[Python] conditionally set auth attributes

[sebastien-rosset]

Fix for #3844:

• Do not add auth parameter in HTTP request if auth parameter is set None
• Add attribute to control which auth schemes can be used.

Currently, the python client obtains the list of security schemes that have been specified in the OAS spec, and automatically adds the authentication attributes in the header, cookie or query. This happens even if the parameters are unset. For example, the "Authorization" header may be set with an empty Bearer token:

'Authorization': 'Bearer '

With this PR, the bearer access token is no longer set if its value is None.

Tests performed:

1. Use OAS spec that specifies more than one security scheme for a given operation, e.g. OAuth2 and cookie
2. Generate the Python SDK using the master branch
3. Write a Python client that sets the cookie but not the OAuth2 access token
4. Invoke the client and verifies both auth attributes have been set (causing auth failure)
5. Generate the Python SDK using code from this PR
6. Invoke the client again, verify the auth parameters are set conditionally.

PR checklist

• Read the contribution guidelines.
• If contributing template-only or documentation-only changes which will change sample output, build the project before.
• Run the shell script(s) under ./bin/ (or Windows batch scripts under.\bin\windows) to update Petstore samples related to your fix. This is important, as CI jobs will verify all generator outputs of your HEAD commit, and these must match the expectations made by your contribution. You only need to run ./bin/{LANG}-petstore.sh, ./bin/openapi3/{LANG}-petstore.sh if updating the code or mustache templates for a language ({LANG}) (e.g. php, ruby, python, etc).
• File the PR against the correct branch: master, 4.3.x, 5.0.x. Default: master.
• Copy the technical committee to review the pull request if your PR is targeting a particular programming language.

[sebastien-rosset]

@taxpon @frol @mbohlool @cbornet @kenjones-cisco @tomplus @Jyhess @slash-arun @spacether

[sebastien-rosset]

Not directly related to this PR, is there any reason the generated Python classes do not leverage class inheritance?

[spacether]

Optionally pass in the host an access_token inputs into the Configuration
instance rather than setting them with .host .access_token

[spacether]

Not directly related to this PR, is there any reason the generated Python classes do not leverage class inheritance?

Which classes, the Configuration class, the model classes?
What is the context around your question?

[spacether]

Thanks for making those updates and updating the unit test. The use case where users may want to pass in empty strings for auth values sounds like a valid test case.
These changes look good.

[sebastien-rosset]

Not directly related to this PR, is there any reason the generated Python classes do not leverage class inheritance?

Which classes, the Configuration class, the model class?
What is the context around your question?

Sorry, in the model class. For example, in the generated Java, "Cat extends Animal" and "Dog extends Animal". This is done when the OAS spec has the "allOf" keyword and discriminants, and the mustache template uses the "parent" tag. I know doing class inheritance is not required and classes can be flattened, but still it's nice to have class inheritance because the generated classes are less verbose and easier to read.

I'm asking because I have submitted a PR for golang to support embedded structs (which is one way in golang to model type inheritance), and I wonder if I should submit a PR for Python too.

[sebastien-rosset]

Never mind, I see there is already a PR: #4446

Not directly related to this PR, is there any reason the generated Python classes do not leverage class inheritance?

[spacether]

Not directly related to this PR, is there any reason the generated Python classes do not leverage class inheritance?

Which classes, the Configuration class, the model class?
What is the context around your question?

Sorry, in the model class. For example, in the generated Java, "Cat extends Animal" and "Dog extends Animal". This is done when the OAS spec has the "allOf" keyword and discriminants, and the mustache template uses the "parent" tag. I know doing class inheritance is not required and classes can be flattened, but still it's nice to have class inheritance because the generated classes are less verbose and easier to read.

I'm asking because I have submitted a PR for golang to support embedded structs (which is one way in golang to model type inheritance), and I wonder if I should submit a PR for Python too.

Composed inheritance models can have the same properties in multiple child schemas.
That's why we don't do it with inheritance.
Also, some models such as oneOf or anyOf are conditionally included based upon whether their input arguments are present in the inputs that you pass to the model.
I have an open PR adding composed schemas to the python-experimental generator here: #4446

[sebastien-rosset]

@spacether , I think I have addressed all your comments.

[spacether]

This looks good. Thanks for you contribution!

[wing328]

When you have time, please PM me via Slack to have a discussion on this in Jan 2020.

[sebastien-rosset]

Based on feedback, I have opened a new PR to replace this one: #4988