tests: Unset requests-related environment variables

Many of requests' APIs accept a 'verify' parameter which can be a boolean value or a path to either a CA cert bundle or a directory of CA certs. If 'verify=True' is set, requests will look for two environment variables, 'REQUESTS_CA_BUNDLE' and 'CURL_CA_BUNDLE', that, if set, should specify a path to CA certs. If either of these are found, 'requests' overrides the 'True' value with the value of the environment variable [1]. From the docs [2]: This list of trusted CAs can also be specified through the REQUESTS_CA_BUNDLE environment variable. If REQUESTS_CA_BUNDLE is not set, CURL_CA_BUNDLE will be used as fallback. This can cause test failures on environments where either of these are set. Ensure this doesn't happen by using the 'EnvironmentVariable' fixture to unset these environment variables. [1] https://github.com/psf/requests/blob/v2.25.0/requests/sessions.py#L717-L719 [2] https://requests.readthedocs.io/en/master/user/advanced/#ssl-cert-verification Change-Id: I808c9102b214aa25144e88e7773a9890ab0a5bdc Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2021-01-08 11:28:09 +00:00 · 2021-01-08 11:28:09 +00:00 · 3e2025b954
parent e103baa002
commit 3e2025b954
1 changed files with 8 additions and 0 deletions
--- a/oslo_policy/tests/test_external.py
+++ b/oslo_policy/tests/test_external.py
@ -16,6 +16,7 @@
 import json
 from unittest import mock

+import fixtures
 from oslo_serialization import jsonutils
 from requests_mock.contrib import fixture as rm_fixture
 from urllib import parse as urlparse
@ -155,6 +156,11 @@ class HttpsCheckTestCase(base.PolicyBaseTestCase):
        opts._register(self.conf)
        self.requests_mock = self.useFixture(rm_fixture.Fixture())

+        # ensure environment variables don't mess with our test results
+        # https://requests.readthedocs.io/en/master/user/advanced/#ssl-cert-verification
+        self.useFixture(fixtures.EnvironmentVariable('REQUESTS_CA_BUNDLE'))
+        self.useFixture(fixtures.EnvironmentVariable('CURL_CA_BUNDLE'))
+
    def decode_post_data(self, post_data):
        result = {}
        for item in post_data.split('&'):
@ -203,6 +209,8 @@ class HttpsCheckTestCase(base.PolicyBaseTestCase):
    def test_https_accept_with_verify(self):
        self.conf.set_override('remote_ssl_verify_server_crt', True,
                               group='oslo_policy')
+        self.conf.set_override('remote_ssl_ca_crt_file', None,
+                               group='oslo_policy')
        self.requests_mock.post('https://example.com/target', text='True')

        check = _external.HttpsCheck('https', '//example.com/%(name)s')