mirror of
https://github.com/saltstack/salt.git
synced 2025-04-15 17:20:19 +00:00
Validate vmware module defaults to verifying SSL
This commit is contained in:
Megan Wilhite
Daniel Wozniak
parent
605761d0ed
commit
46cd3263f9
10 changed files with 261 additions and 93 deletions
|
|
@ -277,7 +277,7 @@ repos:
|
|||
- id: pip-tools-compile
|
||||
alias: compile-ci-linux-py3.5-zmq-requirements
|
||||
name: Linux CI Py3.5 ZeroMQ Requirements
|
||||
files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/linux\.in|pkg/py3\.5/linux\.txt))$
|
||||
files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|git-sources\.txt)|pkg/py3\.5/linux\.txt))$
|
||||
pass_filenames: false
|
||||
args:
|
||||
- -v
|
||||
|
|
@ -285,12 +285,14 @@ repos:
|
|||
- --platform=linux
|
||||
- --include=requirements/static/pkg/py{py_version}/linux.txt
|
||||
- --include=requirements/pytest.txt
|
||||
- --include=requirements/static/ci/git-sources.txt
|
||||
- --passthrough-line-from-input=^git\+https(.*)$
|
||||
- requirements/static/ci/linux.in
|
||||
|
||||
- id: pip-tools-compile
|
||||
alias: compile-ci-linux-py3.6-zmq-requirements
|
||||
name: Linux CI Py3.6 ZeroMQ Requirements
|
||||
files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/linux\.in|pkg/py3\.6/linux\.txt))$
|
||||
files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|git-sources\.txt)|pkg/py3\.6/linux\.txt))$
|
||||
pass_filenames: false
|
||||
args:
|
||||
- -v
|
||||
|
|
@ -298,12 +300,14 @@ repos:
|
|||
- --platform=linux
|
||||
- --include=requirements/static/pkg/py{py_version}/linux.txt
|
||||
- --include=requirements/pytest.txt
|
||||
- --include=requirements/static/ci/git-sources.txt
|
||||
- --passthrough-line-from-input=^git\+https(.*)$
|
||||
- requirements/static/ci/linux.in
|
||||
|
||||
- id: pip-tools-compile
|
||||
alias: compile-ci-linux-py3.7-zmq-requirements
|
||||
name: Linux CI Py3.7 ZeroMQ Requirements
|
||||
files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/linux\.in|pkg/py3\.7/linux\.txt))$
|
||||
files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|git-sources\.txt)|pkg/py3\.7/linux\.txt))$
|
||||
pass_filenames: false
|
||||
args:
|
||||
- -v
|
||||
|
|
@ -311,12 +315,14 @@ repos:
|
|||
- --platform=linux
|
||||
- --include=requirements/static/pkg/py{py_version}/linux.txt
|
||||
- --include=requirements/pytest.txt
|
||||
- --include=requirements/static/ci/git-sources.txt
|
||||
- --passthrough-line-from-input=^git\+https(.*)$
|
||||
- requirements/static/ci/linux.in
|
||||
|
||||
- id: pip-tools-compile
|
||||
alias: compile-ci-linux-py3.8-zmq-requirements
|
||||
name: Linux CI Py3.8 ZeroMQ Requirements
|
||||
files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/linux\.in|pkg/py3\.8/linux\.txt))$
|
||||
files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|git-sources\.txt)|pkg/py3\.8/linux\.txt))$
|
||||
pass_filenames: false
|
||||
args:
|
||||
- -v
|
||||
|
|
@ -324,12 +330,14 @@ repos:
|
|||
- --platform=linux
|
||||
- --include=requirements/static/pkg/py{py_version}/linux.txt
|
||||
- --include=requirements/pytest.txt
|
||||
- --include=requirements/static/ci/git-sources.txt
|
||||
- --passthrough-line-from-input=^git\+https(.*)$
|
||||
- requirements/static/ci/linux.in
|
||||
|
||||
- id: pip-tools-compile
|
||||
alias: compile-ci-linux-py3.9-zmq-requirements
|
||||
