diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 65b4fff1ff0..4c561092be0 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -277,7 +277,7 @@ repos: - id: pip-tools-compile alias: compile-ci-linux-py3.5-zmq-requirements name: Linux CI Py3.5 ZeroMQ Requirements - files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/linux\.in|pkg/py3\.5/linux\.txt))$ + files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|git-sources\.txt)|pkg/py3\.5/linux\.txt))$ pass_filenames: false args: - -v @@ -285,12 +285,14 @@ repos: - --platform=linux - --include=requirements/static/pkg/py{py_version}/linux.txt - --include=requirements/pytest.txt + - --include=requirements/static/ci/git-sources.txt + - --passthrough-line-from-input=^git\+https(.*)$ - requirements/static/ci/linux.in - id: pip-tools-compile alias: compile-ci-linux-py3.6-zmq-requirements name: Linux CI Py3.6 ZeroMQ Requirements - files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/linux\.in|pkg/py3\.6/linux\.txt))$ + files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|git-sources\.txt)|pkg/py3\.6/linux\.txt))$ pass_filenames: false args: - -v @@ -298,12 +300,14 @@ repos: - --platform=linux - --include=requirements/static/pkg/py{py_version}/linux.txt - --include=requirements/pytest.txt + - --include=requirements/static/ci/git-sources.txt + - --passthrough-line-from-input=^git\+https(.*)$ - requirements/static/ci/linux.in - id: pip-tools-compile alias: compile-ci-linux-py3.7-zmq-requirements name: Linux CI Py3.7 ZeroMQ Requirements - files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/linux\.in|pkg/py3\.7/linux\.txt))$ + files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|git-sources\.txt)|pkg/py3\.7/linux\.txt))$ pass_filenames: false args: - -v @@ -311,12 +315,14 @@ repos: - --platform=linux - --include=requirements/static/pkg/py{py_version}/linux.txt - --include=requirements/pytest.txt + - --include=requirements/static/ci/git-sources.txt + - --passthrough-line-from-input=^git\+https(.*)$ - requirements/static/ci/linux.in - id: pip-tools-compile alias: compile-ci-linux-py3.8-zmq-requirements name: Linux CI Py3.8 ZeroMQ Requirements - files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/linux\.in|pkg/py3\.8/linux\.txt))$ + files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|git-sources\.txt)|pkg/py3\.8/linux\.txt))$ pass_filenames: false args: - -v @@ -324,12 +330,14 @@ repos: - --platform=linux - --include=requirements/static/pkg/py{py_version}/linux.txt - --include=requirements/pytest.txt + - --include=requirements/static/ci/git-sources.txt + - --passthrough-line-from-input=^git\+https(.*)$ - requirements/static/ci/linux.in - id: pip-tools-compile alias: compile-ci-linux-py3.9-zmq-requirements name: Linux CI Py3.9 ZeroMQ Requirements - files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/linux\.in|pkg/py3\.9/linux\.txt))$ + files: ^requirements/((base|zeromq|pytest)\.txt|static/((ci|pkg)/(linux\.in|git-sources\.txt)|pkg/py3\.9/linux\.txt))$ pass_filenames: false args: - -v @@ -337,6 +345,8 @@ repos: - --platform=linux - --include=requirements/static/pkg/py{py_version}/linux.txt - --include=requirements/pytest.txt + - --include=requirements/static/ci/git-sources.txt + - --passthrough-line-from-input=^git\+https(.