Skip to content

Commit

Permalink
Nailgun ssl cert verification (SatelliteQE#12813)
Browse files Browse the repository at this point in the history
* Add config option to verify nailgun requests against ssl cert

* Use ssl verification for all instances of ServerConfig

* Use dynaconf validator

---------

Co-authored-by: dosas <[email protected]>
  • Loading branch information
dosas and dosas authored Oct 9, 2023
1 parent ff5ae86 commit 0ddb4b7
Show file tree
Hide file tree
Showing 7 changed files with 52 additions and 23 deletions.
4 changes: 4 additions & 0 deletions conf/server.yaml.template
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,10 @@ SERVER:
ADMIN_USERNAME: admin
# Admin password when accessing API and UI
ADMIN_PASSWORD: changeme
# Set to true to verify against the certificate given in REQUESTS_CA_BUNDLE
# Or specify path to certificate path or directory
# see: https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification
VERIFY_CA: false

SSH_CLIENT:
# Specify port number for ssh client, Default: 22
Expand Down
6 changes: 4 additions & 2 deletions robottelo/config/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ def user_nailgun_config(username=None, password=None):
"""
creds = (username, password)
return ServerConfig(get_url(), creds, verify=False)
return ServerConfig(get_url(), creds, verify=settings.server.verify_ca)


def setting_is_set(option):
Expand Down Expand Up @@ -153,7 +153,9 @@ def configure_nailgun():
from nailgun.config import ServerConfig

entity_mixins.CREATE_MISSING = True
entity_mixins.DEFAULT_SERVER_CONFIG = ServerConfig(get_url(), get_credentials(), verify=False)
entity_mixins.DEFAULT_SERVER_CONFIG = ServerConfig(
get_url(), get_credentials(), verify=settings.server.verify_ca
)
gpgkey_init = entities.GPGKey.__init__

def patched_gpgkey_init(self, server_config=None, **kwargs):
Expand Down
1 change: 1 addition & 0 deletions robottelo/config/validators.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
Validator('server.port', default=443),
Validator('server.ssh_username', default='root'),
Validator('server.ssh_password', default=None),
Validator('server.verify_ca', default=False),
],
content_host=[
Validator('content_host.default_rhel_version', must_exist=True),
Expand Down
2 changes: 1 addition & 1 deletion robottelo/hosts.py
Original file line number Diff line number Diff line change
Expand Up @@ -1776,7 +1776,7 @@ class DecClass(cls):
self.nailgun_cfg = ServerConfig(
auth=(settings.server.admin_username, settings.server.admin_password),
url=f'{self.url}',
verify=False,
verify=settings.server.verify_ca,
)
# add each nailgun entity to self.api, injecting our server config
for name, obj in entities.__dict__.items():
Expand Down
45 changes: 32 additions & 13 deletions tests/foreman/api/test_role.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
from requests.exceptions import HTTPError

from robottelo.cli.ldapauthsource import LDAPAuthSource
from robottelo.config import settings
from robottelo.constants import LDAP_ATTR, LDAP_SERVER_TYPE
from robottelo.utils.datafactory import gen_string, generate_strings_list, parametrized
from robottelo.utils.issue_handlers import is_open
Expand Down Expand Up @@ -154,7 +155,9 @@ def user_config(self, user, satellite):
:param user: The nailgun.entities.User object of an user with passwd
parameter
"""
return ServerConfig(auth=(user.login, user.passwd), url=satellite.url, verify=False)
return ServerConfig(
auth=(user.login, user.passwd), url=satellite.url, verify=settings.server.verify_ca
)