name: Linux CI Py3.9 ZeroMQ Requirements
|
||||
files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/linux\.in|pkg/py3\.9/linux\.txt))$
|
||||
files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|git-sources\.txt)|pkg/py3\.9/linux\.txt))$
|
||||
pass_filenames: false
|
||||
args:
|
||||
- -v
|
||||
|
|
@ -337,6 +345,8 @@ repos:
|
|||
- --platform=linux
|
||||
- --include=requirements/static/pkg/py{py_version}/linux.txt
|
||||
- --include=requirements/pytest.txt
|
||||
- --include=requirements/static/ci/git-sources.txt
|
||||
- --passthrough-line-from-input=^git\+https(.*)$
|
||||
- requirements/static/ci/linux.in
|
||||
|
||||
- id: pip-tools-compile
|
||||
|
|
|
|||
1
requirements/static/ci/git-sources.txt
Normal file
1
requirements/static/ci/git-sources.txt
Normal file
|
|
@ -0,0 +1 @@
|
|||
git+https://github.com/vmware/vsphere-automation-sdk-python.git
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
# This file is autogenerated by pip-compile
|
||||
# To update, run:
|
||||
#
|
||||
# pip-compile -o requirements/static/ci/py3.5/linux.txt -v requirements/static/pkg/py3.5/linux.txt requirements/pytest.txt requirements/static/ci/linux.in
|
||||
# pip-compile -o requirements/static/ci/py3.5/linux.txt -v requirements/static/pkg/py3.5/linux.txt requirements/pytest.txt requirements/static/ci/git-sources.txt requirements/static/ci/linux.in
|
||||
#
|
||||
adal==1.2.3 # via azure-datalake-store, msrestazure
|
||||
apache-libcloud==2.0.0
|
||||
|
|
@ -225,3 +225,5 @@ xmltodict==0.12.0 # via moto
|
|||
yamlordereddictloader==0.4.0 # via junos-eznc
|
||||
zc.lockfile==1.4
|
||||
zipp==0.6.0 # via importlib-metadata, importlib-resources
|
||||
# Passthrough dependencies from requirements/static/ci/git-sources.txt
|
||||
git+https://github.com/vmware/vsphere-automation-sdk-python.git
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# This file is autogenerated by pip-compile
|
||||
# To update, run:
|
||||
#
|
||||
# pip-compile -o requirements/static/ci/py3.6/linux.txt -v requirements/static/pkg/py3.6/linux.txt requirements/pytest.txt requirements/static/ci/linux.in
|
||||
# pip-compile -o requirements/static/ci/py3.6/linux.txt -v requirements/static/pkg/py3.6/linux.txt requirements/pytest.txt requirements/static/ci/git-sources.txt requirements/static/ci/linux.in
|
||||
#
|
||||
adal==1.2.3 # via azure-datalake-store, msrestazure
|
||||
apache-libcloud==2.0.0
|
||||
|
|
@ -229,3 +229,5 @@ xmltodict==0.12.0 # via moto
|
|||
yamlordereddictloader==0.4.0 # via junos-eznc
|
||||
zc.lockfile==1.4
|
||||
zipp==0.6.0 # via importlib-metadata, importlib-resources
|
||||
# Passthrough dependencies from requirements/static/ci/git-sources.txt
|
||||
git+https://github.com/vmware/vsphere-automation-sdk-python.git
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# This file is autogenerated by pip-compile
|
||||
# To update, run:
|
||||
#
|
||||
# pip-compile -o requirements/static/ci/py3.7/linux.txt -v requirements/static/pkg/py3.7/linux.txt requirements/pytest.txt requirements/static/ci/linux.in
|
||||
# pip-compile -o requirements/static/ci/py3.7/linux.txt -v requirements/static/pkg/py3.7/linux.txt requirements/pytest.txt requirements/static/ci/git-sources.txt requirements/static/ci/linux.in
|
||||
#
|
||||
adal==1.2.3 # via azure-datalake-store, msrestazure
|
||||
apache-libcloud==2.0.0