*)$ - requirements/static/ci/linux.in - id: pip-tools-compile diff --git a/requirements/static/ci/git-sources.txt b/requirements/static/ci/git-sources.txt new file mode 100644 index 00000000000..7ef76a47d08 --- /dev/null +++ b/requirements/static/ci/git-sources.txt @@ -0,0 +1 @@ +git+https://github.com/vmware/vsphere-automation-sdk-python.git diff --git a/requirements/static/ci/py3.5/linux.txt b/requirements/static/ci/py3.5/linux.txt index c6b57bf491e..9439fd12cb6 100644 --- a/requirements/static/ci/py3.5/linux.txt +++ b/requirements/static/ci/py3.5/linux.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile -o requirements/static/ci/py3.5/linux.txt -v requirements/static/pkg/py3.5/linux.txt requirements/pytest.txt requirements/static/ci/linux.in +# pip-compile -o requirements/static/ci/py3.5/linux.txt -v requirements/static/pkg/py3.5/linux.txt requirements/pytest.txt requirements/static/ci/git-sources.txt requirements/static/ci/linux.in # adal==1.2.3 # via azure-datalake-store, msrestazure apache-libcloud==2.0.0 @@ -225,3 +225,5 @@ xmltodict==0.12.0 # via moto yamlordereddictloader==0.4.0 # via junos-eznc zc.lockfile==1.4 zipp==0.6.0 # via importlib-metadata, importlib-resources +# Passthrough dependencies from requirements/static/ci/git-sources.txt +git+https://github.com/vmware/vsphere-automation-sdk-python.git diff --git a/requirements/static/ci/py3.6/linux.txt b/requirements/static/ci/py3.6/linux.txt index 3317837a35a..c67a25cc11e 100644 --- a/requirements/static/ci/py3.6/linux.txt +++ b/requirements/static/ci/py3.6/linux.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile -o requirements/static/ci/py3.6/linux.txt -v requirements/static/pkg/py3.6/linux.txt requirements/pytest.txt requirements/static/ci/linux.in +# pip-compile -o requirements/static/ci/py3.6/linux.txt -v requirements/static/pkg/py3.6/linux.txt requirements/pytest.txt requirements/static/ci/git-sources.txt requirements/static/ci/linux.in # adal==1.2.3 # via azure-datalake-store, msrestazure apache-libcloud==2.0.0 @@ -229,3 +229,5 @@ xmltodict==0.12.0 # via moto yamlordereddictloader==0.4.0 # via junos-eznc zc.lockfile==1.4 zipp==0.6.0 # via importlib-metadata, importlib-resources +# Passthrough dependencies from requirements/static/ci/git-sources.txt +git+https://github.com/vmware/vsphere-automation-sdk-python.git diff --git a/requirements/static/ci/py3.7/linux.txt b/requirements/static/ci/py3.7/linux.txt index 9c6a5139b2f..87131756346 100644 --- a/requirements/static/ci/py3.7/linux.txt +++ b/requirements/static/ci/py3.7/linux.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile -o requirements/static/ci/py3.7/linux.txt -v requirements/static/pkg/py3.7/linux.txt requirements/pytest.txt requirements/static/ci/linux.in +# pip-compile -o requirements/static/ci/py3.7/linux.txt -v requirements/static/pkg/py3.7/linux.txt requirements/pytest.txt requirements/static/ci/git-sources.txt requirements/static/ci/linux.in # adal==1.2.3 # via azure-datalake-store, msrestazure apache-libcloud==2.0.0 @@ -227,3 +227,5 @@ xmltodict==0.12.0 # via moto yamlordereddictloader==0.4.0 # via junos-eznc zc.lockfile==1.4 zipp==0.6.0 # via importlib-metadata +# Passthrough dependencies from requirements/static/ci/git-sources.txt +git+https://github.com/vmware/vsphere-automation-sdk-python.git diff --git a/requirements/static/ci/py3.8/linux.txt b/requirements/static/ci/py3.8/linux.txt index 9ae7e8957e6..6229a118575 100644 --- a/requirements/static/ci/py3.8/linux.txt +++ b/requirements/static/ci/py3.8/linux.