feat: Add verify_ssl to generated Client, allowing users of generated libraries to ignore ssl verification

[rtaycher]

Sometimes (especially when dealing with internal applications) its necessary to ignore ssl checks.

This lets you configure it on the generated Client class and passes it on to any httpx.get/put/post/patch/delete calls

This should work with issue #202 when it gets finished, only thing is that I think they will need to use attr.ib on_setattr= argument to recreate the client instance when verify_ssl is modified, since in the httpx.Client class verify is set in the Constructor of the httpx.Client and not on get/put/post/patch/delete methods of the class.

One other question is whether the type of
verify_ssl: Union[str, bool, ssl.SSLContext] should or should not contain ssl.SSLContext or str.
I think you can do fancy and useful things with ssl.SSLContext like load self signed certs to check but I don't think requests allows it, and I'm not sure about other http libraries with a verify parameter. I think both httpx and requests let you take a string path to a certificate bundle, but am not sure about the details.

Personally I think it should be [str, bool, ssl.SSLContext] for flexibility.

[dbanty]

Awesome, thanks for the contribution @rtaycher ! I've approved CI so it can run, once that passes this is just about good to go. I think we should probably add a note somewhere for users so they know they can do this, maybe in the generated README? I don't actually know how much we have in there right now around Client usage, I might need to make a separate PR to give it some love.

[codecov]

Codecov Report

Merging #497 (b9c29d3) into main (5708074) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##              main      #497   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           48        48           
  Lines         1609      1609           
=========================================
  Hits          1609      1609           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5708074...b9c29d3. Read the comment docs.

[rtaycher]

@dbanty

Does

---

By default when you're calling an https api it will attempt to verify that ssl is working correctly.
Using certificate verification is highly recommended most of the time and is the default.
But sometimes you may need to authenticate to a server (especially an internal server) using a custom certificate bundle.

client = AuthenticatedClient(base_url="https://internal_api.example.com", token="SuperSecretToken", verify_ssl='/path/to/certificate_bundle.pem')

or even disable ssl verification altogether, despite the fact that it can increase security risks.

client = AuthenticatedClient(base_url="https://internal_api.example.com", token="SuperSecretToken", verify_ssl=False)

---

sound ok?
I wasn't sure how much warning to give or exact wording as I'm not exactly an expert when it comes to security.
README.md.jinja is probably the best place for it for now but in the future per class api doc might be a better place.

[dbanty]

That sounds great @rtaycher! I think the README is the right place for now, at least until we have a better overall docstring strategy.

[rtaycher]

README updated

[rtaycher]

Do I need to add anything else?

[dbanty]

Awesome, thanks! I made a couple tweaks in the wording but once CI checks pass I'll merge this!