From 65a9d16a602b54d100fe5fbc089349eaa0e97aef Mon Sep 17 00:00:00 2001 From: David C Kennedy Date: Thu, 12 Feb 2015 11:22:46 +0000 Subject: [PATCH] Support ssl cert verification on outgoing https Added the verify parameter to HttpAction class so that a ca bundle can be used to verify ssl certs when making outgoing https calls via HttpAction Modified unit tests to expect added parameter Corrected name of test_inspect_utils.py as it was under the knife in any case Change-Id: I444b22eabf7c48db62f29a59421aaa290b5f0cd7 Closes-Bug: #1421167 --- mistral/actions/std_actions.py | 18 +++++++++++++----- .../tests/unit/actions/test_std_http_action.py | 6 ++++-- .../tests/unit/engine1/test_action_context.py | 2 +- .../tests/unit/engine1/test_action_defaults.py | 11 +++++++---- .../tests/unit/services/test_action_manager.py | 2 +- ...t_inpect_utils.py => test_inspect_utils.py} | 2 +- 6 files changed, 27 insertions(+), 14 deletions(-) rename mistral/tests/unit/utils/{test_inpect_utils.py => test_inspect_utils.py} (96%) diff --git a/mistral/actions/std_actions.py b/mistral/actions/std_actions.py index 94fa4eb6a..8974024d5 100644 --- a/mistral/actions/std_actions.py +++ b/mistral/actions/std_actions.py @@ -118,6 +118,8 @@ class HTTPAction(base.Action): redirect following is allowed. :param proxies: (optional) Dictionary mapping protocol to the URL of the proxy. + :param verify: (optional) if ``True``, the SSL cert will be verified. + A CA_BUNDLE path can also be provided. """ def __init__(self, @@ -130,7 +132,8 @@ class HTTPAction(base.Action): auth=None, timeout=None, allow_redirects=None, - proxies=None): + proxies=None, + verify=None): if auth and len(auth.split(':')) == 2: self.auth = (auth.split(':')[0], auth.split(':')[1]) @@ -146,12 +149,13 @@ class HTTPAction(base.Action): self.timeout = timeout self.allow_redirects = allow_redirects self.proxies = proxies + self.verify = verify def run(self): LOG.info("Running HTTP action " "[url=%s, method=%s, params=%s, body=%s, headers=%s," " cookies=%s, auth=%s, timeout=%s, allow_redirects=%s," - " proxies=%s]" % + " proxies=%s, verify=%s]" % (self.url, self.method, self.params, @@ -161,7 +165,8 @@ class HTTPAction(base.Action): self.auth, self.timeout, self.allow_redirects, - self.proxies)) + self.proxies, + self.verify)) try: resp = requests.request( @@ -174,7 +179,8 @@ class HTTPAction(base.Action): auth=self.auth, timeout=self.timeout, allow_redirects=self.allow_redirects, - proxies=self.proxies + proxies=self.proxies, + verify=self.verify ) except Exception as e: raise exc.ActionException("Failed to send HTTP request: %s" % e) @@ -216,7 +222,8 @@ class MistralHTTPAction(HTTPAction): auth=None, timeout=None, allow_redirects=None, - proxies=None): + proxies=None, + verify=None): headers = headers or {} headers.update({ 'Mistral-Workflow-Name': action_context.get('workflow_name'), @@ -235,6 +242,7 @@ class MistralHTTPAction(HTTPAction): timeout, allow_redirects, proxies, + verify, ) def is_sync(self): diff --git a/mistral/tests/unit/actions/test_std_http_action.py b/mistral/tests/unit/actions/test_std_http_action.py index 9cbcd60a5..fce51b983 100644 --- a/mistral/tests/unit/actions/test_std_http_action.py +++ b/mistral/tests/unit/actions/test_std_http_action.py @@ -80,7 +80,8 @@ class HTTPActionTest(base.BaseTest): timeout=20, auth=None, allow_redirects=True, - proxies=None + proxies=None, + verify=None ) @mock.patch.object(requests, "request") @@ -115,5 +116,6 @@ class HTTPActionTest(base.BaseTest): timeout=None, auth=('user', 'password'), allow_redirects=None, - proxies=None + proxies=None, + verify=None ) diff --git a/mistral/tests/unit/engine1/test_action_context.py b/mistral/tests/unit/engine1/test_action_context.py index d4a885083..94f930bbf 100644 --- a/mistral/tests/unit/engine1/test_action_context.py +++ b/mistral/tests/unit/engine1/test_action_context.py @@ -92,4 +92,4 @@ class ActionContextTest(base.EngineTestCase): requests.request.assert_called_with( 'GET', 'https://wiki.openstack.org/wiki/mistral', params=None, data=None, headers=headers, cookies=None, auth=None, - timeout=None, allow_redirects=None, proxies=None) + timeout=None, allow_redirects=None, proxies=None, verify=None) diff --git a/mistral/tests/unit/engine1/test_action_defaults.py b/mistral/tests/unit/engine1/test_action_defaults.py index 04a9cb4f3..d0e597463 100644 --- a/mistral/tests/unit/engine1/test_action_defaults.py +++ b/mistral/tests/unit/engine1/test_action_defaults.py @@ -134,7 +134,8 @@ class ActionDefaultTest(base.EngineTestCase): requests.request.assert_called_with( 'GET', 'https://api.library.org/books', params=None, data=None, headers=None, cookies=None, - allow_redirects=None, proxies=None, auth=EXPECTED_ENV_AUTH, + allow_redirects=None, proxies=None, verify=None, + auth=EXPECTED_ENV_AUTH, timeout=ENV['__actions']['std.http']['timeout']) @mock.patch.object( @@ -158,7 +159,8 @@ class ActionDefaultTest(base.EngineTestCase): requests.request.assert_called_with( 'GET', 'https://api.library.org/books', params=None, data=None, headers=None, cookies=None, - allow_redirects=None, proxies=None, auth=EXPECTED_ENV_AUTH, + allow_redirects=None, proxies=None, verify=None, + auth=EXPECTED_ENV_AUTH, timeout=60) @mock.patch.object( @@ -191,7 +193,7 @@ class ActionDefaultTest(base.EngineTestCase): calls = [mock.call('GET', url, params=None, data=None, headers=None, cookies=None, allow_redirects=None, proxies=None, - auth=EXPECTED_ENV_AUTH, + auth=EXPECTED_ENV_AUTH, verify=None, timeout=ENV['__actions']['std.http']['timeout']) for url in wf_input['links']] @@ -227,7 +229,8 @@ class ActionDefaultTest(base.EngineTestCase): calls = [mock.call('GET', url, params=None, data=None, headers=None, cookies=None, allow_redirects=None, proxies=None, - auth=EXPECTED_ENV_AUTH, timeout=60) + auth=EXPECTED_ENV_AUTH, verify=None, + timeout=60) for url in wf_input['links']] requests.request.assert_has_calls(calls, any_order=True) diff --git a/mistral/tests/unit/services/test_action_manager.py b/mistral/tests/unit/services/test_action_manager.py index ccea87163..1bd14aa17 100644 --- a/mistral/tests/unit/services/test_action_manager.py +++ b/mistral/tests/unit/services/test_action_manager.py @@ -25,7 +25,7 @@ class ActionManagerTest(base.DbTestCase): "url, method=GET, params=None, body=None, " "headers=None, cookies=None, auth=None, " "timeout=None, allow_redirects=None, " - "proxies=None" + "proxies=None, verify=None" ) self.assertEqual(http_action_input, std_http.input) diff --git a/mistral/tests/unit/utils/test_inpect_utils.py b/mistral/tests/unit/utils/test_inspect_utils.py similarity index 96% rename from mistral/tests/unit/utils/test_inpect_utils.py rename to mistral/tests/unit/utils/test_inspect_utils.py index 586932b24..9c4d1d194 100644 --- a/mistral/tests/unit/utils/test_inpect_utils.py +++ b/mistral/tests/unit/utils/test_inspect_utils.py @@ -26,7 +26,7 @@ class InspectUtilsTest(base.BaseTest): "url, method=GET, params=None, body=None, " "headers=None, cookies=None, auth=None, " "timeout=None, allow_redirects=None, " - "proxies=None" + "proxies=None, verify=None" ) self.assertEqual(http_action_params, parameters_str)