From 384350a7b1943ca070f310d606a9993f896f9ee3 Mon Sep 17 00:00:00 2001 From: Ishant Tyagi Date: Mon, 7 Mar 2016 22:06:09 +0530 Subject: [PATCH] Heat integration tests failing against https endpoints Provide ca_file option to pass the ca certificate to verify https connection. Also pass verify parameter to the test cases which directly call requests library methods. Change-Id: I4a81047136d6a64b151180e95c254edea8165349 Closes-Bug: #1553898 (cherry picked from commit 1b23afe9716b9bb64969ed5d68ccf62ebeaf15bf) --- heat_integrationtests/common/clients.py | 25 +++++++++++-------- heat_integrationtests/common/config.py | 4 +++ heat_integrationtests/common/test.py | 4 +++ .../functional/test_aws_stack.py | 2 +- .../functional/test_notifications.py | 4 +-- .../functional/test_software_config.py | 3 ++- .../scenario/test_autoscaling_lb.py | 2 +- 7 files changed, 28 insertions(+), 16 deletions(-) diff --git a/heat_integrationtests/common/clients.py b/heat_integrationtests/common/clients.py index c7a7f60e6c..e89fb3a6d2 100644 --- a/heat_integrationtests/common/clients.py +++ b/heat_integrationtests/common/clients.py @@ -35,6 +35,8 @@ class ClientManager(object): def __init__(self, conf): self.conf = conf + self.insecure = self.conf.disable_ssl_certificate_validation + self.ca_file = self.conf.ca_file self.identity_client = self._get_identity_client() self.orchestration_client = self._get_orchestration_client() self.compute_client = self._get_compute_client() @@ -74,11 +76,11 @@ class ClientManager(object): password=self.conf.password, tenant_name=self.conf.tenant_name, auth_url=self.conf.auth_url, - insecure=self.conf.disable_ssl_certificate_validation) + insecure=self.insecure, + cacert=self.ca_file) def _get_compute_client(self): - dscv = self.conf.disable_ssl_certificate_validation region = self.conf.region client_args = ( @@ -96,12 +98,12 @@ class ClientManager(object): endpoint_type='publicURL', region_name=region, no_cache=True, - insecure=dscv, + insecure=self.insecure, + cacert=self.ca_file, http_log_debug=True) def _get_network_client(self): auth_url = self.conf.auth_url - dscv = self.conf.disable_ssl_certificate_validation return neutronclient.v2_0.client.Client( username=self.conf.username, @@ -109,13 +111,13 @@ class ClientManager(object): tenant_name=self.conf.tenant_name, endpoint_type='publicURL', auth_url=auth_url, - insecure=dscv) + insecure=self.insecure, + ca_cert=self.ca_file) def _get_volume_client(self): auth_url = self.conf.auth_url region = self.conf.region endpoint_type = 'publicURL' - dscv = self.conf.disable_ssl_certificate_validation return cinderclient.client.Client( self.CINDERCLIENT_VERSION, self.conf.username, @@ -124,11 +126,11 @@ class ClientManager(object): auth_url, region_name=region, endpoint_type=endpoint_type, - insecure=dscv, + insecure=self.insecure, + cacert=self.ca_file, http_log_debug=True) def _get_object_client(self): - dscv = self.conf.disable_ssl_certificate_validation args = { 'auth_version': '2.0', 'tenant_name': self.conf.tenant_name, @@ -136,12 +138,12 @@ class ClientManager(object): 'key': self.conf.password, 'authurl': self.conf.auth_url, 'os_options': {'endpoint_type': 'publicURL'}, - 'insecure': dscv, + 'insecure': self.insecure, + 'cacert': self.ca_file, } return swiftclient.client.Connection(**args) def _get_metering_client(self): - dscv = self.conf.disable_ssl_certificate_validation keystone = self._get_identity_client() try: @@ -159,7 +161,8 @@ class ClientManager(object): 'password': self.conf.password, 'tenant_name': self.conf.tenant_name, 'auth_url': self.conf.auth_url, - 'insecure': dscv, + 'insecure': self.insecure, + 'cacert': self.ca_file, 'region_name': self.conf.region, 'endpoint_type': 'publicURL', 