Allow non-verified HTTPS sources for virtualmedia

This PR enables the emulator to insert media that is served over HTTPS
by adding a new configuration option that disables python-requests
verification.

Signed-off-by: Antoni Segura Puimedon <asegurap@redhat.com>
Change-Id: Ie594ee021f55c5e97ca0ab5e9e96409fdd7038a9
This commit is contained in:
Antoni Segura Puimedon 2021-05-14 17:35:33 +02:00
parent 17fd2a01d3
commit b6542f6e8e
3 changed files with 57 additions and 4 deletions

View File

@ -94,6 +94,10 @@ SUSHY_EMULATOR_VMEDIA_DEVICES = {
} }
} }
# Instruct the virtual media insertion not to verify the SSL certificate
# when retrieving the image.
SUSHY_EMULATOR_VMEDIA_VERIFY_SSL = True
# This map contains statically configured Redfish Storage resource linked # This map contains statically configured Redfish Storage resource linked
# up with the Systems resource, keyed by the UUIDs of the Systems. # up with the Systems resource, keyed by the UUIDs of the Systems.
SUSHY_EMULATOR_STORAGE = { SUSHY_EMULATOR_STORAGE = {

View File

@ -140,12 +140,16 @@ class StaticDriver(base.DriverBase):
:raises: `FishyError` if image can't be manipulated :raises: `FishyError` if image can't be manipulated
""" """
device_info = self._get_device(identity, device) device_info = self._get_device(identity, device)
verify_media_cert = self._config.get(
'SUSHY_EMULATOR_VMEDIA_VERIFY_SSL', True)
try: try:
with tempfile.NamedTemporaryFile( with tempfile.NamedTemporaryFile(
mode='w+b', delete=False) as tmp_file: mode='w+b', delete=False) as tmp_file:
with requests.get(image_url, stream=True) as rsp: with requests.get(image_url,
stream=True,
verify=verify_media_cert) as rsp:
with open(tmp_file.name, 'wb') as fl: with open(tmp_file.name, 'wb') as fl:

View File

@ -97,7 +97,7 @@ class StaticDriverTestCase(base.BaseTestCase):
self.assertEqual('/alphabet/soup/fish.iso', local_file) self.assertEqual('/alphabet/soup/fish.iso', local_file)
mock_requests.get.assert_called_once_with( mock_requests.get.assert_called_once_with(
'http://fish.it/red.iso', stream=True) 'http://fish.it/red.iso', stream=True, verify=True)
mock_open.assert_called_once_with(mock.ANY, 'wb') mock_open.assert_called_once_with(mock.ANY, 'wb')
mock_rename.assert_called_once_with( mock_rename.assert_called_once_with(
'alphabet.soup', '/alphabet/soup/fish.iso') 'alphabet.soup', '/alphabet/soup/fish.iso')
@ -132,7 +132,7 @@ class StaticDriverTestCase(base.BaseTestCase):
self.assertEqual('/alphabet/soup/red.iso', local_file) self.assertEqual('/alphabet/soup/red.iso', local_file)
mock_requests.get.assert_called_once_with( mock_requests.get.assert_called_once_with(
'http://fish.it/red.iso', stream=True) 'http://fish.it/red.iso', stream=True, verify=True)
mock_open.assert_called_once_with(mock.ANY, 'wb') mock_open.assert_called_once_with(mock.ANY, 'wb')
mock_rename.assert_called_once_with( mock_rename.assert_called_once_with(
'alphabet.soup', '/alphabet/soup/red.iso') 'alphabet.soup', '/alphabet/soup/red.iso')
@ -166,7 +166,8 @@ class StaticDriverTestCase(base.BaseTestCase):
inserted=True, write_protected=False) inserted=True, write_protected=False)
self.assertEqual('/alphabet/soup/boot-abc', local_file) self.assertEqual('/alphabet/soup/boot-abc', local_file)
mock_requests.get.assert_called_once_with(full_url, stream=True) mock_requests.get.assert_called_once_with(full_url, stream=True,
verify=True)
mock_open.assert_called_once_with(mock.ANY, 'wb') mock_open.assert_called_once_with(mock.ANY, 'wb')
mock_rename.assert_called_once_with( mock_rename.assert_called_once_with(
'alphabet.soup', '/alphabet/soup/boot-abc') 'alphabet.soup', '/alphabet/soup/boot-abc')
@ -175,6 +176,50 @@ class StaticDriverTestCase(base.BaseTestCase):
self.assertTrue(device_info['Inserted']) self.assertTrue(device_info['Inserted'])
self.assertFalse(device_info['WriteProtected']) self.assertFalse(device_info['WriteProtected'])
@mock.patch.object(vmedia.StaticDriver, '_get_device', autospec=True)
@mock.patch.object(builtins, 'open', autospec=True)
@mock.patch.object(vmedia.os, 'rename', autospec=True)
@mock.patch.object(vmedia, 'tempfile', autospec=True)
@mock.patch.object(vmedia, 'requests', autospec=True)
def test_insert_image_no_verify_ssl(self, mock_requests, mock_tempfile,
mock_rename, mock_open,
mock_get_device):
device_info = {}
mock_get_device.return_value = device_info
mock_tempfile.mkdtemp.return_value = '/alphabet/soup'
mock_tempfile.gettempdir.return_value = '/tmp'
mock_tmp_file = (mock_tempfile.NamedTemporaryFile
.return_value.__enter__.return_value)
mock_tmp_file.name = 'alphabet.soup'
mock_rsp = mock_requests.get.return_value.__enter__.return_value
mock_rsp.headers = {
'content-disposition': 'attachment; filename="fish.iso"'
}
ssl_conf_key = 'SUSHY_EMULATOR_VMEDIA_VERIFY_SSL'
default_ssl_verify = self.test_driver._config.get(ssl_conf_key)
try:
self.test_driver._config[ssl_conf_key] = (
False)
local_file = self.test_driver.insert_image(
self.UUID, 'Cd', 'https://fish.it/red.iso', inserted=True,
write_protected=False)
finally:
self.test_driver._config[ssl_conf_key] = default_ssl_verify
self.assertEqual('/alphabet/soup/fish.iso', local_file)
mock_requests.get.assert_called_once_with(
'https://fish.it/red.iso', stream=True, verify=False)
mock_open.assert_called_once_with(mock.ANY, 'wb')
mock_rename.assert_called_once_with(
'alphabet.soup', '/alphabet/soup/fish.iso')
self.assertEqual('fish.iso', device_info['Image'])
self.assertTrue(device_info['Inserted'])
self.assertFalse(device_info['WriteProtected'])
self.assertEqual(local_file, device_info['_local_file'])
@mock.patch.object(vmedia.StaticDriver, '_get_device', autospec=True) @mock.patch.object(vmedia.StaticDriver, '_get_device', autospec=True)
@mock.patch.object(vmedia.os, 'unlink', autospec=True) @mock.patch.object(vmedia.os, 'unlink', autospec=True)
def test_eject_image(self, mock_unlink, mock_get_device): def test_eject_image(self, mock_unlink, mock_get_device):