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile -o requirements/static/ci/py3.8/linux.txt -v requirements/static/pkg/py3.8/linux.txt requirements/pytest.txt requirements/static/ci/linux.in +# pip-compile -o requirements/static/ci/py3.8/linux.txt -v requirements/static/pkg/py3.8/linux.txt requirements/pytest.txt requirements/static/ci/git-sources.txt requirements/static/ci/linux.in # adal==1.2.3 # via azure-datalake-store, msrestazure apache-libcloud==2.0.0 @@ -226,3 +226,5 @@ wrapt==1.11.1 # via aws-xray-sdk xmltodict==0.12.0 # via moto yamlordereddictloader==0.4.0 # via junos-eznc zc.lockfile==1.4 +# Passthrough dependencies from requirements/static/ci/git-sources.txt +git+https://github.com/vmware/vsphere-automation-sdk-python.git diff --git a/requirements/static/ci/py3.9/linux.txt b/requirements/static/ci/py3.9/linux.txt index ae6683ea037..f85ebe7fe67 100644 --- a/requirements/static/ci/py3.9/linux.txt +++ b/requirements/static/ci/py3.9/linux.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile # To update, run: # -# pip-compile -o requirements/static/ci/py3.9/linux.txt -v requirements/static/pkg/py3.9/linux.txt requirements/pytest.txt requirements/static/ci/linux.in +# pip-compile -o requirements/static/ci/py3.9/linux.txt -v requirements/static/pkg/py3.9/linux.txt requirements/pytest.txt requirements/static/ci/git-sources.txt requirements/static/ci/linux.in # adal==1.2.3 # via azure-datalake-store, msrestazure apache-libcloud==2.0.0 @@ -226,3 +226,5 @@ wrapt==1.11.1 # via aws-xray-sdk xmltodict==0.12.0 # via moto yamlordereddictloader==0.4.0 # via junos-eznc zc.lockfile==1.4 +# Passthrough dependencies from requirements/static/ci/git-sources.txt +git+https://github.com/vmware/vsphere-automation-sdk-python.git diff --git a/tests/pytests/unit/utils/test_http.py b/tests/pytests/unit/utils/test_http.py new file mode 100644 index 00000000000..246416d92fc --- /dev/null +++ b/tests/pytests/unit/utils/test_http.py @@ -0,0 +1,52 @@ +import pytest +import requests +import salt.utils.http +from tests.support.mock import MagicMock, patch + + +def test_requests_session_verify_ssl_false(ssl_webserver, integration_files_dir): + """ + test salt.utils.http.session when using verify_ssl + """ + for verify in [True, False, None]: + kwargs = {"verify_ssl": verify} + if verify is None: + kwargs.pop("verify_ssl") + + if verify is True or verify is None: + with pytest.raises(requests.exceptions.SSLError) as excinfo: + session = salt.utils.http.session(**kwargs) + ret = session.get(ssl_webserver.url("this.txt")) + else: + session = salt.utils.http.session(**kwargs) + ret = session.get(ssl_webserver.url("this.txt")) + assert ret.status_code == 200 + + +def test_session_ca_bundle_verify_false(): + """ + test salt.utils.http.session when using + both ca_bunlde and verify_ssl false + """ + ret = salt.utils.http.session(ca_bundle="/tmp/test_bundle", verify_ssl=False) + assert ret is False + + +def test_session_headers(): + """ + test salt.utils.http.session when setting + headers + """ + ret = salt.utils.http.session(headers={"Content-Type": "application/json"}) + assert ret.headers["Content-Type"] == "application/json" + + +def test_session_ca_bundle(): + """ + test salt.utils.https.session when setting ca_bundle + """ + fpath = "/tmp/test_bundle" + patch_os = patch("os.path.exists", MagicMock(return_value=True)) + with patch_os: + ret = salt.utils.http.session(ca_bundle=fpath) + assert ret.verify == fpath diff --git a/tests/unit/modules/test_vsphere.py b/tests/unit/modules/test_vsphere.py