-fornazier
pushed a commit
to helen-fornazier/google-auth-library-python
that referenced
this issue
Apr 20, 2018
Updated the Docstring and corrected it for next_chunk()
yoshi-automation
added
triage me
arithmetic1728
added a commit
that referenced
this issue
May 3, 2022
* [Bug 193694420] adding validation of token url and service account impersonation url (#1) [b-193694420] adding url validation for token url and service account impersonation url * adding coverage of empty hostname to invalid token url * Add more tests to enlarge the coverage Co-authored-by: Jin Qin <qinjin@google.com> * adding coverage for service account impersonate url validation * using urllib3 instead of urllib since it's the project test requirements included * fix format * addressing comments * remove redundant * fix tests since python 3.6 cannot have same string constants interpret as 3.7+ * fix lint and fix the flaky test in an alternate way * revert the debugging output * fix lint Co-authored-by: Leo <39062083+lsirac@users.noreply.github.com> Co-authored-by: Jin Qin <qinjin@google.com> Co-authored-by: arithmetic1728 <58957152+arithmetic1728@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This library needs to satisfy two orthogonal goals related to HTTP:
If there were only one Python HTTP library this would all be trivial. If the library was called
unicorn, we could just useunicorn.requestdirectly everywhere internally for (1). For (2), we would just write a single function to attach the credentials tounicorn.This discussion is exclusively about (1), but care should be made not to limit our options for (2).
Use Case (1)
Use case (1) boils down to the need for a consistent way to make an http request and get response information. This use-case is only for library internals.
What's done today
transport.requesttakes any http object and then uses isinstance to figure out which transport should be used to call. Basically:The indirection has the benefit that we can accept any supported http object at the call sites of methods like
refresh(). The drawback is the indirection and the cost of the lookup for every request.What we could do
Use http.client
We could easily use the built-in
http.client- but urlilb3 and requests have significant benefits, and properly doing ssl with http.client can be error prone. It also leads us to situation where the http client the user is using and the http client we're using can be different.Set credentials.http
Presently credentials are completely independent of http. Any methods that need to make requests must accept an
httpparameter. This proposes addingcredentials.httpthat is set to a new private interfacetransport._HTTP. None of the request-making methods need http as an argument anymore.This has the distinct drawback that credentials can now only be associated with a single http object. It also introduces a new interface (and subclasses for every transport).
Just pass in transport_impl.request
Instead of passing in an http object and letting the lookup happen, make the argument to
refresh()et al be an interface that matchestransport.requestlike this:Since the caller of refresh knows the transport implementation that's currently being used it can just pass in, for example,
functools.partial(urlilb3_transport.request, bare_http). The call stack would then look like this:This has a lot of benefits:
requestcan be made public without making any other part of our transport implementation public.refresh()et al will have well defined argument types.request. :)The text was updated successfully, but these errors were encountered: