Merge pull request #405 from psathyan/wip-ssl-verify

Add support for disabling SSL certificate verification
This commit is contained in:
Ali Maredia 2021-08-09 12:01:25 -04:00 committed by GitHub
commit 5476c709c8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 71 additions and 42 deletions

View file

@ -10,6 +10,9 @@ port = 8000
## say "False" to disable TLS
is_secure = False
## say "False" to disable SSL Verify
ssl_verify = True
[fixtures]
## all the buckets created will start with this prefix;
## {random} will be filled with random characters to pad

View file

@ -9,6 +9,7 @@ import munch
import random
import string
import itertools
import urllib3
config = munch.Munch
@ -171,6 +172,15 @@ def setup():
proto = 'https' if config.default_is_secure else 'http'
config.default_endpoint = "%s://%s:%d" % (proto, config.default_host, config.default_port)
try:
config.default_ssl_verify = cfg.getboolean('DEFAULT', "ssl_verify")
except configparser.NoOptionError:
config.default_ssl_verify = True
# Disable InsecureRequestWarning reported by urllib3 when ssl_verify is False
if not config.default_ssl_verify:
urllib3.disable_warnings()
# vars from the main section
config.main_access_key = cfg.get('s3 main',"access_key")
config.main_secret_key = cfg.get('s3 main',"secret_key")
@ -218,6 +228,7 @@ def setup():
nuke_prefixed_buckets(prefix=prefix, client=alt_client)
nuke_prefixed_buckets(prefix=prefix, client=tenant_client)
def teardown():
alt_client = get_alt_client()
tenant_client = get_tenant_client()
@ -270,6 +281,7 @@ def get_client(client_config=None):
aws_secret_access_key=config.main_secret_key,
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=client_config)
return client
@ -279,6 +291,7 @@ def get_v2_client():
aws_secret_access_key=config.main_secret_key,
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=Config(signature_version='s3'))
return client
@ -292,6 +305,7 @@ def get_sts_client(client_config=None):
endpoint_url=config.default_endpoint,
region_name='',
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=client_config)
return client
@ -323,6 +337,7 @@ def get_iam_client(client_config=None):
endpoint_url=config.default_endpoint,
region_name='',
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=client_config)
return client
@ -335,6 +350,7 @@ def get_alt_client(client_config=None):
aws_secret_access_key=config.alt_secret_key,
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=client_config)
return client
@ -347,6 +363,7 @@ def get_tenant_client(client_config=None):
aws_secret_access_key=config.tenant_secret_key,
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=client_config)
return client
@ -357,6 +374,7 @@ def get_tenant_iam_client():
aws_access_key_id=config.tenant_access_key,
aws_secret_access_key=config.tenant_secret_key,
endpoint_url=config.default_endpoint,
verify=config.default_ssl_verify,
use_ssl=config.default_is_secure)
return client
@ -366,6 +384,7 @@ def get_unauthenticated_client():
aws_secret_access_key='',
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=Config(signature_version=UNSIGNED))
return client
@ -375,6 +394,7 @@ def get_bad_auth_client(aws_access_key_id='badauth'):
aws_secret_access_key='roflmao',
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=Config(signature_version='s3v4'))
return client
@ -387,6 +407,7 @@ def get_svc_client(client_config=None, svc='s3'):
aws_secret_access_key=config.main_secret_key,
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify,
config=client_config)
return client
@ -417,7 +438,8 @@ def get_new_bucket_resource(name=None):
aws_access_key_id=config.main_access_key,
aws_secret_access_key=config.main_secret_key,
endpoint_url=config.default_endpoint,
use_ssl=config.default_is_secure)
use_ssl=config.default_is_secure,
verify=config.default_ssl_verify)
if name is None:
name = get_new_bucket_name()
bucket = s3.Bucket(name)
@ -467,6 +489,9 @@ def get_config_port():
def get_config_endpoint():
return config.default_endpoint
def get_config_ssl_verify():
return config.default_ssl_verify
def get_main_aws_access_key():
return config.main_access_key

