From 0f9652d92e175a1f7dc3c2a37ab444b8f189375a Mon Sep 17 00:00:00 2001 From: Daniel Gollub Date: Sun, 23 Feb 2014 09:30:00 +0100 Subject: [PATCH] Replace httplib.HTTPSConnection in unittests SSL Verification is from now on enabled by default for the TestOpenStackClient. So far no unittests was making actively use of httplib.HTTPSConnection. Intention is to reduce noise of audits/scanners which look for Python 2.x httplib.HTTPSConnection missing SSL verification. By completely abandoning the use of httplib.HTTPSConnection. Change-Id: Ic0352cf453d5c41f09084a6d68b3393b8ddda84a Partial-Bug: 1188189 --- cinder/tests/integrated/api/client.py | 42 +++++++++++----------- cinder/tests/integrated/test_extensions.py | 2 +- cinder/tests/integrated/test_xml.py | 7 ++-- 3 files changed, 25 insertions(+), 26 deletions(-) diff --git a/cinder/tests/integrated/api/client.py b/cinder/tests/integrated/api/client.py index c06827cc1f9..84e878e4964 100644 --- a/cinder/tests/integrated/api/client.py +++ b/cinder/tests/integrated/api/client.py @@ -12,7 +12,8 @@ # License for the specific language governing permissions and limitations # under the License. -import httplib +import netaddr +import requests import urlparse from cinder.openstack.common import jsonutils @@ -30,8 +31,8 @@ class OpenStackApiException(Exception): if response: message = _('%(message)s\nStatus Code: %(_status)s\n' - 'Body: %(_body)s') % {'_status': response.status, - '_body': response.read()} + 'Body: %(_body)s') % {'_status': response.status_code, + '_body': response.text} super(OpenStackApiException, self).__init__(message) @@ -76,7 +77,8 @@ class TestOpenStackClient(object): # default project_id self.project_id = 'openstack' - def request(self, url, method='GET', body=None, headers=None): + def request(self, url, method='GET', body=None, headers=None, + ssl_verify=True, stream=False): _headers = {'Content-Type': 'application/json'} _headers.update(headers or {}) @@ -85,14 +87,8 @@ class TestOpenStackClient(object): hostname = parsed_url.hostname scheme = parsed_url.scheme - if scheme == 'http': - conn = httplib.HTTPConnection(hostname, - port=port) - elif scheme == 'https': - conn = httplib.HTTPSConnection(hostname, - port=port) - else: - raise OpenStackApiException("Unknown scheme: %s" % url) + if netaddr.valid_ipv6(hostname): + hostname = "[%s]" % hostname relative_url = parsed_url.path if parsed_url.query: @@ -102,8 +98,14 @@ class TestOpenStackClient(object): if body: LOG.info(_("Body: %s") % body) - conn.request(method, relative_url, body, _headers) - response = conn.getresponse() + if port: + _url = "%s://%s:%d%s" % (scheme, hostname, int(port), relative_url) + else: + _url = "%s://%s%s" % (scheme, hostname, relative_url) + + response = requests.request(method, _url, data=body, headers=_headers, + verify=ssl_verify, stream=stream) + return response def _authenticate(self): @@ -117,18 +119,14 @@ class TestOpenStackClient(object): response = self.request(auth_uri, headers=headers) - http_status = response.status + http_status = response.status_code LOG.debug(_("%(auth_uri)s => code %(http_status)s"), {'auth_uri': auth_uri, 'http_status': http_status}) if http_status == 401: raise OpenStackApiAuthenticationException(response=response) - auth_headers = {} - for k, v in response.getheaders(): - auth_headers[k] = v - - self.auth_result = auth_headers + self.auth_result = response.headers return self.auth_result def api_request(self, relative_uri, check_response_status=None, **kwargs): @@ -144,7 +142,7 @@ class TestOpenStackClient(object): response = self.request(full_uri, **kwargs) - http_status = response.status + http_status = response.status_code LOG.debug(_("%(relative_uri)s => code %(http_status)s"), {'relative_uri': relative_uri, 'http_status': http_status}) @@ -162,7 +160,7 @@ class TestOpenStackClient(object): return response def _decode_json(self, response): - body = response.read() + body = response.text LOG.debug(_("Decoding JSON: %s") % (body)) if body: return jsonutils.loads(body) diff --git a/cinder/tests/integrated/test_extensions.py b/cinder/tests/integrated/test_extensions.py index de4cdcb3013..da965d39815 100644 --- a/cinder/tests/integrated/test_extensions.py +++ b/cinder/tests/integrated/test_extensions.py @@ -36,6 +36,6 @@ class ExtensionsTest(integrated_helpers._IntegratedTestBase): def test_get_foxnsocks(self): """Simple check that fox-n-socks works.""" response = self.api.api_request('/foxnsocks') - foxnsocks = response.read() + foxnsocks = response.text LOG.debug("foxnsocks: %s" % foxnsocks) self.assertEqual('Try to say this Mr. Knox, sir...', foxnsocks) diff --git a/cinder/tests/integrated/test_xml.py b/cinder/tests/integrated/test_xml.py index 68c89dbc26c..ca149b00379 100644 --- a/cinder/tests/integrated/test_xml.py +++ b/cinder/tests/integrated/test_xml.py @@ -42,8 +42,9 @@ class XmlTests(integrated_helpers._IntegratedTestBase): headers = {} headers['Accept'] = 'application/xml' - response = self.api.api_request('/volumes', headers=headers) - data = response.read() + response = self.api.api_request('/volumes', headers=headers, + stream=True) + data = response.raw LOG.warn("data: %s" % data) - root = etree.XML(data) + root = etree.parse(data).getroot() self.assertEqual(root.nsmap.get(None), common.XML_NS_V1)