Pass client certificates to Kernel Gateway

[ricedavida]

This feature is designed to be paired with Jupyter Kernel Gateway's client-ca option.
--client-ca= (KernelGatewayApp.client_ca)
Default: None
The full path to a certificate authority certificate for SSL/TLS client
authentication. (KG_CLIENT_CA env var)

To use this feature, add paths to client key, cert and the CA that signed it to the
following environment variables:
KG_CLIENT_KEY
KG_CLIENT_CERT
KG_CLIENT_CA

[LK-Tmac1]

When shall we merge this PR? Waiting for it as need to build a docker image on the docker stacks.

Seems the conflicts are because of my recent changes where I also added some env variables to nb2kg handlers and managers. Although it won't be too much work to resolve the conflict and I would like to do so if necessary.

[kevin-bates]

@riceda195 or @liukun1016 - could either of you please resolve these conflicts? It would be great to produce a release soon and this looks like a good addition. Thanks!

[LK-Tmac1]

@kevin-bates , @riceda195

The reason for the conflict is that when the flag KG_CLIENT_KEY is set as True, we also need to consider the env variables and parameters passed to HTTPRequest in handler.py, and fetch_kg in manager.py.

i.e. client_key, client_cert, and ca_certs, whose default values are env variables KG_CLIENT_KEY, KG_CLIENT_CERT and KG_CLIENT_CA.

I resolved the conflict by make the codes more flexible, i.e. by initializing the parameters based on the KG_CLIENT_KEY flag and pass those parameters in a dictionary to the HTTPRequest and fetch_kg.

Please let me know if there is any concern or improvement. Otherwise hope to merge this PR ASAP.

[kevin-bates]

@liukun1016, thanks for removing the conflict. Have you had a chance to test out the changes?
@riceda195, is there any chance you can check out these changes relative to the cert parameters?

[LK-Tmac1]

For the timeout parameters it worked as my previous changes.

But I haven't tested the certification part though since I am not so clear about how should we use the cert, client key and client auth.

[ricedavida]

I added a slight modification to make the client_ca option/argument optional. Not every environment needs this, so it seemed logical to make it optional.

[kevin-bates]

Thanks @liukun1016 and @riceda195 - these changes look fine to me.

[LK-Tmac1]

@riceda195 Thanks for that. LGTM.

[ricedavida]

anything else preventing this PR from being merged in?

[kevin-bates]

Thanks @riceda195

[ricedavida]

and thank you @liukun1016 and @kevin-bates