diff options
| author | Stephen Finucane <sfinucan@redhat.com> | 2021-01-08 11:28:09 +0000 |
|---|---|---|
| committer | Stephen Finucane <stephenfin@redhat.com> | 2021-01-21 14:45:41 +0000 |
| commit | 3e2025b954e909beea1a4b98b5c9aab8b5dc1998 (patch) | |
| tree | 0285d5bb88aa4a895435f1ceb6bc37c2c19c4079 | |
| parent | e103baa002e54303b08630c436dfc7b0b8a013de (diff) | |
| download | oslo-policy-3e2025b954e909beea1a4b98b5c9aab8b5dc1998.tar.gz | |
tests: Unset requests-related environment variables
Many of requests' APIs accept a 'verify' parameter which can be a
boolean value or a path to either a CA cert bundle or a directory of CA
certs. If 'verify=True' is set, requests will look for two environment
variables, 'REQUESTS_CA_BUNDLE' and 'CURL_CA_BUNDLE', that, if set,
should specify a path to CA certs. If either of these are found,
'requests' overrides the 'True' value with the value of the environment
variable [1]. From the docs [2]:
This list of trusted CAs can also be specified through the
REQUESTS_CA_BUNDLE environment variable. If REQUESTS_CA_BUNDLE is not
set, CURL_CA_BUNDLE will be used as fallback.
This can cause test failures on environments where either of these are
set. Ensure this doesn't happen by using the 'EnvironmentVariable'
fixture to unset these environment variables.
[1] https://github.com/psf/requests/blob/v2.25.0/requests/sessions.py#L717-L719
[2] https://requests.readthedocs.io/en/master/user/advanced/#ssl-cert-verification
Change-Id: I808c9102b214aa25144e88e7773a9890ab0a5bdc
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
| -rw-r--r-- | oslo_policy/tests/test_external.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/oslo_policy/tests/test_external.py b/oslo_policy/tests/test_external.py index 478920b..797e70f 100644 --- a/oslo_policy/tests/test_external.py +++ b/oslo_policy/tests/test_external.py @@ -16,6 +16,7 @@ import json from unittest import mock +import fixtures from oslo_serialization import jsonutils from requests_mock.contrib import fixture as rm_fixture from urllib import parse as urlparse @@ -155,6 +156,11 @@ class HttpsCheckTestCase(base.PolicyBaseTestCase): opts._register(self.conf) self.requests_mock = self.useFixture(rm_fixture.Fixture()) + # ensure environment variables don't mess with our test results + # https://requests.readthedocs.io/en/master/user/advanced/#ssl-cert-verification + self.useFixture(fixtures.EnvironmentVariable('REQUESTS_CA_BUNDLE')) + self.useFixture(fixtures.EnvironmentVariable('CURL_CA_BUNDLE')) + def decode_post_data(self, post_data): result = {} for item in post_data.split('&'): @@ -203,6 +209,8 @@ class HttpsCheckTestCase(base.PolicyBaseTestCase): def test_https_accept_with_verify(self): self.conf.set_override('remote_ssl_verify_server_crt', True, group='oslo_policy') + self.conf.set_override('remote_ssl_ca_crt_file', None, + group='oslo_policy') self.requests_mock.post('https://example.com/target', text='True') check = _external.HttpsCheck('https', '//example.com/%(name)s') |