Fix TLS client auth tests for older amphora
Older amphora have a verison of HAProxy that does not support TLS1.3.
This means that the error returned when the client authentication
certificate is required, but improper is different between the versions.
This patch makes the test more generic to pass when the proper
exception is raised, but will no longer validate the error string
contents as this string varies across the protocol versions used.
Change-Id: Ic08135fdf5fb2e8cf35852bf065a885327a852fa
diff --git a/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py b/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
index 84bfc20..a753a5c 100644
--- a/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
+++ b/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
@@ -749,8 +749,8 @@
CONF.load_balancer.build_timeout)
# Test that no client certificate fails to connect
- self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*certificate required.*",
+ self.assertRaises(
+ requests.exceptions.SSLError,
requests.get,
'https://{0}:{1}'.format(self.lb_vip_address, LISTENER1_TCP_PORT),
timeout=12, verify=False)
@@ -764,8 +764,8 @@
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
- self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*revoked.*", requests.get,
+ self.assertRaises(
+ requests.exceptions.SSLError, requests.get,
'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER1_TCP_PORT),
timeout=12, verify=False, cert=(cert_file.name,
@@ -836,8 +836,8 @@
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
- self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*revoked.*", requests.get,
+ self.assertRaises(
+ requests.exceptions.SSLError, requests.get,
'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER1_TCP_PORT),
timeout=12, verify=False, cert=(cert_file.name,
@@ -954,15 +954,15 @@
CONF.load_balancer.build_timeout)
# Test that no client certificate fails to connect to listener1
- self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*certificate required.*",
+ self.assertRaises(
+ requests.exceptions.SSLError,
requests.get,
'https://{0}:{1}'.format(self.lb_vip_address, LISTENER1_TCP_PORT),
timeout=12, verify=False)
# Test that no client certificate fails to connect to listener2
- self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*certificate required.*",
+ self.assertRaises(
+ requests.exceptions.SSLError,
requests.get,
'https://{0}:{1}'.format(self.lb_vip_address, LISTENER2_TCP_PORT),
timeout=12, verify=False)
@@ -976,8 +976,8 @@
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
- self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*revoked.*", requests.get,
+ self.assertRaises(
+ requests.exceptions.SSLError, requests.get,
'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER1_TCP_PORT),
timeout=12, verify=False, cert=(cert_file.name,
@@ -992,8 +992,8 @@
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
- self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*revoked.*", requests.get,
+ self.assertRaises(
+ requests.exceptions.SSLError, requests.get,
'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER2_TCP_PORT),
timeout=12, verify=False, cert=(cert_file.name,
@@ -1040,8 +1040,8 @@
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
- self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*decrypt error.*",
+ self.assertRaises(
+ requests.exceptions.SSLError,
requests.get, 'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER2_TCP_PORT),
timeout=12, verify=False, cert=(cert_file.name,
@@ -1056,8 +1056,8 @@
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
- self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*decrypt error.*",
+ self.assertRaises(
+ requests.exceptions.SSLError,
requests.get, 'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER1_TCP_PORT),
timeout=12, verify=False, cert=(cert_file.name,
@@ -1072,8 +1072,8 @@
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
- self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*decrypt error.*",
+ self.assertRaises(
+ requests.exceptions.SSLError,
requests.get, 'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER2_TCP_PORT),
timeout=12, verify=False, cert=(cert_file.name,
@@ -1088,8 +1088,8 @@
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
- self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*decrypt error.*",
+ self.assertRaises(
+ requests.exceptions.SSLError,
requests.get, 'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER1_TCP_PORT),
timeout=12, verify=False, cert=(cert_file.name,