Skip to content

release(python): v0.9.6 #614

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 16, 2025
Merged

release(python): v0.9.6 #614

merged 3 commits into from
Sep 16, 2025

Conversation

@rhamzeh
Copy link
Member

@rhamzeh rhamzeh commented Sep 12, 2025
edited by coderabbitai bot
Loading

Description

What problem is being solved?

How is it being solved?

What changes are made to solve it?

References

Review Checklist

  • I have clicked on "allow edits by maintainers".
  • I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
  • The correct base branch is being used, if not main
  • I have added tests to validate that the change in functionality is working as expected

Summary by CodeRabbit

  • Chores
    • Bumped Python SDK version to 0.9.6.
    • Updated build workflow reference for Python SDK test run.
  • Documentation
    • Updated changelog: prepared v0.9.5 entry and Unreleased notes, including SSL context reuse fix and OAuth2 scopes parameter support.
  • Tests
    • Added extensive SSL context test coverage for the Python sync REST client, including CA certs, client cert/key, verification toggling, proxy usage, reuse optimization, and pool sizing.

No changes to public APIs.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 12, 2025
edited
Loading

Walkthrough

Updates CI to point Python SDK tests at a new OpenAPI ref. Adjusts Python client release metadata (CHANGELOG and packageVersion). Adds comprehensive SSL context tests for the Python sync REST client using mocks, covering CA certs, client certs, verification toggles, proxy usage, reuse, and combined options.

Changes

Cohort / File(s) Summary
CI Workflow Ref Update
.github/workflows/main.yaml		 Updates OPEN_API_REF to c0b62b28b14d0d164d37a1f6bf19dc9d39e5769b for Python SDK Run All Tests; no other workflow changes.
Python SDK Release Metadata
config/clients/python/CHANGELOG.md.mustache, config/clients/python/config.overrides.json		 CHANGELOG: updates Unreleased section, adds items and v0.9.5 subsection/dates. Config: bumps packageVersion from 0.9.5 to 0.9.6.
Python Sync REST SSL Tests
config/clients/python/template/test/sync/rest_test.py.mustache		 Adds tests verifying SSL context creation, client cert loading, verification disablement, proxy handling, context reuse, and full SSL options with PoolManager/ProxyManager via mocks.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Suggested labels

release

Suggested reviewers

  • evansims

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title "release(python): v0.9.6" is concise and directly reflects the primary change in the diff (a Python release/version bump evidenced by the packageVersion and changelog updates), so it accurately summarizes the main intent of the changeset.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch release/python-v0.9.6

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@rhamzeh rhamzeh force-pushed the release/python-v0.9.6 branch 2 times, most recently from 67504cb to 14b04b6 Compare September 16, 2025 16:35
@rhamzeh rhamzeh marked this pull request as ready for review September 16, 2025 18:02
@rhamzeh rhamzeh requested a review from a team as a code owner September 16, 2025 18:02
coderabbitai[bot]
coderabbitai bot reviewed Sep 16, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (4)
config/clients/python/CHANGELOG.md.mustache (1)

5-9: Avoid hardcoding the release date inside the template.

The date “(2025-09-15)” will be baked into every generated changelog for {{packageVersion}}. Prefer injecting the date at release time or using a template variable, or at minimum confirm the date matches the actual release cut.

If you keep a manual date, please confirm the intended release date; today is 2025-09-16.

config/clients/python/template/test/sync/rest_test.py.mustache (3)

528-585: Patch the symbol in the module under test to avoid import-style drift.

Patch targets like "ssl.create_default_context" and "urllib3.PoolManager" work only if the SUT imports those names exactly that way. Prefer patching via the module under test so changes like from ssl import create_default_context won’t break tests.

Apply this diff to the affected tests:

-@patch("ssl.create_default_context")
-@patch("urllib3.PoolManager")
+@patch("{{packageName}}.sync.rest.ssl.create_default_context")
+@patch("{{packageName}}.sync.rest.urllib3.PoolManager")
 def test_ssl_context_created_with_ca_cert(...