|
||||
|
|
@ -227,3 +227,5 @@ xmltodict==0.12.0 # via moto
|
|||
yamlordereddictloader==0.4.0 # via junos-eznc
|
||||
zc.lockfile==1.4
|
||||
zipp==0.6.0 # via importlib-metadata
|
||||
# Passthrough dependencies from requirements/static/ci/git-sources.txt
|
||||
git+https://github.com/vmware/vsphere-automation-sdk-python.git
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# This file is autogenerated by pip-compile
|
||||
# To update, run:
|
||||
#
|
||||
# pip-compile -o requirements/static/ci/py3.8/linux.txt -v requirements/static/pkg/py3.8/linux.txt requirements/pytest.txt requirements/static/ci/linux.in
|
||||
# pip-compile -o requirements/static/ci/py3.8/linux.txt -v requirements/static/pkg/py3.8/linux.txt requirements/pytest.txt requirements/static/ci/git-sources.txt requirements/static/ci/linux.in
|
||||
#
|
||||
adal==1.2.3 # via azure-datalake-store, msrestazure
|
||||
apache-libcloud==2.0.0
|
||||
|
|
@ -226,3 +226,5 @@ wrapt==1.11.1 # via aws-xray-sdk
|
|||
xmltodict==0.12.0 # via moto
|
||||
yamlordereddictloader==0.4.0 # via junos-eznc
|
||||
zc.lockfile==1.4
|
||||
# Passthrough dependencies from requirements/static/ci/git-sources.txt
|
||||
git+https://github.com/vmware/vsphere-automation-sdk-python.git
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# This file is autogenerated by pip-compile
|
||||
# To update, run:
|
||||
#
|
||||
# pip-compile -o requirements/static/ci/py3.9/linux.txt -v requirements/static/pkg/py3.9/linux.txt requirements/pytest.txt requirements/static/ci/linux.in
|
||||
# pip-compile -o requirements/static/ci/py3.9/linux.txt -v requirements/static/pkg/py3.9/linux.txt requirements/pytest.txt requirements/static/ci/git-sources.txt requirements/static/ci/linux.in
|
||||
#
|
||||
adal==1.2.3 # via azure-datalake-store, msrestazure
|
||||
apache-libcloud==2.0.0
|
||||
|
|
@ -226,3 +226,5 @@ wrapt==1.11.1 # via aws-xray-sdk
|
|||
xmltodict==0.12.0 # via moto
|
||||
yamlordereddictloader==0.4.0 # via junos-eznc
|
||||
zc.lockfile==1.4
|
||||
# Passthrough dependencies from requirements/static/ci/git-sources.txt
|
||||
git+https://github.com/vmware/vsphere-automation-sdk-python.git
|
||||
|
|
|
|||
52
tests/pytests/unit/utils/test_http.py
Normal file
52
tests/pytests/unit/utils/test_http.py
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
import pytest
|
||||
import requests
|
||||
import salt.utils.http
|
||||
from tests.support.mock import MagicMock, patch
|
||||
|
||||
|
||||
def test_requests_session_verify_ssl_false(ssl_webserver, integration_files_dir):
|
||||
"""
|
||||
test salt.utils.http.session when using verify_ssl
|
||||
"""
|
||||
for verify in [True, False, None]:
|
||||
kwargs = {"verify_ssl": verify}
|
||||
if verify is None:
|
||||
kwargs.pop("verify_ssl")
|
||||
|
||||
if verify is True or verify is None:
|
||||
with pytest.raises(requests.exceptions.SSLError) as excinfo:
|
||||
session = salt.utils.http.session(**kwargs)
|
||||
ret = session.get(ssl_webserver.url("this.txt"))
|
||||
else:
|
||||
session = salt.utils.http.session(**kwargs)
|
||||
ret = session.get(ssl_webserver.url("this.txt"))
|
||||
assert ret.status_code == 200
|
||||
|
||||
|
||||
def test_session_ca_bundle_verify_false():
|
||||
"""
|
||||
test salt.utils.http.session when using
|
||||
both ca_bunlde and verify_ssl false
|
||||
"""
|
||||
ret = salt.utils.http.session(ca_bundle="/tmp/test_bundle", verify_ssl=False)
|
||||
assert ret is False
|
||||
|
||||
|
||||
def test_session_headers():
|
||||
"""
|
||||
test salt.utils.http.session when setting
|
||||
headers
|
||||
"""
|
||||
ret = salt.utils.http.session(headers={"Content-Type": "application/json"})
|
||||
assert ret.headers["Content-Type"] == "application/json"
|
||||
|
||||
|
||||
def test_session_ca_bundle():
|
||||
"""
|
||||
test salt.utils.https.session when setting ca_bundle
|
||||
"""
|
||||
fpath = "/tmp/test_bundle"
|
||||
patch_os = patch("os.path.exists", MagicMock(return_value=True))
|
||||
with patch_os:
|
||||
ret = salt.utils.http.session(ca_bundle=fpath)
|
||||
assert ret.verify == fpath
|
||||
|
|
@ -3160,6 +3160,116 @@ class TestVSphereTagging(TestCase, LoaderModuleMockMixin):
|
|||
{"Tag attached": self.list_attached_tags_return},
|
||||
)
|
||||
|
||||
def test_get_client(self):
|
||||
"""
|
||||
test get_client when verify_ssl and ca_bundle are not passed
|
||||
"""
|
||||
mock_client = MagicMock(return_value=None)
|
||||
patch_client = patch("salt.utils.vmware.get_vsphere_client",
|
||||
mock_client)
|
||||
|
||||
cert_path="/test/ca-certificates.crt"
|
||||
mock_ca = MagicMock(return_value=cert_path)
|
||||
patch_ca = patch("salt.utils.http.get_ca_bundle", mock_ca)
|
||||
|
||||
mock_details = MagicMock(return_value=self.details)
|
||||
patch_details = patch.dict(vsphere.__salt__, {"vcenter.get_details":
|
||||
mock_details})
|
||||
|
||||
with patch_client, patch_ca, patch_details:
|
||||
vsphere._get_client(server='localhost', username='testuser',
|
||||
password='testpassword')
|
||||
self.assertEqual(mock_client.call_args_list,
|
||||
[call(ca_bundle=cert_path,
|
||||
password='testpassword', server='localhost',
|
||||
username='testuser', verify_ssl=True)])
|
||||
self.assertEqual(mock_details.assert_called_once(), None)
|
||||
self.assertEqual(mock_ca.assert_called_once(), None)
|
||||
|
||||
def test_get_client_verify_ssl_false(self):
|
||||
"""
|
||||
test get_client when verify_ssl=False is set
|
||||
"""
|
||||
details = self.details.copy()
|
||||
details["verify_ssl"] = False
|
||||
mock_client = MagicMock(return_value=None)
|
||||
patch_client = patch("salt.utils.vmware.get_vsphere_client",
|
||||
mock_client)
|
||||
|
||||
cert_path="/test/ca-certificates.crt"
|
||||
mock_ca = MagicMock(return_value=cert_path)
|
||||
patch_ca = patch("salt.utils.http.get_ca_bundle", mock_ca)
|
||||
|
||||
mock_details = MagicMock(return_value=details)
|
||||
patch_details = patch.dict(vsphere.__salt__, {"vcenter.get_details":
|
||||
mock_details})
|
||||
|
||||
with patch_client, patch_ca, patch_details:
|
||||
vsphere._get_client(server='localhost', username='testuser',
|
||||
password='testpassword')
|
||||
self.assertEqual(mock_client.call_args_list,
|
||||
[call(ca_bundle=None,
|
||||
password='testpassword', server='localhost',
|
||||
username='testuser', verify_ssl=False)])
|
||||
self.assertEqual(mock_details.assert_called_once(), None)
|
||||
self.assertEqual(mock_ca.assert_not_called(), None)
|
||||
|
||||
def test_get_client_verify_ssl_false_ca_bundle(self):
|
||||
"""
|
||||
test get_client when verify_ssl=False and ca_bundle set
|
||||
"""
|
||||
details = self.details.copy()
|
||||
details["verify_ssl"] = False
|
||||
