| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
When we request something from SSL wrapped app using py3 and we do
not get answer at all. In case of unit tests we face test timeout.
So, skip these tests until related bug is fixed. This also enables
other test cases in this module.
Related-Bug: #1482633
Partially-Implements: blueprint goal-python35
Change-Id: I4933e47b0759716f387ec26e3bd8a4e725eb4f91
|
| |
|
|
|
|
|
|
| |
Now that the WSGI opts have been added to a group, there's no longer
any reason to keep the 'wsgi_' prefix for some of these opts around.
Remove it, ensuring the old names are stored as deprecated names.
Change-Id: If39bed3ed2335b6f96455870f1a47cb868d21f39
|
| |
|
|
|
|
|
| |
Move all wsgi configuration into [wsgi] group. Update references to
these configuration options to reflect new group.
Change-Id: I1a0a0ce1b0c1bdf60114caf6f5d4e28fd2c3cda5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's no discernable reason why we need to use a raw
eventlet-based client TestWSGIServerWithSSL to confirm that a
wsgi server is listening correctly and returning the expected
response, especially since using eventlet leads to unreliable
i/o on the socket unless there is an explicit yield before
asserting the value of the response.
So requests is used to query the servers and verify the response.
Change-Id: I00c1c1e93eb7c66c3370434db4e3e6c00087f8aa
Closes-Bug: #1543766
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change replaces the use of stubs in a few files
with stub_out, which was introduced in test.py.
Also, remove mox usage in some of the files.
unit/test_wsgi.py
unit/test_versions.py
unit/test_utils.py
Part of bp:remove-mox
Change-Id: I0ba80882e745fdf6a208db2455df0a1b458ce836
|
| |
|
|
|
|
| |
TrivialFix
Change-Id: I800f4a9ec14ce09b051d649b432f91329d2c420b
|
| |
|
|
|
|
|
|
|
|
| |
Commit e9c48d5 fixed socket tests issues on OSX related to
SO_REUSEADDR that were reported in bug #1436895. The same behaviour
applies to BSD as well, so make this fix more general and run the
tests on Linux only.
Closes-bug: #1467145
Change-Id: I09c2969658c4716d06b22513d321006f31d57baa
|
| |
|
|
|
|
|
|
| |
For now, let's skip these two tests since
SO_REUSEADDR behaves differently.
Closes-Bug: #1436895
Change-Id: I3bcd3edca2057a3990bf2cca6d2871555bd0123a
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If some other process is listening on port 4444,
test_server_pool_waitall will fail with:
error: [Errno 98] Address already in use
This test doesn't require use of this specific port,
so let it pick an unused port to avoid this failure.
Closes-Bug: #1421759
Change-Id: Ib92797e41a2bd37a59d3465b4764f00c1d9c2444
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The oslo team is recommending everyone to switch to the
non-namespaced versions of libraries. Updating the hacking
rule to include a check to prevent oslo.* import from
creeping back in.
This commit includes:
- using oslo_utils instead of oslo.utils
- using oslo_serialization instead of oslo.serialization
- using oslo_db instead of oslo.db
- using oslo_i18n instead of oslo.i18n
- using oslo_middleware instead of oslo.middleware
- using oslo_config instead of oslo.config
- using oslo_messaging instead of "from oslo import messaging"
- using oslo_vmware instead of oslo.vmware
Change-Id: I3e2eb147b321ce3e928817b62abcb7d023c5f13f
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently socket options, socket.SO_REUSEADDR, socket.TCP_KEEPIDLE and
socket.SO_KEEPALIVE are set only if SSL is enabled.
socket.SO_REUSEADDR:
This socket option tells the kernel that even if this port is busy
(in the TIME_WAIT state), go ahead and reuse it anyway. It is useful if your
server has been shut down, and then restarted right away while sockets are
still active on its port.
socket.SO_KEEPALIVE:
To confirm that an idle connection is still active, these implementations
send a probe segment designed to elicit a response from the peer TCP. The the
probe causes the receiver to return an acknowledgement segment, confirming
that the connection is still live. If the peer has dropped the connection due
to a network partition or a crash, it will respond with a RST instead of an
acknowledgement segment.
socket.TCP_KEEPIDLE:
It is useful to set this socket option, because if the other peers lose their
connection (for example by rebooting) you will notice that the connection is
broken, even if you don't have traffic on it. If the probes are not replied
to by your peer, you can assert that the connection cannot be considered valid
and then take the correct action.
IMO, these options are useful in both the cases, whether SSL is enabled or not.
Made provision to set socket.SO_REUSEADDR, socket.TCP_KEEPIDLE and
socket.SO_KEEPALIVE socket options if SSL is enabled or not.
Closes-Bug: #1369414
Change-Id: I25b353dcf1ca6eba1c54d297994d56c0064daca5
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Switch the WSGI SSL IPv6 test from urllib2 to Requests because of
Python 2.7.9 changes and provide a server SSL certificate that
supports IPv6.
The test failed on Python 2.7.9 because Python now verifies SSL
connections by default (PEP 466) and the test CA certificate was not
provided to verify the SSL connection. Passing urllib2.urlopener the
test CA certificate through the new cafile parameter allows Python to
verify the SSL connection, but is not compatible with prior versions
of Python. Requests supports using a CA file regardless of Python 2.7
version.
Once using Requests and the test CA certificate to verify the SSL
connection the test continued to fail because the previous certificate
only specified an IPv4 address, specifically in the deprecated Common
Name field, which is unsuitable for verifying an IPv6 address.
Error: hostname '::1' doesn't match u'0.0.0.0'
A new certificate was created with a wildcard in the Common Name
field, but primarily depends on IPv4 and IPv6 localhost names and
addresses in the Subject Alternative Name field to accommodate a
variety of test scenarios and in line with industry practices (see RFC
2818).
The old CA's private key was not available to sign the new server
certificate so a new CA certificate was generated and it's public and
private keys are provided.
Closes-Bug: #1404390
Change-Id: I990d5b5b57d1b5c569aa86828364b3a762d149e1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Presently, the wsgi server allows persist connections hence even after
the response is sent to the client, it doesn't close the client socket
connection.
Because of this problem, the green thread is not released back to the pool.
In order to close the client socket connection explicitly after the
response is sent and read successfully by the client, you simply have to
set keepalive to False when you create a wsgi server.
Add a parameter to take advantage of the new(ish) eventlet socket timeout
behaviour. Allows closing idle client connections after a period of
time, eg:
$ time nc localhost 8776
real 1m0.063s
Setting 'client_socket_timeout = 0' means do not timeout.
DocImpact:
Added wsgi_keep_alive option (default=True).
Added client_socket_timeout option (default=900).
SecurityImpact
Closes-Bug: #1361360
Change-Id: I399b812f6d452226fd306c423de8dcea8520d2aa
|
|
|
As part of the split of functional and unit tests we need to isolate
the unit tests into a separate directory for having multiple test
targets in a sane way.
Part of bp:functional-tests-for-nova
Change-Id: Id42ba373c1bda6a312b673ab2b489ca56da8c628
|
