==> Building on minun ==> Checking for remote environment... ==> Syncing package to remote host... sending incremental file list ./ .SRCINFO 1,000 100% 0.00kB/s 0:00:00 1,000 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=3/5) .nvchecker.toml 44 100% 42.97kB/s 0:00:00 44 100% 42.97kB/s 0:00:00 (xfr#2, to-chk=2/5) PKGBUILD 1,964 100% 1.87MB/s 0:00:00 1,964 100% 1.87MB/s 0:00:00 (xfr#3, to-chk=1/5) python-hvac-2.3.0-1.log 442 100% 431.64kB/s 0:00:00 442 100% 431.64kB/s 0:00:00 (xfr#4, to-chk=0/5) sent 1,802 bytes received 125 bytes 1,284.67 bytes/sec total size is 3,200 speedup is 1.66 ==> Running extra-riscv64-build -- -d /home/felix/packages/riscv64-pkg-cache:/var/cache/pacman/pkg -l root1 on remote host... ]2;🔵 Container arch-nspawn-3980457 on minun.felixc.at[?25l:: Synchronizing package databases... core downloading... extra downloading... :: Starting full system upgrade... there is nothing to do [?25h==> Building in chroot for [extra] (riscv64)... ==> Synchronizing chroot copy [/var/lib/archbuild/extra-riscv64/root] -> [root1]...done ==> Making package: python-hvac 2.3.0-1 (Wed Nov 27 16:34:35 2024) ==> Retrieving sources...  -> Found hvac-2.3.0.tar.gz ==> Validating source files with sha512sums... hvac-2.3.0.tar.gz ... Passed ]2;🔵 Container arch-nspawn-3981415 on minun.felixc.at==> Making package: python-hvac 2.3.0-1 (Wed Nov 27 16:34:47 2024) ==> Checking runtime dependencies... ==> Installing missing dependencies... [?25lresolving dependencies... looking for conflicting packages... Package (4) New Version Net Change extra/python-charset-normalizer 3.4.0-1 0.44 MiB extra/python-idna 3.10-1 0.88 MiB extra/python-urllib3 1.26.20-3 1.26 MiB extra/python-requests 2.32.3-1 0.60 MiB Total Installed Size: 3.17 MiB :: Proceed with installation? [Y/n] checking keyring... checking package integrity... loading package files... checking for file conflicts... :: Processing package changes... installing python-charset-normalizer... installing python-idna... installing python-urllib3... Optional dependencies for python-urllib3 python-brotli: Brotli support python-certifi: security support python-cryptography: security support python-idna: security support [installed] python-pyopenssl: security support python-pysocks: SOCKS support installing python-requests... Optional dependencies for python-requests python-chardet: alternative character encoding library python-pysocks: SOCKS proxy support :: Running post-transaction hooks... (1/1) Arming ConditionNeedsUpdate... [?25h==> Checking buildtime dependencies... ==> Installing missing dependencies... [?25lresolving dependencies... looking for conflicting packages... Package (35) New Version Net Change Download Size extra/python-blinker 1.8.2-1 0.09 MiB 0.02 MiB extra/python-cffi 1.17.1-1 1.33 MiB extra/python-click 8.1.7-3 1.18 MiB extra/python-cryptography 43.0.3-1 4.85 MiB extra/python-execnet 2.0.2-3 0.42 MiB extra/python-fastjsonschema 2.20.0-1 0.27 MiB extra/python-greenlet 3.1.0-1 0.42 MiB extra/python-iniconfig 2.0.0-5 0.04 MiB extra/python-itsdangerous 2.1.2-4 0.13 MiB extra/python-jinja 1:3.1.4-1 1.74 MiB extra/python-lark-parser 1.1.9-3 1.22 MiB extra/python-markupsafe 2.1.5-2 0.07 MiB extra/python-packaging 24.2-1 0.66 MiB extra/python-pluggy 1.5.0-1 0.20 MiB extra/python-pycparser 2.22-2 1.71 MiB extra/python-pyproject-hooks 1.2.0-1 0.10 MiB extra/python-six 1.16.0-9 0.11 MiB extra/python-sqlalchemy 2.0.36-1 24.82 MiB 3.25 MiB extra/python-typing_extensions 4.12.2-1 0.41 MiB extra/consul 1.19.2-1.1 116.41 MiB 22.93 MiB extra/python-authlib 1.3.1-2 2.23 MiB 0.32 MiB extra/python-build 1.2.1-3 0.19 MiB extra/python-flask 2.3.3-2 0.99 MiB extra/python-flask-sqlalchemy 3.1.1-2 0.37 MiB extra/python-installer 0.7.0-8 0.18 MiB extra/python-jwcrypto 1.5.6-2 1.06 MiB 0.17 MiB extra/python-parameterized 0.9.0-1 0.20 MiB 0.04 MiB extra/python-poetry-core 1.9.0-5 1.26 MiB extra/python-pyhcl 0.4.5-2 0.50 MiB 0.10 MiB extra/python-pytest 1:8.3.3-1 3.90 MiB