Add env var setting to disable ssl verification for user journey tests (

conda-incubator#1040) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
soapy1 · Jan 14, 2025 · c79cffd · c79cffd
1 parent 2588aa3
commit c79cffd
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 17 deletions.
diff --git a/conda-store-server/tests/user_journeys/README.md b/conda-store-server/tests/user_journeys/README.md
@@ -57,6 +57,11 @@ variables:
     Copy that token value and export it:
     `export CONDA_STORE_TOKEN='my_token_value'`.
 
+In order to run against a host with self signed certs, you may be required to
+diable SSL verification. To disable SSL verification set the environment
+variable `export CONDA_STORE_TEST_VERIFY_SSL=0`. By default, SSL verification
+is enabled.
+
 ## Running the tests
 
 To run the tests, run `pytest -m user_journey` from the `conda-store-server`

diff --git a/conda-store-server/tests/user_journeys/test_user_journeys.py b/conda-store-server/tests/user_journeys/test_user_journeys.py
@@ -23,6 +23,15 @@ def token(base_url) -> str:
     return os.getenv("CONDA_STORE_TOKEN", "")
 
 
+@pytest.fixture(scope="session")
+def verify_ssl() -> bool:
+    """Reads env var to determine if requests should disable ssl verification.
+    If CONDA_STORE_TEST_VERIFY_SSL is 0, ssl verification is disabled. For all
+    other inputs, ssl verification is enabled.
+    """
+    return bool(os.environ.get("CONDA_STORE_TEST_VERIFY_SSL", True))
+
+
 @pytest.mark.user_journey
 @pytest.mark.parametrize(
     "specification_path",
@@ -31,10 +40,10 @@ def token(base_url) -> str:
     ],
 )
 def test_admin_user_can_create_environment(
-    base_url: str, token: str, specification_path: str
+    base_url: str, token: str, specification_path: str, verify_ssl: bool
 ) -> None:
     """Test that an admin user can create an environment."""
-    api = utils.API(base_url=base_url, token=token)
+    api = utils.API(base_url=base_url, token=token, verify_ssl=verify_ssl)
     namespace = "default"
     environment = api.create_environment(namespace, specification_path).json()["data"][
         "specification"
@@ -50,10 +59,10 @@ def test_admin_user_can_create_environment(
     ],
 )
 def test_admin_login_and_delete_shared_environment(
-    base_url: str, specification_path: str
+    base_url: str, specification_path: str, verify_ssl: bool
 ) -> None:
     """Test that an admin can login and create/delete an env in a shared namespace."""
-    api = utils.API(base_url=base_url)
+    api = utils.API(base_url=base_url, verify_ssl=verify_ssl)
 
     # Create a shared namespace; default permissions for namepace/environment
     # */* is admin
@@ -75,10 +84,10 @@ def test_admin_login_and_delete_shared_environment(
     ],
 )
 def test_user_login_and_create_shared_environment(
-    base_url: str, specification_path: str
+    base_url: str, specification_path: str, verify_ssl: bool
 ) -> None:
     """Test that a user can login and create an environment in a shared namespace."""
-    api = utils.API(base_url=base_url)
+    api = utils.API(base_url=base_url, verify_ssl=verify_ssl)
 
     # Create a shared namespace; default permissions for namepace/environment
     # */* is admin
@@ -102,13 +111,13 @@ def test_user_login_and_create_shared_environment(
 
 
 @pytest.mark.user_journey
-def test_admin_set_active_build(base_url: str):
+def test_admin_set_active_build(base_url: str, verify_ssl: bool):
     """Test that an admin can delete environments."""
     specs = [
         "tests/user_journeys/test_data/simple_environment.yaml",
         "tests/user_journeys/test_data/simple_environment2.yaml",
     ]
-    api = utils.API(base_url=base_url)
+    api = utils.API(base_url=base_url, verify_ssl=verify_ssl)
     namespace = api.create_namespace().json()["data"]["name"]
     envs = set()
     for spec in specs:
@@ -150,9 +159,9 @@ def test_admin_set_active_build(base_url: str):
 
 
 @pytest.mark.user_journey
-def test_failed_build_logs(base_url: str):
+def test_failed_build_logs(base_url: str, verify_ssl: bool):
     """Test that a user can access logs for a failed build."""
-    api = utils.API(base_url=base_url)
+    api = utils.API(base_url=base_url, verify_ssl=verify_ssl)
     namespace = "default"
     build_request = api.create_environment(
         namespace,
@@ -172,9 +181,9 @@ def test_failed_build_logs(base_url: str):
 
 
 @pytest.mark.user_journey
-def test_cancel_build(base_url: str):
+def test_cancel_build(base_url: str, verify_ssl: bool):
     """Test that a user cancel a build in progress."""
-    api = utils.API(base_url=base_url)
+    api = utils.API(base_url=base_url, verify_ssl=verify_ssl)
     namespace = "default"
     build_id = api.create_environment(
         namespace,
@@ -204,9 +213,9 @@ def check_status():
 
 
 @pytest.mark.user_journey
-def test_get_lockfile(base_url: str):
+def test_get_lockfile(base_url: str, verify_ssl: bool):
     """Test that an admin can access a valid lockfile for a build."""
-    api = utils.API(base_url=base_url)
+    api = utils.API(base_url=base_url, verify_ssl=verify_ssl)
     namespace = "default"
     build_request = api.create_environment(
         namespace,

diff --git a/conda-store-server/tests/user_journeys/utils/api_utils.py b/conda-store-server/tests/user_journeys/utils/api_utils.py
@@ -44,7 +44,9 @@ def __init__(
         token: str = "",
         username: str = "username",
         password: str = "password",
+        verify_ssl: bool = True,
     ) -> None:
+        self.verify_ssl = verify_ssl
         self.base_url = base_url
         self.token = token
         if not token:
@@ -64,7 +66,12 @@ def _make_request(
         headers = headers or {}
         headers["Authorization"] = f"Bearer {self.token}"
         response = requests.request(
-            method, url, json=json_data, headers=headers, timeout=timeout
+            method,
+            url,
+            json=json_data,
+            headers=headers,
+            timeout=timeout,
+            verify=self.verify_ssl,
         )
         response.raise_for_status()
         return response
@@ -89,11 +96,17 @@ def _login(self, username: str, password: str) -> None:
         """Log in to the API and set an access token."""
         json_data = {"username": username, "password": password}
         response = requests.post(
-            f"{self.base_url}/login", json=json_data, timeout=TIMEOUT
+            f"{self.base_url}/login",
+            json=json_data,
+            timeout=TIMEOUT,
+            verify=self.verify_ssl,
         )
         cookies = response.cookies.get_dict()
         token_response = requests.post(
-            f"{self.base_url}/api/v1/token", cookies=cookies, timeout=TIMEOUT
+            f"{self.base_url}/api/v1/token",
+            cookies=cookies,
+            timeout=TIMEOUT,
+            verify=self.verify_ssl,
         )
         data = token_response.json()
         self.token = data["data"]["token"]