From 96ef3fc4ca4a9f36e9896f034c139f829210e614 Mon Sep 17 00:00:00 2001 From: tyagi Date: Mon, 7 Mar 2016 04:47:00 -0800 Subject: [PATCH] Heat integration tests failing against https endpoints Provide ca_file option to pass the ca certificate to verify https connection. Also pass verify parameter to the test cases which directly call requests library methods. Change-Id: I4a81047136d6a64b151180e95c254edea8165349 Closes-Bug: #1553898 --- heat_integrationtests/common/clients.py | 31 +++++++++++-------- heat_integrationtests/common/config.py | 4 +++ heat_integrationtests/common/test.py | 4 +++ .../functional/test_notifications.py | 4 +-- .../functional/test_software_config.py | 3 +- .../scenario/test_autoscaling_lb.py | 2 +- 6 files changed, 31 insertions(+), 17 deletions(-) diff --git a/heat_integrationtests/common/clients.py b/heat_integrationtests/common/clients.py index 85bfea542..acbf239b0 100644 --- a/heat_integrationtests/common/clients.py +++ b/heat_integrationtests/common/clients.py @@ -79,6 +79,8 @@ class ClientManager(object): raise ValueError(_('Incorrectly specified auth_url config: no ' 'version found.')) + self.insecure = self.conf.disable_ssl_certificate_validation + self.ca_file = self.conf.ca_file self.identity_client = self._get_identity_client() self.orchestration_client = self._get_orchestration_client() self.compute_client = self._get_compute_client() @@ -121,13 +123,15 @@ class ClientManager(object): 'project_domain_name': domain, 'user_domain_name': domain}) auth = password.Password(**kwargs) - return KeystoneWrapperClient( - auth, - not self.conf.disable_ssl_certificate_validation) + if self.insecure: + verify_cert = False + else: + verify_cert = self.ca_file or True + + return KeystoneWrapperClient(auth, verify_cert) def _get_compute_client(self): - dscv = self.conf.disable_ssl_certificate_validation region = self.conf.region client_args = ( @@ -146,11 +150,11 @@ class ClientManager(object): endpoint_type='publicURL', region_name=region, no_cache=True, - insecure=dscv, + insecure=self.insecure, + cacert=self.ca_file, http_log_debug=True) def _get_network_client(self): - dscv = self.conf.disable_ssl_certificate_validation return neutron_client.Client( username=self.conf.username, @@ -159,12 +163,12 @@ class ClientManager(object): endpoint_type='publicURL', # neutronclient can not use v3 url auth_url=self.v2_auth_url, - insecure=dscv) + insecure=self.insecure, + ca_cert=self.ca_file) def _get_volume_client(self): region = self.conf.region endpoint_type = 'publicURL' - dscv = self.conf.disable_ssl_certificate_validation return cinder_client.Client( self.CINDERCLIENT_VERSION, self.conf.username, @@ -174,11 +178,11 @@ class ClientManager(object): self.v2_auth_url, region_name=region, endpoint_type=endpoint_type, - insecure=dscv, + insecure=self.insecure, + cacert=self.ca_file, http_log_debug=True) def _get_object_client(self): - dscv = self.conf.disable_ssl_certificate_validation args = { 'auth_version': self.auth_version, 'tenant_name': self.conf.tenant_name, @@ -186,12 +190,12 @@ class ClientManager(object): 'key': self.conf.password, 'authurl': self.conf.auth_url, 'os_options': {'endpoint_type': 'publicURL'}, - 'insecure': dscv, + 'insecure': self.insecure, + 'cacert': self.ca_file, } return swift_client.Connection(**args) def _get_metering_client(self): - dscv = self.conf.disable_ssl_certificate_validation domain = self.conf.domain_name try: endpoint = self.identity_client.get_endpoint_url('metering', @@ -204,7 +208,8 @@ class ClientManager(object): 'password': self.conf.password, 'tenant_name': self.conf.tenant_name, 'auth_url': self.conf.auth_url, - 'insecure': dscv, + 'insecure': self.insecure, + 'cacert': self.ca_file, 'region_name': self.conf.region, 'endpoint_type': 'publicURL', 'service_type': 'metering', diff --git a/heat_integrationtests/common/config.py b/heat_integrationtests/common/config.py index 6d3560026..f8ae075d3 100644 --- a/heat_integrationtests/common/config.py +++ b/heat_integrationtests/common/config.py @@ -60,6 +60,10 @@ IntegrationTestGroup = [ cfg.BoolOpt('disable_ssl_certificate_validation', default=False, help="Set to True if using self-signed SSL certificates."), + cfg.StrOpt('ca_file', + default=None, + help="CA certificate to pass for servers that have " + "https endpoint."), cfg.IntOpt('build_interval', default=4, help="Time in seconds between build status checks."), diff --git a/heat_integrationtests/common/test.py b/heat_integrationtests/common/test.py index 4eaa2b7b7..42fa43ccb 100644 --- a/heat_integrationtests/common/test.py +++ b/heat_integrationtests/common/test.py @@ -92,6 +92,10 @@ class HeatIntegrationTest(testscenarios.WithScenarios, self.metering_client = self.manager.metering_client self.useFixture(fixtures.FakeLogger(format=_LOG_FORMAT)) self.updated_time = {} + if self.conf.disable_ssl_certificate_validation: + self.verify_cert = False + else: + self.verify_cert = self.conf.ca_file or True def get_remote_client(self, server_or_ip, username, private_key=None): if isinstance(server_or_ip, six.string_types): diff --git a/heat_integrationtests/functional/test_notifications.py b/heat_integrationtests/functional/test_notifications.py index 3b8e0030f..924ef0c88 100644 --- a/heat_integrationtests/functional/test_notifications.py +++ b/heat_integrationtests/functional/test_notifications.py @@ -179,12 +179,12 @@ outputs: callbacks=[handler.process_message], auto_declare=False): - requests.post(scale_up_url) + requests.post(scale_up_url, verify=self.verify_cert) test.call_until_true(20, 0, self.consume_events, handler, 2) notifications += handler.notifications handler.clear() - requests.post(scale_down_url) + requests.post(scale_down_url, verify=self.verify_cert) test.call_until_true(20, 0, self.consume_events, handler, 2) notifications += handler.notifications diff --git a/heat_integrationtests/functional/test_software_config.py b/heat_integrationtests/functional/test_software_config.py index 20d38d804..860d68826 100644 --- a/heat_integrationtests/functional/test_software_config.py +++ b/heat_integrationtests/functional/test_software_config.py @@ -149,7 +149,8 @@ properties: iv = dict((i['name'], i['value']) for i in dep['inputs']) sigurl = iv.get('deploy_signal_id') requests.post(sigurl, data='{}', - headers={'content-type': None}) + headers={'content-type': None}, + verify=self.verify_cert) class ZaqarSignalTransportTest(functional_base.FunctionalTestsBase): diff --git a/heat_integrationtests/scenario/test_autoscaling_lb.py b/heat_integrationtests/scenario/test_autoscaling_lb.py index e3de091b7..f5b292ec3 100644 --- a/heat_integrationtests/scenario/test_autoscaling_lb.py +++ b/heat_integrationtests/scenario/test_autoscaling_lb.py @@ -39,7 +39,7 @@ class AutoscalingLoadBalancerTest(scenario_base.ScenarioTestsBase): for count in range(retries): time.sleep(1) try: - r = requests.get(url) + r = requests.get(url, verify=self.verify_cert) except requests.exceptions.ConnectionError: # The LB may not be up yet, let's retry continue