fix: Set SystemLink Server certificate path in JupyterHttpConfiguration, on Windows#222
Merged
AlexDanDuna merged 16 commits intoJul 15, 2026
Conversation
…hen using the clients library from SLS notebooks
… not exist, on Windows
AlexDanDuna
requested review from
cameronwaterman,
rbell517 and
spanglerco
as code owners
July 15, 2026 19:32
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates JupyterHttpConfiguration so that SystemLink Server notebooks on Windows can automatically use the SystemLink web server certificate (when present) as cert_path, avoiding HTTPS failures when the default HttpConfigurations directory is not readable in SLS 26Q3 notebook execution contexts.
Changes:
- Add Windows-only logic in
JupyterHttpConfigurationto pass the Skyline web server certificate path ascert_pathwhen the certificate file exists. - Add unit tests covering Windows vs. Linux behavior and certificate-present vs. certificate-missing scenarios.
- Remove a session-level Pydantic validation fixture from
conftest.py(appears unrelated to the PR’s stated purpose).
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
nisystemlink/clients/core/_jupyter_http_configuration.py |
Adds conditional certificate path handling for Windows notebook executions. |
tests/core/test_jupyter_http_configuration.py |
Adds tests validating cert_path behavior across OS/cert-existence permutations. |
conftest.py |
Removes an autouse Pydantic fixture affecting JSON model validation across the test suite. |
Comments suppressed due to low confidence (1)
conftest.py:86
- This PR removes the session-level
pydantic_forbid_extra_fieldsautouse fixture, which changes JSON model validation behavior across the entire test suite (and makes the existingJsonModel/Extraimports unused). Since this behavior change is unrelated to the certificate-path fix, it likely should not be part of this PR.
if uri and api_key:
return core.HttpConfiguration(uri, api_key)
else:
pytest.skip("--enterprise-uri or --enterprise-api-key setting not found")
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
spanglerco
requested changes
Jul 15, 2026
…ad of a string, per AI code review Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
…rns the proper Windows path when running the tests on Linux
spanglerco
approved these changes
Jul 15, 2026
AlexDanDuna
deleted the
add-certificate-path-for-sls-notebooks-in-jupyterhttpconfiguration
branch
July 15, 2026 21:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this Pull Request accomplish?
SystemLink Server 26Q3 restricts notebook executions (by default). Access to the
HttpConfigurationsfolder isno longer granted for notebooks running under the JupyterHub/NotebookExecution services. Since config files under
HttpConfigurationsare no longer readable, creating client objects from this library, from SLS notebooks,will default to using
JupyterHttpConfiguration. However, this does not set acert_path, so HTTPSrequests will fail.
When running SystemLink Server notebooks (Windows), we will therefore pass the Web Server CA certificate's path as the
cert_path, if the file exists. This will allow clients created with the default configuration to use this CA certificate.If the file does not exist (when the Web Server is configured in HTTP mode), do not pass it; an invalid
cert_pathwill lead to errors.
Tracked under:
https://dev.azure.com/ni/DevCentral/_workitems/edit/3961101
and
https://dev.azure.com/ni/DevCentral/_queries/edit/3944027
Why should this Pull Request be merged?
It will allow customers whose notebooks use this library and break after upgrading to SLS 26Q3, to quickly fix them up by having an Administrator bump the library to the patched version that we'll release once this PR is merged.
What testing has been done?
Manual testing in a SLS instance. Verified that this snippet
from nisystemlink.clients.tag import TagManager tag_manager = TagManager() tag_manager.open("tagname")yields no certificate errors when: