-
Notifications
You must be signed in to change notification settings - Fork 431
Enable BYO http library #128
Comments
@nathanielmanistaatgoogle I think as a first start, using a first-class |
Here are all places an $ git log --pretty=%H -1 # current HEAD
6e3c0c58f5a3ba18dc69bce9c49a975738c46c74
$ git grep 'Http('
oauth2client/appengine.py: return self.credentials.authorize(httplib2.Http(*args, **kwargs))
oauth2client/client.py: h = httplib2.Http()
oauth2client/client.py: http = httplib2.Http()
oauth2client/client.py: http = httplib2.Http()
oauth2client/client.py:_cached_http = httplib2.Http(MemoryCache())
oauth2client/client.py: http = httplib2.Http()
oauth2client/client.py: http = httplib2.Http()
oauth2client/flask_util.py: return self.credentials.authorize(httplib2.Http(*args, **kwargs))
samples/oauth2_for_devices.py:youtube = build("youtube", "v3", http=credentials.authorize(httplib2.Http()))
scripts/run_system_tests.py: http = credentials.authorize(httplib2.Http())
tests/test_appengine.py: http = httplib2.Http()
tests/test_appengine.py: http = httplib2.Http()
tests/test_appengine.py: http = httplib2.Http()
tests/test_appengine.py: http = httplib2.Http() I also searched for |
To summarize from googleapis/google-cloud-python#1346:
|
urllib3's modern retry logic is fairly configurable, please let us know if there's anything missing that you'd need. Maybe for auth too. |
Will do. Mostly this logic handles this case:
Not sure if this should be the responsibility of the http library. |
Take a look at our Retry object, worst case our goal is that you should be able to extend it and provide your own with a matching interface (might need to replace type-checking with duck-typing where we forgot). |
Awesome. Even more fuel to this fire I'm setting to httplib2. 👍 |
Ha. It's going to be a long road to excise it. It's also tied too deeply into |
Wish we did this when I was still at Google, I would have jumped on to help. :) |
@dhermes oh, fair point about |
Okay, so I'm on board with @dhermes' original plan. We'll leave httplib2 as the default library here, but have a well-defined interface so that We're about 6% away from full coverage, so this isn't far off. |
Any idea how soon this is happening? SNI support is a must-have feature for us, and even aside from that, we'd much prefer to use |
Currently working on finding all the places where the
Then I will factor out the access into functions in @jonparrott @nathanielmanistaatgoogle Any suggestions for a systematic way of checking this? I am going to introduce a mock |
Considering we have 100% coverage that's a great idea. Keep in mind that for BYO the only essential point is |
Well methods like |
I've always thought it was a bit wonky that you have to pass in an http object to like every method on |
We could make it optional or break it, but leave it optional for a generation? |
We have a working (for our uses, at least) implementation of this using requests in place of httplib2. |
Thanks! |
@jonparrott Maybe a good path forward would be to add retry hooks into |
Good point |
Long-term, sure. But I'd rather not waste any more time with httplib2. Adding proper retry hooks to that library is lipstick on a pig at this point. |
Ha good point. The monkey patching is just gross. |
I agree, which is why we should warn users about httplib2 and make urllib3 the prefered "user transport". There are so many problems with it (ssl being the biggest glaring issue). |
Why |
@bjmc requests is sugar on top of urllib3. For the internal use of this library, urllib3 is the way to go. We'd still support requests as an option to |
Sure, that's what I mean when I say it's "lower-level". It just seems like you're doing a fair amount of fiddling with URL/HTTP-related things (e.g.) and maybe requests would spare you from doing that yourself? But maybe not, I haven't looked at it in detail. |
Probably not much moreso than urllib3 would. On Thu, Aug 11, 2016 at 1:32 PM Brendan McCollam [email protected]
|
@dhermes my thoughts and ideas for moving this forward are the same as my previous comments here and here. In summary we should strictly separate the concepts of "transport" (internal http client used to refresh credentials/etc.) and the "adapter" (the means by which we provide the auth token to the user's http client). As I mentioned before, the biggest drawback is that it will be possible for the http client that this library uses and the http client that the user's code uses can be different. I am personally okay with this situation - it's actually more common than you think for a single application to use multiple http clients because of dependent libraries. I'm happy to hear yours and @nathanielmanistaatgoogle's thoughts on this before we move forward. If we do move forward the work items would look like this:
I can start on this myself later this month once I get a few other things off my plate, or, if someone beats me to it I'm happy to review. |
Two reactions right now:
|
For 1, leaning towards the far latter: we'll provide an interface and provide implementations based on urllib3 (the new default) and httplib2 (for legacy reasons). As far as the interface - I'm not sure yet, but once we get the two in place I'll codify the interface in whichever way you feel is most appropriate. For 2, I thought about this a bit and I can think of two ways forward: A. Global state (e.g. I'm open to arguments for/against either or alternatives. |
bump, now that I have gotten a few things off my plate I can actually continue some of this work if I can get agreement between @nathanielmanistaatgoogle and @dhermes on the direction. |
I am still in disagreement on having a separate internal transport. It seems the main (only?) reason for this is to allow auto-magic method calls that don't require an |
Definitely isn't the only reason. Some reasons:
It's not verify difficult for a user to do: >>> oauth2client.transport.set_transport(oauth2client.transport.urllib3)
>>> ...
>>> http = urllib3.PoolManager()
>>> http = credentials.authorize(http) which means the background transport and their http client library are one and the same. In fact, this is a much better situation than a lot of Python libraries which more or less force you to use one transport. For some libraries this transport is requests and that's okay, but some libraries (like us right now) force users to use httplib2 with no clean way to change it. I'm interested to see @nathanielmanistaatgoogle's thoughts, but as a way to move forward how would you feel I went forward with the separation plan but left the door open to unifying it later? |
But if we define a common interface, then the people trying to use a novel http transport just need to consult our handy-dandy documentation for adding a new transport. Then they can adhere to the interface we define and none of our keep needs to care what kind of duck it is. To make this easier, we could define |
I'm not sure how that would be possible. Seems like it'll be a lot of work to make the "external calls" be not- |
Not sure what you mean, but ideally the situation would work exactly as it does today - just with |
I see. The only entry point into |
true. |
Chatted with @dhermes, I'm going to go forward without separation. We can resume the discussion if needed later. |
Thank you for creating this issue, however, this project is deprecatedand we will only be addressing critical security issues. You can read moreabout this deprecation here. If you need support or help using this library, we recommend that you ask yourquestion on StackOverflow. If you still think this issue is relevant and should be addressed, pleasecomment and let us know! |
Some great memories with this issue @theacodes! |
Turns out the real issues were the friends we made along the way. |
Hahahaha
…On Thu, May 24, 2018, 2:35 PM Andrey Petrov ***@***.***> wrote:
Turns out the real issues were the friends we made along the way.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#128 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAPUc821WVj1DhEO-eB6Zzz3iznayRu8ks5t1ye0gaJpZM4Db5O8>
.
|
If this is a duplicate I apologize.
ISTM this requires
httplib2
into a module (call ittransport
probably) (Plan to Implement: oauth2client.transport module #554, Begin transport module for httplib2 specific pieces. #559, Remove httplib2 parts from service_account module. #561, Remove httplib2 imports from non-transport modules. #577)httplib2.Http
is neededhttplib2
and just use these interfacesHttp
object from any old library, e.g.twisted
orrequests
.The text was updated successfully, but these errors were encountered: