Add wrapper for requests get in tls barbican tests
use validate_URL_response method for querying lb url in
barbican tests, because it allows to have retries on connection timeout.
Related-Prod: https://mirantis.jira.com/browse/PRODX-9013
Change-Id: I6ca75d975e22d1dd406fba46c845019678ec6cad
diff --git a/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py b/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
index 84bfc20..ba415e9 100644
--- a/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
+++ b/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
@@ -31,6 +31,7 @@
from octavia_tempest_plugin.common import cert_utils
from octavia_tempest_plugin.common import constants as const
from octavia_tempest_plugin.tests import test_base
+from octavia_tempest_plugin.tests import validators
from octavia_tempest_plugin.tests import waiters
CONF = config.CONF
@@ -751,9 +752,11 @@
# Test that no client certificate fails to connect
self.assertRaisesRegex(
requests.exceptions.SSLError, ".*certificate required.*",
- requests.get,
+ validators.validate_URL_response,
'https://{0}:{1}'.format(self.lb_vip_address, LISTENER1_TCP_PORT),
- timeout=12, verify=False)
+ HTTPS_verify=False,
+ request_timeout=60
+ )
# Test that a revoked client certificate fails to connect
with tempfile.NamedTemporaryFile(buffering=0) as cert_file:
@@ -765,11 +768,14 @@
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*revoked.*", requests.get,
+ requests.exceptions.SSLError, ".*revoked.*",
+ validators.validate_URL_response,
'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER1_TCP_PORT),
- timeout=12, verify=False, cert=(cert_file.name,
- key_file.name))
+ client_cert_path=(cert_file.name, key_file.name),
+ HTTPS_verify=False,
+ request_timeout=60
+ )
# Test that a valid client certificate can connect
with tempfile.NamedTemporaryFile(buffering=0) as cert_file:
@@ -780,12 +786,13 @@
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
- response = requests.get(
+ validators.validate_URL_response(
'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER1_TCP_PORT),
- timeout=12, verify=False, cert=(cert_file.name,
- key_file.name))
- self.assertEqual(200, response.status_code)
+ HTTPS_verify=False,
+ client_cert_path=(cert_file.name, key_file.name),
+ request_timeout=60
+ )
@decorators.idempotent_id('42d696bf-e7f5-44f0-9331-4a5e01d69ef3')
def test_tls_client_auth_optional(self):
@@ -822,10 +829,12 @@
CONF.load_balancer.build_timeout)
# Test that no client certificate connects
- response = requests.get(
- 'https://{0}:{1}'.format(self.lb_vip_address, LISTENER1_TCP_PORT),
- timeout=12, verify=False)
- self.assertEqual(200, response.status_code)
+ validators.validate_URL_response(
+ 'https://{0}:{1}'.format(self.lb_vip_address,
+ LISTENER1_TCP_PORT),
+ HTTPS_verify=False,
+ request_timeout=60
+ )
# Test that a revoked client certificate fails to connect
with tempfile.NamedTemporaryFile(buffering=0) as cert_file:
@@ -837,11 +846,14 @@
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*revoked.*", requests.get,
+ requests.exceptions.SSLError, ".*revoked.*",
+ validators.validate_URL_response,
'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER1_TCP_PORT),
- timeout=12, verify=False, cert=(cert_file.name,
- key_file.name))
+ HTTPS_verify=False,
+ client_cert_path=(cert_file.name, key_file.name),
+ request_timeout=60
+ )
# Test that a valid client certificate can connect
with tempfile.NamedTemporaryFile(buffering=0) as cert_file:
@@ -852,12 +864,13 @@
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
- response = requests.get(
+ validators.validate_URL_response(
'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER1_TCP_PORT),
- timeout=12, verify=False, cert=(cert_file.name,
- key_file.name))
- self.assertEqual(200, response.status_code)
+ HTTPS_verify=False,
+ client_cert_path=(cert_file.name, key_file.name),
+ request_timeout=60
+ )
@decorators.idempotent_id('13271ce6-f9f7-4017-a017-c2fc390b9438')
def test_tls_multi_listener_client_auth(self):
@@ -956,16 +969,20 @@
# Test that no client certificate fails to connect to listener1
self.assertRaisesRegex(
requests.exceptions.SSLError, ".*certificate required.*",
- requests.get,
+ validators.validate_URL_response,
'https://{0}:{1}'.format(self.lb_vip_address, LISTENER1_TCP_PORT),
- timeout=12, verify=False)
+ HTTPS_verify=False,
+ request_timeout=60
+ )
# Test that no client certificate fails to connect to listener2
self.assertRaisesRegex(
requests.exceptions.SSLError, ".*certificate required.*",
- requests.get,
+ validators.validate_URL_response,
'https://{0}:{1}'.format(self.lb_vip_address, LISTENER2_TCP_PORT),
- timeout=12, verify=False)
+ HTTPS_verify=False,
+ request_timeout=60
+ )
