Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nailgun ssl cert verification #12813

Merged
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions conf/server.yaml.template
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,10 @@ SERVER:
ADMIN_USERNAME: admin
# Admin password when accessing API and UI
ADMIN_PASSWORD: changeme
# Set to true to verify against the certificate given in REQUESTS_CA_BUNDLE
# Or specify path to certificate path or directory
# see: https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification
VERIFY_CA: false

SSH_CLIENT:
# Specify port number for ssh client, Default: 22
Expand Down
16 changes: 14 additions & 2 deletions robottelo/config/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,18 @@ def get_url():
return urlunsplit((scheme, hostname, '', '', ''))


def get_ssl_cert_verify():
"""Return the SSL certificate or setting to verify HTTPS requests.

:return: Certificate path or boolean verify setting
:rtype: bool or str
"""
try:
return settings.server.verify_ca
omkarkhatavkar marked this conversation as resolved.
Show resolved Hide resolved
except AttributeError:
return False


def user_nailgun_config(username=None, password=None):
"""Return a NailGun configuration file constructed from default values.

Expand All @@ -110,7 +122,7 @@ def user_nailgun_config(username=None, password=None):

"""
creds = (username, password)
return ServerConfig(get_url(), creds, verify=False)
return ServerConfig(get_url(), creds, verify=get_ssl_cert_verify())


def setting_is_set(option):
Expand Down Expand Up @@ -153,7 +165,7 @@ def configure_nailgun():
from nailgun.config import ServerConfig

entity_mixins.CREATE_MISSING = True
entity_mixins.DEFAULT_SERVER_CONFIG = ServerConfig(get_url(), get_credentials(), verify=False)
entity_mixins.DEFAULT_SERVER_CONFIG = ServerConfig(get_url(), get_credentials(), verify=get_ssl_cert_verify())
gpgkey_init = entities.GPGKey.__init__

def patched_gpgkey_init(self, server_config=None, **kwargs):
Expand Down
3 changes: 2 additions & 1 deletion robottelo/hosts.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
from robottelo.config import (
configure_airgun,
configure_nailgun,
get_ssl_cert_verify,
robottelo_tmp_dir,
settings,
)
Expand Down Expand Up @@ -1776,7 +1777,7 @@ class DecClass(cls):
self.nailgun_cfg = ServerConfig(
auth=(settings.server.admin_username, settings.server.admin_password),
url=f'{self.url}',
verify=False,
verify=get_ssl_cert_verify(),
)
# add each nailgun entity to self.api, injecting our server config
for name, obj in entities.__dict__.items():
Expand Down
36 changes: 23 additions & 13 deletions tests/foreman/api/test_role.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
from requests.exceptions import HTTPError

from robottelo.cli.ldapauthsource import LDAPAuthSource
from robottelo.config import get_ssl_cert_verify
from robottelo.constants import LDAP_ATTR, LDAP_SERVER_TYPE
from robottelo.utils.datafactory import gen_string, generate_strings_list, parametrized
from robottelo.utils.issue_handlers import is_open
Expand Down Expand Up @@ -154,7 +155,8 @@ def user_config(self, user, satellite):
:param user: The nailgun.entities.User object of an user with passwd
parameter
"""
return ServerConfig(auth=(user.login, user.passwd), url=satellite.url, verify=False)
return ServerConfig(auth=(user.login, user.passwd), url=satellite.url,
verify=get_ssl_cert_verify())

