From 58f297350d4983240f52bb81165dd4a4c3e8ad94 Mon Sep 17 00:00:00 2001 From: Stefano Rivera Date: Wed, 18 Oct 2023 14:20:05 +0200 Subject: [PATCH 1/3] Mark tests as requiring Internet So that we can self-contained tests, when offline. The use-case here is packaging truststore in Debian. We like to run tests during our package builds, where possible. These build environments don't permit Internet access. We do have CI test environments that can access the Internet, but those happen after build. We'd run the full test suite there (inclnuding mkcert, which messes with the system certificate store). I see that the vast majority of the tests require Internet access, so I understand if you're not interested in this patch, because you aren't expecting much low-level test coverage. --- pyproject.toml | 3 +++ tests/conftest.py | 13 ++++++++++++- tests/test_api.py | 17 ++++++++++++----- tests/test_sslcontext.py | 3 +++ 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index dd6565c..1006a46 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -38,6 +38,9 @@ filterwarnings = [ # See: aio-libs/aiohttp#7545 "ignore:.*datetime.utcfromtimestamp().*:DeprecationWarning", ] +markers = [ + "internet: test reqires Internet access" +] [tool.flit.sdist] include = ["docs", "tests"] diff --git a/tests/conftest.py b/tests/conftest.py index 938611c..4d26af6 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -18,7 +18,18 @@ original_SSLContext = ssl.SSLContext -successful_hosts = pytest.mark.parametrize("host", ["example.com", "1.1.1.1"]) +def decorator_requires_internet(decorator): + """Mark a decorator with the "internet" mark""" + + def wrapper(f): + return pytest.mark.internet(decorator(f)) + + return wrapper + + +successful_hosts = decorator_requires_internet( + pytest.mark.parametrize("host", ["example.com", "1.1.1.1"]) +) logger = logging.getLogger("aiohttp.web") diff --git a/tests/test_api.py b/tests/test_api.py index c62903d..dfec5d9 100644 --- a/tests/test_api.py +++ b/tests/test_api.py @@ -20,6 +20,7 @@ import truststore from tests import SSLContextAdapter +from tests.conftest import decorator_requires_internet pytestmark = pytest.mark.flaky @@ -27,7 +28,10 @@ # if the client drops the connection due to a cert verification error socket.setdefaulttimeout(10) -successful_hosts = pytest.mark.parametrize("host", ["example.com", "1.1.1.1"]) + +successful_hosts = decorator_requires_internet( + pytest.mark.parametrize("host", ["example.com", "1.1.1.1"]) +) @dataclass @@ -118,8 +122,10 @@ class FailureHost: ), ] -failure_hosts_no_revocation = pytest.mark.parametrize( - "failure", failure_hosts_list.copy(), ids=attrgetter("host") +failure_hosts_no_revocation = decorator_requires_internet( + pytest.mark.parametrize( + "failure", failure_hosts_list.copy(), ids=attrgetter("host") + ) ) if platform.system() != "Linux": @@ -139,8 +145,8 @@ class FailureHost: ) ) -failure_hosts = pytest.mark.parametrize( - "failure", failure_hosts_list, ids=attrgetter("host") +failure_hosts = decorator_requires_internet( + pytest.mark.parametrize("failure", failure_hosts_list, ids=attrgetter("host")) ) @@ -318,6 +324,7 @@ def test_trustme_cert_loaded_via_capath(trustme_ca, httpserver): assert len(resp.data) > 0 +@pytest.mark.internet def test_trustme_cert_still_uses_system_certs(trustme_ca): ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT) trustme_ca.configure_trust(ctx) diff --git a/tests/test_sslcontext.py b/tests/test_sslcontext.py index ea78d28..d7d25b0 100644 --- a/tests/test_sslcontext.py +++ b/tests/test_sslcontext.py @@ -8,6 +8,7 @@ import truststore +@pytest.mark.internet def test_minimum_maximum_version(): ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT) ctx.maximum_version = ssl.TLSVersion.TLSv1_2 @@ -24,6 +25,7 @@ def test_minimum_maximum_version(): assert ctx.maximum_version == ssl.TLSVersion.TLSv1_2 +@pytest.mark.internet def test_check_hostname_false(): ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT) assert ctx.check_hostname is True @@ -35,6 +37,7 @@ def test_check_hostname_false(): assert "match" in str(e.value) +@pytest.mark.internet def test_verify_mode_cert_none(): ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT) assert ctx.check_hostname is True From 3c79a870a0dc1739b0a93e464a2c134debdd6a09 Mon Sep 17 00:00:00 2001 From: Stefano Rivera Date: Wed, 18 Oct 2023 17:21:35 +0200 Subject: [PATCH 2/3] Update ignore syntax for _ssl import --- src/truststore/_api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/truststore/_api.py b/src/truststore/_api.py index 3c28065..718e6c0 100644 --- a/src/truststore/_api.py +++ b/src/truststore/_api.py @@ -4,7 +4,7 @@ import ssl import typing -import _ssl # type: ignore[import] +import _ssl # type: ignore[import-not-found] from ._ssl_constants import ( _original_SSLContext, From 1799995799bdcd068940983ad9bfcedab2fc7500 Mon Sep 17 00:00:00 2001 From: Seth Michael Larson Date: Wed, 18 Oct 2023 16:09:52 -0500 Subject: [PATCH 3/3] u --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 1006a46..08fa861 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -39,7 +39,7 @@ filterwarnings = [ "ignore:.*datetime.utcfromtimestamp().*:DeprecationWarning", ] markers = [ - "internet: test reqires Internet access" + "internet: test requires Internet access" ] [tool.flit.sdist]