diff options
author | Dave Peticolas <dave@krondo.com> | 2020-02-02 07:08:38 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-02 21:08:38 +0600 |
commit | 7cb4a0afe58bcb50eac5d13083bbf015466537e7 (patch) | |
tree | 922192eaed7e9ef8d536015f732cfd6018a40219 | |
parent | f2970e81f823fca0fea3f5f436b02f24b875d39b (diff) | |
download | kombu-7cb4a0afe58bcb50eac5d13083bbf015466537e7.tar.gz |
Support standard values for ssl_cert_reqs query parameter. (#1139)
* Support standard values for ssl_cert_reqs query parameter.
* Pick lint.
-rw-r--r-- | kombu/utils/url.py | 23 | ||||
-rw-r--r-- | t/unit/utils/test_url.py | 25 |
2 files changed, 42 insertions, 6 deletions
diff --git a/kombu/utils/url.py b/kombu/utils/url.py index ea56fe0f..16a050c4 100644 --- a/kombu/utils/url.py +++ b/kombu/utils/url.py @@ -49,10 +49,8 @@ def parse_url(url): keys = [key for key in query.keys() if key.startswith('ssl_')] for key in keys: if key == 'ssl_cert_reqs': - if ssl_available: - query[key] = getattr(ssl, query[key]) - else: - query[key] = None + query[key] = parse_ssl_cert_reqs(query[key]) + if query[key] is None: logger.warning('Defaulting to insecure SSL behaviour.') if 'ssl' not in query: @@ -120,3 +118,20 @@ def maybe_sanitize_url(url, mask='**'): if isinstance(url, string_t) and '://' in url: return sanitize_url(url, mask) return url + + +def parse_ssl_cert_reqs(query_value): + # type: (str) -> Any + """Given the query parameter for ssl_cert_reqs, return the SSL constant or None.""" + if ssl_available: + query_value_to_constant = { + 'CERT_REQUIRED': ssl.CERT_REQUIRED, + 'CERT_OPTIONAL': ssl.CERT_OPTIONAL, + 'CERT_NONE': ssl.CERT_NONE, + 'required': ssl.CERT_REQUIRED, + 'optional': ssl.CERT_OPTIONAL, + 'none': ssl.CERT_NONE, + } + return query_value_to_constant[query_value] + else: + return None diff --git a/t/unit/utils/test_url.py b/t/unit/utils/test_url.py index 942426b4..a8de493e 100644 --- a/t/unit/utils/test_url.py +++ b/t/unit/utils/test_url.py @@ -2,7 +2,6 @@ from __future__ import absolute_import, unicode_literals try: from urllib.parse import urlencode - except ImportError: from urllib import urlencode @@ -12,6 +11,7 @@ import pytest import kombu.utils.url from kombu.utils.url import as_url, parse_url, maybe_sanitize_url +from kombu.utils.url import parse_ssl_cert_reqs def test_parse_url(): @@ -51,7 +51,7 @@ def test_maybe_sanitize_url(url, expected): def test_ssl_parameters(): url = 'rediss://user:password@host:6379/0?' querystring = urlencode({ - 'ssl_cert_reqs': 'CERT_REQUIRED', + 'ssl_cert_reqs': 'required', 'ssl_ca_certs': '/var/ssl/myca.pem', 'ssl_certfile': '/var/ssl/server-cert.pem', 'ssl_keyfile': '/var/ssl/priv/worker-key.pem', @@ -69,3 +69,24 @@ def test_ssl_parameters(): assert kwargs['ssl']['ssl_cert_reqs'] is None kombu.utils.url.ssl_available = True + + +@pytest.mark.parametrize('query_param,ssl_available,expected', [ + ('CERT_REQUIRED', True, ssl.CERT_REQUIRED), + ('CERT_OPTIONAL', True, ssl.CERT_OPTIONAL), + ('CERT_NONE', True, ssl.CERT_NONE), + ('required', True, ssl.CERT_REQUIRED), + ('optional', True, ssl.CERT_OPTIONAL), + ('none', True, ssl.CERT_NONE), + ('CERT_REQUIRED', None, None), +]) +def test_parse_ssl_cert_reqs(query_param, ssl_available, expected): + kombu.utils.url.ssl_available = ssl_available + result = parse_ssl_cert_reqs(query_param) + kombu.utils.url.ssl_available = True + assert result == expected + + +def test_parse_ssl_cert_reqs_bad_value(): + with pytest.raises(KeyError): + parse_ssl_cert_reqs('badvalue') |