codecov[bot]
commented
1 year ago Codecov Report
Base: 94.66% // Head: 94.35% // Decreases project coverage by -0.32% :warning:
Coverage data is based on head (
e9ae4f6) compared to base (d7c44cd). Patch coverage: 100.00% of modified lines in pull request are covered.
Additional details and impacted files
```diff @@ Coverage Diff @@ ## master #706 +/- ## ========================================== - Coverage 94.66% 94.35% -0.32% ========================================== Files 57 57 Lines 8339 8339 ========================================== - Hits 7894 7868 -26 - Misses 445 471 +26 ``` | [Impacted Files](https://codecov.io/gh/python-zk/kazoo/pull/706?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=python-zk) | Coverage Δ | | |---|---|---| | [kazoo/handlers/utils.py](https://codecov.io/gh/python-zk/kazoo/pull/706?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=python-zk#diff-a2F6b28vaGFuZGxlcnMvdXRpbHMucHk=) | `94.06% <100.00%> (ø)` | | | [kazoo/tests/test\_cache.py](https://codecov.io/gh/python-zk/kazoo/pull/706?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=python-zk#diff-a2F6b28vdGVzdHMvdGVzdF9jYWNoZS5weQ==) | `55.10% <0.00%> (-4.09%)` | :arrow_down: | | [kazoo/tests/test\_eventlet\_handler.py](https://codecov.io/gh/python-zk/kazoo/pull/706?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=python-zk#diff-a2F6b28vdGVzdHMvdGVzdF9ldmVudGxldF9oYW5kbGVyLnB5) | `87.43% <0.00%> (-1.10%)` | :arrow_down: | | [kazoo/recipe/barrier.py](https://codecov.io/gh/python-zk/kazoo/pull/706?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=python-zk#diff-a2F6b28vcmVjaXBlL2JhcnJpZXIucHk=) | `97.93% <0.00%> (-1.04%)` | :arrow_down: | | [kazoo/handlers/eventlet.py](https://codecov.io/gh/python-zk/kazoo/pull/706?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=python-zk#diff-a2F6b28vaGFuZGxlcnMvZXZlbnRsZXQucHk=) | `99.01% <0.00%> (-0.99%)` | :arrow_down: | | [kazoo/protocol/connection.py](https://codecov.io/gh/python-zk/kazoo/pull/706?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=python-zk#diff-a2F6b28vcHJvdG9jb2wvY29ubmVjdGlvbi5weQ==) | `96.07% <0.00%> (-0.83%)` | :arrow_down: | | [kazoo/client.py](https://codecov.io/gh/python-zk/kazoo/pull/706?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=python-zk#diff-a2F6b28vY2xpZW50LnB5) | `97.76% <0.00%> (-0.80%)` | :arrow_down: | | [kazoo/tests/test\_gevent\_handler.py](https://codecov.io/gh/python-zk/kazoo/pull/706?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=python-zk#diff-a2F6b28vdGVzdHMvdGVzdF9nZXZlbnRfaGFuZGxlci5weQ==) | `78.87% <0.00%> (-0.71%)` | :arrow_down: | Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=python-zk). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=python-zk):umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
Prior to this commit python would produce these warnings when using kazoo with ssl:
The reason for this is that
ssl.PROTOCOL_SSLv23is an alias forssl.PROTOCOL_TLSandssl.PROTOCOL_TLSis deprecated since Python 3.10.ssl.PROTOCOL_TLSwas replaced withssl.PROTOCOL_TLS_CLIENTandssl.PROTOCOL_TLS_SERVER. In kazoo's case we switch tossl.PROTOCOL_TLS_CLIENTas kazoo is acting as an ssl client to zookeeper servers.There are a few things to note.
PROTOCOL_TLS_CLIENTenablescontext.check_hostname. We explicitly set this to False as this is required to setssl.CHECK_NONEwhich kazoo supports, and not everyone may be using SSL certs with proper hostnames configured. For example if making connections to an IP address rather than a name and the certs don't have IP addrs in their altnames. This ensures backward compatibility with these use cases. Changing this should be done in a separate change and should likely be made configurable like verify_certs.Finally, while we are at it we replace
ssl.CERT_OPTIONALwithssl.CERT_REQUIREDas they are equivalent in a client context. This allows us to delete some code.Python documents all of these behaviors as being present since Python 3.6. Kazoo requires Python 3.7 or newer which should make this safe.
Why is this needed?
This change should avoid problems with future Python updates. It also cuts down on noise in things like test suites that use kazoo under python3.10 or newer which is nice for end users.
Proposed Changes
ssl.PROTOCOL_TLS_CLIENTinstead ofssl.PROTOCOL_SSLv23ssl.CERT_OPTIONALwithssl.CERT_REQUIREDas they are equivalent in this context. Doing so allows us to delete some codeDoes this PR introduce any breaking change?
I've intentionally tried to make this backward compatible by setting context.check_hostname to False preserving old behavior. I think any changes to this behavior should happen in a separate change that can more fully understand the impacts.