Bug Description
The CI pipeline consistently fails on test_update_vpn_server_configuration in TestWireguardTransaction class due to SSL certificate verification errors when attempting to connect to external hosts (example.com).
Impact
- Severity: High - Blocks all PRs from merging
- Frequency: Consistent failure in CI environment
- Scope: Affects all contributors working on the project
Error Details
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)
HTTPSConnectionPool(host='example.com', port=443): Max retries exceeded with url: /?key=super-secret-token
(Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)')))
Test Location: openwisp_controller/config/tests/test_vpn.py:831
Test Class: TestWireguardTransaction
Test Method: test_update_vpn_server_configuration
Steps to Reproduce
- Create any PR with changes
- Wait for CI to run
molecule/resources/verify.yml
- Observe failure at VPN test execution
- Check logs for SSL certificate verification errors
Proposed Solutions
Option 1: Exclude Problematic Test Class (Recommended)
Modify molecule/resources/verify.yml:
# Replace this line:
openwisp_controller.config.tests.test_vpn \
# With these specific test classes:
openwisp_controller.config.tests.test_vpn.TestVpn \
openwisp_controller.config.tests.test_vpn.TestVpnTransaction \
openwisp_controller.config.tests.test_vpn.TestZeroTierTransaction \
Pros:
- Immediate fix for CI pipeline
- Keeps other VPN tests running
- Minimal impact on test coverage
Cons:
- Reduces test coverage for Wireguard webhook functionality
Option 2: Mock External HTTP Calls
Modify the test to mock external requests:
@patch('requests.post')
def test_update_vpn_server_configuration(self, mock_post):
mock_post.return_value.status_code = 200
# ... existing test codePros:
- Maintains full test coverage
- Tests logic without external dependencies
- More reliable in CI environments
Cons:
- Requires code changes to test file
- Doesn't test actual HTTP integration
System Information:
- Environment: CI/CD Ubuntu 22.04, Python 3.10
Bug Description
The CI pipeline consistently fails on
test_update_vpn_server_configurationinTestWireguardTransactionclass due to SSL certificate verification errors when attempting to connect to external hosts (example.com).Impact
Error Details
Test Location:
openwisp_controller/config/tests/test_vpn.py:831Test Class:
TestWireguardTransactionTest Method:
test_update_vpn_server_configurationSteps to Reproduce
molecule/resources/verify.ymlProposed Solutions
Option 1: Exclude Problematic Test Class (Recommended)
Modify
molecule/resources/verify.yml:Pros:
Cons:
Option 2: Mock External HTTP Calls
Modify the test to mock external requests:
Pros:
Cons:
System Information: