Updates from testing

charles-cowart · charles-cowart · commit 732acfe4c8c0 · 2024-07-17T18:33:34.000-07:00
diff --git a/qiita_client/plugin.py b/qiita_client/plugin.py
@@ -245,7 +245,12 @@ def __call__(self, server_url, job_id, output_dir):
 
         qclient = QiitaClient(server_url, config.get('oauth2', 'CLIENT_ID'),
                               config.get('oauth2', 'CLIENT_SECRET'),
-                              server_cert=config.get('oauth2', 'SERVER_CERT'))
+                              # for this group of tests, confirm optional
+                              # ca_cert parameter works as intended. Setting
+                              # this value will prevent underlying libraries
+                              # from validating the server's cert using
+                              # certifi's pem cache.
+                              ca_cert=environ['QIITA_ROOT_CA'])
 
         if job_id == 'register':
             self._register(qclient)
diff --git a/qiita_client/qiita_client.py b/qiita_client/qiita_client.py
@@ -166,16 +166,16 @@ class QiitaClient(object):
         The client id to connect to the Qiita server
     client_secret : str
         The client secret id to connect to the Qiita server
-    server_cert : str, optional
-        The server certificate, in case that it is not verified
+    ca_cert : str, optional
+        CA cert used to sign and verify cert@server_url
 
 
     Methods
     -------
     get
     post
     """
-    def __init__(self, server_url, client_id, client_secret, server_cert=None):
+    def __init__(self, server_url, client_id, client_secret, ca_cert=None):
         self._server_url = server_url
         self._session = requests.Session()
 
@@ -186,16 +186,21 @@ def __init__(self, server_url, client_id, client_secret, server_cert=None):
         # if certificate verification should be performed or not, or a
         # string with the path to the certificate file that needs to be used
         # to verify the identity of the server.
-        # We are setting this attribute at __init__ time so we can avoid
-        # executing this if statement for each request issued.
-        if not server_cert:
+        # We are setting this attribute at __init__ time to avoid executing
+        # this if statement for each request issued.
+
+        # As self-signed server certs are no longer allowed in one or more of
+        # our dependencies, ca_cert (if provided) must now reference a file
+        # that can be used to verify the certificate used by the server
+        # referenced by server_url, rather than the server's own certificate.
+        if not ca_cert:
             # The server certificate is not provided, use standard certificate
             # verification methods
             self._verify = True
         else:
             # The server certificate is provided, use it to verify the identity
             # of the server
-            self._verify = server_cert
+            self._verify = ca_cert
 
         # Set up oauth2
         self._client_id = client_id
@@ -543,8 +548,8 @@ def update_job_step(self, job_id, new_step, ignore_error=False):
         json_payload = dumps({'step': new_step})
         try:
             self.post("/qiita_db/jobs/%s/step/" % job_id, data=json_payload)
-        except RuntimeError as e:
-            if ignore_error is True:
+        except BaseException as e:
+            if ignore_error is False:
                 raise e
 
     def complete_job(self, job_id, success, error_msg=None,
diff --git a/qiita_client/testing.py b/qiita_client/testing.py
@@ -24,11 +24,12 @@ def setUpClass(cls):
         cls.client_id = '19ndkO3oMKsoChjVVWluF7QkxHRfYhTKSFbAVt8IhK7gZgDaO4'
         cls.client_secret = ('J7FfQ7CQdOxuKhQAf1eoGgBAE81Ns8Gu3EKaWFm3IO2JKh'
                              'AmmCWZuabe0O5Mp28s1')
-        cls.server_cert = environ.get('QIITA_SERVER_CERT', None)
         qiita_port = int(environ.get('QIITA_PORT', 21174))
-        cls.qclient = QiitaClient(
-            "https://localhost:%d" % qiita_port, cls.client_id,
-            cls.client_secret)
+
+        # do not rely on defining ca_cert for these tests. Instead append
+        # the appropriate CA cert to certifi's pem file.
+        cls.qclient = QiitaClient("https://localhost:%d" % qiita_port,
+                                  cls.client_id, cls.client_secret)
         logger.debug(
             'PluginTestCase.setUpClass() token %s' % cls.qclient._token)
         cls.qclient.post('/apitest/reload_plugins/')
diff --git a/qiita_client/tests/test_plugin.py b/qiita_client/tests/test_plugin.py
@@ -168,8 +168,7 @@ def html_generator_func(a, b, c, d):
                                  validate_func, html_generator_func, atypes)
 
