tempest

Self-signed certs should not kill tests

Bug #1089762 reported by Jay Pipes
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tempest
Fix Released
Medium
Jay Pipes

Bug Description

When running against an endpoint with a self-signed cert, we should be able to instruct the base rest_client to ignore cert validation, otherwise, Tempest returns a whole bunch of these:

======================================================================
ERROR: Should not be able to create volume without passing size
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/nose/tools.py", line 80, in newfunc
    func(*arg, **kw)
  File "/opt/tempest/tempest/tests/volume/test_volumes_negative.py", line 84, in test_create_volume_with_out_passing_size
    metadata=metadata)
  File "/opt/tempest/tempest/services/volume/json/volumes_client.py", line 83, in create_volume
    resp, body = self.post('volumes', post_body, self.headers)
  File "/opt/tempest/tempest/common/rest_client.py", line 171, in post
    return self.request('POST', url, headers, body)
  File "/opt/tempest/tempest/common/rest_client.py", line 211, in request
    headers=headers, body=body)
  File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1597, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1345, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1281, in _conn_request
    conn.connect()
  File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1036, in connect
    raise SSLHandshakeError(e)
SSLHandshakeError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The regular clients allow this using httplib2.Http.__init__'s disable_ssl_certificate_verification to True.

See original description
Jay Pipes (jaypipes)
summary: - Self-signed certs should not kill volume tests
+ Self-signed certs should not kill tests
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tempest (master)

Fix proposed to branch: master
Review: https://review.openstack.org/18012

Changed in tempest:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tempest (master)

Reviewed: https://review.openstack.org/18012
Committed: http://github.com/openstack/tempest/commit/e9e24dd20d1e4fe70e856590a14c54f18fefc633
Submitter: Jenkins
Branch: master

commit e9e24dd20d1e4fe70e856590a14c54f18fefc633
Author: Jay Pipes <email address hidden>
Date: Thu Dec 13 00:09:34 2012 -0500

    Tempest should ignore SSL certificate validation

    In testing and QA environments, often endpoints are set up
    with self-signed or incomplete certs, and Tempest will bomb
    out with complaints about being unable to validate SSL certificates.

    Tempest isn't about testing SSL certificates. It's about testing
    the OpenStack APIs, and if a common scenario is to test SSL and
    endpoints in a testing environment, the client should disable
    SSL cert checking.

    Change-Id: I999cef9b5cd40a94c1b1bd63f4e19b2e58924c9a
    fixes: lp bug #1089762

Changed in tempest:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.