Add support for disabling SSL certificate verification

Signed-off-by: Pragadeeswaran Sathyanarayanan <psathyan@redhat.com>
(cherry picked from commit ea3caaa76b)
This commit is contained in:
Pragadeeswaran Sathyanarayanan 2021-07-30 09:44:29 +05:30 committed by Ali Maredia
parent 287acbc6e7
commit 521346dcc4
3 changed files with 71 additions and 42 deletions

View file

@ -10,6 +10,9 @@ port = 8000
## say "False" to disable TLS
is_secure = False
## say "False" to disable SSL Verify
ssl_verify = True
[fixtures]
## all the buckets created will start with this prefix;
## {random} will be filled with random characters to pad

View file

@ -9,6 +9,7 @@ import munch
import random
import string
import itertools
import urllib3
config = munch.Munch
@ -166,6 +167,15 @@ def setup():
proto = 'https' if config.default_is_secure else 'http'
config.default_endpoint = "%s://%s:%d" % (proto, config.default_host, config.default_port)
try:
config.default_ssl_verify = cfg.getboolean('DEFAULT', "ssl_verify")
except configparser.NoOptionError:
config.default_ssl_verify = True
# Disable InsecureRequestWarning reported by urllib3 when ssl_verify is False
if not config.default_ssl_verify:
urllib3.disable_warnings()
# vars from the main section
config.main_access_key = cfg.get('s3 main',"access_key")
config.main_secret_key = cfg.get('s3 main',"secret_key")
@ -213,6 +223,7 @@ def setup():
nuke_prefixed_buckets(prefix=prefix, client=alt_client)
nuke_prefixed_buckets(prefix=prefix, client=tenant_client)
def teardown():
alt_client = get_alt_client()
tenant_client = get_tenant_client()
@ -247,6 +258,7 @@ def get_client(client_config=None):
aws_secret_access_key=config.main_secret_key,
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=client_config)
return client
@ -256,6 +268,7 @@ def get_v2_client():
aws_secret_access_key=config.main_secret_key,
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=Config(signature_version='s3'))
return client
@ -269,6 +282,7 @@ def get_sts_client(client_config=None):
endpoint_url=config.default_endpoint,
region_name='',
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=client_config)
return client
@ -300,6 +314,7 @@ def get_iam_client(client_config=None):
endpoint_url=config.default_endpoint,
region_name='',
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=client_config)
return client
@ -312,6 +327,7 @@ def get_alt_client(client_config=None):
aws_secret_access_key=config.alt_secret_key,
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=client_config)
return client
@ -324,6 +340,7 @@ def get_tenant_client(client_config=None):
aws_secret_access_key=config.tenant_secret_key,
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=client_config)
return client
@ -334,6 +351,7 @@ def get_tenant_iam_client():
aws_access_key_id=config.tenant_access_key,
aws_secret_access_key=config.tenant_secret_key,
endpoint_url=config.default_endpoint,
verify=config.default_ssl_verify,
use_ssl=config.default_is_secure)
return client
@ -343,6 +361,7 @@ def get_unauthenticated_client():
aws_secret_access_key='',
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=Config(signature_version=UNSIGNED))
return client
@ -352,6 +371,7 @@ def get_bad_auth_client(aws_access_key_id='badauth'):
aws_secret_access_key='roflmao',
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=Config(signature_version='s3v4'))
return client
@ -364,6 +384,7 @@ def get_svc_client(client_config=None, svc='s3'):
aws_secret_access_key=config.main_secret_key,
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=client_config)
return client
@ -394,7 +415,8 @@ def get_new_bucket_resource(name=None):
aws_access_key_id=config.main_access_key,
aws_secret_access_key=config.main_secret_key,
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure)
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify)
if name is None:
name = get_new_bucket_name()
bucket = s3.Bucket(name)
@ -444,6 +466,9 @@ def get_config_port():
def get_config_endpoint():
return config.default_endpoint
def get_config_ssl_verify():
return config.default_ssl_verify
def get_main_aws_access_key():
return config.main_access_key