'service_type': 'metering', diff --git a/heat_integrationtests/common/config.py b/heat_integrationtests/common/config.py index 160f31be73..a6014dadf2 100644 --- a/heat_integrationtests/common/config.py +++ b/heat_integrationtests/common/config.py @@ -61,6 +61,10 @@ IntegrationTestGroup = [ cfg.BoolOpt('disable_ssl_certificate_validation', default=False, help="Set to True if using self-signed SSL certificates."), + cfg.StrOpt('ca_file', + default=None, + help="CA certificate to pass for servers that have " + "https endpoint."), cfg.IntOpt('build_interval', default=4, help="Time in seconds between build status checks."), diff --git a/heat_integrationtests/common/test.py b/heat_integrationtests/common/test.py index 46911f07a3..9db5eae045 100644 --- a/heat_integrationtests/common/test.py +++ b/heat_integrationtests/common/test.py @@ -90,6 +90,10 @@ class HeatIntegrationTest(testscenarios.WithScenarios, self.metering_client = self.manager.metering_client self.useFixture(fixtures.FakeLogger(format=_LOG_FORMAT)) self.updated_time = {} + if self.conf.disable_ssl_certificate_validation: + self.verify_cert = False + else: + self.verify_cert = self.conf.ca_file or True def get_remote_client(self, server_or_ip, username, private_key=None): if isinstance(server_or_ip, six.string_types): diff --git a/heat_integrationtests/functional/test_aws_stack.py b/heat_integrationtests/functional/test_aws_stack.py index ba4883fc5b..9fb2197b06 100644 --- a/heat_integrationtests/functional/test_aws_stack.py +++ b/heat_integrationtests/functional/test_aws_stack.py @@ -107,7 +107,7 @@ Outputs: full_url = '%s://%s%s' % (sw_url.scheme, sw_url.netloc, tempurl) def download(): - r = requests.get(full_url) + r = requests.get(full_url, verify=self.verify_cert) LOG.info('GET: %s -> %s' % (full_url, r.status_code)) return r.status_code == requests.codes.ok diff --git a/heat_integrationtests/functional/test_notifications.py b/heat_integrationtests/functional/test_notifications.py index 3b8e0030f9..924ef0c885 100644 --- a/heat_integrationtests/functional/test_notifications.py +++ b/heat_integrationtests/functional/test_notifications.py @@ -179,12 +179,12 @@ outputs: callbacks=[handler.process_message], auto_declare=False): - requests.post(scale_up_url) + requests.post(scale_up_url, verify=self.verify_cert) test.call_until_true(20, 0, self.consume_events, handler, 2) notifications += handler.notifications handler.clear() - requests.post(scale_down_url) + requests.post(scale_down_url, verify=self.verify_cert) test.call_until_true(20, 0, self.consume_events, handler, 2) notifications += handler.notifications diff --git a/heat_integrationtests/functional/test_software_config.py b/heat_integrationtests/functional/test_software_config.py index af7d671e29..ac8f0346b1 100644 --- a/heat_integrationtests/functional/test_software_config.py +++ b/heat_integrationtests/functional/test_software_config.py @@ -144,4 +144,5 @@ properties: iv = dict((i['name'], i['value']) for i in dep['inputs']) sigurl = iv.get('deploy_signal_id') requests.post(sigurl, data='{}', - headers={'content-type': None}) + headers={'content-type': None}, + verify=self.verify_cert) diff --git a/heat_integrationtests/scenario/test_autoscaling_lb.py b/heat_integrationtests/scenario/test_autoscaling_lb.py index 21b27dd526..11a5088c2e 100644 --- a/heat_integrationtests/scenario/test_autoscaling_lb.py +++ b/heat_integrationtests/scenario/test_autoscaling_lb.py @@ -37,7 +37,7 @@ class AutoscalingLoadBalancerTest(scenario_base.ScenarioTestsBase): resp = set() for count in range(retries): time.sleep(1) - r = requests.get(url) + r = requests.get(url, verify=self.verify_cert) # skip unsuccessfull requests if r.status_code == 200: resp.add(r.text)