Skip to content

EDGE-613 Fix Cognite client certificate auth#544

Merged
Yaseen-A-Khan merged 10 commits into
masterfrom
EDGE-613-cognite-cert-auth
Jun 30, 2026
Merged

EDGE-613 Fix Cognite client certificate auth#544
Yaseen-A-Khan merged 10 commits into
masterfrom
EDGE-613-cognite-cert-auth

Conversation

@Yaseen-A-Khan

Copy link
Copy Markdown
Contributor

Background

This is in act of addressing one of the customer issues with cognite client certificate authentication failure where the error log showed, binascii.Error: Odd-length string, which happens when the thumbprint has an odd-length which was happening because the ConnectionConfig.get_cognite_client() was using bare str() on the incoming bytes from _load_certificate_data function.
Reference to the ticket: https://cognitedata.atlassian.net/browse/CDFBUG-1577

Summary

This PR adds the change to address the issue along with the unit and integration tests.

Test plan

  • uv run pre-commit run --all passes (mypy, ruff, format)
  • uv run pytest tests/tests_unit/test_certificate_auth.py -v — 7 unit tests pass

@Yaseen-A-Khan Yaseen-A-Khan requested a review from a team as a code owner June 23, 2026 22:14

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the return type annotation of _load_certificate_data to always return bytes, and updates the certificate loading logic to decode bytes to UTF-8 strings. The reviewer suggested using the more idiomatic .decode("utf-8") method instead of str(bytes, "utf-8") when converting the certificate thumbprint and key to strings.

Comment on lines +447 to +448
cert_thumbprint=str(thumprint, "utf-8"),
certificate=str(key, "utf-8"),

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Using str(bytes, "utf-8") is unidiomatic in Python. It is highly recommended to use .decode("utf-8") instead, which is the standard and more readable way to convert bytes to a string.

Suggested change
cert_thumbprint=str(thumprint, "utf-8"),
certificate=str(key, "utf-8"),
cert_thumbprint=thumprint.decode("utf-8"),
certificate=key.decode("utf-8"),

@Yaseen-A-Khan Yaseen-A-Khan Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as the functionality remains same for key.decode("utf-8") and str(key, "utf-8"), thinking str seemed to convey that it converts to a string better, i retained it.

Comment on lines +331 to +332
cert_thumbprint=str(thumbprint, "utf-8"),
certificate=str(key, "utf-8"),

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Using str(bytes, "utf-8") is unidiomatic in Python. It is highly recommended to use .decode("utf-8") instead, which is the standard and more readable way to convert bytes to a string.

Suggested change
cert_thumbprint=str(thumbprint, "utf-8"),
certificate=str(key, "utf-8"),
cert_thumbprint=thumbprint.decode("utf-8"),
certificate=key.decode("utf-8"),

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as the functionality remains same for key.decode("utf-8") and str(key, "utf-8"), thinking str seemed to convey that it converts to a string better, i retained it.

@codecov

codecov Bot commented Jun 23, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 83.43%. Comparing base (3bb7bb5) to head (ea8fff6).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master     #544      +/-   ##
==========================================
+ Coverage   83.08%   83.43%   +0.35%     
==========================================
  Files          45       45              
  Lines        4522     4522              
==========================================
+ Hits         3757     3773      +16     
+ Misses        765      749      -16     
Files with missing lines Coverage Δ
cognite/extractorutils/__init__.py 100.00% <100.00%> (ø)
cognite/extractorutils/configtools/_util.py 77.04% <100.00%> (+11.47%) ⬆️
cognite/extractorutils/configtools/elements.py 81.77% <ø> (+1.40%) ⬆️
...te/extractorutils/unstable/configuration/models.py 85.71% <ø> (+0.85%) ⬆️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Comment thread tests/tests_unit/test_certificate_auth.py Outdated
@Yaseen-A-Khan Yaseen-A-Khan marked this pull request as draft June 25, 2026 08:53

@nithinb nithinb left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this is in draft now but a couple of things:

  1. add integration test
  2. include version bump in that so you can update the extractor right after this

@Yaseen-A-Khan Yaseen-A-Khan marked this pull request as ready for review June 29, 2026 10:31

@nithinb nithinb left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just two minor changes and a nit. Nit can be addressed later if you want

Comment thread cognite/extractorutils/configtools/elements.py
Comment thread tests/test_unstable/test_certificate_auth_integration.py
Comment thread CHANGELOG.md Outdated
updated the change log to specify the certicate auth is towards CDF.

@nithinb nithinb left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

risk review ok

@Yaseen-A-Khan Yaseen-A-Khan merged commit ac084cf into master Jun 30, 2026
7 checks passed
@Yaseen-A-Khan Yaseen-A-Khan deleted the EDGE-613-cognite-cert-auth branch June 30, 2026 05:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants