macadmins / jamf-pro-sdk-python

A client library for the Jamf Pro APIs and webhooks.
https://macadmins.github.io/jamf-pro-sdk-python/
MIT License
51 stars 10 forks source link

[Feedback] Supporting AIA fetching #43

Closed liquidz00 closed 5 months ago

liquidz00 commented 5 months ago

Current

Presently, the requests library is being leveraged for API call functionality. However, in managed environments, this can cause a potential issue with SSL verification as Python does not natively support AIA fetching.

Zscaler is a relatively common offender of this. In my environment, we added the Jamf Pro & Classic API to the global SSL bypass in the Zscaler admin console, and SSL verification still failed.

Proposed

The asyncio library supports asynchronous shell command execution with asyncio.create_subprocess_shell(). This can be leveraged to use /usr/bin/curl which does support AIA fetching. Running the command in the linked comment can verify that curl does not mention or reference OpenSSL.

Below is a basic example of how to accomplish this. The headers variable can be formatted/validated properly with use with the SDK, the below use is just a sample.

import asyncio

headers = {"Accept": "application/json", "Authorization": f"Bearer {jamf_token}"}

headers_string = " ".join(
        [f'-H "{key}: {value}"' for key, value in headers.items()]
)

command = f"curl -s -X GET {headers_string} {url}"

try:
    process = await asyncio.create_subprocess_shell(
        command, stdout=subprocess.PIPE, stderr=subprocess.PIPE
    )
    stdout, stderr = await process.communicate()
except asyncio.TimeoutError as e:
    logging.error(f"Request to API timed out: {e}")
    raise

System Information

macOS 14.5, Python 3.10, 3.11, 3.12, Jamf Pro version 11.6.1.

liquidz00 commented 5 months ago

Closing in favor of the ca_cert_bundle in the client configuration. Apologies!