Code Monkey home page Code Monkey logo

Comments (6)

sserrata avatar sserrata commented on May 23, 2024

Concerning the HTTPClient auto_refresh attribute/kwarg, the docstring will be updated/corrected to reflect the true behavior:

"Perform token refresh prior to request if access_token is None or expired. Defaults to True"

from pan-cortex-data-lake-python.

sserrata avatar sserrata commented on May 23, 2024

Furthermore, in the request method, on line 223, there's credentials = kwargs.pop("credentials", None), where it should probably be credentials = kwargs.pop("credentials", self._credentials).

With respect to kwargs.pop("credentials", None), this was changed in order to avoid inadvertently applying credentials twice. In controlled tests, I've observed auto_refresh behaving as expected. Please see the test steps below:

  1. Generate credentials profile with client_id, client_secret and refresh_token
  2. Attempt an API request and observe initial auto_refresh behavior due to None condition (see below)

Note: an extra INFO log was added to log the headers value in the request method

(env) DFWMAC1P6LVDN:examples sserrata$ ./test.py 
DEBUG:pan_cortex_data_lake.httpclient:Default headers applied: {'User-Agent': 'cortex-data-lake-python/2.0.0-a9', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive'}
DEBUG:pan_cortex_data_lake.httpclient:Default headers applied: {'User-Agent': 'cortex-data-lake-python/2.0.0-a9', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive'}
DEBUG:pan_cortex_data_lake.httpclient:Applying session-level credentials
INFO:pan_cortex_data_lake.httpclient:{'User-Agent': 'cortex-data-lake-python/2.0.0-a9', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive'}
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.paloaltonetworks.com:443
DEBUG:urllib3.connectionpool:https://api.paloaltonetworks.com:443 "POST /api/oauth2/RequestToken HTTP/1.1" 200 630
DEBUG:pan_cortex_data_lake.httpclient:Token refreshed due to 'None' condition
DEBUG:pan_cortex_data_lake.httpclient:Credentials applied to authorization header
INFO:pan_cortex_data_lake.httpclient:{'User-Agent': 'cortex-data-lake-python/2.0.0-a9', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive', 'Authorization': 'Bearer eyJ...'}
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.us.cdl.paloaltonetworks.com:443
DEBUG:urllib3.connectionpool:https://api.us.cdl.paloaltonetworks.com:443 "POST /query/v2/jobs HTTP/1.1" 201 108
  1. Manually edit the credentials.json profile to replace existing access_token with an expired token.
  2. Attempt API request again and observe auto_refresh behavior, this time refreshing due to "Expired" condition.
DEBUG:pan_cortex_data_lake.httpclient:Default headers applied: {'User-Agent': 'cortex-data-lake-python/2.0.0-a9', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive'}
DEBUG:pan_cortex_data_lake.httpclient:Default headers applied: {'User-Agent': 'cortex-data-lake-python/2.0.0-a9', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive'}
DEBUG:pan_cortex_data_lake.httpclient:Applying session-level credentials
INFO:pan_cortex_data_lake.httpclient:{'User-Agent': 'cortex-data-lake-python/2.0.0-a9', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive'}
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.paloaltonetworks.com:443
DEBUG:urllib3.connectionpool:https://api.paloaltonetworks.com:443 "POST /api/oauth2/RequestToken HTTP/1.1" 200 630
DEBUG:pan_cortex_data_lake.httpclient:Token refreshed due to 'expired' condition
DEBUG:pan_cortex_data_lake.httpclient:Credentials applied to authorization header
INFO:pan_cortex_data_lake.httpclient:{'User-Agent': 'cortex-data-lake-python/2.0.0-a9', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive', 'Authorization': 'Bearer eyJ...'}
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.us.cdl.paloaltonetworks.com:443
DEBUG:urllib3.connectionpool:https://api.us.cdl.paloaltonetworks.com:443 "POST /query/v2/jobs HTTP/1.1" 201 108

As best as I can tell, everything appears to be working as expected. Please let me know if I'm missing something. Thanks!

from pan-cortex-data-lake-python.

mishas avatar mishas commented on May 23, 2024

Hello @sserrata,

In the test proposed above, you're recreating the object (and in that case, it indeed refreshes the token). But if you keep holding the object - it doesn't:

c = Credentials(refresh_token=MY_KEY, client_id=MY_CLIENT_ID, client_secret=MY_CLIENT_SECRET)
qs = QueryService(url="https://api.us.cdl.paloaltonetworks.com", credentials=c)
q = qs.create_query(query_params=query_params)  # This will work
time.sleep(60*60+ 5*60)  # Sleep for 1 hour and 5 minutes
q = qs.create_query(...)  # This will not work.

from pan-cortex-data-lake-python.

sserrata avatar sserrata commented on May 23, 2024

Hi @mishas - yes, I understand that after an hour the access_token would have expired. I'm attempting to simulate this by manually replacing the credentials.json access_token with an expired value. I will try to replicate using the same method you outlined above and will report back with the results (in ~1 hour).

from pan-cortex-data-lake-python.

mishas avatar mishas commented on May 23, 2024

You can simulate this by calling:
qs._httpclient.session.headers.update({"Authorization": "Bearer {}".format(old_token)})
instead of sleep.

(i'm not 100% sure about the above, didn't try it, but I think it should work)

from pan-cortex-data-lake-python.

sserrata avatar sserrata commented on May 23, 2024

Hi @mishas - please see PR #152 for a fix. I discovered a regression bug introduced in #140. In weighing different options, I realized that it made little sense to apply credentials at the session/HTTPClient layer, if they would ultimately get applied at the request layer. Thanks again for reporting this issue.

from pan-cortex-data-lake-python.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.