[ BUG ] - Caracara requests a token even if not used

[59e5aaf4]

Describe the bug

At instanciation time, caracara.client.Client configures itself, sends numerous logs and then fires a POST to https://api.eu-1.crowdstrike.com/oauth2/token to get an API token. Could it be possible to have lazy authentication ? That would mean preparing offline settings, and only trigger network requests when an API operation is required.

The falconpy behavior is not to request a token unless it's needed ( https://github.com/CrowdStrike/falconpy/blob/main/src/falconpy/api_complete.py#L307 ) ; but I might have read this wrong.

To Reproduce

Instanciate a caracara.client.Client class, there's a network call.

Expected behavior

No network call unless asked to touch the network

Environment

Operating System Version

Debian bookworm

Python Version

3.10.5

Poetry Version

1.4.1

Python Package Versions

$ pip freeze | grep -E '(caracara|falconpy)'
caracara==0.2.2
crowdstrike-falconpy==1.2.12

Additional context

We have scripts that prepare handlers to request data from various locations, and one of the providers is Caracara. For cases where all the details are already cached offline ( so far it's about session data ) ; we end up instanciating a Client object just in case ; then not using it since all the data we need is in our cache ; and instead of having instantaneous results we have to wait for one (1) HTTP call, cause by the understandable need of caracara.client.Client to request a token when instanciated.

Could it be possible to only call self.api_authentication.token() when needed, even if that means remaining unaware of the base_url variable for a while ? (which is fine, because you won't ever need it unless authenticated to answer a query ).

Feel free to say this problem is convoluted :D

Cheers,

[ChristopherHammond13]

@jshcodes I think this might be a better question to send your way: we currently grab a token during the Client object initialisation here https://github.com/CrowdStrike/caracara/blob/v0.3.0/caracara/client.py#L149

Do we need to call .token() before the service classes are initialisation further down, or can we defer that call? I know we derive the Cloud based on the token endpoint in US-1 (if the cloud is auto), and derive a base URL based on that, but is that even necessary at that point? If not, we may be able to cut that line out and make the initialisation lazy.

The reason I ask (rather than just testing this) is that I know we are getting some auth object changes in FalconPy v1.3.0, so want to make sure whatever we do here will be compatible going forward.

[jshcodes]

FalconPy will request a token when it prepares to make any API call and it realizes the token is expired or not present.

Regarding v1.3.0, the intent is to maintain this same functionality (one of the last pieces outstanding in acceptance testing).

In my mind, Caracara should be fine to go the lazy authentication route and defer it.