details["ca_bundle"] = '/tmp/test'
|
||||
mock_client = MagicMock(return_value=None)
|
||||
patch_client = patch("salt.utils.vmware.get_vsphere_client",
|
||||
mock_client)
|
||||
|
||||
cert_path="/test/ca-certificates.crt"
|
||||
mock_ca = MagicMock(return_value=cert_path)
|
||||
patch_ca = patch("salt.utils.http.get_ca_bundle", mock_ca)
|
||||
|
||||
mock_details = MagicMock(return_value=details)
|
||||
patch_details = patch.dict(vsphere.__salt__, {"vcenter.get_details":
|
||||
mock_details})
|
||||
|
||||
with patch_client, patch_ca, patch_details:
|
||||
self.assertFalse(vsphere._get_client(server='localhost', username='testuser',
|
||||
password='testpassword'))
|
||||
self.assertEqual(mock_details.assert_called_once(), None)
|
||||
self.assertEqual(mock_ca.assert_not_called(), None)
|
||||
|
||||
|
||||
def test_get_client_ca_bundle(self):
|
||||
"""
|
||||
test get_client when verify_ssl=False and ca_bundle set
|
||||
"""
|
||||
cert_path="/test/ca-certificates.crt"
|
||||
details = self.details.copy()
|
||||
details["ca_bundle"] = cert_path
|
||||
mock_client = MagicMock(return_value=None)
|
||||
patch_client = patch("salt.utils.vmware.get_vsphere_client",
|
||||
mock_client)
|
||||
|
||||
mock_ca = MagicMock(return_value=cert_path)
|
||||
patch_ca = patch("salt.utils.http.get_ca_bundle", mock_ca)
|
||||
|
||||
mock_details = MagicMock(return_value=details)
|
||||
patch_details = patch.dict(vsphere.__salt__, {"vcenter.get_details":
|
||||
mock_details})
|
||||
|
||||
with patch_client, patch_ca, patch_details:
|
||||
vsphere._get_client(server='localhost', username='testuser',
|
||||
password='testpassword')
|
||||
self.assertEqual(mock_client.call_args_list,
|
||||
[call(ca_bundle=cert_path,
|
||||
password='testpassword', server='localhost',
|
||||
username='testuser', verify_ssl=True)])
|
||||
self.assertEqual(mock_details.assert_called_once(), None)
|
||||
self.assertEqual(mock_ca.assert_called_once(), None)
|
||||
self.assertEqual(mock_ca.call_args_list, [call({'ca_bundle':
|
||||
cert_path})])
|
||||
|
||||
|
||||
class TestCertificateVerify(TestCase, LoaderModuleMockMixin):
|
||||
def setup_loader_modules(self):
|
||||
|
|
@ -3219,3 +3329,4 @@ class TestCertificateVerify(TestCase, LoaderModuleMockMixin):
|
|||
username="root",
|
||||
verify_ssl=certificate_verify_value,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -1691,13 +1691,13 @@ class PrivateGetServiceInstanceTestCase(TestCase):
|
|||
mechanism="sspi",
|
||||
)
|
||||
|
||||
def test_second_attempt_successful_connection(self):
|
||||
def test_first_attempt_successful_connection_verify_ssl_false(self):
|
||||
with patch("ssl.SSLContext", MagicMock()), patch(
|
||||
"ssl._create_unverified_context", MagicMock()
|
||||
):
|
||||
exc = vim.fault.HostConnectFault()
|
||||
exc.msg = "[SSL: CERTIFICATE_VERIFY_FAILED]"
|
||||
mock_sc = MagicMock(side_effect=[exc, None])
|
||||
mock_sc = MagicMock(side_effect=[None])
|
||||
mock_ssl = MagicMock()
|
||||
|
||||
with patch("salt.utils.vmware.SmartConnect", mock_sc):
|
||||
|
|
@ -1712,19 +1712,11 @@ class PrivateGetServiceInstanceTestCase(TestCase):
|
|||
mechanism="sspi",
|
||||
principal="fake_principal",
|
||||
domain="fake_domain",
|
||||
verify_ssl=False,
|
||||
)
|
||||
|
||||
mock_ssl.assert_called_once_with()
|
||||
calls = [
|
||||
call(
|
||||
host="fake_host.fqdn",