Repeat similarly for other tests:

  • PoolManager → "{{packageName}}.sync.rest.urllib3.PoolManager"
  • ProxyManager → "{{packageName}}.sync.rest.urllib3.ProxyManager"
  • create_default_context → "{{packageName}}.sync.rest.ssl.create_default_context"

---

`620-653`: **Make ProxyManager call assertions robust across urllib3 versions (positional vs kwarg).**

Some urllib3 versions accept `proxy_url` positionally; asserting only kwargs can flake. Extract from args-or-kwargs.


```diff
-    call_kwargs = mock_proxy_manager.call_args[1]
-    assert call_kwargs["ssl_context"] == mock_ssl_context
-    assert call_kwargs["proxy_url"] == "http://proxy:8080"
-    assert call_kwargs["proxy_headers"] == {"Proxy-Auth": "token"}
+    args, kwargs = mock_proxy_manager.call_args
+    proxy_url = kwargs.get("proxy_url", args[0] if args else None)
+    assert proxy_url == "http://proxy:8080"
+    assert kwargs["ssl_context"] == mock_ssl_context
+    assert kwargs.get("proxy_headers") == {"Proxy-Auth": "token"}

694-736: Tighten checks for secure defaults when verify_ssl=True.

The “not hasattr(...) or ...” pattern can mask issues. Since you mock the context, set explicit safe defaults and assert exact values.

-    assert (
-        not hasattr(mock_ssl_context, "check_hostname")
-        or mock_ssl_context.check_hostname
-    )
-    assert (
-        not hasattr(mock_ssl_context, "verify_mode")
-        or mock_ssl_context.verify_mode != ssl.CERT_NONE
-    )
+    # Set explicit defaults on the mock to make assertions strict
+    mock_ssl_context.check_hostname = True
+    mock_ssl_context.verify_mode = ssl.CERT_REQUIRED
+    assert mock_ssl_context.check_hostname is True
+    assert mock_ssl_context.verify_mode == ssl.CERT_REQUIRED
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between da284d3 and 3a76c85.

📒 Files selected for processing (4)
  • .github/workflows/main.yaml (1 hunks)
  • config/clients/python/CHANGELOG.md.mustache (1 hunks)
  • config/clients/python/config.overrides.json (1 hunks)
  • config/clients/python/template/test/sync/rest_test.py.mustache (2 hunks)
🧰 Additional context used
📓 Path-based instructions (4)
config/clients/*/config.overrides.json

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

config/clients/*/config.overrides.json: Always update the packageVersion in each language-specific config.overrides.json when making version changes
Maintain FOSSA compliance notice IDs in each language’s config.overrides.json

Files:

  • config/clients/python/config.overrides.json
config/**/*.{json,mustache}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Never hardcode API keys or credentials in configuration or template files

Files:

  • config/clients/python/config.overrides.json
  • config/clients/python/CHANGELOG.md.mustache
  • config/clients/python/template/test/sync/rest_test.py.mustache
config/{common/config.base.json,clients/*/config.overrides.json}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Ensure consistent versioning across base and language override configuration files to avoid version conflicts

Files:

  • config/clients/python/config.overrides.json
config/**/*.mustache

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Validate mustache syntax and variable references across all template files, including CHANGELOG.md.mustache

Files:

  • config/clients/python/CHANGELOG.md.mustache
  • config/clients/python/template/test/sync/rest_test.py.mustache
🧠 Learnings (4)
📓 Common learnings 
Learnt from: wadells
PR: openfga/sdk-generator#607
File: config/clients/python/template/src/sync/rest.py.mustache:147-158
Timestamp: 2025-09-08T22:31:40.547Z
Learning: The OpenFGA SDK generator Python templates have both sync (urllib3) and async (aiohttp) REST clients that should maintain consistent SSL context handling. Both create the SSL context once during client initialization using the same pattern: ssl.create_default_context(cafile=configuration.ssl_ca_cert) with identical cert_file and verify_ssl handling.

Learnt from: wadells
PR: openfga/sdk-generator#607
File: config/clients/python/template/src/sync/rest.py.mustache:147-158
Timestamp: 2025-09-08T22:31:40.547Z
Learning: For the OpenFGA SDK generator Python client templates, the user wadells prefers to keep the sync and async client SSL context implementations consistent rather than adding additional features to one without the other.

Learnt from: wadells
PR: openfga/sdk-generator#607