index 14a1e6d923d..394f05f507f 100644 --- a/tests/unit/modules/test_vsphere.py +++ b/tests/unit/modules/test_vsphere.py @@ -3160,6 +3160,116 @@ class TestVSphereTagging(TestCase, LoaderModuleMockMixin): {"Tag attached": self.list_attached_tags_return}, ) + def test_get_client(self): + """ + test get_client when verify_ssl and ca_bundle are not passed + """ + mock_client = MagicMock(return_value=None) + patch_client = patch("salt.utils.vmware.get_vsphere_client", + mock_client) + + cert_path="/test/ca-certificates.crt" + mock_ca = MagicMock(return_value=cert_path) + patch_ca = patch("salt.utils.http.get_ca_bundle", mock_ca) + + mock_details = MagicMock(return_value=self.details) + patch_details = patch.dict(vsphere.__salt__, {"vcenter.get_details": + mock_details}) + + with patch_client, patch_ca, patch_details: + vsphere._get_client(server='localhost', username='testuser', + password='testpassword') + self.assertEqual(mock_client.call_args_list, + [call(ca_bundle=cert_path, + password='testpassword', server='localhost', + username='testuser', verify_ssl=True)]) + self.assertEqual(mock_details.assert_called_once(), None) + self.assertEqual(mock_ca.assert_called_once(), None) + + def test_get_client_verify_ssl_false(self): + """ + test get_client when verify_ssl=False is set + """ + details = self.details.copy() + details["verify_ssl"] = False + mock_client = MagicMock(return_value=None) + patch_client = patch("salt.utils.vmware.get_vsphere_client", + mock_client) + + cert_path="/test/ca-certificates.crt" + mock_ca = MagicMock(return_value=cert_path) + patch_ca = patch("salt.utils.http.get_ca_bundle", mock_ca) + + mock_details = MagicMock(return_value=details) + patch_details = patch.dict(vsphere.__salt__, {"vcenter.get_details": + mock_details}) + + with patch_client, patch_ca, patch_details: + vsphere._get_client(server='localhost', username='testuser', + password='testpassword') + self.assertEqual(mock_client.call_args_list, + [call(ca_bundle=None, + password='testpassword', server='localhost', + username='testuser', verify_ssl=False)]) + self.assertEqual(mock_details.assert_called_once(), None) + self.assertEqual(mock_ca.assert_not_called(), None) + + def test_get_client_verify_ssl_false_ca_bundle(self): + """ + test get_client when verify_ssl=False and ca_bundle set + """ + details = self.details.copy() + details["verify_ssl"] = False + details["ca_bundle"] = '/tmp/test' + mock_client = MagicMock(return_value=None) + patch_client = patch("salt.utils.vmware.get_vsphere_client", + mock_client) + + cert_path="/test/ca-certificates.crt" + mock_ca = MagicMock(return_value=cert_path) + patch_ca = patch("salt.utils.http.get_ca_bundle", mock_ca) + + mock_details = MagicMock(return_value=details) + patch_details = patch.dict(vsphere.__salt__, {"vcenter.get_details": + mock_details}) + + with patch_client, patch_ca, patch_details: + self.assertFalse(vsphere._get_client(server='localhost', username='testuser', + password='testpassword')) + self.assertEqual(mock_details.assert_called_once(), None) + self.assertEqual(mock_ca.assert_not_called(), None) + + + def test_get_client_ca_bundle(self): + """ + test get_client when verify_ssl=False and ca_bundle set + """ + cert_path="/test/ca-certificates.crt" + details = self.details.copy() + details["ca_bundle"] = cert_path + mock_client = MagicMock(return_value=None) + patch_client = patch("salt.utils.vmware.get_vsphere_client", + mock_client) + + mock_ca = MagicMock(return_value=cert_path) + patch_ca = patch("salt.utils.http.get_ca_bundle", mock_ca) + + mock_details = MagicMock(return_value=details) + patch_details = patch.dict(vsphere.