Configurable SSL certificate validation

Adding boolean config opt "disable_ssl_certificate_validation". When set to true, and running Python 2.7.9+ or Python 3.2+, the dashboard basic ops scenario will ignore self-signed or otherwise invalid SSL certificates. Change-Id: I98f585ad0fbe4fb0ee913329a9269744fe4437bd
2016-09-23 15:32:09 -04:00 · 2016-09-23 15:32:09 -04:00 · b6f352de92
parent 5378f71008
commit b6f352de92
2 changed files with 33 additions and 8 deletions
--- a/tempest_horizon/config.py
+++ b/tempest_horizon/config.py
@ -23,9 +23,12 @@ DashboardGroup = [
               default='http://localhost/auth/login/',
               help="Login page for the dashboard",
               deprecated_for_removal=True),
+    cfg.BoolOpt('disable_ssl_certificate_validation',
+                default=False,
+                help="Set to True if using self-signed SSL certificates."),
 ]

-#service_opt = cfg.BoolOpt(
+# service_opt = cfg.BoolOpt(
 #    'horizon', default=True,
 #    help="Whether or not Horizon is expected to be available")
 #
--- a/tempest_horizon/tests/scenario/test_dashboard_basic_ops.py
+++ b/tempest_horizon/tests/scenario/test_dashboard_basic_ops.py
@ -20,6 +20,9 @@ from tempest import config
 from tempest.scenario import manager
 from tempest import test

+import ssl
+import sys
+
 CONF = config.CONF


@ -65,6 +68,7 @@ class TestDashboardBasicOps(manager.ScenarioTest):
    * logs in as a regular user
    * checks that the user home page loads without error
    """
+    opener = None

    @classmethod
    def skip_checks(cls):
@ -78,12 +82,11 @@ class TestDashboardBasicOps(manager.ScenarioTest):
        super(TestDashboardBasicOps, cls).setup_credentials()

    def check_login_page(self):
-        response = request.urlopen(CONF.dashboard.dashboard_url)
-        self.assertIn("id_username", response.read())
+        response = self._get_opener().open(CONF.dashboard.dashboard_url).read()
+        self.assertIn("id_username", response)

    def user_login(self, username, password):
-        self.opener = request.build_opener(request.HTTPCookieProcessor())
-        response = self.opener.open(CONF.dashboard.dashboard_url).read()
+        response = self._get_opener().open(CONF.dashboard.dashboard_url).read()

        # Grab the CSRF token and default region
        parser = HorizonHTMLParser()
@ -105,11 +108,30 @@ class TestDashboardBasicOps(manager.ScenarioTest):
                  'region': parser.region,
                  'domain': CONF.auth.default_credentials_domain_name,
                  'csrfmiddlewaretoken': parser.csrf_token}
-        self.opener.open(req, parse.urlencode(params))
+        self._get_opener().open(req, parse.urlencode(params))

    def check_home_page(self):
-        response = self.opener.open(CONF.dashboard.dashboard_url)
-        self.assertIn('Overview', response.read())
+        response = self._get_opener().open(CONF.dashboard.dashboard_url).read()
+        self.assertIn('Overview', response)
+
+    def _get_opener(self):
+        if not self.opener:
+            if (CONF.dashboard.disable_ssl_certificate_validation and
+               self._ssl_default_context_supported()):
+                ctx = ssl.create_default_context()
+                ctx.check_hostname = False
+                ctx.verify_mode = ssl.CERT_NONE
+                self.opener = request.build_opener(
+                    request.HTTPSHandler(context=ctx),
+                    request.HTTPCookieProcessor())
+            else:
+                self.opener = request.build_opener(
+                    request.HTTPCookieProcessor())
+        return self.opener
+
+    def _ssl_default_context_supported(self):
+        return ((sys.version_info[0] == 2 and sys.version_info[2] >= 9) or
+                (sys.version_info[0] == 3))

    @test.idempotent_id('4f8851b1-0e69-482b-b63b-84c6e76f6c80')
    def test_basic_scenario(self):