Merge pull request #70 from dlt-hub/feat/auth_improvements

sh-rp · web-flow · commit 6535f9e3f3f3 · 2024-05-17T13:38:35.000+02:00
auth improvements: select correct global auth, add secrets to secrets.toml, add note in readme if secret present
diff --git a/README.md b/README.md
@@ -125,3 +125,7 @@ And use it with the config argument:
 ```console
 $ dlt-openapi init pokemon --url ... --config config.yml
 ```
+
+## Implementation notes
+* OAuth Authentication currently is not natively supported, you can supply your own
+* Per endpoint authentication currently is not supported by the generator, only the first globally set securityScheme will be applied. You can add your own per endpoint if you need to.
diff --git a/dlt_openapi/detector/default/__init__.py b/dlt_openapi/detector/default/__init__.py
@@ -86,11 +86,10 @@ def run(self, open_api: OpenapiParser) -> None:
                 self._add_warning(UnresolvedPathParametersWarning(params), e)
 
     def detect_security_schemes(self, open_api: OpenapiParser) -> None:
-        schemes = list(open_api.security_schemes.values())
 
         # detect scheme settings
         # TODO: make this a bit nicer
-        for scheme in schemes:
+        for name, scheme in open_api.security_schemes.items():
 
             if scheme.type == "apiKey":
                 scheme.detected_secret_name = "api_key"
@@ -115,10 +114,17 @@ def detect_security_schemes(self, open_api: OpenapiParser) -> None:
 """
 
         # find default scheme
-        if len(schemes) and schemes[0].supported:
-            open_api.detected_global_security_scheme = schemes[0]
-        elif len(schemes) and not schemes[0].supported:
-            self._add_warning(UnsupportedSecuritySchemeWarning(schemes[0].type))
+        if open_api.global_security_name:
+            global_scheme = None
+            for name, scheme in open_api.security_schemes.items():
+                if name == open_api.global_security_name:
+                    global_scheme = scheme
+                    break
+
+            if global_scheme and global_scheme.supported:
+                open_api.detected_global_security_scheme = global_scheme
+            elif global_scheme and not global_scheme.supported:
+                self._add_warning(UnsupportedSecuritySchemeWarning(global_scheme.type))
 
     def detect_resource_names(self, endpoints: EndpointCollection) -> None:
         """iterate all endpoints and find a strategy to select the right resource name"""
diff --git a/dlt_openapi/parser/openapi_parser.py b/dlt_openapi/parser/openapi_parser.py
@@ -22,13 +22,16 @@ class OpenapiParser:
     endpoints: EndpointCollection = None
     security_schemes: Dict[str, SecurityScheme] = {}
 
+    global_security_name: str = None
+
     detected_global_security_scheme: SecurityScheme = None
     detected_global_pagination: Pagination = None
 
     def __init__(self, config: Config) -> None:
         self.config = config
 
     def parse(self, data: bytes) -> None:
+
         self.spec_raw = self._load_yaml_or_json(data)
         self.security_schemes = {}
 
@@ -45,6 +48,8 @@ def parse(self, data: bytes) -> None:
         logger.success("Completed extracting openapi metadata and credentials.")
 
         logger.info("Extracting security schemes")
+        if spec.security:
+            self.global_security_name = list(spec.security[0].keys())[0]
         if self.context.spec.components and self.context.spec.components.securitySchemes:
             for name, scheme in self.context.spec.components.securitySchemes.items():
                 self.security_schemes[name] = SecurityScheme(
diff --git a/dlt_openapi/renderer/default/__init__.py b/dlt_openapi/renderer/default/__init__.py
@@ -54,6 +54,7 @@ def run(self, openapi: OpenapiParser, dry: bool = False) -> None:
             class_name=lambda x: misc.ClassName(x, ""),
             package_name=self.package_name,
             project_name=self.config.project_name,
+            credentials=self.openapi.detected_global_security_scheme,
         )
 
         if dry:
@@ -110,6 +111,13 @@ def _build_dlt_config(self) -> None:
             encoding=FILE_ENCODING,
         )
 
+        secrets_template = self.env.get_template("dlt_secrets.toml.j2")
+        secrets_path = config_dir / "secrets.toml"
+        secrets_path.write_text(
+            secrets_template.render(),
+            encoding=FILE_ENCODING,
+        )
+
     def _build_source(self) -> None:
         module_path = self.package_dir / "__init__.py"
         module_path.write_text(
@@ -123,7 +131,6 @@ def _render_source(self) -> str:
             source_name=self.source_name,
             endpoint_collection=self.openapi.endpoints,
             imports=[],
-            credentials=self.openapi.detected_global_security_scheme,
             global_paginator_config=(
                 self.openapi.detected_global_pagination.paginator_config
                 if self.openapi.detected_global_pagination
diff --git a/dlt_openapi/renderer/default/templates/README.md.j2 b/dlt_openapi/renderer/default/templates/README.md.j2
@@ -6,6 +6,12 @@ Created with [dlt-openapi](https://github.com/dlt-hub/dlt-openapi) v. {{version}
 * https://github.com/dlt-hub/dlt
 * https://github.com/dlt-hub/dlt-openapi
 
+{% if credentials %}
+## Credentials
+This API uses {{ credentials.type }} authentication. Please fill in the required variable {{ credentials.detected_secret_name }} in your 
+secrets.toml.
+{% endif %}
+
 ## Available resources
 {% for endpoint in endpoint_collection.all_endpoints_to_render %}
 * {{ endpoint.detected_resource_name }}  
diff --git a/dlt_openapi/renderer/default/templates/dlt_secrets.toml.j2 b/dlt_openapi/renderer/default/templates/dlt_secrets.toml.j2
@@ -0,0 +1,3 @@
+{% if credentials %}
+{{ credentials.detected_secret_name }} = "FILL ME OUT"  # TODO: fill in your credentials
+{% endif %}
diff --git a/tests/cases/artificial_specs/auth/basic_auth_not_used.yml b/tests/cases/artificial_specs/auth/basic_auth_not_used.yml
@@ -0,0 +1,20 @@
+openapi: 3.0.0
+info:
+  title: 'basic, but not set in security section'
+  version: 1.0.0
+servers:
+- url: 'https://pokeapi.co/'
+components:
+  securitySchemes:
+    basicAuth:     # <-- arbitrary name for the security scheme
+      type: http
+      scheme: basic
+# security:
+#  - basicAuth: []  # <-- use the same name here
+paths:
+  /api/v2/pokemon/:
+    get:
+      operationId: pokemon_list
+      responses:
+        '200':
+          description: OK
diff --git a/tests/cases/artificial_specs/auth/oauth.yml b/tests/cases/artificial_specs/auth/oauth.yml
@@ -14,6 +14,8 @@ components:
           scopes:
             read: Grants read access
             write: Grants write access
+security:
+  - oauth2: [] 
 paths:
   /api/v2/pokemon/:
     get:
diff --git a/tests/integration/basics/test_auth.py b/tests/integration/basics/test_auth.py
@@ -30,6 +30,11 @@ def test_basic_auth() -> None:
     }
 
 
+def test_unused_auth() -> None:
+    source_dict = get_dict_by_case("artificial", "auth/basic_auth_not_used.yml")
+    assert not source_dict["client"].get("auth")
+
+
 def test_oauth_warning() -> None:
     source_dict = get_dict_by_case("artificial", "auth/oauth.yml")
     assert not source_dict["client"].get("auth")

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+{% if credentials %}`
	`2`	`+{{ credentials.detected_secret_name }} = "FILL ME OUT" # TODO: fill in your credentials`
	`3`	`+{% endif %}`