Skip to content

fix(clients/python): add TLS/HTTPS support to dynamic connection strategies#1071

Open
chw120 wants to merge 2 commits into
kubernetes-sigs:mainfrom
chw120:fix-python-sdk-tls-support
Open

fix(clients/python): add TLS/HTTPS support to dynamic connection strategies#1071
chw120 wants to merge 2 commits into
kubernetes-sigs:mainfrom
chw120:fix-python-sdk-tls-support

Conversation

@chw120

@chw120 chw120 commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

What this PR does / why we need it:

Historically, the Python SDK connector constructed all dynamic base URLs using a hardcoded http:// scheme, making Gateway-fronted TLS termination and in-cluster HTTPS sandboxes unreachable. While direct connections allowed callers to pass an https:// scheme via api_url, the other three dynamic strategies (Gateway, InCluster, and LocalTunnel) had no capability to opt into TLS or configure secure connection contexts.

To resolve Finding 10, this PR implements the following changes:

  1. Configurable Schemes and TLS Validation:

    • Adds a scheme: Literal["http", "https"] field to Gateway, InCluster, and LocalTunnel configs, defaulting to "http" for backwards compatibility.
    • Attaches a TLSConfig (supporting custom ca_cert, insecure_skip_verify, and server_name_override) to all four configurations.
    • Introduces Pydantic model validators to reject inconsistent parameters, such as combining scheme="http" with a TLS configuration, using https on direct endpoints without a matching protocol, or passing mutually exclusive parameters like combining a ca_cert with insecure_skip_verify.
  2. Centralized URL Construction:

    • Centralizes dynamic URL construction inside utils.build_base_url to correctly handle IPv6 bracket wrapping and port rules.
    • For Gateway URLs, port specification is omitted (falling back to scheme defaults of 80/443), and server_port is forwarded via the X-Sandbox-Port router header instead.
  3. Secure Certificate Materialization:

    • Handles ca_cert input as either an absolute file path or inline PEM contents, auto-detected using a -----BEGIN header check.
    • Sync clients materialize PEM data into a managed temporary file associated with the SandboxConnector lifecycle, while async clients build an ssl.SSLContext directly with the PEM string in memory.
  4. E2E Server Name Indication (SNI) Overrides:

    • Sync clients utilize a custom HTTPAdapter to inject server_hostname and assert_hostname overrides into the underlying urllib3 pool.
    • Async clients propagate the SNI override through httpx via the per-request sni_hostname extension. This is essential for setups like LocalTunnel over HTTPS where loopback (127.0.0.1) does not match the server certificate common name or SAN.
  5. Plaintext Warnings:

    • Emits a logger warning warning users to encrypt traffic if they are utilizing plaintext http:// configurations with Gateway or InCluster connection schemes.
  6. Shared Trust Posture:

    • Synchronous and asynchronous connectors share build_ssl_context logic, ensuring consistent certificate validation posture across both clients.

Verification / Test Plan

A comprehensive suite of 31 new unit tests has been implemented inside test_tls_support.py. These tests guard against:

  • Silent regression to hardcoded http:// schemes.
  • Mismatched or invalid TLSConfig configurations (such as mutual exclusion exceptions).
  • Malformed CA PEM verification and automatic path detection.
  • Correct URL output per strategy scheme (including bracketed IPv6 formatting).
  • Proper warning emission for plaintext endpoints.

All 281 pre-existing tests pass cleanly and without regression.

Release Note

Fix: Add comprehensive TLS/HTTPS support to the Python SDK connection strategies (Gateway, In-Cluster, Local Tunnel) and centralize secure URL construction.

Summary by CodeRabbit

  • New Features

    • Added configurable TLS for sandbox connections, including custom CA certificates and optional insecure verification.
    • Enabled SNI/hostname override support for TLS requests.
    • Improved URL construction to consistently respect the configured scheme and handle IPv6 formatting.
  • Bug Fixes

    • TLS configuration is now validated against the selected connection scheme (TLS requires HTTPS).
    • Plain HTTP in encrypted-capable modes now emits a warning to help prevent misconfiguration.
  • Tests

    • Added unit tests covering TLS behavior, URL formatting, scheme validation, and sync/async consistency.
The connector built every dynamic base URL with a literal http:// scheme,
so Gateway-fronted TLS termination and in-cluster HTTPS sandboxes were
unreachable. Direct connections already let callers pass https:// via
api_url, but the three dynamic strategies (Gateway, InCluster, LocalTunnel)
had no way to opt into TLS.

