Allow non-verified HTTPS sources for virtualmedia
This PR enables the emulator to insert media that is served over HTTPS by adding a new configuration option that disables python-requests verification. Signed-off-by: Antoni Segura Puimedon <asegurap@redhat.com> Change-Id: Ie594ee021f55c5e97ca0ab5e9e96409fdd7038a9
This commit is contained in:
parent
17fd2a01d3
commit
b6542f6e8e
@ -94,6 +94,10 @@ SUSHY_EMULATOR_VMEDIA_DEVICES = {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Instruct the virtual media insertion not to verify the SSL certificate
|
||||||
|
# when retrieving the image.
|
||||||
|
SUSHY_EMULATOR_VMEDIA_VERIFY_SSL = True
|
||||||
|
|
||||||
# This map contains statically configured Redfish Storage resource linked
|
# This map contains statically configured Redfish Storage resource linked
|
||||||
# up with the Systems resource, keyed by the UUIDs of the Systems.
|
# up with the Systems resource, keyed by the UUIDs of the Systems.
|
||||||
SUSHY_EMULATOR_STORAGE = {
|
SUSHY_EMULATOR_STORAGE = {
|
||||||
|
@ -140,12 +140,16 @@ class StaticDriver(base.DriverBase):
|
|||||||
:raises: `FishyError` if image can't be manipulated
|
:raises: `FishyError` if image can't be manipulated
|
||||||
"""
|
"""
|
||||||
device_info = self._get_device(identity, device)
|
device_info = self._get_device(identity, device)
|
||||||
|
verify_media_cert = self._config.get(
|
||||||
|
'SUSHY_EMULATOR_VMEDIA_VERIFY_SSL', True)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
with tempfile.NamedTemporaryFile(
|
with tempfile.NamedTemporaryFile(
|
||||||
mode='w+b', delete=False) as tmp_file:
|
mode='w+b', delete=False) as tmp_file:
|
||||||
|
|
||||||
with requests.get(image_url, stream=True) as rsp:
|
with requests.get(image_url,
|
||||||
|
stream=True,
|
||||||
|
verify=verify_media_cert) as rsp:
|
||||||
|
|
||||||
with open(tmp_file.name, 'wb') as fl:
|
with open(tmp_file.name, 'wb') as fl:
|
||||||
|
|
||||||
|
@ -97,7 +97,7 @@ class StaticDriverTestCase(base.BaseTestCase):
|
|||||||
|
|
||||||
self.assertEqual('/alphabet/soup/fish.iso', local_file)
|
self.assertEqual('/alphabet/soup/fish.iso', local_file)
|
||||||
mock_requests.get.assert_called_once_with(
|
mock_requests.get.assert_called_once_with(
|
||||||
'http://fish.it/red.iso', stream=True)
|
'http://fish.it/red.iso', stream=True, verify=True)
|
||||||
mock_open.assert_called_once_with(mock.ANY, 'wb')
|
mock_open.assert_called_once_with(mock.ANY, 'wb')
|
||||||
mock_rename.assert_called_once_with(
|
mock_rename.assert_called_once_with(
|
||||||
'alphabet.soup', '/alphabet/soup/fish.iso')
|
'alphabet.soup', '/alphabet/soup/fish.iso')
|
||||||
@ -132,7 +132,7 @@ class StaticDriverTestCase(base.BaseTestCase):
|
|||||||
|
|
||||||
self.assertEqual('/alphabet/soup/red.iso', local_file)
|
self.assertEqual('/alphabet/soup/red.iso', local_file)
|
||||||
mock_requests.get.assert_called_once_with(
|
mock_requests.get.assert_called_once_with(
|
||||||
'http://fish.it/red.iso', stream=True)
|
'http://fish.it/red.iso', stream=True, verify=True)
|
||||||
mock_open.assert_called_once_with(mock.ANY, 'wb')
|
mock_open.assert_called_once_with(mock.ANY, 'wb')
|
||||||
mock_rename.assert_called_once_with(
|
mock_rename.assert_called_once_with(
|
||||||
'alphabet.soup', '/alphabet/soup/red.iso')
|
'alphabet.soup', '/alphabet/soup/red.iso')
|
||||||
@ -166,7 +166,8 @@ class StaticDriverTestCase(base.BaseTestCase):
|
|||||||
inserted=True, write_protected=False)
|
inserted=True, write_protected=False)