|
||||
user="fake_username",
|
||||
pwd="fake_password",
|
||||
protocol="fake_protocol",
|
||||
port=1,
|
||||
b64token="fake_token",
|
||||
mechanism="sspi",
|
||||
),
|
||||
call(
|
||||
host="fake_host.fqdn",
|
||||
user="fake_username",
|
||||
|
|
@ -1738,21 +1730,18 @@ class PrivateGetServiceInstanceTestCase(TestCase):
|
|||
]
|
||||
mock_sc.assert_has_calls(calls)
|
||||
|
||||
def test_third_attempt_successful_connection(self):
|
||||
def test_second_attempt_successful_connection_verify_ssl_false(self):
|
||||
with patch("ssl.SSLContext", MagicMock()), patch(
|
||||
"ssl._create_unverified_context", MagicMock()
|
||||
):
|
||||
exc = vim.fault.HostConnectFault()
|
||||
exc.msg = "[SSL: CERTIFICATE_VERIFY_FAILED]"
|
||||
exc2 = Exception("certificate verify failed")
|
||||
mock_sc = MagicMock(side_effect=[exc, exc2, None])
|
||||
exc = Exception("certificate verify failed")
|
||||
mock_sc = MagicMock(side_effect=[exc, None])
|
||||
mock_ssl_unverif = MagicMock()
|
||||
mock_ssl_context = MagicMock()
|
||||
|
||||
with patch("salt.utils.vmware.SmartConnect", mock_sc):
|
||||
with patch("ssl._create_unverified_context", mock_ssl_unverif):
|
||||
with patch("ssl.SSLContext", mock_ssl_context):
|
||||
|
||||
salt.utils.vmware._get_service_instance(
|
||||
host="fake_host.fqdn",
|
||||
username="fake_username",
|
||||
|
|
@ -1762,20 +1751,12 @@ class PrivateGetServiceInstanceTestCase(TestCase):
|
|||
mechanism="sspi",
|
||||
principal="fake_principal",
|
||||
domain="fake_domain",
|
||||
verify_ssl=False
|
||||
)
|
||||
|
||||
mock_ssl_context.assert_called_once_with(ssl.PROTOCOL_TLSv1)
|
||||
mock_ssl_unverif.assert_called_once_with()
|
||||
calls = [
|
||||
call(
|
||||
host="fake_host.fqdn",
|
||||
user="fake_username",
|
||||
pwd="fake_password",
|
||||
protocol="fake_protocol",
|
||||
port=1,
|
||||
b64token="fake_token",
|
||||
mechanism="sspi",
|
||||
),
|
||||
call(
|
||||
host="fake_host.fqdn",
|
||||
user="fake_username",
|
||||
|
|
@ -1799,7 +1780,7 @@ class PrivateGetServiceInstanceTestCase(TestCase):
|
|||
]
|
||||
mock_sc.assert_has_calls(calls)
|
||||
|
||||
def test_first_attempt_unsuccessful_connection_default_error(self):
|
||||
def test_attempt_unsuccessful_connection_default_error(self):
|
||||
exc = Exception("Exception")
|
||||
mock_sc = MagicMock(side_effect=exc)
|
||||
|
||||
|
|
@ -1816,13 +1797,13 @@ class PrivateGetServiceInstanceTestCase(TestCase):
|
|||
domain="fake_domain",
|
||||
)
|
||||
|
||||
self.assertEqual(mock_sc.call_count, 1)
|
||||
self.assertIn(
|
||||
"Could not connect to host 'fake_host.fqdn'",
|
||||
excinfo.Exception.message,
|
||||
)
|
||||
self.assertEqual(mock_sc.call_count, 1)
|
||||
self.assertIn(
|
||||
"Could not connect to host 'fake_host.fqdn'",
|
||||
excinfo.exception.message,
|
||||
)
|
||||
|
||||
def test_first_attempt_unsuccessful_connection_vim_fault(self):
|
||||
def test_attempt_unsuccessful_connection_vim_fault(self):
|
||||
exc = vim.fault.VimFault()
|
||||
exc.msg = "VimFault"
|
||||
mock_sc = MagicMock(side_effect=exc)
|
||||
|
|
@ -1840,15 +1821,15 @@ class PrivateGetServiceInstanceTestCase(TestCase):
|
|||
domain="fake_domain",
|
||||
)
|
||||
|
||||
self.assertEqual(mock_sc.call_count, 1)
|
||||
self.assertEqual("VimFault", excinfo.Exception.message)
|
||||
self.assertEqual(mock_sc.call_count, 1)
|