View file

@ -50,6 +50,7 @@ from . import (
get_config_host,
get_config_port,
get_config_endpoint,
get_config_ssl_verify,
get_main_aws_access_key,
get_main_aws_secret_key,
get_main_display_name,
@ -2283,7 +2284,7 @@ def test_post_object_anonymous_request():
("Content-Type" , "text/plain"),('file', ('bar'))])
client.create_bucket(ACL='public-read-write', Bucket=bucket_name)
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
body = _get_body(response)
@ -2325,7 +2326,7 @@ def test_post_object_authenticated_request():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
body = _get_body(response)
@ -2366,7 +2367,7 @@ def test_post_object_authenticated_no_content_type():
("acl" , "private"),("signature" , signature),("policy" , policy),\
('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key="foo.txt")
body = _get_body(response)
@ -2408,7 +2409,7 @@ def test_post_object_authenticated_request_bad_access_key():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 403)
@attr(resource='object')
@ -2425,7 +2426,7 @@ def test_post_object_set_success_code():
("success_action_status" , "201"),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 201)
message = ET.fromstring(r.content).find('Key')
eq(message.text,'foo.txt')
@ -2444,7 +2445,7 @@ def test_post_object_set_invalid_success_code():
("success_action_status" , "404"),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
content = r.content.decode()
eq(content,'')
@ -2486,7 +2487,7 @@ def test_post_object_upload_larger_than_chunk():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', foo_string)])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
body = _get_body(response)
@ -2526,7 +2527,7 @@ def test_post_object_set_key_from_filename():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('foo.txt', 'bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
body = _get_body(response)
@ -2567,7 +2568,7 @@ def test_post_object_ignored_header():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),("x-ignore-foo" , "bar"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
@attr(resource='object')
@ -2606,7 +2607,7 @@ def test_post_object_case_insensitive_condition_fields():
("aCl" , "private"),("signature" , signature),("pOLICy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
@attr(resource='object')
@ -2643,7 +2644,7 @@ def test_post_object_escaped_field_values():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='\$foo.txt')
body = _get_body(response)
@ -2688,7 +2689,7 @@ def test_post_object_success_redirect_action():
("Content-Type" , "text/plain"),("success_action_redirect" , redirect_url),\
('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 200)
url = r.url
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
@ -2730,7 +2731,7 @@ def test_post_object_invalid_signature():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 403)
@attr(resource='object')
@ -2767,7 +2768,7 @@ def test_post_object_invalid_access_key():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 403)
@attr(resource='object')
@ -2804,7 +2805,7 @@ def test_post_object_invalid_date_format():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -2840,7 +2841,7 @@ def test_post_object_no_key_specified():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -2877,7 +2878,7 @@ def test_post_object_missing_signature():
("acl" , "private"),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -2913,7 +2914,7 @@ def test_post_object_missing_policy_condition():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 403)
@attr(resource='object')
@ -2951,7 +2952,7 @@ def test_post_object_user_specified_header():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('x-amz-meta-foo' , 'barclamp'),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
eq(response['Metadata']['foo'], 'barclamp')
@ -2991,7 +2992,7 @@ def test_post_object_request_missing_policy_specified_field():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 403)
@attr(resource='object')
@ -3028,7 +3029,7 @@ def test_post_object_condition_is_case_sensitive():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3065,7 +3066,7 @@ def test_post_object_expires_is_case_sensitive():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3102,7 +3103,7 @@ def test_post_object_expired_policy():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 403)
@attr(resource='object')
@ -3139,7 +3140,7 @@ def test_post_object_invalid_request_field_value():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('x-amz-meta-foo' , 'barclamp'),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 403)
@attr(resource='object')
@ -3176,7 +3177,7 @@ def test_post_object_missing_expires_condition():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3205,7 +3206,7 @@ def test_post_object_missing_conditions_list():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3242,7 +3243,7 @@ def test_post_object_upload_size_limit_exceeded():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3279,7 +3280,7 @@ def test_post_object_missing_content_length_argument():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3316,7 +3317,7 @@ def test_post_object_invalid_content_length_argument():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3353,7 +3354,7 @@ def test_post_object_upload_size_below_minimum():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3386,7 +3387,7 @@ def test_post_object_empty_conditions():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3943,7 +3944,7 @@ def test_object_raw_get_x_amz_expires_not_expired():
url = client.generate_presigned_url(ClientMethod='get_object', Params=params, ExpiresIn=100000, HttpMethod='GET')
res = requests.get(url).__dict__
res = requests.get(url, verify=get_config_ssl_verify()).__dict__
eq(res['status_code'], 200)
@attr(resource='object')
@ -3957,7 +3958,7 @@ def test_object_raw_get_x_amz_expires_out_range_zero():
url = client.generate_presigned_url(ClientMethod='get_object', Params=params, ExpiresIn=0, HttpMethod='GET')
res = requests.get(url).__dict__
res = requests.get(url, verify=get_config_ssl_verify()).__dict__
eq(res['status_code'], 403)
@attr(resource='object')
@ -3971,7 +3972,7 @@ def test_object_raw_get_x_amz_expires_out_max_range():
url = client.generate_presigned_url(ClientMethod='get_object', Params=params, ExpiresIn=609901, HttpMethod='GET')
res = requests.get(url).__dict__
res = requests.get(url, verify=get_config_ssl_verify()).__dict__
eq(res['status_code'], 403)
@attr(resource='object')
@ -3985,7 +3986,7 @@ def test_object_raw_get_x_amz_expires_out_positive_range():
url = client.generate_presigned_url(ClientMethod='get_object', Params=params, ExpiresIn=-7, HttpMethod='GET')
res = requests.get(url).__dict__
res = requests.get(url, verify=get_config_ssl_verify()).__dict__
eq(res['status_code'], 403)
@ -4044,7 +4045,7 @@ def test_object_raw_put_authenticated_expired():
url = client.generate_presigned_url(ClientMethod='put_object', Params=params, ExpiresIn=-1000, HttpMethod='PUT')
# params wouldn't take a 'Body' parameter so we're passing it in here
res = requests.put(url,data="foo").__dict__
res = requests.put(url, data="foo", verify=get_config_ssl_verify()).__dict__
eq(res['status_code'], 403)
def check_bad_bucket_name(bucket_name):
@ -7393,7 +7394,7 @@ def test_set_cors():
eq(status, 404)
def _cors_request_and_check(func, url, headers, expect_status, expect_allow_origin, expect_allow_methods):
r = func(url, headers=headers)
r = func(url, headers=headers, verify=get_config_ssl_verify())
eq(r.status_code, expect_status)
assert r.headers.get('access-control-allow-origin', None) == expect_allow_origin
@ -10179,7 +10180,7 @@ def test_encryption_sse_c_post_object_authenticated_request():
('x-amz-server-side-encryption-customer-key-md5', 'DWygnHRtgiJ77HCm+1rvHw=='), \
('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
get_headers = {
@ -10468,7 +10469,7 @@ def test_sse_kms_post_object_authenticated_request():
('x-amz-server-side-encryption-aws-kms-key-id', kms_keyid), \
('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
@ -11174,7 +11175,7 @@ def test_post_object_tags_anonymous_request():
('file', ('bar')),
])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key=key_name)
body = _get_body(response)
@ -11226,7 +11227,7 @@ def test_post_object_tags_authenticated_request():
("Content-Type" , "text/plain"),
('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
body = _get_body(response)