delta/openstack/python-glanceclient.git/glanceclient/tests/unit/test_ssl.py, branch ocata-eol opendev.org: openstack/python-glanceclient.git Fixed TestHTTPSVerifyCert failure messages 2016-01-15T10:21:36+00:00 David Sariel dsariel@redhat.com 2016-01-15T09:56:19+00:00 f2eab45c33aa6838c6b2928573cc969bc55f0927 Due to the change in python versions greater then 2.7.8, messages that SSL certificate handling module is producing are different from the error messages produced in earlier versions of py27. Fixed how the following test cases of TestHTTPSVerifyCert class are handling erroneous SSL certification messages: - test_v2_requests_valid_cert_no_key - test_v2_requests_bad_cert - test_v2_requests_bad_ca Closes-Bug:1499355 Change-Id: I3b939292ba0042bced5cc91a26e2593450f9cafe 
Due to the change in python versions greater then 2.7.8, messages
that SSL certificate handling module is producing are different
from the error messages produced in earlier versions of py27.

Fixed how the following test cases of TestHTTPSVerifyCert class
are handling erroneous SSL certification messages:

- test_v2_requests_valid_cert_no_key
- test_v2_requests_bad_cert
- test_v2_requests_bad_ca

Closes-Bug:1499355
Change-Id: I3b939292ba0042bced5cc91a26e2593450f9cafe
Remove custom SSL compression handling 2015-08-26T12:26:21+00:00 Stuart McLaren stuart.mclaren@hp.com 2015-06-08T14:49:52+00:00 618637a5bd545d8271d9349b08a8e4ab2841d086 Custom SSL handling was introduced because disabling SSL layer compression provided an approximately five fold performance increase in some cases. Without SSL layer compression disabled the image transfer would be CPU bound -- with the CPU performing the DEFLATE algorithm. This would typically limit image transfers to < 20 MB/s. When --no-ssl-compression was specified the client would not negotiate any compression algorithm during the SSL handshake with the server which would remove the CPU bottleneck and transfers could approach wire speed. In order to support '--no-ssl-compression' two totally separate code paths exist depending on whether this is True or False. When SSL compression is disabled, rather than using the standard 'requests' library, we enter some custom code based on pyopenssl and httplib in order to disable compression. This patch/spec proposes removing the custom code because: * It is a burden to maintain Eg adding new code such as keystone session support is more complicated * It can introduce additional failure modes We have seen some bugs related to the 'custom' certificate checking * Newer Operating Systems disable SSL for us. Eg. While Debian 7 defaulted to compression 'on', Debian 8 has compression 'off'. This makes both servers and client less likely to have compression enabled. * Newer combinations of 'requests' and 'python' do this for us Requests disables compression when backed by a version of python which supports it (>= 2.7.9). This makes clients more likely to disable compression out-of-the-box. * It is (in principle) possible to do this on older versions too If pyopenssl, ndg-httpsclient and pyasn1 are installed on older operating system/python combinations, the requests library should disable SSL compression on the client side. * Systems that have SSL compression enabled may be vulnerable to the CRIME (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929) attack. Installations which are security conscious should be running the Glance server with SSL disabled. Full Spec: https://review.openstack.org/#/c/187674 Blueprint: remove-custom-client-ssl-handling Change-Id: I7e7761fc91b0d6da03939374eeedd809534f6edf 
Custom SSL handling was introduced because disabling SSL layer compression
provided an approximately five fold performance increase in some
cases. Without SSL layer compression disabled the image transfer would be
CPU bound -- with the CPU performing the DEFLATE algorithm.  This would
typically limit image transfers to < 20 MB/s. When --no-ssl-compression
was specified the client would not negotiate any compression algorithm
during the SSL handshake with the server which would remove the CPU
bottleneck and transfers could approach wire speed.

In order to support '--no-ssl-compression' two totally separate code
paths exist depending on whether this is True or False.  When SSL
compression is disabled, rather than using the standard 'requests'
library, we enter some custom code based on pyopenssl and httplib in
order to disable compression.

This patch/spec proposes removing the custom code because:

* It is a burden to maintain

 Eg adding new code such as keystone session support is more complicated

* It can introduce additional failure modes

 We have seen some bugs related to the 'custom' certificate checking

* Newer Operating Systems disable SSL for us.

 Eg. While Debian 7 defaulted to compression 'on', Debian 8 has compression
 'off'. This makes both servers and client less likely to have compression
 enabled.

* Newer combinations of 'requests' and 'python' do this for us

 Requests disables compression when backed by a version of python which
 supports it (>= 2.7.9). This makes clients more likely to disable
 compression out-of-the-box.

* It is (in principle) possible to do this on older versions too

 If pyopenssl, ndg-httpsclient and pyasn1 are installed on older
 operating system/python combinations, the requests library should
 disable SSL compression on the client side.

