fix: avoid httpx2 verify=<str> deprecation in the client auth patches#952
Open
chrisburr wants to merge 3 commits into
Open
fix: avoid httpx2 verify=<str> deprecation in the client auth patches#952chrisburr wants to merge 3 commits into
chrisburr wants to merge 3 commits into
Conversation
httpx2 deprecated passing verify as a path string. The client credential flow converts verify to a CA-bundle path when ca_path is configured and passed it straight to httpx2.get/post, triggering a DeprecationWarning in normal usage. Add a prepare_verify helper in diracx.core.utils that builds an ssl.SSLContext from a CA file/directory path (booleans pass through) and use it at the httpx2 call sites in the sync and async client patches.
DiracClientMixin (and its DiracTokenCredential /
DiracBearerTokenCredentialPolicy helpers) in patches/utils.py were never
imported; the live clients are SyncDiracClient/AsyncDiracClient, which use
the per-mode mixins in patches/client/{sync,aio}.py. Remove the dead
classes and the imports that only they used.
patches/utils.py duplicated the token helpers already present in patches/client/common.py; the async client used one copy and the sync client the other. Merge them into patches/client/common.py (imported by both sync.py and aio.py) and delete patches/utils.py. With a single home for the helpers, flip their verify parameter to the native httpx2 type (bool | ssl.SSLContext) and convert the CA path once in each client __init__, keeping the bool/str form only for azure-core's connection_verify.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to #948. httpx2 deprecated
verify=<str>, and the client passes a configuredca_pathstraight intohttpx2.get/post, so the warning fires in normal use.Fixed by converting the CA path to an
ssl.SSLContext(newprepare_verifyhelper); the string form is kept only for azure-core'sconnection_verify.Along the way: dropped the unused
DiracClientMixin, and merged the duplicated token helpers inpatches/utils.py+patches/client/common.pyinto one module (now typedbool | ssl.SSLContext).