Merge pull request #7499 from chaen/v8.0_fix_flaky

fstagni · web-flow · commit bb0d266e7f2d · 2024-03-05T17:21:07.000+01:00
[8.0] use pytest-reruns instead of flaky
diff --git a/environment.yml b/environment.yml
@@ -63,11 +63,11 @@ dependencies:
   - pytest >=3.6
   - pytest-cov >=2.2.0
   - pytest-mock
+  - pytest-rerunfailures
   - setuptools-scm
   - shellcheck
   - typer
   - typer-cli
-  - flaky
   # docs
   - pygments >=1.5
   - sphinx
diff --git a/setup.cfg b/setup.cfg
@@ -85,13 +85,13 @@ server =
     tornado-m2crypto
     importlib_resources
 testing =
-    flaky
     hypothesis
     mock
     parameterized
     pytest
     pytest-cov
     pytest-mock
+    pytest-rerunfailures
     pycodestyle
 
 [options.entry_points]
diff --git a/src/DIRAC/Core/DISET/private/Transports/SSL/M2Utils.py b/src/DIRAC/Core/DISET/private/Transports/SSL/M2Utils.py
@@ -4,8 +4,11 @@
 """
 import os
 import tempfile
+import M2Crypto
+from packaging.version import Version
 from M2Crypto import SSL, m2, X509
 
+
 from DIRAC.Core.DISET import DEFAULT_SSL_CIPHERS, DEFAULT_SSL_METHODS
 from DIRAC.Core.Security import Locations
 from DIRAC.Core.Security.m2crypto.X509Chain import X509Chain
@@ -15,6 +18,30 @@
 DEBUG_M2CRYPTO = os.getenv("DIRAC_DEBUG_M2CRYPTO", "No").lower() in ("yes", "true")
 
 
+VERIFY_ALLOW_PROXY_CERTS = 0
+
+# If the version of M2Crypto is recent enough, there is an API
+# to accept proxy certificate, and we do not need to rely on
+# OPENSSL_ALLOW_PROXY_CERT environment variable
+# which was removed as of openssl 1.1
+# We need this to be merged in M2Crypto: https://gitlab.com/m2crypto/m2crypto/merge_requests/236
+# We set the proper verify flag to the X509Store of the context
+# as described here https://www.openssl.org/docs/man1.1.1/man7/proxy-certificates.html
+if hasattr(SSL, "verify_allow_proxy_certs"):
+    VERIFY_ALLOW_PROXY_CERTS = SSL.verify_allow_proxy_certs  # pylint: disable=no-member
+# As of M2Crypto 0.37, the `verify_allow_proxy_certs` flag was moved
+# to X509 (https://gitlab.com/m2crypto/m2crypto/-/merge_requests/238)
+# It is more consistent with all the other flags,
+# but pySSL had it in SSL. Well...
+elif hasattr(X509, "verify_allow_proxy_certs"):
+    VERIFY_ALLOW_PROXY_CERTS = X509.verify_allow_proxy_certs  # pylint: disable=no-member
+# As of M2Crypto 0.38, M2Crypto did not export the symbol correctly
+# Anymore
+# https://gitlab.com/m2crypto/m2crypto/-/issues/298
+elif Version(M2Crypto.__version__) >= Version("0.38.0"):
+    VERIFY_ALLOW_PROXY_CERTS = 64
+
+
 def __loadM2SSLCTXHostcert(ctx):
     """Load hostcert & key from the default location and set them as the
     credentials for SSL context ctx.
@@ -125,21 +152,9 @@ def getM2SSLContext(ctx=None, **kwargs):
             raise RuntimeError(f"CA path ({caPath}) is not a valid directory")
         ctx.load_verify_locations(capath=caPath)
 
-    # If the version of M2Crypto is recent enough, there is an API
-    # to accept proxy certificate, and we do not need to rely on
-    # OPENSSL_ALLOW_PROXY_CERT environment variable
-    # which was removed as of openssl 1.1
-    # We need this to be merged in M2Crypto: https://gitlab.com/m2crypto/m2crypto/merge_requests/236
-    # We set the proper verify flag to the X509Store of the context
-    # as described here https://www.openssl.org/docs/man1.1.1/man7/proxy-certificates.html
-    if hasattr(SSL, "verify_allow_proxy_certs"):
-        ctx.get_cert_store().set_flags(SSL.verify_allow_proxy_certs)  # pylint: disable=no-member
-    # As of M2Crypto 0.37, the `verify_allow_proxy_certs` flag was moved
-    # to X509 (https://gitlab.com/m2crypto/m2crypto/-/merge_requests/238)
-    # It is more consistent with all the other flags,
-    # but pySSL had it in SSL. Well...
-    if hasattr(X509, "verify_allow_proxy_certs"):
-        ctx.get_cert_store().set_flags(X509.verify_allow_proxy_certs)  # pylint: disable=no-member
+    # Allow proxy certificates to be used
+    if VERIFY_ALLOW_PROXY_CERTS:
+        ctx.get_cert_store().set_flags(VERIFY_ALLOW_PROXY_CERTS)
 
     # Other parameters
     sslMethods = kwargs.get("sslMethods", DEFAULT_SSL_METHODS)
diff --git a/src/DIRAC/Core/Utilities/test/Test_Profiler.py b/src/DIRAC/Core/Utilities/test/Test_Profiler.py
@@ -5,7 +5,6 @@
 from subprocess import Popen
 
 import pytest
-from flaky import flaky
 
 import DIRAC
 from DIRAC.Core.Utilities.Profiler import Profiler
@@ -78,7 +77,7 @@ def test_base():
     assert resWC["Value"] >= res["Value"]
 
 
-@flaky(max_runs=10, min_passes=2)
+@pytest.mark.flaky(reruns=10)
 def test_cpuUsage():
     mainProcess = Popen(
         [
diff --git a/src/DIRAC/FrameworkSystem/private/standardLogging/test/Test_Logging_GetSubLogger.py b/src/DIRAC/FrameworkSystem/private/standardLogging/test/Test_Logging_GetSubLogger.py
@@ -2,7 +2,6 @@
 Test SubLogger
 """
 import pytest
-from flaky import flaky
 from DIRAC.FrameworkSystem.private.standardLogging.LogLevels import LogLevels
 
 
@@ -52,7 +51,7 @@ def test_getSubLoggerObject():
 # Run the tests for all the log levels and exceptions
 # We may need to rerun the test if we are unlucky and the timestamps
 # don't match
-@flaky(max_runs=3)
+@pytest.mark.flaky(reruns=3)
 @pytest.mark.parametrize("logLevel", ["exception"] + [lvl.lower() for lvl in LogLevels.getLevelNames()])
 def test_localSubLoggerObject(logLevel):
     """