||||
self.assertEqual("VimFault", excinfo.exception.message)
|
||||
|
||||
def test_second_attempt_unsuccsessful_connection_default_error(self):
|
||||
def test_first_attempt_unsuccsessful_connection_default_error(self):
|
||||
with patch("ssl.SSLContext", MagicMock()), patch(
|
||||
"ssl._create_unverified_context", MagicMock()
|
||||
):
|
||||
exc = vim.fault.HostConnectFault()
|
||||
exc.msg = "[SSL: CERTIFICATE_VERIFY_FAILED]"
|
||||
exc.msg = "certificate verify failed"
|
||||
exc2 = Exception("Exception")
|
||||
mock_sc = MagicMock(side_effect=[exc, exc2])
|
||||
|
||||
|
|
@ -1863,22 +1844,48 @@ class PrivateGetServiceInstanceTestCase(TestCase):
|
|||
mechanism="sspi",
|
||||
principal="fake_principal",
|
||||
domain="fake_domain",
|
||||
verify_ssl=False,
|
||||
)
|
||||
|
||||
self.assertEqual(mock_sc.call_count, 2)
|
||||
self.assertIn(
|
||||
"Could not connect to host 'fake_host.fqdn'",
|
||||
excinfo.Exception.message,
|
||||
self.assertEqual(mock_sc.call_count, 2)
|
||||
self.assertIn(
|
||||
"Could not connect to host 'fake_host.fqdn'",
|
||||
excinfo.exception.message
|
||||
)
|
||||
|
||||
def test_first_attempt_unsuccsessful_cannot_vim_fault_verify_ssl(self):
|
||||
with patch("ssl.SSLContext", MagicMock()), patch(
|
||||
"ssl._create_unverified_context", MagicMock()
|
||||
):
|
||||
exc = vim.fault.VimFault()
|
||||
exc.msg = "VimFault"
|
||||
|
||||
mock_sc = MagicMock(side_effect=[exc])
|
||||
|
||||
with patch("salt.utils.vmware.SmartConnect", mock_sc):
|
||||
with self.assertRaises(VMwareConnectionError) as excinfo:
|
||||
salt.utils.vmware._get_service_instance(
|
||||
host="fake_host.fqdn",
|
||||
username="fake_username",
|
||||
password="fake_password",
|
||||
protocol="fake_protocol",
|
||||
port=1,
|
||||
mechanism="sspi",
|
||||
principal="fake_principal",
|
||||
domain="fake_domain",
|
||||
verify_ssl=False,
|
||||
)
|
||||
|
||||
def test_second_attempt_unsuccsessful_connection_vim_fault(self):
|
||||
self.assertEqual(mock_sc.call_count, 1)
|
||||
self.assertIn("VimFault", excinfo.exception.message)
|
||||
|
||||
def test_third_attempt_unsuccessful_connection_detault_error(self):
|
||||
with patch("ssl.SSLContext", MagicMock()), patch(
|
||||
"ssl._create_unverified_context", MagicMock()
|
||||
):
|
||||
exc = vim.fault.HostConnectFault()
|
||||
exc.msg = "[SSL: CERTIFICATE_VERIFY_FAILED]"
|
||||
exc2 = vim.fault.VimFault()
|
||||
exc2.msg = "VimFault"
|
||||
exc.msg = "certificate verify failed"
|
||||
exc2 = Exception("Exception")
|
||||
mock_sc = MagicMock(side_effect=[exc, exc2])
|
||||
|
||||
with patch("salt.utils.vmware.SmartConnect", mock_sc):
|
||||
|
|
@ -1892,20 +1899,19 @@ class PrivateGetServiceInstanceTestCase(TestCase):
|
|||
mechanism="sspi",
|
||||
principal="fake_principal",
|
||||
domain="fake_domain",
|
||||
verify_ssl=False
|
||||
)
|
||||
|
||||
self.assertEqual(mock_sc.call_count, 2)
|
||||
self.assertIn("VimFault", excinfo.Exception.message)
|
||||
self.assertEqual(mock_sc.call_count, 2)
|
||||
self.assertIn("Could not connect to host 'fake_host.fqdn", excinfo.exception.message)
|
||||
|
||||
def test_third_attempt_unsuccessful_connection_detault_error(self):
|
||||
def test_second_attempt_unsuccessful_connection_vim_fault(self):
|
||||
with patch("ssl.SSLContext", MagicMock()), patch(
|
||||
"ssl._create_unverified_context", MagicMock()