__salt__, {"vcenter.get_details": + mock_details}) + + with patch_client, patch_ca, patch_details: + vsphere._get_client(server='localhost', username='testuser', + password='testpassword') + self.assertEqual(mock_client.call_args_list, + [call(ca_bundle=cert_path, + password='testpassword', server='localhost', + username='testuser', verify_ssl=True)]) + self.assertEqual(mock_details.assert_called_once(), None) + self.assertEqual(mock_ca.assert_called_once(), None) + self.assertEqual(mock_ca.call_args_list, [call({'ca_bundle': + cert_path})]) + class TestCertificateVerify(TestCase, LoaderModuleMockMixin): def setup_loader_modules(self): @@ -3219,3 +3329,4 @@ class TestCertificateVerify(TestCase, LoaderModuleMockMixin): username="root", verify_ssl=certificate_verify_value, ) + diff --git a/tests/unit/utils/test_vmware.py b/tests/unit/utils/test_vmware.py index 33e35dc92e7..4721a38fbea 100644 --- a/tests/unit/utils/test_vmware.py +++ b/tests/unit/utils/test_vmware.py @@ -1691,13 +1691,13 @@ class PrivateGetServiceInstanceTestCase(TestCase): mechanism="sspi", ) - def test_second_attempt_successful_connection(self): + def test_first_attempt_successful_connection_verify_ssl_false(self): with patch("ssl.SSLContext", MagicMock()), patch( "ssl._create_unverified_context", MagicMock() ): exc = vim.fault.HostConnectFault() exc.msg = "[SSL: CERTIFICATE_VERIFY_FAILED]" - mock_sc = MagicMock(side_effect=[exc, None]) + mock_sc = MagicMock(side_effect=[None]) mock_ssl = MagicMock() with patch("salt.utils.vmware.SmartConnect", mock_sc): @@ -1712,19 +1712,11 @@ class PrivateGetServiceInstanceTestCase(TestCase): mechanism="sspi", principal="fake_principal", domain="fake_domain", + verify_ssl=False, ) mock_ssl.assert_called_once_with() calls = [ - call( - host="fake_host.fqdn", - user="fake_username", - pwd="fake_password", - protocol="fake_protocol", - port=1, - b64token="fake_token", - mechanism="sspi", - ), call( host="fake_host.fqdn", user="fake_username", @@ -1738,21 +1730,18 @@ class PrivateGetServiceInstanceTestCase(TestCase): ] mock_sc.assert_has_calls(calls) - def test_third_attempt_successful_connection(self): + def test_second_attempt_successful_connection_verify_ssl_false(self): with patch("ssl.SSLContext", MagicMock()), patch( "ssl._create_unverified_context", MagicMock() ): - exc = vim.fault.HostConnectFault() - exc.msg = "[SSL: CERTIFICATE_VERIFY_FAILED]" - exc2 = Exception("certificate verify failed") - mock_sc = MagicMock(side_effect=[exc, exc2, None]) + exc = Exception("certificate verify failed") + mock_sc = MagicMock(side_effect=[exc, None]) mock_ssl_unverif = MagicMock() mock_ssl_context = MagicMock() with patch("salt.utils.vmware.SmartConnect", mock_sc): with patch("ssl._create_unverified_context", mock_ssl_unverif): with patch("ssl.SSLContext", mock_ssl_context): - salt.utils.vmware._get_service_instance( host="fake_host.fqdn", username="fake_username", @@ -1762,20 +1751,12 @@ class PrivateGetServiceInstanceTestCase(TestCase): mechanism="sspi", principal="fake_principal", domain="fake_domain", + verify_ssl=False ) mock_ssl_context.assert_called_once_with(ssl.PROTOCOL_TLSv1) mock_ssl_unverif.assert_called_once_with() calls = [ - call( - host="fake_host.fqdn", - user="fake_username", - pwd="fake_password", - protocol="fake_protocol", - port=1, - b64token="fake_token", - mechanism="sspi", - ), call( host="fake_host.fqdn", user="fake_username", @@ -1799,7 +1780,7 @@ class PrivateGetServiceInstanceTestCase(TestCase): ] mock_sc.assert_has_calls(calls) - def test_first_attempt_unsuccessful_connection_default_error(self): + def test_attempt_unsuccessful_connection_default_error(self): exc = Exception("Exception") mock_sc = MagicMock(side_effect=exc) @@ -1816,13 +1797,13 @@ class PrivateGetServiceInstanceTestCase(TestCase): domain="fake_domain", ) - self.assertEqual(mock_sc.call_count, 1) - self.assertIn( - "Could not connect to host 'fake_host.fqdn'", - excinfo.Exception.message, - ) + self.assertEqual(mock_sc.call_count, 1) + self.assertIn( + "Could not connect to host 'fake_host.fqdn'", + excinfo.exception.message, + ) - def test_first_attempt_unsuccessful_connection_vim_fault(self): + def test_attempt_unsuccessful_connection_vim_fault(self): exc = vim.fault.VimFault() exc.msg = "VimFault" mock_sc = MagicMock(side_effect=exc) @@ -1840,15 +1821,15 @@ class PrivateGetServiceInstanceTestCase(TestCase): domain="fake_domain", ) - self.assertEqual(mock_sc.call_count, 1) - self.assertEqual("VimFault", excinfo.Exception.message) + self.assertEqual(mock_sc.call_count, 1) + self.assertEqual("VimFault", excinfo.exception.message) - def test_second_attempt_unsuccsessful_connection_default_error(self): + def test_first_attempt_unsuccsessful_connection_default_error(self): with patch("ssl.SSLContext", MagicMock()), patch( "ssl._create_unverified_context", MagicMock() ): exc = vim.fault.HostConnectFault() - exc.msg = "[SSL: CERTIFICATE_VERIFY_FAILED]" + exc.msg = "certificate verify failed" exc2 = Exception("Exception") mock_sc = MagicMock(side_effect=[exc, exc2]) @@ -1863,22 +1844,48 @@ class PrivateGetServiceInstanceTestCase(TestCase): mechanism="sspi", principal="fake_principal", domain="fake_domain", + verify_ssl=False, ) - self.assertEqual(mock_sc.call_count, 2) - self.assertIn( - "Could not connect to host 'fake_host.fqdn'", - excinfo.Exception.message, + self.assertEqual(mock_sc.call_count, 2) + self.assertIn( + "Could not connect to host 'fake_host.fqdn'", + excinfo.exception.message + ) + + def test_first_attempt_unsuccsessful_cannot_vim_fault_verify_ssl(self): + with patch("ssl.SSLContext", MagicMock()), patch( + "ssl._create_unverified_context", MagicMock() + ): + exc = vim.fault.VimFault() + exc.msg = "VimFault" + + mock_sc = MagicMock(side_effect=[exc]) + + with patch("salt.utils.vmware.SmartConnect", mock_sc): + with self.assertRaises(VMwareConnectionError) as excinfo: + salt.utils.vmware._get_service_instance( + host="fake_host.fqdn", + username="fake_username", + password="fake_password", + protocol="fake_protocol", + port=1, + mechanism="sspi", + principal="fake_principal", + domain="fake_domain", + verify_ssl=False, ) - def test_second_attempt_unsuccsessful_connection_vim_fault(self): + self.assertEqual(mock_sc.call_count, 1) + self.assertIn("VimFault", excinfo.exception.message) + + def test_third_attempt_unsuccessful_connection_detault_error(self): with patch("ssl.SSLContext", MagicMock()), patch( "ssl._create_unverified_context", MagicMock() ): exc = vim.fault.HostConnectFault() - exc.msg = "[SSL: CERTIFICATE_VERIFY_FAILED]" - exc2 = vim.fault.VimFault() - exc2.msg = "VimFault" + exc.msg = "certificate verify failed" + exc2 = Exception("Exception") mock_sc = MagicMock(side_effect=[exc, exc2]) with patch("salt.utils.vmware.SmartConnect", mock_sc): @@ -1892,20 +1899,19 @@ class PrivateGetServiceInstanceTestCase(TestCase): mechanism="sspi", principal="fake_principal", domain="fake_domain", + verify_ssl=False ) - self.assertEqual(mock_sc.call_count, 2) - self.assertIn("VimFault", excinfo.Exception.message) + self.assertEqual(mock_sc.call_count, 2) + self.assertIn("Could not connect to host 'fake_host.fqdn", excinfo.exception.message) - def test_third_attempt_unsuccessful_connection_detault_error(self): + def test_second_attempt_unsuccessful_connection_vim_fault(self): with patch("ssl.SSLContext", MagicMock()), patch( "ssl._create_unverified_context", MagicMock() ): - exc = vim.fault.HostConnectFault() - exc.msg = "[SSL: CERTIFICATE_VERIFY_FAILED]" - exc2 = Exception("certificate verify failed") - exc3 = Exception("Exception") - mock_sc = MagicMock(side_effect=[exc, exc2, exc3]) + exc = vim.fault.VimFault() + exc.msg = "VimFault" + mock_sc = MagicMock(side_effect=[exc]) with patch("salt.utils.vmware.SmartConnect", mock_sc): with self.assertRaises(VMwareConnectionError) as excinfo: @@ -1918,37 +1924,11 @@ class PrivateGetServiceInstanceTestCase(TestCase): mechanism="sspi", principal="fake_principal", domain="fake_domain", + verify_ssl=False ) - self.assertEqual(mock_sc.call_count, 3) - self.assertIn("Exception", excinfo.Exception.message) - - def test_third_attempt_unsuccessful_connection_vim_fault(self): - with patch("ssl.SSLContext", MagicMock()), patch( - "ssl._create_unverified_context", MagicMock() - ): - exc = vim.fault.HostConnectFault() - exc.msg = "[SSL: CERTIFICATE_VERIFY_FAILED]" - exc2 = Exception("certificate verify failed") - exc3 = vim.fault.VimFault() - exc3.msg = "VimFault" - mock_sc = MagicMock(side_effect=[exc, exc2, exc3]) - - with patch("salt.utils.vmware.SmartConnect", mock_sc): - with self.assertRaises(VMwareConnectionError) as excinfo: - salt.utils.vmware._get_service_instance( - host="fake_host.fqdn", - username="fake_username", - password="fake_password", - protocol="fake_protocol", - port=1, - mechanism="sspi", - principal="fake_principal", - domain="fake_domain", - ) - - self.assertEqual(mock_sc.call_count, 3) - self.assertIn("VimFault", excinfo.Exception.message) + self.assertEqual(mock_sc.call_count, 1) + self.assertIn("VimFault", excinfo.exception.message) @skipIf(not HAS_PYVMOMI, "The 'pyvmomi' library is missing") @@ -1975,7 +1955,8 @@ class GetServiceInstanceTestCase(TestCase): with patch("salt.utils.vmware._get_service_instance", mock_get_si): salt.utils.vmware.get_service_instance(host="fake_host") mock_get_si.assert_called_once_with( - "fake_host", None, None, "https", 443, "userpass", None, None + "fake_host", None, None, "https", 443, "userpass", None, None, + verify_ssl=True ) def test_no_cached_service_instance_same_host_on_proxy(self): @@ -2002,6 +1983,7 @@ class GetServiceInstanceTestCase(TestCase): "fake_mechanism", "fake_principal", "fake_domain", + verify_ssl=True, ) def test_cached_service_instance_different_host(self): @@ -2039,6 +2021,7 @@ class GetServiceInstanceTestCase(TestCase): mechanism="fake_mechanism", principal="fake_principal", domain="fake_domain", + verify_ssl=True ) mock_get_si.assert_called_once_with( "fake_host", @@ -2049,6 +2032,7 @@ class GetServiceInstanceTestCase(TestCase): "fake_mechanism", "fake_principal", "fake_domain", + verify_ssl=True, ) def test_unauthenticated_service_instance(self):