# Test that a revoked client certificate fails to connect
with tempfile.NamedTemporaryFile(buffering=0) as cert_file:
@@ -977,11 +994,14 @@
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*revoked.*", requests.get,
+ requests.exceptions.SSLError, ".*revoked.*",
+ validators.validate_URL_response,
'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER1_TCP_PORT),
- timeout=12, verify=False, cert=(cert_file.name,
- key_file.name))
+ HTTPS_verify=False,
+ client_cert_path=(cert_file.name, key_file.name),
+ request_timeout=60
+ )
# Test that a revoked client2 certificate fails to connect
with tempfile.NamedTemporaryFile(buffering=0) as cert_file:
@@ -993,11 +1013,14 @@
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
self.assertRaisesRegex(
- requests.exceptions.SSLError, ".*revoked.*", requests.get,
+ requests.exceptions.SSLError, ".*revoked.*",
+ validators.validate_URL_response,
'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER2_TCP_PORT),
- timeout=12, verify=False, cert=(cert_file.name,
- key_file.name))
+ HTTPS_verify=False,
+ client_cert_path=(cert_file.name, key_file.name),
+ request_timeout=60
+ )
# Test that a valid client certificate can connect to listener1
with tempfile.NamedTemporaryFile(buffering=0) as cert_file:
@@ -1008,12 +1031,13 @@
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
- response = requests.get(
+ validators.validate_URL_response(
'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER1_TCP_PORT),
- timeout=12, verify=False, cert=(cert_file.name,
- key_file.name))
- self.assertEqual(200, response.status_code)
+ HTTPS_verify=False,
+ client_cert_path=(cert_file.name, key_file.name),
+ request_timeout=60
+ )
# Test that a valid client2 certificate can connect to listener2
with tempfile.NamedTemporaryFile(buffering=0) as cert_file:
@@ -1024,12 +1048,13 @@
serialization.Encoding.PEM,
serialization.PrivateFormat.TraditionalOpenSSL,
serialization.NoEncryption()))
- response = requests.get(
+ validators.validate_URL_response(
'https://{0}:{1}'.format(self.lb_vip_address,
LISTENER2_TCP_PORT),
- timeout=12, verify=False, cert=(cert_file.name,
- key_file.name))
- self.assertEqual(200, response.status_code)
+ HTTPS_verify=False,
+ client_cert_path=(cert_file.name, key_file.name),
+ request_timeout=60
+ )
# Test that a valid client1 certificate can not connect to listener2
with tempfile.NamedTemporaryFile(buffering=0) as cert_file:
@@ -1042,10 +1067,13 @@
serialization.NoEncryption()))
self.assertRaisesRegex(
requests.exceptions.SSLError, ".*decrypt error.*",
- requests.get, 'https://{0}:{1}'.format(self.lb_vip_address,
- LISTENER2_TCP_PORT),
- timeout=12, verify=False, cert=(cert_file.name,
- key_file.name))
+ validators.validate_URL_response,
+ 'https://{0}:{1}'.format(self.lb_vip_address,
+ LISTENER2_TCP_PORT),
+ HTTPS_verify=False,
+ client_cert_path=(cert_file.name, key_file.name),
+ request_timeout=60
+ )
# Test that a valid client2 certificate can not connect to listener1
with tempfile.NamedTemporaryFile(buffering=0) as cert_file:
@@ -1058,10 +1086,13 @@
serialization.NoEncryption()))
self.assertRaisesRegex(
requests.exceptions.SSLError, ".*decrypt error.*",
- requests.get, 'https://{0}:{1}'.format(self.lb_vip_address,
- LISTENER1_TCP_PORT),
- timeout=12, verify=False, cert=(cert_file.name,
- key_file.name))
+ validators.validate_URL_response,
+ 'https://{0}:{1}'.format(self.lb_vip_address,
+ LISTENER1_TCP_PORT),
+ HTTPS_verify=False,
+ client_cert_path=(cert_file.name, key_file.name),
+ request_timeout=60
+ )
# Test that a revoked client1 certificate can not connect to listener2
with tempfile.NamedTemporaryFile(buffering=0) as cert_file:
@@ -1074,10 +1105,13 @@
serialization.NoEncryption()))
self.assertRaisesRegex(
requests.exceptions.SSLError, ".*decrypt error.*",
- requests.get, 'https://{0}:{1}'.format(self.lb_vip_address,
- LISTENER2_TCP_PORT),
- timeout=12, verify=False, cert=(cert_file.name,
- key_file.name))
+ validators.validate_URL_response,
+ 'https://{0}:{1}'.format(self.lb_vip_address,
+ LISTENER2_TCP_PORT),
+ HTTPS_verify=False,
+ client_cert_path=(cert_file.name, key_file.name),
+ request_timeout=60
+ )
# Test that a revoked client2 certificate can not connect to listener1
with tempfile.NamedTemporaryFile(buffering=0) as cert_file:
@@ -1090,7 +1124,10 @@
serialization.NoEncryption()))
self.assertRaisesRegex(
requests.exceptions.SSLError, ".*decrypt error.*",
- requests.get, 'https://{0}:{1}'.format(self.lb_vip_address,
- LISTENER1_TCP_PORT),
- timeout=12, verify=False, cert=(cert_file.name,
- key_file.name))
+ validators.validate_URL_response,
+ 'https://{0}:{1}'.format(self.lb_vip_address,
+ LISTENER1_TCP_PORT),
+ HTTPS_verify=False,
+ client_cert_path=(cert_file.name, key_file.name),
+ request_timeout=60
+ )