@pytest.fixture
def role_taxonomies(self):
Expand Down Expand Up @@ -991,7 +994,9 @@ def test_positive_user_group_users_access_as_org_admin(self, role_taxonomies, ta
location=[role_taxonomies['loc'].id],
).create()
for login, password in ((userone_login, userone_pass), (usertwo_login, usertwo_pass)):
sc = ServerConfig(auth=(login, password), url=target_sat.url, verify=False)
sc = ServerConfig(
auth=(login, password), url=target_sat.url, verify=settings.server.verify_ca
)
try:
entities.Domain(sc).search(
query={
Expand Down Expand Up @@ -1120,7 +1125,9 @@ def test_negative_assign_taxonomies_by_org_admin(
location=[role_taxonomies['loc']],
).create()
assert user_login == user.login
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url, verify=False)
sc = ServerConfig(
auth=(user_login, user_pass), url=target_sat.url, verify=settings.server.verify_ca
)
# Getting the domain from user1
dom = entities.Domain(sc, id=dom.id).read()
dom.organization = [filter_taxonomies['org']]
Expand Down Expand Up @@ -1279,7 +1286,9 @@ def test_negative_create_roles_by_org_admin(self, role_taxonomies, target_sat):
location=[role_taxonomies['loc']],
).create()
assert user_login == user.login
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url, verify=False)
sc = ServerConfig(
auth=(user_login, user_pass), url=target_sat.url, verify=settings.server.verify_ca
)
role_name = gen_string('alpha')
with pytest.raises(HTTPError):
entities.Role(
Expand Down Expand Up @@ -1344,7 +1353,9 @@ def test_negative_admin_permissions_to_org_admin(self, role_taxonomies, target_s
location=[role_taxonomies['loc']],
).create()
assert user_login == user.login
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url, verify=False)
sc = ServerConfig(
auth=(user_login, user_pass), url=target_sat.url, verify=settings.server.verify_ca
)
with pytest.raises(HTTPError):
entities.User(sc, id=1).read()

Expand Down Expand Up @@ -1389,7 +1400,9 @@ def test_positive_create_user_by_org_admin(self, role_taxonomies, target_sat):
location=[role_taxonomies['loc']],
).create()
assert user_login == user.login
sc_user = ServerConfig(auth=(user_login, user_pass), url=target_sat.url, verify=False)
sc_user = ServerConfig(
auth=(user_login, user_pass), url=target_sat.url, verify=settings.server.verify_ca
)
user_login = gen_string('alpha')
user_pass = gen_string('alphanumeric')
user = entities.User(
Expand Down Expand Up @@ -1470,7 +1483,9 @@ def test_positive_create_nested_location(self, role_taxonomies, target_sat):
)
user.role = [org_admin]
user = user.update(['role'])
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url, verify=False)
sc = ServerConfig(
auth=(user_login, user_pass), url=target_sat.url, verify=settings.server.verify_ca
)
name = gen_string('alphanumeric')
location = entities.Location(sc, name=name, parent=role_taxonomies['loc'].id).create()
assert location.name == name
Expand Down Expand Up @@ -1534,7 +1549,9 @@ def test_negative_create_taxonomies_by_org_admin(self, role_taxonomies, target_s
location=[role_taxonomies['loc']],
).create()
assert user_login == user.login
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url, verify=False)
sc = ServerConfig(
auth=(user_login, user_pass), url=target_sat.url, verify=settings.server.verify_ca
)
with pytest.raises(HTTPError):
entities.Organization(sc, name=gen_string('alpha')).create()
if not is_open("BZ:1825698"):
Expand Down Expand Up @@ -1578,7 +1595,9 @@ def test_positive_access_all_global_entities_by_org_admin(
location=[role_taxonomies['loc'], filter_taxonomies['loc']],
).create()
assert user_login == user.login
sc = ServerConfig(auth=(user_login, user_pass), url=target_sat.url, verify=False)
sc = ServerConfig(
auth=(user_login, user_pass), url=target_sat.url, verify=settings.server.verify_ca
)
try:
for entity in [
entities.Architecture,
Expand Down Expand Up @@ -1627,7 +1646,7 @@ def test_negative_access_entities_from_ldap_org_admin(self, role_taxonomies, cre
sc = ServerConfig(
auth=(create_ldap['ldap_user_name'], create_ldap['ldap_user_passwd']),
url=create_ldap['sat_url'],
verify=False,
verify=settings.server.verify_ca,
)
with pytest.raises(HTTPError):
entities.Architecture(sc).search()
Expand Down Expand Up @@ -1670,7 +1689,7 @@ def test_negative_access_entities_from_ldap_user(
sc = ServerConfig(
auth=(create_ldap['ldap_user_name'], create_ldap['ldap_user_passwd']),
url=create_ldap['sat_url'],
verify=False,
verify=settings.server.verify_ca,
)
with pytest.raises(HTTPError):
entities.Architecture(sc).search()
Expand Down Expand Up @@ -1734,7 +1753,7 @@ def test_positive_assign_org_admin_to_ldap_user_group(self, role_taxonomies, cre
sc = ServerConfig(
auth=(user.login, password),
url=create_ldap['sat_url'],
verify=False,
verify=settings.server.verify_ca,
)
# Accessing the Domain resource
entities.Domain(sc, id=domain.id).read()
Expand Down Expand Up @@ -1790,7 +1809,7 @@ def test_negative_assign_org_admin_to_ldap_user_group(self, create_ldap, role_ta
sc = ServerConfig(
auth=(user.login, password),
url=create_ldap['sat_url'],
verify=False,
verify=settings.server.verify_ca,
)
# Trying to access the Domain resource
with pytest.raises(HTTPError):
Expand Down
5 changes: 3 additions & 2 deletions tests/foreman/api/test_subscription.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
from requests.exceptions import HTTPError

