| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Change-Id: Ic8a2a736a733e0151ca82f19bfde428dc04cf255
|
| |
|
|
|
|
|
|
| |
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: I446ee142c7a17446372c910f7f2a36d55df18e04
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Hiding the unhandled exception in the test with a failure makes it
harder to debug the problem. Let them pass unhandled so the test reports
an ERROR instead of FAILURE.
Change-Id: I4e435a6d276fdf161dac28f08c2c7efedd1d6385
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This requests commit [1] changed the behavior when a nonexistent cacert
file is passed in: now it raises IOError. This is getting through
glanceclient.common.http.HTTPClient._request, which used to raise
CommunicationError in this scenario.
Even though there is arguably a better exception than CommunicationError
to represent this condition (like maybe IOError), for backward
compatibility this change set converts IOError to CommunicationError.
We also improve the unit test to raise the original exception if the
expected conditions aren't met; this improves debugability.
[1] https://github.com/kennethreitz/requests/commit/7d8b87c37f3a5fb993fd83eda6888ac217cd108e
Change-Id: I6a2cf4c6d041b67d3509153b4cef18b459263648
Closes-Bug: #1692085
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to the change in python versions greater then 2.7.8, messages
that SSL certificate handling module is producing are different
from the error messages produced in earlier versions of py27.
Fixed how the following test cases of TestHTTPSVerifyCert class
are handling erroneous SSL certification messages:
- test_v2_requests_valid_cert_no_key
- test_v2_requests_bad_cert
- test_v2_requests_bad_ca
Closes-Bug:1499355
Change-Id: I3b939292ba0042bced5cc91a26e2593450f9cafe
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Custom SSL handling was introduced because disabling SSL layer compression
provided an approximately five fold performance increase in some
cases. Without SSL layer compression disabled the image transfer would be
CPU bound -- with the CPU performing the DEFLATE algorithm. This would
typically limit image transfers to < 20 MB/s. When --no-ssl-compression
was specified the client would not negotiate any compression algorithm
during the SSL handshake with the server which would remove the CPU
bottleneck and transfers could approach wire speed.
In order to support '--no-ssl-compression' two totally separate code
paths exist depending on whether this is True or False. When SSL
compression is disabled, rather than using the standard 'requests'
library, we enter some custom code based on pyopenssl and httplib in
order to disable compression.
This patch/spec proposes removing the custom code because:
* It is a burden to maintain
Eg adding new code such as keystone session support is more complicated
* It can introduce additional failure modes
We have seen some bugs related to the 'custom' certificate checking
* Newer Operating Systems disable SSL for us.
Eg. While Debian 7 defaulted to compression 'on', Debian 8 has compression
'off'. This makes both servers and client less likely to have compression
enabled.
* Newer combinations of 'requests' and 'python' do this for us
Requests disables compression when backed by a version of python which
supports it (>= 2.7.9). This makes clients more likely to disable
compression out-of-the-box.
* It is (in principle) possible to do this on older versions too
If pyopenssl, ndg-httpsclient and pyasn1 are installed on older
operating system/python combinations, the requests library should
disable SSL compression on the client side.
* Systems that have SSL compression enabled may be vulnerable to the CRIME
(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4929) attack.
Installations which are security conscious should be running the Glance
server with SSL disabled.
Full Spec: https://review.openstack.org/#/c/187674
Blueprint: remove-custom-client-ssl-handling
Change-Id: I7e7761fc91b0d6da03939374eeedd809534f6edf
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Due to a typo in an attribute named, an Attribute error is raised
causing failure in connection to glance through HTTPS
Urllib3 PoolManager class has a connection_pool_kw attribute
but not connection_kw
Closes-Bug: #1479020
Change-Id: Id4d6a5bdcf971d09e80043fd2ab399e208fd931c
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
This commit enables new flake8 checks:
* E265 block comment should start with '# '
* H405 multi line docstring summary not separated with an empty line
* E123 closing bracket does not match indentation of opening bracket's line
* H238 old style class declaration, use new style (inherit from `object`)
* E128 continuation line under-indented for visual indent
and makes related changes in the code.
Change-Id: Ie993afc930f6b74d7a990bcaa9fc0e9f5ba1585c
|
| |
|
|
|
|
|
|
|
| |
Several tests with cert verification are broken. This
code fixes it by setting right imports. Also some typos
are fixed too.
Change-Id: Ie014f90714c3dabee65459fd704dd11b1770c7de
Closed-Bug: #1472234
|
| |
|
|
|
|
|
|
|
| |
As stated in the OpenStack Hacking Guidelines, it is prefered
that only modules should be imported.
Also updated tox.ini to ignore opestack/common among others.
Change-Id: I2f0a603c31052eadee581c11880c0ec6bd392829
|
|
|
This patch moves the glanceclient unit tests to the standard directory
(xxxclient/tests/unit) in preparation for adding functional gate tests
'check-glanceclient-dsvm-functional' in the same vein as existing client
tests for other projects, eg:
* check-novaclient-dsvm-functional
* check-keystoneclient-dsvm-functional
* check-neutronclient-dsvm-functional
Change-Id: I29d4b9e3a428c851575ee9afde40d6df583456c4
|