@pytest.fixture
def role_taxonomies(self):
Expand Down Expand Up @@ -991,7 +993,8 @@ def test_positive_user_group_users_access_as_org_admin(self, role_taxonomies, ta
location=[role_taxonomies['loc'].id],
).create()
for login, password in ((userone_login, userone_pass), (usertwo_login, usertwo_pass)):
sc = ServerConfig(auth=(login, password), url=target_sat.url, verify=False)
sc = ServerConfig(auth=(login, password), url=target_sat.url,
verify=get_ssl_cert_verify())
try:
entities.Domain(sc).search(
query={
Expand Down Expand Up @@ -1120,7 +1123,8 @@ def test_negative_assign_taxonomies_by_org_admin(
location=[role_taxonomies['loc']],
).create()
assert user_login == user.login
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url, verify=False)
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url,
verify=get_ssl_cert_verify())
# Getting the domain from user1
dom = entities.Domain(sc, id=dom.id).read()
dom.organization = [filter_taxonomies['org']]
Expand Down Expand Up @@ -1279,7 +1283,8 @@ def test_negative_create_roles_by_org_admin(self, role_taxonomies, target_sat):
location=[role_taxonomies['loc']],
).create()
assert user_login == user.login
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url, verify=False)
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url,
verify=get_ssl_cert_verify())
role_name = gen_string('alpha')
with pytest.raises(HTTPError):
entities.Role(
Expand Down Expand Up @@ -1344,7 +1349,8 @@ def test_negative_admin_permissions_to_org_admin(self, role_taxonomies, target_s
location=[role_taxonomies['loc']],
).create()
assert user_login == user.login
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url, verify=False)
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url,
verify=get_ssl_cert_verify())
with pytest.raises(HTTPError):
entities.User(sc, id=1).read()

Expand Down Expand Up @@ -1389,7 +1395,8 @@ def test_positive_create_user_by_org_admin(self, role_taxonomies, target_sat):
location=[role_taxonomies['loc']],
).create()
assert user_login == user.login
sc_user = ServerConfig(auth=(user_login, user_pass), url=target_sat.url, verify=False)
sc_user = ServerConfig(auth=(user_login, user_pass), url=target_sat.url,
verify=get_ssl_cert_verify())
user_login = gen_string('alpha')
user_pass = gen_string('alphanumeric')
user = entities.User(
Expand Down Expand Up @@ -1470,7 +1477,8 @@ def test_positive_create_nested_location(self, role_taxonomies, target_sat):
)
user.role = [org_admin]
user = user.update(['role'])
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url, verify=False)
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url,
verify=get_ssl_cert_verify())
name = gen_string('alphanumeric')
location = entities.Location(sc, name=name, parent=role_taxonomies['loc'].id).create()
assert location.name == name
Expand Down Expand Up @@ -1534,7 +1542,8 @@ def test_negative_create_taxonomies_by_org_admin(self, role_taxonomies, target_s
location=[role_taxonomies['loc']],
).create()
assert user_login == user.login
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url, verify=False)
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url,
verify=get_ssl_cert_verify())
with pytest.raises(HTTPError):
entities.Organization(sc, name=gen_string('alpha')).create()
if not is_open("BZ:1825698"):
Expand Down Expand Up @@ -1578,7 +1587,8 @@ def test_positive_access_all_global_entities_by_org_admin(
location=[role_taxonomies['loc'], filter_taxonomies['loc']],
).create()
assert user_login == user.login
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url, verify=False)
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url,
verify=get_ssl_cert_verify())
try:
for entity in [
entities.Architecture,
Expand Down Expand Up @@ -1627,7 +1637,7 @@ def test_negative_access_entities_from_ldap_org_admin(self, role_taxonomies, cre
sc = ServerConfig(
auth=(create_ldap['ldap_user_name'], create_ldap['ldap_user_passwd']),
url=create_ldap['sat_url'],
verify=False,
verify=get_ssl_cert_verify(),
)
with pytest.raises(HTTPError):
entities.Architecture(sc).search()
Expand Down Expand Up @@ -1670,7 +1680,7 @@ def test_negative_access_entities_from_ldap_user(
sc = ServerConfig(
auth=(create_ldap['ldap_user_name'], create_ldap['ldap_user_passwd']),
url=create_ldap['sat_url'],
verify=False,
verify=get_ssl_cert_verify(),
)
with pytest.raises(HTTPError):
entities.Architecture(sc).search()
Expand Down Expand Up @@ -1734,7 +1744,7 @@ def test_positive_assign_org_admin_to_ldap_user_group(self, role_taxonomies, cre
sc = ServerConfig(
auth=(user.login, password),
url=create_ldap['sat_url'],
verify=False,
verify=get_ssl_cert_verify(),
)
# Accessing the Domain resource
entities.Domain(sc, id=domain.id).read()
Expand Down Expand Up @@ -1790,7 +1800,7 @@ def test_negative_assign_org_admin_to_ldap_user_group(self, create_ldap, role_ta
sc = ServerConfig(
auth=(user.login, password),
url=create_ldap['sat_url'],
verify=False,
verify=get_ssl_cert_verify(),
)
# Trying to access the Domain resource
with pytest.raises(HTTPError):
Expand Down
5 changes: 3 additions & 2 deletions tests/foreman/api/test_subscription.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
from requests.exceptions import HTTPError

