From ed11e26c2c47a90a72cfc5a0673b6a37bc704d1c Mon Sep 17 00:00:00 2001 From: Charles Cowart Date: Wed, 17 Jul 2024 17:31:56 -0700 Subject: [PATCH] Tentative test changes --- qiita_client/plugin.py | 7 ++++++- qiita_client/qiita_client.py | 19 ++++++++++++------- qiita_client/testing.py | 10 ++++++---- qiita_client/tests/test_plugin.py | 6 ++---- qiita_client/tests/test_qiita_client.py | 20 ++++++++++---------- 5 files changed, 36 insertions(+), 26 deletions(-) diff --git a/qiita_client/plugin.py b/qiita_client/plugin.py index a674eb8..e2c6c0d 100644 --- a/qiita_client/plugin.py +++ b/qiita_client/plugin.py @@ -245,7 +245,12 @@ def __call__(self, server_url, job_id, output_dir): qclient = QiitaClient(server_url, config.get('oauth2', 'CLIENT_ID'), config.get('oauth2', 'CLIENT_SECRET'), - server_cert=config.get('oauth2', 'SERVER_CERT')) + # for this group of tests, confirm optional + # ca_cert parameter works as intended. Setting + # this value will prevent underlying libraries + # from validating the server's cert using + # certifi's pem cache. + ca_cert=environ['QIITA_ROOT_CA']) if job_id == 'register': self._register(qclient) diff --git a/qiita_client/qiita_client.py b/qiita_client/qiita_client.py index e263987..d87bc02 100644 --- a/qiita_client/qiita_client.py +++ b/qiita_client/qiita_client.py @@ -166,8 +166,8 @@ class QiitaClient(object): The client id to connect to the Qiita server client_secret : str The client secret id to connect to the Qiita server - server_cert : str, optional - The server certificate, in case that it is not verified + ca_cert : str, optional + CA cert used to sign and verify cert@server_url Methods @@ -175,7 +175,7 @@ class QiitaClient(object): get post """ - def __init__(self, server_url, client_id, client_secret, server_cert=None): + def __init__(self, server_url, client_id, client_secret, ca_cert=None): self._server_url = server_url self._session = requests.Session() @@ -186,16 +186,21 @@ def __init__(self, server_url, client_id, client_secret, server_cert=None): # if certificate verification should be performed or not, or a # string with the path to the certificate file that needs to be used # to verify the identity of the server. - # We are setting this attribute at __init__ time so we can avoid - # executing this if statement for each request issued. - if not server_cert: + # We are setting this attribute at __init__ time to avoid executing + # this if statement for each request issued. + + # As self-signed server certs are no longer allowed in one or more of + # our dependencies, ca_cert (if provided) must now reference a file + # that can be used to verify the certificate used by the server + # referenced by server_url, rather than the server's own certificate. + if not ca_cert: # The server certificate is not provided, use standard certificate # verification methods self._verify = True else: # The server certificate is provided, use it to verify the identity # of the server - self._verify = server_cert + self._verify = ca_cert # Set up oauth2 self._client_id = client_id diff --git a/qiita_client/testing.py b/qiita_client/testing.py index 642898e..d28a5d1 100644 --- a/qiita_client/testing.py +++ b/qiita_client/testing.py @@ -24,11 +24,13 @@ def setUpClass(cls): cls.client_id = '19ndkO3oMKsoChjVVWluF7QkxHRfYhTKSFbAVt8IhK7gZgDaO4' cls.client_secret = ('J7FfQ7CQdOxuKhQAf1eoGgBAE81Ns8Gu3EKaWFm3IO2JKh' 'AmmCWZuabe0O5Mp28s1') - cls.server_cert = environ.get('QIITA_SERVER_CERT', None) + # cls.server_cert = environ.get('QIITA_SERVER_CERT', None) qiita_port = int(environ.get('QIITA_PORT', 21174)) - cls.qclient = QiitaClient( - "https://localhost:%d" % qiita_port, cls.client_id, - cls.client_secret) + + # do not rely on defining ca_cert for these tests. Instead append + # the appropriate CA cert to certifi's pem file. + cls.qclient = QiitaClient("https://localhost:%d" % qiita_port, + cls.client_id, cls.client_secret) logger.debug( 'PluginTestCase.setUpClass() token %s' % cls.qclient._token) cls.qclient.post('/apitest/reload_plugins/') diff --git a/qiita_client/tests/test_plugin.py b/qiita_client/tests/test_plugin.py index 05cba7f..6c03b15 100644 --- a/qiita_client/tests/test_plugin.py +++ b/qiita_client/tests/test_plugin.py @@ -168,8 +168,7 @@ def html_generator_func(a, b, c, d): validate_func, html_generator_func, atypes) # Generate the config file for the new plugin - tester.generate_config('ls', 'echo', - server_cert=self.server_cert) + tester.generate_config('ls', 'echo') # server_cert=self.server_cert) # Ask Qiita to reload the plugins self.qclient.post('/apitest/reload_plugins/') @@ -213,8 +212,7 @@ def func(qclient, job_id, job_params, working_dir): {'out1': 'Demultiplexed'}) tester.register_command(a_cmd) - tester.generate_config('ls', 'echo', - server_cert=self.server_cert) + tester.generate_config('ls', 'echo') # server_cert=self.server_cert) self.qclient.post('/apitest/reload_plugins/') tester("https://localhost:21174", 'register', 'ignored') diff --git a/qiita_client/tests/test_qiita_client.py b/qiita_client/tests/test_qiita_client.py index cc91d6f..c0565c0 100644 --- a/qiita_client/tests/test_qiita_client.py +++ b/qiita_client/tests/test_qiita_client.py @@ -7,7 +7,7 @@ # ----------------------------------------------------------------------------- from unittest import TestCase, main -from os import environ, remove, close +from os import remove, close from os.path import basename, exists from tempfile import mkstemp from json import dumps @@ -97,12 +97,13 @@ def test_format_payload_error(self): class QiitaClientTests(PluginTestCase): def setUp(self): - self.server_cert = environ.get('QIITA_SERVER_CERT', None) - self.tester = QiitaClient("https://localhost:21174", CLIENT_ID, - CLIENT_SECRET, server_cert=self.server_cert) - self.bad_tester = QiitaClient("https://localhost:21174", BAD_CLIENT_ID, - CLIENT_SECRET, - server_cert=self.server_cert) + # self.server_cert = environ.get('QIITA_SERVER_CERT', None) + self.tester = QiitaClient("https://localhost:21174", + CLIENT_ID, + CLIENT_SECRET) + self.bad_tester = QiitaClient("https://localhost:21174", + BAD_CLIENT_ID, + CLIENT_SECRET) self.clean_up_files = [] # making assertRaisesRegex compatible with Python 2.7 and 3.9 @@ -115,12 +116,11 @@ def tearDown(self): remove(fp) def test_init(self): - obs = QiitaClient("https://localhost:21174", CLIENT_ID, - CLIENT_SECRET, server_cert=self.server_cert) + obs = QiitaClient("https://localhost:21174", CLIENT_ID, CLIENT_SECRET) self.assertEqual(obs._server_url, "https://localhost:21174") self.assertEqual(obs._client_id, CLIENT_ID) self.assertEqual(obs._client_secret, CLIENT_SECRET) - self.assertEqual(obs._verify, self.server_cert) + self.assertEqual(obs._verify, True) def test_get(self): obs = self.tester.get("/qiita_db/artifacts/1/")