from robottelo.cli.subscription import Subscription
from robottelo.config import settings
from robottelo.constants import DEFAULT_SUBSCRIPTION_NAME, PRDS, REPOS, REPOSET

pytestmark = [pytest.mark.run_in_one_thread]
Expand Down Expand Up @@ -191,7 +192,7 @@ def test_positive_delete_manifest_as_another_user(
sc1 = ServerConfig(
auth=(user1.login, user1_password),
url=target_sat.url,
verify=False,
verify=settings.server.verify_ca,
)
user2_password = gen_string('alphanumeric')
user2 = target_sat.api.User(
Expand All @@ -203,7 +204,7 @@ def test_positive_delete_manifest_as_another_user(
sc2 = ServerConfig(
auth=(user2.login, user2_password),
url=target_sat.url,
verify=False,
verify=settings.server.verify_ca,
)
# use the first admin to upload a manifest
with function_entitlement_manifest as manifest:
Expand Down
12 changes: 7 additions & 5 deletions tests/foreman/api/test_user.py
Original file line number Diff line number Diff line change
Expand Up @@ -418,7 +418,9 @@ def test_positive_table_preferences(self, module_target_sat):
user = entities.User(role=existing_roles, password=password).create()
name = "hosts"
columns = ["power_status", "name", "comment"]
sc = ServerConfig(auth=(user.login, password), url=module_target_sat.url, verify=False)
sc = ServerConfig(
auth=(user.login, password), url=module_target_sat.url, verify=settings.server.verify_ca
)
entities.TablePreferences(sc, user=user, name=name, columns=columns).create()
table_preferences = entities.TablePreferences(sc, user=user).search()
assert len(table_preferences) == 1
Expand Down Expand Up @@ -726,7 +728,7 @@ def test_positive_ad_basic_no_roles(self, create_ldap):
sc = ServerConfig(
auth=(create_ldap['ldap_user_name'], create_ldap['ldap_user_passwd']),
url=create_ldap['sat_url'],
verify=False,
verify=settings.server.verify_ca,
)
with pytest.raises(HTTPError):
entities.Architecture(sc).search()
Expand Down Expand Up @@ -775,7 +777,7 @@ def test_positive_access_entities_from_ldap_org_admin(self, create_ldap, module_
sc = ServerConfig(
auth=(create_ldap['ldap_user_name'], create_ldap['ldap_user_passwd']),
url=create_ldap['sat_url'],
verify=False,
verify=settings.server.verify_ca,
)
with pytest.raises(HTTPError):
entities.Architecture(sc).search()
Expand Down Expand Up @@ -857,7 +859,7 @@ def test_positive_ipa_basic_no_roles(self, create_ldap):
sc = ServerConfig(
auth=(create_ldap['username'], create_ldap['ldap_user_passwd']),
url=create_ldap['sat_url'],
verify=False,
verify=settings.server.verify_ca,
)
with pytest.raises(HTTPError):
entities.Architecture(sc).search()
Expand Down Expand Up @@ -896,7 +898,7 @@ def test_positive_access_entities_from_ipa_org_admin(self, create_ldap):
sc = ServerConfig(
auth=(create_ldap['username'], create_ldap['ldap_user_passwd']),
url=create_ldap['sat_url'],
verify=False,
verify=settings.server.verify_ca,
)
with pytest.raises(HTTPError):
entities.Architecture(sc).search()
Expand Down

0 comments on commit 0ddb4b7

Please sign in to comment.