from robottelo.cli.subscription import Subscription
from robottelo.config import get_ssl_cert_verify
from robottelo.constants import DEFAULT_SUBSCRIPTION_NAME, PRDS, REPOS, REPOSET

pytestmark = [pytest.mark.run_in_one_thread]
Expand Down Expand Up @@ -191,7 +192,7 @@ def test_positive_delete_manifest_as_another_user(
sc1 = ServerConfig(
auth=(user1.login, user1_password),
url=target_sat.url,
verify=False,
verify=get_ssl_cert_verify(),
)
user2_password = gen_string('alphanumeric')
user2 = target_sat.api.User(
Expand All @@ -203,7 +204,7 @@ def test_positive_delete_manifest_as_another_user(
sc2 = ServerConfig(
auth=(user2.login, user2_password),
url=target_sat.url,
verify=False,
verify=get_ssl_cert_verify(),
)
# use the first admin to upload a manifest
with function_entitlement_manifest as manifest:
Expand Down
12 changes: 6 additions & 6 deletions tests/foreman/api/test_user.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
import pytest
from requests.exceptions import HTTPError

from robottelo.config import settings
from robottelo.config import get_ssl_cert_verify, settings
from robottelo.constants import LDAP_ATTR, LDAP_SERVER_TYPE, DataFile
from robottelo.utils import gen_ssh_keypairs
from robottelo.utils.datafactory import (
Expand Down Expand Up @@ -418,7 +418,7 @@ def test_positive_table_preferences(self, module_target_sat):
user = entities.User(role=existing_roles, password=password).create()
name = "hosts"
columns = ["power_status", "name", "comment"]
sc = ServerConfig(auth=(user.login, password), url=module_target_sat.url, verify=False)
sc = ServerConfig(auth=(user.login, password), url=module_target_sat.url, verify=get_ssl_cert_verify())
entities.TablePreferences(sc, user=user, name=name, columns=columns).create()
table_preferences = entities.TablePreferences(sc, user=user).search()
assert len(table_preferences) == 1
Expand Down Expand Up @@ -726,7 +726,7 @@ def test_positive_ad_basic_no_roles(self, create_ldap):
sc = ServerConfig(
auth=(create_ldap['ldap_user_name'], create_ldap['ldap_user_passwd']),
url=create_ldap['sat_url'],
verify=False,
verify=get_ssl_cert_verify(),
)
with pytest.raises(HTTPError):
entities.Architecture(sc).search()
Expand Down Expand Up @@ -775,7 +775,7 @@ def test_positive_access_entities_from_ldap_org_admin(self, create_ldap, module_
sc = ServerConfig(
auth=(create_ldap['ldap_user_name'], create_ldap['ldap_user_passwd']),
url=create_ldap['sat_url'],
verify=False,
verify=get_ssl_cert_verify(),
)
with pytest.raises(HTTPError):
entities.Architecture(sc).search()
Expand Down Expand Up @@ -857,7 +857,7 @@ def test_positive_ipa_basic_no_roles(self, create_ldap):
sc = ServerConfig(
auth=(create_ldap['username'], create_ldap['ldap_user_passwd']),
url=create_ldap['sat_url'],
verify=False,
verify=get_ssl_cert_verify(),
)
with pytest.raises(HTTPError):
entities.Architecture(sc).search()
Expand Down Expand Up @@ -896,7 +896,7 @@ def test_positive_access_entities_from_ipa_org_admin(self, create_ldap):
sc = ServerConfig(
auth=(create_ldap['username'], create_ldap['ldap_user_passwd']),
url=create_ldap['sat_url'],
verify=False,
verify=get_ssl_cert_verify(),
)
with pytest.raises(HTTPError):
entities.Architecture(sc).search()
Expand Down