This change:

- Adds a scheme: Literal["http","https"] field to Gateway, InCluster, and
  LocalTunnel configs (defaults to "http" for backward compatibility) and a
  TLSConfig (ca_cert / insecure_skip_verify / server_name_override) on all
  four configs. Pydantic validators reject inconsistent combinations
  (scheme=http + tls, api_url=http://... + tls, ca_cert + insecure_skip_verify).

- Centralizes URL construction in utils.build_base_url with IPv6 bracket
  handling and optional port omission for Gateway URLs (which use scheme
  defaults 80/443; server_port is forwarded as the X-Sandbox-Port router
  header instead).

- Implements ca_cert as either inline PEM content or a file path
  (auto-detected via -----BEGIN header). For requests we materialize PEM
  to a temp file with lifecycle tied to SandboxConnector.close(); for httpx
  we build an SSLContext directly.

- Wires server_name_override end-to-end: sync uses a custom HTTPAdapter
  that sets server_hostname/assert_hostname on the urllib3 pool; async
  uses the per-request sni_hostname extension. This is the missing piece
  for LocalTunnel + https (127.0.0.1 never matches the cert CN/SAN).

- Emits a warning when Gateway or InCluster configs use plaintext http,
  pointing users at the new scheme/tls fields. LocalTunnel is exempt
  (loopback-only) and DirectConnection is exempt (scheme comes from the
  user-supplied URL).

Sync (requests) and async (httpx) share build_ssl_context so the same
TLSConfig produces equivalent verify posture in both. Previously the two
clients diverged on whether ca_cert and insecure_skip_verify could combine.

31 new unit tests cover URL construction per scheme, TLSConfig validators,
config-scheme consistency, ca_cert PEM-vs-path detection, strategy URL
output per scheme (regression guard against the original bug), and the
plaintext warning behavior. Existing 281 unit tests pass unchanged.
@netlify

netlify Bot commented Jun 30, 2026

Copy link
Copy Markdown

Deploy Preview for agent-sandbox canceled.

Name Link
🔨 Latest commit f87f484
🔍 Latest deploy log https://app.netlify.com/projects/agent-sandbox/deploys/6a446626e911d90008b61993
@kubernetes-prow kubernetes-prow Bot requested a review from igooch June 30, 2026 22:57
@kubernetes-prow

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: chw120
Once this PR has been reviewed and has the lgtm label, please assign janetkuo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubernetes-prow kubernetes-prow Bot requested a review from janetkuo June 30, 2026 22:57
@kubernetes-prow kubernetes-prow Bot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jun 30, 2026
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a2913ce5-af87-4968-b9fb-0c241837e981

📥 Commits

Reviewing files that changed from the base of the PR and between 3408644 and f87f484.

📒 Files selected for processing (5)
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/async_connector.py
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/connector.py
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/models.py
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/test/unit/test_tls_support.py
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/utils.py
🚧 Files skipped from review as they are similar to previous changes (5)
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/connector.py
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/test/unit/test_tls_support.py
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/async_connector.py
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/models.py
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/utils.py

📝 Walkthrough

Walkthrough

Adds TLS configuration support across the Python sandbox client. It introduces TLSConfig validation, shared URL/SSL helpers, sync and async connector wiring for HTTPS, custom CA, and SNI override handling, plus plaintext-HTTP warnings and new unit tests.

Changes

TLS Configuration and Connector Wiring

Layer / File(s) Summary
TLS config models and scheme validation
k8s_agent_sandbox/models.py
TLSConfig adds CA, verification, and SNI override fields with mutual-exclusion validation; Direct, Gateway, LocalTunnel, and InCluster configs add TLS fields and require HTTPS when TLS is set.
URL and SSL helper utilities
k8s_agent_sandbox/utils.py
Adds build_base_url, build_ssl_context, requests_verify_value, and apply_tls_to_requests_session for scheme-aware URL formatting and TLS verification handling.
Sync connector TLS wiring
k8s_agent_sandbox/connector.py
Adds plaintext HTTP warnings, TLS-aware adapter/session setup, build_base_url usage across strategies, temp CA cleanup, and SNI header forwarding.
Async connector TLS wiring
k8s_agent_sandbox/async_connector.py
Uses build_base_url for strategy URLs, derives HTTPX TLS verification from build_ssl_context, and forwards SNI overrides via headers and request extensions.
TLS support unit tests
k8s_agent_sandbox/test/unit/test_tls_support.py
New tests cover URL formatting, TLSConfig validation, scheme consistency, SSL context behavior, connector URL construction, plaintext warnings, and TLS posture consistency.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Suggested reviewers

