Use CONF.identity.disable_ssl_certificate_validation in object_client

create_object_continue interface in object_client doesn't use CONF.identity.disable_ssl_certificate_validation, so even if we set disable_ssl_certificate_validation=true in tempest.conf, sometimes we will still get "ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)" So create_object_continue should judge whether to check ssl certification according to CONF.identity.disable_ssl_certificate_validation. Change-Id: I38f4416641e396caf88d16e3b418f0fc7577179d Closes-Bug: #1907554
2020-12-11 10:51:25 +08:00 · 2020-12-11 10:51:25 +08:00 · 8464cefbf1
parent 2262cced38
commit 8464cefbf1
3 changed files with 29 additions and 17 deletions
--- a/tempest/lib/common/rest_client.py
+++ b/tempest/lib/common/rest_client.py
@ -104,16 +104,18 @@ class RestClient(object):
                                       'location', 'proxy-authenticate',
                                       'retry-after', 'server',
                                       'vary', 'www-authenticate'))
-        dscv = disable_ssl_certificate_validation
+        self.dscv = disable_ssl_certificate_validation

        if proxy_url:
            self.http_obj = http.ClosingProxyHttp(
                proxy_url,
-                disable_ssl_certificate_validation=dscv, ca_certs=ca_certs,
+                disable_ssl_certificate_validation=self.dscv,
+                ca_certs=ca_certs,
                timeout=http_timeout, follow_redirects=follow_redirects)
        else:
            self.http_obj = http.ClosingHttp(
-                disable_ssl_certificate_validation=dscv, ca_certs=ca_certs,
+                disable_ssl_certificate_validation=self.dscv,
+                ca_certs=ca_certs,
                timeout=http_timeout, follow_redirects=follow_redirects)

    def get_headers(self, accept_type=None, send_type=None):
--- a/tempest/lib/services/object_storage/object_client.py
+++ b/tempest/lib/services/object_storage/object_client.py
@ -12,6 +12,7 @@
 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 #    License for the specific language governing permissions and limitations
 #    under the License.
+import ssl

 from six.moves import http_client as httplib
 from six.moves.urllib import parse as urlparse
@ -118,7 +119,7 @@ class ObjectClient(rest_client.RestClient):
        path = str(parsed.path) + "/"
        path += "%s/%s" % (str(container), str(object_name))

-        conn = _create_connection(parsed)
+        conn = self._create_connection(parsed)
        # Send the PUT request and the headers including the "Expect" header
        conn.putrequest('PUT', path)

@ -151,15 +152,21 @@ class ObjectClient(rest_client.RestClient):

        return resp.status, resp.reason

+    def _create_connection(self, parsed_url):
+        """Helper function to create connection with httplib

-def _create_connection(parsed_url):
-    """Helper function to create connection with httplib
+        :param parsed_url: parsed url of the remote location
+        """
+        context = None
+        # If CONF.identity.disable_ssl_certificate_validation is true,
+        # do not check ssl certification.
+        if self.dscv:
+            context = ssl._create_unverified_context()
+        if parsed_url.scheme == 'https':
+            conn = httplib.HTTPSConnection(parsed_url.netloc,
+                                           context=context)
+        else:
+            conn = httplib.HTTPConnection(parsed_url.netloc,
+                                          context=context)

-    :param parsed_url: parsed url of the remote location
-    """
-    if parsed_url.scheme == 'https':
-        conn = httplib.HTTPSConnection(parsed_url.netloc)
-    else:
-        conn = httplib.HTTPConnection(parsed_url.netloc)
-
-    return conn
+        return conn
--- a/tempest/tests/lib/services/object_storage/test_object_client.py
+++ b/tempest/tests/lib/services/object_storage/test_object_client.py
@ -31,15 +31,18 @@ class TestObjectClient(base.TestCase):
        self.object_client = object_client.ObjectClient(self.fake_auth,
                                                        'swift', 'region1')

-    @mock.patch.object(object_client, '_create_connection')
+    @mock.patch('tempest.lib.services.object_storage.object_client.'
+                'ObjectClient._create_connection')
    def test_create_object_continue_no_data(self, mock_poc):
        self._validate_create_object_continue(None, mock_poc)

-    @mock.patch.object(object_client, '_create_connection')
+    @mock.patch('tempest.lib.services.object_storage.object_client.'
+                'ObjectClient._create_connection')
    def test_create_object_continue_with_data(self, mock_poc):
        self._validate_create_object_continue('hello', mock_poc)

-    @mock.patch.object(object_client, '_create_connection')
+    @mock.patch('tempest.lib.services.object_storage.object_client.'
+                'ObjectClient._create_connection')
    def test_create_continue_with_no_continue_received(self, mock_poc):
        self._validate_create_object_continue('hello', mock_poc,
                                              initial_status=201)