File: config/clients/python/template/src/sync/rest.py.mustache:147-158
Timestamp: 2025-09-08T22:31:40.547Z
Learning: For the OpenFGA SDK generator Python client templates, the user wadells prefers to keep the sync and async client SSL context implementations consistent rather than adding additional features to one without the other.

Learnt from: wadells
PR: openfga/sdk-generator#607
File: config/clients/python/template/src/sync/rest.py.mustache:147-158
Timestamp: 2025-09-08T22:31:40.547Z
Learning: For the OpenFGA SDK generator Python client templates, the user wadells prefers to keep the sync and async client SSL context implementations consistent rather than adding additional features to one without the other.

Learnt from: wadells
PR: openfga/sdk-generator#607
File: config/clients/python/template/src/sync/rest.py.mustache:147-158
Timestamp: 2025-09-08T22:31:40.547Z
Learning: For the OpenFGA SDK generator Python client templates, the user wadells prefers to keep the sync and async client SSL context implementations consistent rather than adding additional features to one without the other.
📚 Learning: 2025-09-04T17:35:34.111Z 
Learnt from: CR
PR: openfga/sdk-generator#0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-04T17:35:34.111Z
Learning: Run make test-all-clients before major changes

Applied to files:

  • .github/workflows/main.yaml
📚 Learning: 2025-09-04T17:35:34.111Z 
Learnt from: CR
PR: openfga/sdk-generator#0
File: .github/copilot-instructions.md:0-0
Timestamp: 2025-09-04T17:35:34.111Z
Learning: Applies to config/clients/*/config.overrides.json : Always update the packageVersion in each language-specific config.overrides.json when making version changes

Applied to files:

  • config/clients/python/config.overrides.json
📚 Learning: 2025-09-08T22:31:40.547Z 
Learnt from: wadells
PR: openfga/sdk-generator#607
File: config/clients/python/template/src/sync/rest.py.mustache:147-158
Timestamp: 2025-09-08T22:31:40.547Z
Learning: The OpenFGA SDK generator Python templates have both sync (urllib3) and async (aiohttp) REST clients that should maintain consistent SSL context handling. Both create the SSL context once during client initialization using the same pattern: ssl.create_default_context(cafile=configuration.ssl_ca_cert) with identical cert_file and verify_ssl handling.

Applied to files:

  • config/clients/python/template/test/sync/rest_test.py.mustache
🔇 Additional comments (4)
config/clients/python/CHANGELOG.md.mustache (1)

5-5: Double-check Unreleased formatting for the upcoming tag.

Placing a version header under “Unreleased” is fine if your tooling expects it, but ensure it won’t duplicate sections when you cut v{{packageVersion}}.

config/clients/python/template/test/sync/rest_test.py.mustache (1)

655-692: Great addition: verifies SSL context reuse to address OpenSSL 3.x perf.

This guards against regressions from re-creating contexts on each request. Nicely scoped and readable.

Consider adding a sister test for the async client to maintain parity with the sync implementation, per prior guidance.

.github/workflows/main.yaml (1)

136-136: OPEN_API_REF SHA verified — run codegen & Python tests.

c0b62b28b14d0d164d37a1f6bf19dc9d39e5769b exists in repo openfga/api; confirm it references the intended OpenAPI spec and that codegen + the Python tests pass (CI/local).
Location: .github/workflows/main.yaml:136

config/clients/python/config.overrides.json (1)

5-5: Approve — packageVersion bumped to 0.9.6; verify base/other overrides & FOSSA notice

Script shows: config/clients/python/config.overrides.json → 0.9.6; config/common/config.base.json not found; no other config/clients//config.overrides.json detected. Action: ensure config/common/config.base.json (if used) and all config/clients//config.overrides.json match 0.9.6 and that the FOSSA notice ID remains unchanged.

@rhamzeh rhamzeh added this pull request to the merge queue Sep 16, 2025
Merged via the queue into main with commit 787eb87 Sep 16, 2025
19 checks passed
@rhamzeh rhamzeh deleted the release/python-v0.9.6 branch September 16, 2025 19:31
@coderabbitai coderabbitai bot mentioned this pull request Oct 6, 2025
Merged
@coderabbitai coderabbitai bot mentioned this pull request Oct 17, 2025
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

+1 more reviewer

@evansims evansims evansims approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rhamzeh @evansims