  • vicentefb
  • justinsb

Poem

A bunny in a TLS burrow bright,
Hops through URLs with scheme just right.
SNI whispers, certs align,
Plaintext warnings now decline,
🐇🔒 all snug in the midnight light.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 13.56% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: adding TLS/HTTPS support to dynamic connection strategies.
Description check ✅ Passed The PR description covers the main change and release note; only the issue reference section is missing.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@kubernetes-prow kubernetes-prow Bot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Jun 30, 2026
@janetkuo janetkuo requested a review from Copilot June 30, 2026 23:00

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@clients/python/agentic-sandbox-client/k8s_agent_sandbox/async_connector.py`:
- Around line 236-239: The async connector’s SNI override path only updates the
TLS extension and leaves the HTTP Host header unchanged, unlike the sync
sibling. In the async connector’s request-building logic around the existing
sni_hostname handling, also apply server_name_override to the Host header when
one was not already provided by the caller, keeping behavior aligned with the
sync connector’s parity.

In `@clients/python/agentic-sandbox-client/k8s_agent_sandbox/connector.py`:
- Around line 372-381: The sync TLS setup in connector.py only applies
server_name_override to SNI/verification, not the HTTP Host header. Update the
HTTPS mount path in the connector’s sync client setup to pass the override
through the same _TLSAdapter logic used by the async sibling, so requests send
the overridden Host value as well as SNI. Use the existing
TLSConfig.server_name_override, build_ssl_context, and _TLSAdapter wiring to
keep sync and async behavior aligned.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 4d933e29-2790-4de4-8436-57b1b5cd9ed7

📥 Commits

Reviewing files that changed from the base of the PR and between da28b99 and 3408644.

📒 Files selected for processing (5)
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/async_connector.py
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/connector.py
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/models.py
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/test/unit/test_tls_support.py
  • clients/python/agentic-sandbox-client/k8s_agent_sandbox/utils.py
Comment thread clients/python/agentic-sandbox-client/k8s_agent_sandbox/connector.py Outdated

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances the Python SDK’s connection layer by adding configurable http/https schemes and TLS configuration across dynamic connection strategies, removing the historical hardcoded http:// URL construction and aligning sync (requests) and async (httpx) trust behavior.

Changes:

  • Introduces TLSConfig and strategy-level scheme support (Gateway / InCluster / LocalTunnel), with Pydantic validation to prevent inconsistent TLS + scheme combinations.
  • Centralizes base URL construction via build_base_url() (including IPv6 bracket handling) and adds shared TLS verification plumbing via build_ssl_context().
  • Adds a new unit test suite to cover scheme/TLS validation and URL formatting behavior.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
clients/python/agentic-sandbox-client/k8s_agent_sandbox/utils.py Adds shared URL builder and TLS verification helpers (incl. requests session TLS helper).
clients/python/agentic-sandbox-client/k8s_agent_sandbox/models.py Adds TLSConfig, adds scheme/tls fields to connection configs, and enforces consistency via validators.
clients/python/agentic-sandbox-client/k8s_agent_sandbox/connector.py Updates sync connector/strategies to use centralized URL building and adds TLS adapter + plaintext warnings + temp CA cleanup.
clients/python/agentic-sandbox-client/k8s_agent_sandbox/async_connector.py Updates async connector to use centralized URL building, shared TLS verify construction, and SNI override propagation.
clients/python/agentic-sandbox-client/k8s_agent_sandbox/test/unit/test_tls_support.py Adds unit coverage for scheme/TLS validation, URL construction (incl. IPv6), and plaintext warning behavior.
Comment thread clients/python/agentic-sandbox-client/k8s_agent_sandbox/utils.py Outdated
Comment thread clients/python/agentic-sandbox-client/k8s_agent_sandbox/models.py Outdated
Comment thread clients/python/agentic-sandbox-client/k8s_agent_sandbox/connector.py Outdated
Comment thread clients/python/agentic-sandbox-client/k8s_agent_sandbox/models.py
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. ready-for-review size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

3 participants