delta/openstack/python-glanceclient.git/glanceclient/tests/unit/test_ssl.py, branch 3.3.0 opendev.org: openstack/python-glanceclient.git Do not use the six library in the tests. 2020-06-15T19:04:56+00:00 Cyril Roelandt cyril@redhat.com 2020-06-15T18:58:52+00:00 928935e5c0b8b43827fdf08b212d59d92b660924 Change-Id: Ic8a2a736a733e0151ca82f19bfde428dc04cf255 
Change-Id: Ic8a2a736a733e0151ca82f19bfde428dc04cf255
Use unittest.mock instead of third party mock 2020-04-18T16:58:08+00:00 Sean McGinnis sean.mcginnis@gmail.com 2020-04-18T16:58:08+00:00 6a045884cb090bbc1daf1af853a243452a7aab16 Now that we no longer support py27, we can use the standard library unittest.mock module instead of the third party mock lib. Change-Id: I446ee142c7a17446372c910f7f2a36d55df18e04 Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com> 
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.

Change-Id: I446ee142c7a17446372c910f7f2a36d55df18e04
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
allow unhandled exceptions to cause test errors 2017-06-26T14:59:29+00:00 Doug Hellmann doug@doughellmann.com 2017-06-26T14:57:38+00:00 c8a7a5d56de30cb596d21553f5dbf7ea3db866d8 Hiding the unhandled exception in the test with a failure makes it harder to debug the problem. Let them pass unhandled so the test reports an ERROR instead of FAILURE. Change-Id: I4e435a6d276fdf161dac28f08c2c7efedd1d6385 Signed-off-by: Doug Hellmann <doug@doughellmann.com> 
Hiding the unhandled exception in the test with a failure makes it
harder to debug the problem. Let them pass unhandled so the test reports
an ERROR instead of FAILURE.

Change-Id: I4e435a6d276fdf161dac28f08c2c7efedd1d6385
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
Convert IOError from requests 2017-05-19T18:59:58+00:00 Eric Fried efried@us.ibm.com 2017-05-19T18:53:34+00:00 7df87fd4a26ebee3899fbc42d21757bf880a10d4 This requests commit [1] changed the behavior when a nonexistent cacert file is passed in: now it raises IOError. This is getting through glanceclient.common.http.HTTPClient._request, which used to raise CommunicationError in this scenario. Even though there is arguably a better exception than CommunicationError to represent this condition (like maybe IOError), for backward compatibility this change set converts IOError to CommunicationError. We also improve the unit test to raise the original exception if the expected conditions aren't met; this improves debugability. [1] https://github.com/kennethreitz/requests/commit/7d8b87c37f3a5fb993fd83eda6888ac217cd108e Change-Id: I6a2cf4c6d041b67d3509153b4cef18b459263648 Closes-Bug: #1692085 
This requests commit [1] changed the behavior when a nonexistent cacert
file is passed in: now it raises IOError.  This is getting through
glanceclient.common.http.HTTPClient._request, which used to raise
CommunicationError in this scenario.

Even though there is arguably a better exception than CommunicationError
to represent this condition (like maybe IOError), for backward
compatibility this change set converts IOError to CommunicationError.

We also improve the unit test to raise the original exception if the
expected conditions aren't met; this improves debugability.

[1] https://github.com/kennethreitz/requests/commit/7d8b87c37f3a5fb993fd83eda6888ac217cd108e

Change-Id: I6a2cf4c6d041b67d3509153b4cef18b459263648
Closes-Bug: #1692085
Fixed TestHTTPSVerifyCert failure messages 2016-01-15T10:21:36+00:00 David Sariel dsariel@redhat.com 2016-01-15T09:56:19+00:00 f2eab45c33aa6838c6b2928573cc969bc55f0927 Due to the change in python versions greater then 2.7.8, messages that SSL certificate handling module is producing are different from the error messages produced in earlier versions of py27. Fixed how the following test cases of TestHTTPSVerifyCert class are handling erroneous SSL certification messages: - test_v2_requests_valid_cert_no_key - test_v2_requests_bad_cert - test_v2_requests_bad_ca Closes-Bug:1499355 Change-Id: I3b939292ba0042bced5cc91a26e2593450f9cafe 
Due to the change in python versions greater then 2.7.8, messages
that SSL certificate handling module is producing are different
from the error messages produced in earlier versions of py27.

Fixed how the following test cases of TestHTTPSVerifyCert class
are handling erroneous SSL certification messages:

- test_v2_requests_valid_cert_no_key
- test_v2_requests_bad_cert
- test_v2_requests_bad_ca

