Add support for GSSAPI authentication. #235
Conversation
|
can you add proper deps on request_gssapi and a test ? |
|
Would you prefer deps, or maybe weakening the As for tests, I'm not really sure how we would test it, given we'd likely need KDC for that ... |
| @@ -133,6 +133,11 @@ def timeout(arg): | |||
| help='PEM encoded key file (if not given, key is read from certfile)' | |||
| ) | |||
|
|
|||
| # Use Negotiate / GSSAPI | |||
| main_parser.add_argument( | |||
There was a problem hiding this comment.
Please make the option mutually exclusive with cert auth. https://docs.python.org/3/library/argparse.html#argparse.ArgumentParser.add_mutually_exclusive_group
| @@ -8,6 +8,7 @@ | |||
| from jwcrypto.jwk import JWK | |||
|
|
|||
| import requests | |||
| from requests_gssapi import HTTPSPNEGOAuth | |||
There was a problem hiding this comment.
I don't like the fact that all users have to install requests_gssapi. Please make the import optional and add an optional dependency to setup.py (gssapi extras require).
| @@ -84,6 +85,9 @@ def set_client_cert(self, certfile, keyfile=None): | |||
| else: | |||
| self.session.cert = (certfile, keyfile) | |||
|
|
|||
| def set_gssapi_auth(self): | |||
There was a problem hiding this comment.
set_gssapi_auth should support passing arguments to HTTPSPNEGOAuth(). Just take **kwargs and pass them along.
|
Thanks for using requests_gssapi! If tests are needed, it may be possible to use k5test. That said, I'm not sure there's a lot of value in setting up a full test with KDC here, since bugs in that would be bugs in a lower component - perhaps it'd be better to check that it starts a GSSAPI handshake when prompted? |
|
I don't think we need a full integration test or functional test here. A unit test is good enough, just check that the function sets the object. |
|
Can you also rebase that patch? So, it would be also in a good shape passing the tests. |
|
Closing in favour of #238. |
No description provided.