test_get_certificate fails on stable/liberty with "AttributeError: load_der_x509_certificate"

Bug #1560060 reported by Matt Riedemann
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Triaged
Medium
Unassigned
Liberty
Triaged
Medium
Unassigned
Mitaka
Triaged
Medium
Unassigned
Newton
Triaged
Medium
Unassigned

Bug Description

http://logs.openstack.org/periodic-stable/periodic-glance-python27-liberty/2193fe7/console.html#_2016-03-21_06_34_24_295

2016-03-21 06:34:24.295 | FAIL: glance.tests.unit.common.test_signature_utils.TestSignatureUtils.test_get_certificate
2016-03-21 06:34:24.295 | tags: worker-6
2016-03-21 06:34:24.295 | ----------------------------------------------------------------------
2016-03-21 06:34:24.295 | Traceback (most recent call last):
2016-03-21 06:34:24.295 | File "/home/jenkins/workspace/periodic-glance-python27-liberty/.tox/py27/local/lib/python2.7/site-packages/mock/mock.py", line 1318, in patched
2016-03-21 06:34:24.295 | patching.__exit__(*exc_info)
2016-03-21 06:34:24.295 | File "/home/jenkins/workspace/periodic-glance-python27-liberty/.tox/py27/local/lib/python2.7/site-packages/mock/mock.py", line 1482, in __exit__
2016-03-21 06:34:24.295 | delattr(self.target, self.attribute)
2016-03-21 06:34:24.295 | AttributeError: load_der_x509_certificate
2016-03-21 06:34:24.295 | Ran 2851 tests in 312.180s

This is due to the cryptography 1.3 release on 3/18 which removed that public method which is mocked in the test:

https://github.com/openstack/glance/blob/stable/liberty/glance/tests/unit/common/test_signature_utils.py#L322

Matt Riedemann (mriedem)
Changed in glance:
status: New → Confirmed
tags: added: gate
Revision history for this message
Matt Riedemann (mriedem) wrote :

What's odd is the method is still in the cryptography 1.3 code:

https://github.com/pyca/cryptography/blob/1.3/src/cryptography/x509/__init__.py#L119

Revision history for this message
Ian Cordasco (icordasc) wrote :

So cryptography has a utility to deprecate modules and it was missing the ability to use `__delattr__` appropriately until https://github.com/pyca/cryptography/pull/2845. This means we have to wait for a version that is not 1.3 with that fix. We should probably update global-requirements to blacklist 1.3 until that fix is released in either a patch release for 1.3 or in 1.4

Matt Riedemann (mriedem)
tags: added: liberty-backport-potential
Revision history for this message
Matt Riedemann (mriedem) wrote :

Yeah, we should probably blacklist 1.3 in g-r on master, stable/mitaka and stable/liberty. We could cap cryptography<1.3 on stable/kilo, or just blacklist it there too (it's probably better to not cap if we can help it).

Revision history for this message
Ian Cordasco (icordasc) wrote :

Blacklisting will likely be better. See https://review.openstack.org/#/c/295344/ for that blacklist addition

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.