Closes-Bug:1499355
Change-Id: I3b939292ba0042bced5cc91a26e2593450f9cafe
Remove custom SSL compression handling 2015-08-26T12:26:21+00:00 Stuart McLaren stuart.mclaren@hp.com 2015-06-08T14:49:52+00:00 618637a5bd545d8271d9349b08a8e4ab2841d086 Custom SSL handling was introduced because disabling SSL layer compression provided an approximately five fold performance increase in some cases. Without SSL layer compression disabled the image transfer would be CPU bound -- with the CPU performing the DEFLATE algorithm. This would typically limit image transfers to < 20 MB/s. When --no-ssl-compression was specified the client would not negotiate any compression algorithm during the SSL handshake with the server which would remove the CPU bottleneck and transfers could approach wire speed. In order to support '--no-ssl-compression' two totally separate code paths exist depending on whether this is True or False. When SSL compression is disabled, rather than using the standard 'requests' library, we enter some custom code based on pyopenssl and httplib in order to disable compression. This patch/spec proposes removing the custom code because: * It is a burden to maintain Eg adding new code such as keystone session support is more complicated * It can introduce additional failure modes We have seen some bugs related to the 'custom' certificate checking * Newer Operating Systems disable SSL for us. Eg. While Debian 7 defaulted to compression 'on', Debian 8 has compression 'off'. This makes both servers and client less likely to have compression enabled. * Newer combinations of 'requests' and 'python' do this for us Requests disables compression when backed by a version of python which supports it (>= 2.7.9). This makes clients more likely to disable compression out-of-the-box. * It is (in principle) possible to do this on older versions too If pyopenssl, ndg-httpsclient and pyasn1 are installed on older operating system/python combinations, the requests library should disable SSL compression on the client side. * Systems that have SSL compression enabled may be vulnerable to the CRIME (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929) attack. Installations which are security conscious should be running the Glance server with SSL disabled. Full Spec: https://review.openstack.org/#/c/187674 Blueprint: remove-custom-client-ssl-handling Change-Id: I7e7761fc91b0d6da03939374eeedd809534f6edf 
Custom SSL handling was introduced because disabling SSL layer compression
provided an approximately five fold performance increase in some
cases. Without SSL layer compression disabled the image transfer would be
CPU bound -- with the CPU performing the DEFLATE algorithm.  This would
typically limit image transfers to < 20 MB/s. When --no-ssl-compression
was specified the client would not negotiate any compression algorithm
during the SSL handshake with the server which would remove the CPU
bottleneck and transfers could approach wire speed.

In order to support '--no-ssl-compression' two totally separate code
paths exist depending on whether this is True or False.  When SSL
compression is disabled, rather than using the standard 'requests'
library, we enter some custom code based on pyopenssl and httplib in
order to disable compression.

This patch/spec proposes removing the custom code because:

* It is a burden to maintain

 Eg adding new code such as keystone session support is more complicated

* It can introduce additional failure modes

 We have seen some bugs related to the 'custom' certificate checking

* Newer Operating Systems disable SSL for us.

 Eg. While Debian 7 defaulted to compression 'on', Debian 8 has compression
 'off'. This makes both servers and client less likely to have compression
 enabled.

* Newer combinations of 'requests' and 'python' do this for us

 Requests disables compression when backed by a version of python which
 supports it (>= 2.7.9). This makes clients more likely to disable
 compression out-of-the-box.

* It is (in principle) possible to do this on older versions too

 If pyopenssl, ndg-httpsclient and pyasn1 are installed on older
 operating system/python combinations, the requests library should
 disable SSL compression on the client side.

* Systems that have SSL compression enabled may be vulnerable to the CRIME
(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929) attack.
Installations which are security conscious should be running the Glance
server with SSL disabled.

Full Spec: https://review.openstack.org/#/c/187674
Blueprint: remove-custom-client-ssl-handling

Change-Id: I7e7761fc91b0d6da03939374eeedd809534f6edf
Merge "Fix failure to create glance https connection pool" 2015-07-29T20:39:37+00:00 Jenkins jenkins@review.openstack.org 2015-07-29T20:39:37+00:00 471276568908e237083c848222d3101e7b64908e 






Fix failure to create glance https connection pool
2015-07-28T15:53:09+00:00

Haikel Guemar
hguemar@fedoraproject.org

2015-07-22T09:41:42+00:00

c41dcc9f4366429d952cc47853496d58d47b7511

Due to a typo in an attribute named, an Attribute error is raised
causing failure in connection to glance through HTTPS

Urllib3 PoolManager class has a connection_pool_kw attribute
but not connection_kw

Closes-Bug: #1479020
Change-Id: Id4d6a5bdcf971d09e80043fd2ab399e208fd931c





Due to a typo in an attribute named, an Attribute error is raised
causing failure in connection to glance through HTTPS

Urllib3 PoolManager class has a connection_pool_kw attribute
but not connection_kw

Closes-Bug: #1479020
Change-Id: Id4d6a5bdcf971d09e80043fd2ab399e208fd931c







Enable flake8 checks
2015-07-21T14:08:27+00:00

Darja Shakhray
dshakhray@mirantis.com

2015-07-20T14:29:49+00:00

ec0f2dfd8500d230895e286462aaf69c43777038

This commit enables new flake8 checks:
* E265  block comment should start with '# '
* H405  multi line docstring summary not separated with an empty line
* E123  closing bracket does not match indentation of opening bracket's line
* H238  old style class declaration, use new style (inherit from `object`)
* E128  continuation line under-indented for visual indent
and makes related changes in the code.

Change-Id: Ie993afc930f6b74d7a990bcaa9fc0e9f5ba1585c





This commit enables new flake8 checks:
* E265  block comment should start with '# '
* H405  multi line docstring summary not separated with an empty line
* E123  closing bracket does not match indentation of opening bracket's line
* H238  old style class declaration, use new style (inherit from `object`)
* E128  continuation line under-indented for visual indent
and makes related changes in the code.

Change-Id: Ie993afc930f6b74d7a990bcaa9fc0e9f5ba1585c







Fix an issue with broken test on ci
2015-07-13T14:54:41+00:00

Mike Fedosin
mfedosin@mirantis.com

2015-07-07T11:46:29+00:00

e240bddd5accce0335256e3ccac424c52b829882

Several tests with cert verification are broken. This
code fixes it by setting right imports. Also some typos
are fixed too.

Change-Id: Ie014f90714c3dabee65459fd704dd11b1770c7de
Closed-Bug: #1472234





Several tests with cert verification are broken. This
code fixes it by setting right imports. Also some typos
are fixed too.

Change-Id: Ie014f90714c3dabee65459fd704dd11b1770c7de
Closed-Bug: #1472234