|
||||
):
|
||||
exc = vim.fault.HostConnectFault()
|
||||
exc.msg = "[SSL: CERTIFICATE_VERIFY_FAILED]"
|
||||
exc2 = Exception("certificate verify failed")
|
||||
exc3 = Exception("Exception")
|
||||
mock_sc = MagicMock(side_effect=[exc, exc2, exc3])
|
||||
exc = vim.fault.VimFault()
|
||||
exc.msg = "VimFault"
|
||||
mock_sc = MagicMock(side_effect=[exc])
|
||||
|
||||
with patch("salt.utils.vmware.SmartConnect", mock_sc):
|
||||
with self.assertRaises(VMwareConnectionError) as excinfo:
|
||||
|
|
@ -1918,37 +1924,11 @@ class PrivateGetServiceInstanceTestCase(TestCase):
|
|||
mechanism="sspi",
|
||||
principal="fake_principal",
|
||||
domain="fake_domain",
|
||||
verify_ssl=False
|
||||
)
|
||||
|
||||
self.assertEqual(mock_sc.call_count, 3)
|
||||
self.assertIn("Exception", excinfo.Exception.message)
|
||||
|
||||
def test_third_attempt_unsuccessful_connection_vim_fault(self):
|
||||
with patch("ssl.SSLContext", MagicMock()), patch(
|
||||
"ssl._create_unverified_context", MagicMock()
|
||||
):
|
||||
exc = vim.fault.HostConnectFault()
|
||||
exc.msg = "[SSL: CERTIFICATE_VERIFY_FAILED]"
|
||||
exc2 = Exception("certificate verify failed")
|
||||
exc3 = vim.fault.VimFault()
|
||||
exc3.msg = "VimFault"
|
||||
mock_sc = MagicMock(side_effect=[exc, exc2, exc3])
|
||||
|
||||
with patch("salt.utils.vmware.SmartConnect", mock_sc):
|
||||
with self.assertRaises(VMwareConnectionError) as excinfo:
|
||||
salt.utils.vmware._get_service_instance(
|
||||
host="fake_host.fqdn",
|
||||
username="fake_username",
|
||||
password="fake_password",
|
||||
protocol="fake_protocol",
|
||||
port=1,
|
||||
mechanism="sspi",
|
||||
principal="fake_principal",
|
||||
domain="fake_domain",
|
||||
)
|
||||
|
||||
self.assertEqual(mock_sc.call_count, 3)
|
||||
self.assertIn("VimFault", excinfo.Exception.message)
|
||||
self.assertEqual(mock_sc.call_count, 1)
|
||||
self.assertIn("VimFault", excinfo.exception.message)
|
||||
|
||||
|
||||
@skipIf(not HAS_PYVMOMI, "The 'pyvmomi' library is missing")
|
||||
|
|
@ -1975,7 +1955,8 @@ class GetServiceInstanceTestCase(TestCase):
|
|||
with patch("salt.utils.vmware._get_service_instance", mock_get_si):
|
||||
salt.utils.vmware.get_service_instance(host="fake_host")
|
||||
mock_get_si.assert_called_once_with(
|
||||
"fake_host", None, None, "https", 443, "userpass", None, None
|
||||
"fake_host", None, None, "https", 443, "userpass", None, None,
|
||||
verify_ssl=True
|
||||
)
|
||||
|
||||
def test_no_cached_service_instance_same_host_on_proxy(self):
|
||||
|
|
@ -2002,6 +1983,7 @@ class GetServiceInstanceTestCase(TestCase):
|
|||
"fake_mechanism",
|
||||
"fake_principal",
|
||||
"fake_domain",
|
||||
verify_ssl=True,
|
||||
)
|
||||
|
||||
def test_cached_service_instance_different_host(self):
|
||||
|
|
@ -2039,6 +2021,7 @@ class GetServiceInstanceTestCase(TestCase):
|
|||
mechanism="fake_mechanism",
|
||||
principal="fake_principal",
|
||||
domain="fake_domain",
|
||||
verify_ssl=True
|
||||
)
|
||||
mock_get_si.assert_called_once_with(
|
||||
"fake_host",
|
||||
|
|
@ -2049,6 +2032,7 @@ class GetServiceInstanceTestCase(TestCase):
|
|||
"fake_mechanism",
|
||||
"fake_principal",
|
||||
"fake_domain",
|
||||
verify_ssl=True,
|
||||
)
|
||||
|
||||
def test_unauthenticated_service_instance(self):
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue