Enforce https in search #11337
Merged
Enforce https in search #11337
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lmazuel
reviewed
May 8, 2020
| @@ -45,6 +45,14 @@ class SearchServiceClient(HeadersMixin): # pylint: disable=too-many-public-meth | |||
| def __init__(self, endpoint, credential, **kwargs): | |||
| # type: (str, AzureKeyCredential, **Any) -> None | |||
|
|
|||
| try: | |||
| if endpoint.lower().startswith('http') and not endpoint.lower().startswith('https'): | |||
There was a problem hiding this comment.
Is there scenario were a valid endpoint would not start by http?
There was a problem hiding this comment.
service only supports https
lmazuel
reviewed
May 8, 2020
| @@ -45,6 +45,14 @@ class SearchServiceClient(HeadersMixin): # pylint: disable=too-many-public-meth | |||
| def __init__(self, endpoint, credential, **kwargs): | |||
| # type: (str, AzureKeyCredential, **Any) -> None | |||
|
|
|||
| try: | |||
| if endpoint.lower().startswith('http') and not endpoint.lower().startswith('https'): | |||
| raise ValueError("Endpoint should be secure. Use https.") | |||
There was a problem hiding this comment.
I would use a wording more consistent with Azure-core:
lmazuel
reviewed
May 8, 2020
| @@ -45,6 +45,14 @@ class SearchServiceClient(HeadersMixin): # pylint: disable=too-many-public-meth | |||
| def __init__(self, endpoint, credential, **kwargs): | |||
| # type: (str, AzureKeyCredential, **Any) -> None | |||
|
|
|||
| try: | |||
There was a problem hiding this comment.
It's a shame we have to duplicate this code, should we have a SeachServiceClientBase?
There was a problem hiding this comment.
I was think about the same - Will use this PR to do that
rakshith91
commented
May 12, 2020
...search/azure-search-documents/azure/search/documents/_service/_search_service_client_base.py
Outdated
Show resolved
Hide resolved
…ice/_search_service_client_base.py
lmazuel
reviewed
May 12, 2020
| # type: (str, AzureKeyCredential, **Any) -> None | ||
|
|
||
| try: | ||
| if endpoint.lower().startswith('http') and not endpoint.lower().startswith('https'): |
There was a problem hiding this comment.
For clarity I would do it:
if not endpoint.lower().startswith('http'):
endpoint = "https://" + endpoint
elif not endpoint.lower().startswith('https'):
raise ValueError("Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.")
lmazuel
previously approved these changes
May 12, 2020
rakshith91
commented
May 12, 2020
...search/azure-search-documents/azure/search/documents/_service/_search_service_client_base.py
Outdated
Show resolved
Hide resolved
…ice/_search_service_client_base.py
lmazuel
reviewed
May 12, 2020
| from ._indexes_client import SearchIndexesClient | ||
| from ._indexers_client import SearchIndexersClient | ||
| from ._skillsets_client import SearchSkillsetsClient | ||
| from ._synonym_maps_client import SearchSynonymMapsClient |
There was a problem hiding this comment.
Don't seem those imports are necessary here?
There was a problem hiding this comment.
how is pylint passing? ⭕
There was a problem hiding this comment.
removed these - but im shocked to see pylint not catching unused-import
bryevdv
reviewed
May 12, 2020
| :end-before: [END create_search_service_with_key] | ||
| :language: python | ||
| :dedent: 4 | ||
| :caption: Creating the SearchServiceClient with an API key. |
There was a problem hiding this comment.
Should the snippet be on this base class that users will never use directly themselves?
bryevdv
reviewed
May 12, 2020
| elif not endpoint.lower().startswith('https'): | ||
| raise ValueError("Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.") | ||
| except AttributeError: | ||
| raise ValueError("Endpoint must be a string.") |
There was a problem hiding this comment.
Could put this in a util function that has simple unit tests, then
self._endpoint = normalize_endpoint(endpoint)
below
bryevdv
approved these changes
May 13, 2020
iscai-msft
added a commit
that referenced
this pull request
May 18, 2020
…into feature/text_analytics_v3.0 * 'master' of https://github.com/Azure/azure-sdk-for-python: (128 commits) add more content to index crud samples (#11443) Add a snippet to the Samples readme mirroring the core readme, guiding users to the currently mainline version of the lib if the end up on the wrong page. (#11420) 20200515 run resource live test (#11454) Release azure mgmt eventgrid (#11431) Smoke Tests use new workflow for package install (#11438) ServiceFabric 7.1 (#11451) update (#11424) Typing for appconfiguration (#11427) [form recognizer] Move `get_client` method from FormRecognizer -> FormTraining (#11423) release customvision (#11428) Enforce https in search (#11337) [Cosmos] Remove unused files (#11388) Sync eng/common directory with azure-sdk-tools repository (#11417) [form recognizer] consistency renames for FormTrainingClient (#11390) Release for azure mgmt eventhub (#11403) Network 2020 04 01 (#11405) link in to reference docs for sub-clients (#11396) Persistent caching for interactive credentials on Linux and macOS (#11319) [formrecognizer] add AAD auth support (#11275) Search docs/readme updates (#11391) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #10981
Case1: "xyz.search.windows.net"
Current Behavior: throws some random key error because it fails to parse in azure core
Changed to: "https://xyz.search.windows.net"
Case2: "https://xyz.search.windows.net"
No behavior changed - correct endpoint
Case3: "http://xyz.search.windows.net"
Behavior changed to raising value error and warn to use https
Case4: 1234 (non string)
Raises a value error