         # Generate the config file for the new plugin
-        tester.generate_config('ls', 'echo',
-                               server_cert=self.server_cert)
+        tester.generate_config('ls', 'echo')
         # Ask Qiita to reload the plugins
         self.qclient.post('/apitest/reload_plugins/')
 
@@ -213,8 +212,7 @@ def func(qclient, job_id, job_params, working_dir):
                              {'out1': 'Demultiplexed'})
         tester.register_command(a_cmd)
 
-        tester.generate_config('ls', 'echo',
-                               server_cert=self.server_cert)
+        tester.generate_config('ls', 'echo')
         self.qclient.post('/apitest/reload_plugins/')
         tester("https://localhost:21174", 'register', 'ignored')
 
diff --git a/qiita_client/tests/test_qiita_client.py b/qiita_client/tests/test_qiita_client.py
@@ -7,7 +7,7 @@
 # -----------------------------------------------------------------------------
 
 from unittest import TestCase, main
-from os import environ, remove, close
+from os import remove, close
 from os.path import basename, exists
 from tempfile import mkstemp
 from json import dumps
@@ -97,12 +97,13 @@ def test_format_payload_error(self):
 
 class QiitaClientTests(PluginTestCase):
     def setUp(self):
-        self.server_cert = environ.get('QIITA_SERVER_CERT', None)
-        self.tester = QiitaClient("https://localhost:21174", CLIENT_ID,
-                                  CLIENT_SECRET, server_cert=self.server_cert)
-        self.bad_tester = QiitaClient("https://localhost:21174", BAD_CLIENT_ID,
-                                      CLIENT_SECRET,
-                                      server_cert=self.server_cert)
+        # self.server_cert = environ.get('QIITA_SERVER_CERT', None)
+        self.tester = QiitaClient("https://localhost:21174",
+                                  CLIENT_ID,
+                                  CLIENT_SECRET)
+        self.bad_tester = QiitaClient("https://localhost:21174",
+                                      BAD_CLIENT_ID,
+                                      CLIENT_SECRET)
         self.clean_up_files = []
 
         # making assertRaisesRegex compatible with Python 2.7 and 3.9
@@ -115,12 +116,11 @@ def tearDown(self):
                 remove(fp)
 
     def test_init(self):
-        obs = QiitaClient("https://localhost:21174", CLIENT_ID,
-                          CLIENT_SECRET, server_cert=self.server_cert)
+        obs = QiitaClient("https://localhost:21174", CLIENT_ID, CLIENT_SECRET)
         self.assertEqual(obs._server_url, "https://localhost:21174")
         self.assertEqual(obs._client_id, CLIENT_ID)
         self.assertEqual(obs._client_secret, CLIENT_SECRET)
-        self.assertEqual(obs._verify, self.server_cert)
+        self.assertEqual(obs._verify, True)
 
     def test_get(self):
         obs = self.tester.get("/qiita_db/artifacts/1/")
@@ -243,26 +243,29 @@ def test_update_job_step_ignore_failure(self):
         # confirm that update_job_step behaves as before when ignore_error
         # parameter absent or set to False.
 
-        with self.assertRaises(RuntimeError):
+        with self.assertRaises(BaseException):
             self.bad_tester.update_job_step(job_id, new_step)
 
-        with self.assertRaises(RuntimeError):
-            self.bad_tester.update_job_step(job_id, new_step,
+        with self.assertRaises(BaseException):
+            self.bad_tester.update_job_step(job_id,
+                                            new_step,
                                             ignore_error=False)
 
         # confirm that when ignore_error is set to True, an Error is NOT
         # raised.
         try:
-            self.bad_tester.update_job_step(job_id, new_step,
+            self.bad_tester.update_job_step(job_id,
+                                            new_step,
                                             ignore_error=True)
-        except RuntimeError:
-            self.fail("update_job_step raised RuntimeError unexpectedly")
+        except BaseException as e:
+            self.fail("update_job_step() raised an error: %s" % str(e))
 
     def test_complete_job(self):
         # Create a new job
         data = {
             'user': 'demo@microbio.me',
-            'command': dumps(['QIIME', '1.9.1', 'Pick closed-reference OTUs']),
+            'command': dumps(['QIIMEq2', '1.9.1',
+                              'Pick closed-reference OTUs']),
             'status': 'running',
             'parameters': dumps({"reference": 1,
                                  "sortmerna_e_value": 1,
