-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecate all tls-sni related objects in acme module #6859
Deprecate all tls-sni related objects in acme module #6859
Conversation
…cation warning when tls-sni related objects are accessed.
75e3dd0
to
610f4f4
Compare
Fixing |
a659bc1
to
e76f68e
Compare
d1fbf2f
to
2fb736f
Compare
Did the approach here come from Guido? If so, have a link? |
But it is not specific to monkey patch a module. I took the solution from you in fact (of a link you gave), from discussions about josepy. I will find the link tomorrow. About the class approach, it is because |
For what it's worth, |
It was exactly the example I saw, during the discussion about the retro-portage of new |
Also from this example it shows that |
Here is the link about the problem of get attribute protocol using https://stackoverflow.com/questions/2447353/getattr-on-a-module |
acme/acme/standalone_test.py
Outdated
'forever': False, | ||
}, | ||
) | ||
self.port = 40000 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we should hardcode a port like this.
As a more minor point, why are these changes in this PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In fact this code was subject to deadlock, and it was already the case on Windows. It started also to be it in this PR on Linux. So I refactor to not have this kind of deadlock.
For the port, I would argue that this kind of hardcoded port is in several places in certbot tests: I am not talking of parameters in mocked objects, but in integration tests with real bindings on the system that execute them.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In fact this code was subject to deadlock, and it was already the case on Windows. It started also to be it in this PR on Linux.
I don't see how the other changes in this PR cause a deadlock on Linux here.
For the port, I would argue that this kind of hardcoded port is in several places in certbot tests: I am not talking of parameters in mocked objects, but in integration tests with real bindings on the system that execute them.
I think the major difference is our unit tests are shipped in the Python package and usually run by OS packagers to see if the code is working correctly on their system. We don't have the same control on these environments as we do as on the environment for our integration tests so I think we should try and make our unit tests more robust and avoid doing things like hardcoding ports.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not see neither why it suddenly deadlocked. But since it already happened, in similar code, I preferred to rewrite.
If I solve the static port attribution, to get randomly an available one, like in the previous implementation, will you be OK with the modifications I did here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I solve the static port attribution, to get randomly an available one, like in the previous implementation, will you be OK with the modifications I did here?
I'll need to review the test changes more closely when it's finished, but I should be!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. I pick a random free port.
The changelog needs to be updated in this PR as well. |
9d9cfc3
to
0737d37
Compare
acme/acme/standalone_test.py
Outdated
'forever': False, | ||
}, | ||
) | ||
self.port = 40000 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In fact this code was subject to deadlock, and it was already the case on Windows. It started also to be it in this PR on Linux.
I don't see how the other changes in this PR cause a deadlock on Linux here.
For the port, I would argue that this kind of hardcoded port is in several places in certbot tests: I am not talking of parameters in mocked objects, but in integration tests with real bindings on the system that execute them.
I think the major difference is our unit tests are shipped in the Python package and usually run by OS packagers to see if the code is working correctly on their system. We don't have the same control on these environments as we do as on the environment for our integration tests so I think we should try and make our unit tests more robust and avoid doing things like hardcoding ports.
Co-Authored-By: adferrand <adferrand@users.noreply.github.com>
This PR is a part of the tls-sni-01 removal plan described in #6849.
As
acme
is a library, we need to put some efforts to make a decent deprecation path before totally removing tls-sni in it. While initialization ofacme.challenges.TLSSNI01
was already creating deprecation warning, not all cases were covered.For instance, and innocent call like this ...
... would break if we suddenly remove all objects related to this challenge.
So, I use the Deprecator Warning Machine, Let's Pacify this Technical Debt (Guido ®), to make
acme.challenges
andacme.standalone
patch themselves, and display a deprecation warning on stderr for any access to the tls-sni challenge objects.No dev should be able to avoid the deprecation warning. I set the deprecation warning in the idea to remove the code on
0.34.0
, but the exact deprecation window is open to discussion of course.