Fix disable_ssl_certificate_validation values if ca_certificates file is defined
In ClosingHttp.__init__, if disable_ssl_certification_validation is True and ca_certs is defined, tempest should not try to validate the ca_certificates file. If the certificate is self-signed, the validation will execute and fail. As it is right now if both of those values are defined, tempest.conf will try to validate the self-signed certs and it will fail. Instead, it should support self-signed certs that will not pass validation. The code should be refactored to correctly disable certificate validation even if the ca_cert location is provided. Change-Id: Iae42b5c2b4381947df71004613ca0a82b29730bb Closes-Bug: #1705769
This commit is contained in:
parent
99e6d1acf7
commit
c6a79056ca
|
@ -25,8 +25,7 @@ class ClosingHttp(urllib3.poolmanager.PoolManager):
|
|||
if disable_ssl_certificate_validation:
|
||||
urllib3.disable_warnings()
|
||||
kwargs['cert_reqs'] = 'CERT_NONE'
|
||||
|
||||
if ca_certs:
|
||||
elif ca_certs:
|
||||
kwargs['cert_reqs'] = 'CERT_REQUIRED'
|
||||
kwargs['ca_certs'] = ca_certs
|
||||
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from tempest.lib.common import http
|
||||
from tempest.tests import base
|
||||
|
||||
|
||||
class TestClosingHttp(base.TestCase):
|
||||
def setUp(self):
|
||||
super(TestClosingHttp, self).setUp()
|
||||
self.cert_none = "CERT_NONE"
|
||||
self.cert_location = "/etc/ssl/certs/ca-certificates.crt"
|
||||
|
||||
def test_constructor_invalid_ca_certs_and_timeout(self):
|
||||
connection = http.ClosingHttp(
|
||||
disable_ssl_certificate_validation=False,
|
||||
ca_certs=None,
|
||||
timeout=None)
|
||||
for attr in ('cert_reqs', 'ca_certs', 'timeout'):
|
||||
self.assertNotIn(attr, connection.connection_pool_kw)
|
||||
|
||||
def test_constructor_valid_ca_certs(self):
|
||||
cert_required = 'CERT_REQUIRED'
|
||||
connection = http.ClosingHttp(
|
||||
disable_ssl_certificate_validation=False,
|
||||
ca_certs=self.cert_location,
|
||||
timeout=None)
|
||||
self.assertEqual(cert_required,
|
||||
connection.connection_pool_kw['cert_reqs'])
|
||||
self.assertEqual(self.cert_location,
|
||||
connection.connection_pool_kw['ca_certs'])
|
||||
self.assertNotIn('timeout',
|
||||
connection.connection_pool_kw)
|
||||
|
||||
def test_constructor_ssl_cert_validation_disabled(self):
|
||||
connection = http.ClosingHttp(
|
||||
disable_ssl_certificate_validation=True,
|
||||
ca_certs=None,
|
||||
timeout=30)
|
||||
self.assertEqual(self.cert_none,
|
||||
connection.connection_pool_kw['cert_reqs'])
|
||||
self.assertEqual(30,
|
||||
connection.connection_pool_kw['timeout'])
|
||||
self.assertNotIn('ca_certs',
|
||||
connection.connection_pool_kw)
|
||||
|
||||
def test_constructor_ssl_cert_validation_disabled_and_ca_certs(self):
|
||||
connection = http.ClosingHttp(
|
||||
disable_ssl_certificate_validation=True,
|
||||
ca_certs=self.cert_location,
|
||||
timeout=None)
|
||||
self.assertNotIn('timeout',
|
||||
connection.connection_pool_kw)
|
||||
self.assertEqual(self.cert_none,
|
||||
connection.connection_pool_kw['cert_reqs'])
|
||||
self.assertNotIn('ca_certs',
|
||||
connection.connection_pool_kw)
|
Loading…
Reference in New Issue