From 27403d2ae94a11469cfbb4ce45e713a6a2c69ee3 Mon Sep 17 00:00:00 2001 From: Christophe Haen Date: Tue, 5 Mar 2024 17:21:07 +0100 Subject: [PATCH] sweep: #7499 use pytest-reruns instead of flaky --- environment.yml | 2 +- setup.cfg | 2 +- .../DISET/private/Transports/SSL/M2Utils.py | 45 ++++++++++++------- .../Core/Utilities/test/Test_Profiler.py | 3 +- .../test/Test_Logging_GetSubLogger.py | 1 - 5 files changed, 33 insertions(+), 20 deletions(-) diff --git a/environment.yml b/environment.yml index 45977a2d8c5..496c985603e 100644 --- a/environment.yml +++ b/environment.yml @@ -65,11 +65,11 @@ dependencies: - pytest >=3.6 - pytest-cov >=2.2.0 - pytest-mock + - pytest-rerunfailures - setuptools-scm - shellcheck - typer - typer-cli - - flaky # docs - pygments >=1.5 - sphinx diff --git a/setup.cfg b/setup.cfg index fee00b153b8..b0ed351500b 100644 --- a/setup.cfg +++ b/setup.cfg @@ -85,13 +85,13 @@ server = tornado-m2crypto importlib_resources testing = - flaky hypothesis mock parameterized pytest pytest-cov pytest-mock + pytest-rerunfailures pycodestyle [options.entry_points] diff --git a/src/DIRAC/Core/DISET/private/Transports/SSL/M2Utils.py b/src/DIRAC/Core/DISET/private/Transports/SSL/M2Utils.py index d1257994e44..7366f304be0 100644 --- a/src/DIRAC/Core/DISET/private/Transports/SSL/M2Utils.py +++ b/src/DIRAC/Core/DISET/private/Transports/SSL/M2Utils.py @@ -4,8 +4,11 @@ """ import os import tempfile +import M2Crypto +from packaging.version import Version from M2Crypto import SSL, m2, X509 + from DIRAC.Core.DISET import DEFAULT_SSL_CIPHERS, DEFAULT_SSL_METHODS from DIRAC.Core.Security import Locations from DIRAC.Core.Security.m2crypto.X509Chain import X509Chain @@ -15,6 +18,30 @@ DEBUG_M2CRYPTO = os.getenv("DIRAC_DEBUG_M2CRYPTO", "No").lower() in ("yes", "true") +VERIFY_ALLOW_PROXY_CERTS = 0 + +# If the version of M2Crypto is recent enough, there is an API +# to accept proxy certificate, and we do not need to rely on +# OPENSSL_ALLOW_PROXY_CERT environment variable +# which was removed as of openssl 1.1 +# We need this to be merged in M2Crypto: https://gitlab.com/m2crypto/m2crypto/merge_requests/236 +# We set the proper verify flag to the X509Store of the context +# as described here https://www.openssl.org/docs/man1.1.1/man7/proxy-certificates.html +if hasattr(SSL, "verify_allow_proxy_certs"): + VERIFY_ALLOW_PROXY_CERTS = SSL.verify_allow_proxy_certs # pylint: disable=no-member +# As of M2Crypto 0.37, the `verify_allow_proxy_certs` flag was moved +# to X509 (https://gitlab.com/m2crypto/m2crypto/-/merge_requests/238) +# It is more consistent with all the other flags, +# but pySSL had it in SSL. Well... +elif hasattr(X509, "verify_allow_proxy_certs"): + VERIFY_ALLOW_PROXY_CERTS = X509.verify_allow_proxy_certs # pylint: disable=no-member +# As of M2Crypto 0.38, M2Crypto did not export the symbol correctly +# Anymore +# https://gitlab.com/m2crypto/m2crypto/-/issues/298 +elif Version(M2Crypto.__version__) >= Version("0.38.0"): + VERIFY_ALLOW_PROXY_CERTS = 64 + + def __loadM2SSLCTXHostcert(ctx): """Load hostcert & key from the default location and set them as the credentials for SSL context ctx. @@ -125,21 +152,9 @@ def getM2SSLContext(ctx=None, **kwargs): raise RuntimeError(f"CA path ({caPath}) is not a valid directory") ctx.load_verify_locations(capath=caPath) - # If the version of M2Crypto is recent enough, there is an API - # to accept proxy certificate, and we do not need to rely on - # OPENSSL_ALLOW_PROXY_CERT environment variable - # which was removed as of openssl 1.1 - # We need this to be merged in M2Crypto: https://gitlab.com/m2crypto/m2crypto/merge_requests/236 - # We set the proper verify flag to the X509Store of the context - # as described here https://www.openssl.org/docs/man1.1.1/man7/proxy-certificates.html - if hasattr(SSL, "verify_allow_proxy_certs"): - ctx.get_cert_store().set_flags(SSL.verify_allow_proxy_certs) # pylint: disable=no-member - # As of M2Crypto 0.37, the `verify_allow_proxy_certs` flag was moved - # to X509 (https://gitlab.com/m2crypto/m2crypto/-/merge_requests/238) - # It is more consistent with all the other flags, - # but pySSL had it in SSL. Well... - if hasattr(X509, "verify_allow_proxy_certs"): - ctx.get_cert_store().set_flags(X509.verify_allow_proxy_certs) # pylint: disable=no-member + # Allow proxy certificates to be used + if VERIFY_ALLOW_PROXY_CERTS: + ctx.get_cert_store().set_flags(VERIFY_ALLOW_PROXY_CERTS) # Other parameters sslMethods = kwargs.get("sslMethods", DEFAULT_SSL_METHODS) diff --git a/src/DIRAC/Core/Utilities/test/Test_Profiler.py b/src/DIRAC/Core/Utilities/test/Test_Profiler.py index 9e8a2f90612..aea819e70e4 100644 --- a/src/DIRAC/Core/Utilities/test/Test_Profiler.py +++ b/src/DIRAC/Core/Utilities/test/Test_Profiler.py @@ -5,7 +5,6 @@ from subprocess import Popen import pytest -from flaky import flaky import DIRAC from DIRAC.Core.Utilities.Profiler import Profiler @@ -78,7 +77,7 @@ def test_base(): assert resWC["Value"] >= res["Value"] -@flaky(max_runs=10, min_passes=2) +@pytest.mark.flaky(reruns=10) def test_cpuUsage(): mainProcess = Popen( [ diff --git a/src/DIRAC/FrameworkSystem/private/standardLogging/test/Test_Logging_GetSubLogger.py b/src/DIRAC/FrameworkSystem/private/standardLogging/test/Test_Logging_GetSubLogger.py index 3a883de79f0..0f126cbda37 100644 --- a/src/DIRAC/FrameworkSystem/private/standardLogging/test/Test_Logging_GetSubLogger.py +++ b/src/DIRAC/FrameworkSystem/private/standardLogging/test/Test_Logging_GetSubLogger.py @@ -2,7 +2,6 @@ Test SubLogger """ import pytest -from flaky import flaky from DIRAC.FrameworkSystem.private.standardLogging.LogLevels import LogLevels