workaround: requests verify handling if env is set

if the env REQUESTS_CA_BUNDLE is set the requests.Session() ignores the
verify parameter. Therefore the verify parameter is moved directly into
the function call of request.

Workaround for https://github.com/psf/requests/issues/3829

Change-Id: I66dc7c4d90e5bd5e3d1b331cf1728f27dece6dd4
This commit is contained in:
Samuel Kunkel 2023-01-18 09:43:52 +01:00
parent a330427d94
commit 98c899997f
3 changed files with 29 additions and 10 deletions

View File

@ -0,0 +1,9 @@
---
fixes:
- |
Workaround for https://github.com/psf/requests/issues/3829
If the env ``REQUESTS_CA_BUNDLE`` is set the ``requests.Session()``
ignores the verify parameter. Therefore the verify parameter
is moved directly into the function call of requests.

View File

@ -20,6 +20,7 @@ import time
from urllib import parse as urlparse
import requests
from urllib3.exceptions import InsecureRequestWarning
from sushy import exceptions
from sushy.taskmonitor import TaskMonitor
@ -37,7 +38,6 @@ class Connector(object):
self._url = url
self._verify = verify
self._session = requests.Session()
self._session.verify = self._verify
self._response_callback = response_callback
self._auth = None
self._server_side_retries = server_side_retries
@ -68,6 +68,13 @@ class Connector(object):
'be removed in the future')
self.set_http_basic_auth(username, password)
if not self._verify:
# As the user specifically needs to opt out of certificate
# validation the user is aware of the security implications
# and does not need to be overwhelmed by the urllib3 warnings
requests.packages.urllib3.disable_warnings(
category=InsecureRequestWarning)
def set_auth(self, auth):
"""Sets the authentication mechanism for our connector."""
self._auth = auth
@ -140,6 +147,7 @@ class Connector(object):
try:
response = self._session.request(method, url, json=data,
headers=headers,
verify=self._verify,
**extra_session_req_kwargs)
except requests.exceptions.RequestException as e:
# Capture any general exception by looking for the parent
@ -197,6 +205,7 @@ class Connector(object):
response = self._session.request(
method, url, json=data,
headers=headers,
verify=self._verify,
**extra_session_req_kwargs)
except exceptions.HTTPError as retry_exc:
LOG.error("Failure occured while attempting to retry "

View File

@ -178,7 +178,7 @@ class ConnectorOpTestCase(base.TestCase):
self.conn._op('GET', path='fake/path', headers=self.headers)
self.request.assert_called_once_with(
'GET', 'http://foo.bar:1234/fake/path',
headers=self.headers, json=None)
headers=self.headers, json=None, verify=True)
def test_response_callback(self):
mock_response_callback = mock.MagicMock()
@ -192,21 +192,22 @@ class ConnectorOpTestCase(base.TestCase):
allow_redirects=False)
self.request.assert_called_once_with(
'GET', 'http://foo.bar:1234/fake/path',
headers=self.headers, json=None, allow_redirects=False)
headers=self.headers, json=None, allow_redirects=False,
verify=True)
def test_ok_post(self):
self.conn._op('POST', path='fake/path', data=self.data.copy(),
headers=self.headers)
self.request.assert_called_once_with(
'POST', 'http://foo.bar:1234/fake/path',
json=self.data, headers=self.headers)
json=self.data, headers=self.headers, verify=True)
def test_ok_put(self):
self.conn._op('PUT', path='fake/path', data=self.data.copy(),
headers=self.headers)
self.request.assert_called_once_with(
'PUT', 'http://foo.bar:1234/fake/path',
json=self.data, headers=self.headers)
json=self.data, headers=self.headers, verify=True)
def test_ok_delete(self):
expected_headers = self.headers.copy()
@ -214,7 +215,7 @@ class ConnectorOpTestCase(base.TestCase):
self.conn._op('DELETE', path='fake/path', headers=self.headers.copy())
self.request.assert_called_once_with(
'DELETE', 'http://foo.bar:1234/fake/path',
headers=expected_headers, json=None)
headers=expected_headers, json=None, verify=True)
def test_ok_post_with_session(self):
self.conn._session.headers = {}
@ -226,7 +227,7 @@ class ConnectorOpTestCase(base.TestCase):
data=self.data)
self.request.assert_called_once_with(
'POST', 'http://foo.bar:1234/fake/path',
json=self.data, headers=expected_headers)
json=self.data, headers=expected_headers, verify=True)
self.assertEqual(self.conn._session.headers,
{'X-Auth-Token': 'asdf1234'})
@ -239,7 +240,7 @@ class ConnectorOpTestCase(base.TestCase):
self.conn._op('GET', path=path, headers=headers)
self.request.assert_called_once_with(
'GET', 'http://foo.bar:1234' + path,
headers=expected_headers, json=None)
headers=expected_headers, json=None, verify=True)
def test_odata_version_header_redfish_no_headers(self):
path = '/redfish/v1/bar'
@ -247,7 +248,7 @@ class ConnectorOpTestCase(base.TestCase):
self.conn._op('GET', path=path)
self.request.assert_called_once_with(
'GET', 'http://foo.bar:1234' + path,
headers=expected_headers, json=None)
headers=expected_headers, json=None, verify=True)
def test_odata_version_header_redfish_existing_header(self):
path = '/redfish/v1/foo'
@ -256,7 +257,7 @@ class ConnectorOpTestCase(base.TestCase):
self.conn._op('GET', path=path, headers=headers)
self.request.assert_called_once_with(
'GET', 'http://foo.bar:1234' + path,
headers=expected_headers, json=None)
headers=expected_headers, json=None, verify=True)
def test_timed_out_session_unable_to_create_session(self):
self.conn._auth.can_refresh_session.return_value = False