|
||||||
|
|
||||||
self.assertEqual('/alphabet/soup/boot-abc', local_file)
|
self.assertEqual('/alphabet/soup/boot-abc', local_file)
|
||||||
mock_requests.get.assert_called_once_with(full_url, stream=True)
|
mock_requests.get.assert_called_once_with(full_url, stream=True,
|
||||||
|
verify=True)
|
||||||
mock_open.assert_called_once_with(mock.ANY, 'wb')
|
mock_open.assert_called_once_with(mock.ANY, 'wb')
|
||||||
mock_rename.assert_called_once_with(
|
mock_rename.assert_called_once_with(
|
||||||
'alphabet.soup', '/alphabet/soup/boot-abc')
|
'alphabet.soup', '/alphabet/soup/boot-abc')
|
||||||
@ -175,6 +176,50 @@ class StaticDriverTestCase(base.BaseTestCase):
|
|||||||
self.assertTrue(device_info['Inserted'])
|
self.assertTrue(device_info['Inserted'])
|
||||||
self.assertFalse(device_info['WriteProtected'])
|
self.assertFalse(device_info['WriteProtected'])
|
||||||
|
|
||||||
|
@mock.patch.object(vmedia.StaticDriver, '_get_device', autospec=True)
|
||||||
|
@mock.patch.object(builtins, 'open', autospec=True)
|
||||||
|
@mock.patch.object(vmedia.os, 'rename', autospec=True)
|
||||||
|
@mock.patch.object(vmedia, 'tempfile', autospec=True)
|
||||||
|
@mock.patch.object(vmedia, 'requests', autospec=True)
|
||||||
|
def test_insert_image_no_verify_ssl(self, mock_requests, mock_tempfile,
|
||||||
|
mock_rename, mock_open,
|
||||||
|
mock_get_device):
|
||||||
|
device_info = {}
|
||||||
|
mock_get_device.return_value = device_info
|
||||||
|
|
||||||
|
mock_tempfile.mkdtemp.return_value = '/alphabet/soup'
|
||||||
|
mock_tempfile.gettempdir.return_value = '/tmp'
|
||||||
|
mock_tmp_file = (mock_tempfile.NamedTemporaryFile
|
||||||
|
.return_value.__enter__.return_value)
|
||||||
|
mock_tmp_file.name = 'alphabet.soup'
|
||||||
|
mock_rsp = mock_requests.get.return_value.__enter__.return_value
|
||||||
|
mock_rsp.headers = {
|
||||||
|
'content-disposition': 'attachment; filename="fish.iso"'
|
||||||
|
}
|
||||||
|
|
||||||
|
ssl_conf_key = 'SUSHY_EMULATOR_VMEDIA_VERIFY_SSL'
|
||||||
|
default_ssl_verify = self.test_driver._config.get(ssl_conf_key)
|
||||||
|
try:
|
||||||
|
self.test_driver._config[ssl_conf_key] = (
|
||||||
|
False)
|
||||||
|
local_file = self.test_driver.insert_image(
|
||||||
|
self.UUID, 'Cd', 'https://fish.it/red.iso', inserted=True,
|
||||||
|
write_protected=False)
|
||||||
|
finally:
|
||||||
|
self.test_driver._config[ssl_conf_key] = default_ssl_verify
|
||||||
|
|
||||||
|
self.assertEqual('/alphabet/soup/fish.iso', local_file)
|
||||||
|
mock_requests.get.assert_called_once_with(
|
||||||
|
'https://fish.it/red.iso', stream=True, verify=False)
|
||||||
|
mock_open.assert_called_once_with(mock.ANY, 'wb')
|
||||||
|
mock_rename.assert_called_once_with(
|
||||||
|
'alphabet.soup', '/alphabet/soup/fish.iso')
|
||||||
|
|
||||||
|
self.assertEqual('fish.iso', device_info['Image'])
|
||||||
|
self.assertTrue(device_info['Inserted'])
|
||||||
|
self.assertFalse(device_info['WriteProtected'])
|
||||||
|
self.assertEqual(local_file, device_info['_local_file'])
|
||||||
|
|
||||||
@mock.patch.object(vmedia.StaticDriver, '_get_device', autospec=True)
|
@mock.patch.object(vmedia.StaticDriver, '_get_device', autospec=True)
|
||||||
@mock.patch.object(vmedia.os, 'unlink', autospec=True)
|
@mock.patch.object(vmedia.os, 'unlink', autospec=True)
|
||||||
def test_eject_image(self, mock_unlink, mock_get_device):
|
def test_eject_image(self, mock_unlink, mock_get_device):
|
||||||
|
Loading…
Reference in New Issue
Block a user