View file

@ -51,6 +51,7 @@ from . import (
get_config_host,
get_config_port,
get_config_endpoint,
get_config_ssl_verify,
get_main_aws_access_key,
get_main_aws_secret_key,
get_main_display_name,
@ -2285,7 +2286,7 @@ def test_post_object_anonymous_request():
("Content-Type" , "text/plain"),('file', ('bar'))])
client.create_bucket(ACL='public-read-write', Bucket=bucket_name)
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
body = _get_body(response)
@ -2327,7 +2328,7 @@ def test_post_object_authenticated_request():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
body = _get_body(response)
@ -2368,7 +2369,7 @@ def test_post_object_authenticated_no_content_type():
("acl" , "private"),("signature" , signature),("policy" , policy),\
('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key="foo.txt")
body = _get_body(response)
@ -2410,7 +2411,7 @@ def test_post_object_authenticated_request_bad_access_key():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 403)
@attr(resource='object')
@ -2427,7 +2428,7 @@ def test_post_object_set_success_code():
("success_action_status" , "201"),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 201)
message = ET.fromstring(r.content).find('Key')
eq(message.text,'foo.txt')
@ -2446,7 +2447,7 @@ def test_post_object_set_invalid_success_code():
("success_action_status" , "404"),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
content = r.content.decode()
eq(content,'')
@ -2488,7 +2489,7 @@ def test_post_object_upload_larger_than_chunk():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', foo_string)])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
body = _get_body(response)
@ -2528,7 +2529,7 @@ def test_post_object_set_key_from_filename():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('foo.txt', 'bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
body = _get_body(response)
@ -2569,7 +2570,7 @@ def test_post_object_ignored_header():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),("x-ignore-foo" , "bar"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
@attr(resource='object')
@ -2608,7 +2609,7 @@ def test_post_object_case_insensitive_condition_fields():
("aCl" , "private"),("signature" , signature),("pOLICy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
@attr(resource='object')
@ -2645,7 +2646,7 @@ def test_post_object_escaped_field_values():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='\$foo.txt')
body = _get_body(response)
@ -2690,7 +2691,7 @@ def test_post_object_success_redirect_action():
("Content-Type" , "text/plain"),("success_action_redirect" , redirect_url),\
('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 200)
url = r.url
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
@ -2732,7 +2733,7 @@ def test_post_object_invalid_signature():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 403)
@attr(resource='object')
@ -2769,7 +2770,7 @@ def test_post_object_invalid_access_key():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 403)
@attr(resource='object')
@ -2806,7 +2807,7 @@ def test_post_object_invalid_date_format():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -2842,7 +2843,7 @@ def test_post_object_no_key_specified():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -2879,7 +2880,7 @@ def test_post_object_missing_signature():
("acl" , "private"),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -2915,7 +2916,7 @@ def test_post_object_missing_policy_condition():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 403)
@attr(resource='object')
@ -2953,7 +2954,7 @@ def test_post_object_user_specified_header():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('x-amz-meta-foo' , 'barclamp'),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
eq(response['Metadata']['foo'], 'barclamp')
@ -2993,7 +2994,7 @@ def test_post_object_request_missing_policy_specified_field():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 403)
@attr(resource='object')
@ -3030,7 +3031,7 @@ def test_post_object_condition_is_case_sensitive():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3067,7 +3068,7 @@ def test_post_object_expires_is_case_sensitive():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3104,7 +3105,7 @@ def test_post_object_expired_policy():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 403)
@attr(resource='object')
@ -3141,7 +3142,7 @@ def test_post_object_invalid_request_field_value():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('x-amz-meta-foo' , 'barclamp'),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 403)
@attr(resource='object')
@ -3178,7 +3179,7 @@ def test_post_object_missing_expires_condition():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3207,7 +3208,7 @@ def test_post_object_missing_conditions_list():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3244,7 +3245,7 @@ def test_post_object_upload_size_limit_exceeded():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3281,7 +3282,7 @@ def test_post_object_missing_content_length_argument():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3318,7 +3319,7 @@ def test_post_object_invalid_content_length_argument():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3355,7 +3356,7 @@ def test_post_object_upload_size_below_minimum():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3388,7 +3389,7 @@ def test_post_object_empty_conditions():
("acl" , "private"),("signature" , signature),("policy" , policy),\
("Content-Type" , "text/plain"),('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 400)
@attr(resource='object')
@ -3945,7 +3946,7 @@ def test_object_raw_get_x_amz_expires_not_expired():
url = client.generate_presigned_url(ClientMethod='get_object', Params=params, ExpiresIn=100000, HttpMethod='GET')
res = requests.get(url).__dict__
res = requests.get(url, verify=get_config_ssl_verify()).__dict__
eq(res['status_code'], 200)
@attr(resource='object')
@ -3959,7 +3960,7 @@ def test_object_raw_get_x_amz_expires_out_range_zero():
url = client.generate_presigned_url(ClientMethod='get_object', Params=params, ExpiresIn=0, HttpMethod='GET')
res = requests.get(url).__dict__
res = requests.get(url, verify=get_config_ssl_verify()).__dict__
eq(res['status_code'], 403)
@attr(resource='object')
@ -3973,7 +3974,7 @@ def test_object_raw_get_x_amz_expires_out_max_range():
url = client.generate_presigned_url(ClientMethod='get_object', Params=params, ExpiresIn=609901, HttpMethod='GET')
res = requests.get(url).__dict__
res = requests.get(url, verify=get_config_ssl_verify()).__dict__
eq(res['status_code'], 403)
@attr(resource='object')
@ -3987,7 +3988,7 @@ def test_object_raw_get_x_amz_expires_out_positive_range():
url = client.generate_presigned_url(ClientMethod='get_object', Params=params, ExpiresIn=-7, HttpMethod='GET')
res = requests.get(url).__dict__
res = requests.get(url, verify=get_config_ssl_verify()).__dict__
eq(res['status_code'], 403)
@ -4046,7 +4047,7 @@ def test_object_raw_put_authenticated_expired():
url = client.generate_presigned_url(ClientMethod='put_object', Params=params, ExpiresIn=-1000, HttpMethod='PUT')
# params wouldn't take a 'Body' parameter so we're passing it in here
res = requests.put(url,data="foo").__dict__
res = requests.put(url, data="foo", verify=get_config_ssl_verify()).__dict__
eq(res['status_code'], 403)
def check_bad_bucket_name(bucket_name):
@ -7412,7 +7413,7 @@ def test_set_cors():
eq(status, 404)
def _cors_request_and_check(func, url, headers, expect_status, expect_allow_origin, expect_allow_methods):
r = func(url, headers=headers)
r = func(url, headers=headers, verify=get_config_ssl_verify())
eq(r.status_code, expect_status)
assert r.headers.get('access-control-allow-origin', None) == expect_allow_origin
@ -10315,7 +10316,7 @@ def test_encryption_sse_c_post_object_authenticated_request():
('x-amz-server-side-encryption-customer-key-md5', 'DWygnHRtgiJ77HCm+1rvHw=='), \
('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
get_headers = {
@ -10604,7 +10605,7 @@ def test_sse_kms_post_object_authenticated_request():
('x-amz-server-side-encryption-aws-kms-key-id', kms_keyid), \
('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
@ -11310,7 +11311,7 @@ def test_post_object_tags_anonymous_request():
('file', ('bar')),
])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key=key_name)
body = _get_body(response)
@ -11362,7 +11363,7 @@ def test_post_object_tags_authenticated_request():
("Content-Type" , "text/plain"),
('file', ('bar'))])
r = requests.post(url, files = payload)
r = requests.post(url, files=payload, verify=get_config_ssl_verify())
eq(r.status_code, 204)
response = client.get_object(Bucket=bucket_name, Key='foo.txt')
body = _get_body(response)