Skip to content

Commit

Permalink
Fetch Kiwi TCMS' CA certificate and install it locally during testing
Browse files Browse the repository at this point in the history 
that should allow Python to verify the HTTPS certificate on the other
side of the connection and not complain about it!
  • Loading branch information
@atodorov
atodorov committed Jun 4, 2024
1 parent b445dd4 commit 8c5b816
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 79 deletions.
19 changes: 19 additions & 0 deletions .github/workflows/integration.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,25 @@ jobs:
WEB_ADDR=`docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web_kiwitcms_org`
sudo sh -c "echo '$WEB_ADDR web.kiwitcms.org' >> /etc/hosts"
- name: Install ca.crt from Kiwi TCMS
run: |
# regenerate new certificate, valid for the hostname used during testing
docker exec -i web_kiwitcms_org /usr/bin/sscg -v -f \
--hostname "web.kiwitcms.org" \
--country BG --locality Sofia \
--organization "Kiwi TCMS" \
--organizational-unit "Quality Engineering" \
--ca-file /Kiwi/static/ca.crt \
--cert-file /Kiwi/ssl/localhost.crt \
--cert-key-file /Kiwi/ssl/localhost.key
# restart web service so that it uses the new certificate
docker-compose -f tests/krb5/docker-compose.yml restart web_kiwitcms_org
sudo mkdir -p /usr/local/share/ca-certificates/
sudo curl --insecure https://web.kiwitcms.org:8443/static/ca.crt --output /usr/local/share/ca-certificates/Kiwi_TCMS_CA.crt
sudo update-ca-certificates --fresh --verbose
- name: Install & configure Kerberos client
if: matrix.os == 'ubuntu-latest' && matrix.gssapi == 'with'
run: |
Expand Down
66 changes: 18 additions & 48 deletions tests/krb5/integration_test.py
View file
Original file line number Diff line number Diff line change
@@ -1,71 +1,41 @@
#!/usr/bin/env python

#
# Copyright (c) 2020-2021 Kiwi TCMS project. All rights reserved.
# Copyright (c) 2020-2024 Kiwi TCMS project. All rights reserved.
# Author: Alexander Todorov <info@kiwitcms.org>
#

import ssl
import unittest
from unittest.mock import patch

from datetime import datetime

import requests
from tcms_api import TCMS


try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context


class DoNotVerifySSLSession(requests.sessions.Session):
def __init__(self):
super().__init__()
self.verify = False

def get(self, url, **kwargs):
kwargs.setdefault("verify", False)
return super().get(url, **kwargs)


class IntegrationTestCase(unittest.TestCase):
@classmethod
def setUpClass(cls):
cls.rpc = TCMS().exec

def test_readonly_filtering_works(self):
with patch("requests.sessions.Session") as session:
session.return_value = DoNotVerifySSLSession()

results = self.rpc.Product.filter({})
self.assertGreater(len(results), 0)
results = self.rpc.Product.filter({})
self.assertGreater(len(results), 0)

def test_create_objects_works(self):
with patch("requests.sessions.Session") as session:
session.return_value = DoNotVerifySSLSession()

now = datetime.now().isoformat()

result = self.rpc.Classification.filter(
{
"name": "test-products",
}
)[0]
self.assertEqual(result["name"], "test-products")
classification_id = result["id"]

product_name = "tcms-api-%s" % now
result = self.rpc.Product.create(
{"name": product_name, "classification": classification_id}
)
self.assertEqual(result["name"], product_name)
now = datetime.now().isoformat()

result = self.rpc.Classification.filter(
{
"name": "test-products",
}
)[0]
self.assertEqual(result["name"], "test-products")
classification_id = result["id"]

product_name = "tcms-api-%s" % now
result = self.rpc.Product.create(
{"name": product_name, "classification": classification_id}
)
self.assertEqual(result["name"], product_name)


if __name__ == "__main__":
Expand Down
36 changes: 5 additions & 31 deletions tests/krb5/python_credentials_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,34 +5,11 @@
# Author: Alexander Todorov <info@kiwitcms.org>
#

import ssl
import unittest
from unittest.mock import patch

import requests
from tcms_api import TCMS


try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context


class DoNotVerifySSLSession(requests.sessions.Session):
def __init__(self):
super().__init__()
self.verify = False

def get(self, url, **kwargs):
kwargs.setdefault("verify", False)
return super().get(url, **kwargs)


class PythonCredentialsTestCase(unittest.TestCase):
@classmethod
def setUpClass(cls):
Expand All @@ -43,16 +20,13 @@ def setUpClass(cls):
).exec

def test_passing_credentials_via_python_works(self):
with patch("requests.sessions.Session") as session:
session.return_value = DoNotVerifySSLSession()

result = self.rpc.User.filter()[0]
result = self.rpc.User.filter()[0]

# this is from config file
self.assertNotEqual(result["username"], "kiwitcms-bot")
# this is from config file
self.assertNotEqual(result["username"], "kiwitcms-bot")

# this is specified in setUpClass() above
self.assertEqual(result["username"], "kiwitcms-developer")
# this is specified in setUpClass() above
self.assertEqual(result["username"], "kiwitcms-developer")


if __name__ == "__main__":
Expand Down

0 comments on commit 8c5b816

Please sign in to comment.