* Systems that have SSL compression enabled may be vulnerable to the CRIME
(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929) attack.
Installations which are security conscious should be running the Glance
server with SSL disabled.

Full Spec: https://review.openstack.org/#/c/187674
Blueprint: remove-custom-client-ssl-handling

Change-Id: I7e7761fc91b0d6da03939374eeedd809534f6edf
Merge "Fix failure to create glance https connection pool" 2015-07-29T20:39:37+00:00 Jenkins jenkins@review.openstack.org 2015-07-29T20:39:37+00:00 471276568908e237083c848222d3101e7b64908e 






Fix failure to create glance https connection pool
2015-07-28T15:53:09+00:00

Haikel Guemar
hguemar@fedoraproject.org

2015-07-22T09:41:42+00:00

c41dcc9f4366429d952cc47853496d58d47b7511

Due to a typo in an attribute named, an Attribute error is raised
causing failure in connection to glance through HTTPS

Urllib3 PoolManager class has a connection_pool_kw attribute
but not connection_kw

Closes-Bug: #1479020
Change-Id: Id4d6a5bdcf971d09e80043fd2ab399e208fd931c





Due to a typo in an attribute named, an Attribute error is raised
causing failure in connection to glance through HTTPS

Urllib3 PoolManager class has a connection_pool_kw attribute
but not connection_kw

Closes-Bug: #1479020
Change-Id: Id4d6a5bdcf971d09e80043fd2ab399e208fd931c







Enable flake8 checks
2015-07-21T14:08:27+00:00

Darja Shakhray
dshakhray@mirantis.com

2015-07-20T14:29:49+00:00

ec0f2dfd8500d230895e286462aaf69c43777038

This commit enables new flake8 checks:
* E265  block comment should start with '# '
* H405  multi line docstring summary not separated with an empty line
* E123  closing bracket does not match indentation of opening bracket's line
* H238  old style class declaration, use new style (inherit from `object`)
* E128  continuation line under-indented for visual indent
and makes related changes in the code.

Change-Id: Ie993afc930f6b74d7a990bcaa9fc0e9f5ba1585c





This commit enables new flake8 checks:
* E265  block comment should start with '# '
* H405  multi line docstring summary not separated with an empty line
* E123  closing bracket does not match indentation of opening bracket's line
* H238  old style class declaration, use new style (inherit from `object`)
* E128  continuation line under-indented for visual indent
and makes related changes in the code.

Change-Id: Ie993afc930f6b74d7a990bcaa9fc0e9f5ba1585c







Fix an issue with broken test on ci
2015-07-13T14:54:41+00:00

Mike Fedosin
mfedosin@mirantis.com

2015-07-07T11:46:29+00:00

e240bddd5accce0335256e3ccac424c52b829882

Several tests with cert verification are broken. This
code fixes it by setting right imports. Also some typos
are fixed too.

Change-Id: Ie014f90714c3dabee65459fd704dd11b1770c7de
Closed-Bug: #1472234





Several tests with cert verification are broken. This
code fixes it by setting right imports. Also some typos
are fixed too.

Change-Id: Ie014f90714c3dabee65459fd704dd11b1770c7de
Closed-Bug: #1472234







Import only modules and update tox.ini
2015-06-17T15:56:37+00:00

Cindy Pallares
cindy.pallaresq@gmail.com

2015-05-20T00:59:06+00:00

997c12d3abfd9a571a4e8f0b022dfb1d27c62edb

As stated in the OpenStack Hacking Guidelines, it is prefered
that only modules should be imported.

Also updated tox.ini to ignore opestack/common among others.

Change-Id: I2f0a603c31052eadee581c11880c0ec6bd392829





As stated in the OpenStack Hacking Guidelines, it is prefered
that only modules should be imported.

Also updated tox.ini to ignore opestack/common among others.

Change-Id: I2f0a603c31052eadee581c11880c0ec6bd392829







Move unit tests to standard directory
2015-04-18T17:42:20+00:00

Stuart McLaren
stuart.mclaren@hp.com

2015-04-17T14:02:33+00:00

f2a8a520e76a129039b3c4043aeb8db75582b8c8

This patch moves the glanceclient unit tests to the standard directory
(xxxclient/tests/unit) in preparation for adding functional gate tests
'check-glanceclient-dsvm-functional' in the same vein as existing client
tests for other projects, eg:

* check-novaclient-dsvm-functional
* check-keystoneclient-dsvm-functional
* check-neutronclient-dsvm-functional

Change-Id: I29d4b9e3a428c851575ee9afde40d6df583456c4





This patch moves the glanceclient unit tests to the standard directory
(xxxclient/tests/unit) in preparation for adding functional gate tests
'check-glanceclient-dsvm-functional' in the same vein as existing client
tests for other projects, eg:

* check-novaclient-dsvm-functional
* check-keystoneclient-dsvm-functional
* check-neutronclient-dsvm-functional

Change-Id: I29d4b9e3a428c851575ee9afde40d6df583456c4