extra/python-pytest-mock 3.14.0-1 0.09 MiB extra/python-pytest-xdist 3.5.0-2 0.44 MiB extra/python-requests-mock 1.11.0-2 0.17 MiB 0.04 MiB extra/python-werkzeug 3.0.4-1 2.38 MiB extra/vault 1.18.2-1 335.47 MiB 55.41 MiB Total Download Size: 82.27 MiB Total Installed Size: 505.63 MiB :: Proceed with installation? [Y/n] :: Retrieving packages... vault-1.18.2-1-riscv64 downloading... consul-1.19.2-1.1-riscv64 downloading... python-sqlalchemy-2.0.36-1-riscv64 downloading... python-authlib-1.3.1-2-any downloading... python-jwcrypto-1.5.6-2-any downloading... python-pyhcl-0.4.5-2-any downloading... python-parameterized-0.9.0-1-any downloading... python-requests-mock-1.11.0-2-any downloading... python-blinker-1.8.2-1-any downloading... checking keyring... checking package integrity... loading package files... checking for file conflicts... :: Processing package changes... installing python-packaging... installing python-pyproject-hooks... installing python-build... Optional dependencies for python-build python-pip: to use as the Python package installer (default) python-uv: to use as the Python package installer python-virtualenv: to use virtualenv for build isolation installing python-installer... installing python-fastjsonschema... installing python-typing_extensions... installing python-lark-parser... Optional dependencies for python-lark-parser python-atomicwrites: for atomic_cache python-regex: for regex support python-js2py: for nearley support installing python-poetry-core... installing vault... installing python-pyhcl... installing python-iniconfig... installing python-pluggy... installing python-pytest... installing python-pycparser... installing python-cffi... Optional dependencies for python-cffi python-setuptools: "limited api" version checking in cffi.setuptools_ext installing python-cryptography... installing python-authlib... installing python-markupsafe... installing python-werkzeug... installing python-jinja... Optional dependencies for python-jinja python-babel: for i18n support installing python-itsdangerous... installing python-click... installing python-blinker... installing python-flask... Optional dependencies for python-flask python-asgiref: async functions and views python-dotenv: loading env vars from files installing python-greenlet... installing python-sqlalchemy... Optional dependencies for python-sqlalchemy python-psycopg2: connect to PostgreSQL database installing python-flask-sqlalchemy... installing python-parameterized... installing python-six... installing python-requests-mock... installing python-jwcrypto... installing python-pytest-mock... installing python-execnet... installing python-pytest-xdist... installing consul... :: Running post-transaction hooks... (1/4) Creating system user accounts... Creating group 'consul' with GID 208. Creating user 'consul' (n/a) with UID 208 and GID 208. Creating group 'vault' with GID 972. Creating user 'vault' (Vault daemon) with UID 972 and GID 972. (2/4) Reloading system manager configuration... Skipped: Current root is not booted. (3/4) Creating temporary files... (4/4) Arming ConditionNeedsUpdate... [?25h==> Retrieving sources...  -> Found hvac-2.3.0.tar.gz ==> WARNING: Skipping all source file integrity checks. ==> Extracting sources...  -> Extracting hvac-2.3.0.tar.gz with bsdtar ==> Starting prepare()... '/usr/bin/vault' -> 'vault-unprivileged/vault' ==> Starting build()... * Getting build dependencies for wheel... * Building wheel... Successfully built hvac-2.3.0-py3-none-any.whl ==> Starting check()... ============================= test session starts ============================== platform linux -- Python 3.12.7, pytest-8.3.3, pluggy-1.5.0 rootdir: /build/python-hvac/src/hvac-2.3.0 configfile: pyproject.toml plugins: requests-mock-1.11.0, mock-3.14.0, xdist-3.5.0 collected 1510 items tests/integration_tests/api/auth_methods/test_approle.py ............... [ 0%] ..... [ 1%] tests/integration_tests/api/auth_methods/test_aws.py .............. [ 2%] tests/integration_tests/api/auth_methods/test_azure.py ................. [ 3%] .. [ 3%] tests/integration_tests/api/auth_methods/test_gcp.py ................... [ 4%] .. [ 4%] tests/integration_tests/api/auth_methods/test_github.py ................ [ 5%] .... [ 6%] tests/integration_tests/api/auth_methods/test_jwt.py ....... [ 6%] tests/integration_tests/api/auth_methods/test_kubernetes.py FF...F...... [ 7%] FF.F... [ 7%] tests/integration_tests/api/auth_methods/test_legacy_mfa.py ssssssssss [ 8%] tests/integration_tests/api/auth_methods/test_oidc.py ....... [ 9%] tests/integration_tests/api/auth_methods/test_okta.py .................. [ 10%] . [ 10%] tests/integration_tests/api/auth_methods/test_token.py ............. [ 11%] tests/integration_tests/api/secrets_engines/test_aws.py .......... [ 11%] tests/integration_tests/api/secrets_engines/test_azure.py ...F [ 12%] tests/integration_tests/api/secrets_engines/test_gcp.py . [ 12%] tests/integration_tests/api/secrets_engines/test_identity.py ........... [ 12%] ........................................................................ [ 17%] ............ [ 18%] tests/integration_tests/api/secrets_engines/test_kv_v1.py ............ [ 19%] tests/integration_tests/api/secrets_engines/test_kv_v2.py .............. [ 20%] ...................................................................... [ 24%] tests/integration_tests/api/secrets_engines/test_pki.py ................ [ 25%] ................ [ 26%] tests/integration_tests/api/secrets_engines/test_ssh.py .s..s.......F.. [ 27%] tests/integration_tests/api/secrets_engines/test_transform.py ssssssssss [ 28%] sssssssssss [ 29%] tests/integration_tests/api/secrets_engines/test_transit.py ............ [ 30%] ................................... [ 32%] tests/integration_tests/api/system_backend/test_audit.py ... [ 32%] tests/integration_tests/api/system_backend/test_auth.py .. [ 32%] tests/integration_tests/api/system_backend/test_health.py EEEEEE [ 33%] tests/integration_tests/api/system_backend/test_init.py .. [ 33%] tests/integration_tests/api/system_backend/test_key.py ...... [ 33%] tests/integration_tests/api/system_backend/test_leader.py . [ 33%] tests/integration_tests/api/system_backend/test_lease.py ..... [ 34%] tests/integration_tests/api/system_backend/test_mount.py .. [ 34%] tests/integration_tests/api/system_backend/test_namespace.py s [ 34%] tests/integration_tests/api/system_backend/test_policies.py ...ss.ss.ss. [ 35%] ss.ss [ 35%] tests/integration_tests/api/system_backend/test_policy.py .... [ 35%] tests/integration_tests/api/system_backend/test_quota.py sssssssss [ 36%] tests/integration_tests/api/system_backend/test_raft.py ssssss [ 36%] tests/integration_tests/api/system_backend/test_seal.py .. [ 36%] tests/integration_tests/api/system_backend/test_wrapping.py ..... [ 37%] tests/integration_tests/v1/test_approle.py ........ [ 37%] tests/integration_tests/v1/test_integration.py ......................... [ 39%] . [ 39%] tests/integration_tests/v1/test_system_backend.py ...................... [ 40%] ...... [ 41%] tests/unit_tests/api/auth_methods/test_approle.py ...................... [ 42%] ........... [ 43%] tests/unit_tests/api/auth_methods/test_azure.py ...... [ 43%] tests/unit_tests/api/auth_methods/test_gcp.py . [ 43%] tests/unit_tests/api/auth_methods/test_github.py .............. [ 44%] tests/unit_tests/api/auth_methods/test_jwt.py ... [ 45%] tests/unit_tests/api/auth_methods/test_kubernetes.py ............. [ 45%] tests/unit_tests/api/auth_methods/test_ldap.py ...................... [ 47%] tests/unit_tests/api/auth_methods/test_legacy_mfa.py .......... [ 48%] tests/unit_tests/api/auth_methods/test_okta.py . [ 48%] tests/unit_tests/api/auth_methods/test_token.py ........................ [ 49%] ........................................................................ [ 54%] ........................................................................ [ 59%] ........................................................................ [ 63%] ................ [ 65%] tests/unit_tests/api/secrets_engines/test_aws.py ... [ 65%] tests/unit_tests/api/secrets_engines/test_azure.py ... [ 65%] tests/unit_tests/api/secrets_engines/test_database.py ... [ 65%] tests/unit_tests/api/secrets_engines/test_gcp.py ....................... [ 67%] ......................................... [ 69%] tests/unit_tests/api/secrets_engines/test_kv.py .................. [ 71%] tests/unit_tests/api/secrets_engines/test_ldap.py .................. [ 72%] tests/unit_tests/api/system_backend/test_init.py ............... [ 73%] tests/unit_tests/api/test_vault_api_category.py ... [ 73%] tests/unit_tests/test_adapters.py ...................................... [ 75%] ........................................................................ [ 80%] ......................... [ 82%] tests/unit_tests/utils/test_utils.py ................................... [ 84%] ........................................................................ [ 89%] ........................................................................ [ 94%] ............ [ 95%] tests/unit_tests/v1/test_approle_routes.py .......................... [ 96%] tests/unit_tests/v1/test_auth_methods.py .. [ 96%] tests/unit_tests/v1/test_aws_ec2_methods.py ........................ [ 98%] tests/unit_tests/v1/test_aws_iam_methods.py . [ 98%] tests/unit_tests/v1/test_client.py . [ 98%] tests/unit_tests/v1/test_gcp_methods.py .. [ 98%] tests/unit_tests/v1/test_system_backend_methods.py ................... [100%] ==================================== ERRORS ==================================== ____ ERROR at setup of TestHealth.test_read_health_status_0_default_params _____ self = def _new_conn(self): """Establish a socket connection and set nodelay settings on it. :return: New socket connection. """ extra_kw = {} if self.source_address: extra_kw["source_address"] = self.source_address if self.socket_options: extra_kw["socket_options"] = self.socket_options try: > conn = connection.create_connection( (self._dns_host, self.port), self.timeout, **extra_kw ) /usr/lib/python3.12/site-packages/urllib3/connection.py:174: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/util/connection.py:95: in create_connection raise err _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ address = ('127.0.0.1', 47627), timeout = 30, source_address = None socket_options = [(6, 1, 1)] def create_connection( address, timeout=socket._GLOBAL_DEFAULT_TIMEOUT, source_address=None, socket_options=None, ): """Connect to *address* and return the socket object. Convenience function. Connect to *address* (a 2-tuple ``(host, port)``) and return the socket object. Passing the optional *timeout* parameter will set the timeout on the socket instance before attempting to connect. If no *timeout* is supplied, the global default timeout setting returned by :func:`socket.getdefaulttimeout` is used. If *source_address* is set it must be a tuple of (host, port) for the socket to bind as a source address before making the connection. An host of '' or port 0 tells the OS to use the default. """ host, port = address if host.startswith("["): host = host.strip("[]") err = None # Using the value from allowed_gai_family() in the context of getaddrinfo lets # us select whether to work with IPv4 DNS records, IPv6 records, or both. # The original create_connection function always returns all records. family = allowed_gai_family() try: host.encode("idna") except UnicodeError: return six.raise_from( LocationParseError(u"'%s', label empty or too long" % host), None ) for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): af, socktype, proto, canonname, sa = res sock = None try: sock = socket.socket(af, socktype, proto) # If provided, set socket level options before connecting. _set_socket_options(sock, socket_options) if timeout is not socket._GLOBAL_DEFAULT_TIMEOUT: sock.settimeout(timeout) if source_address: sock.bind(source_address) > sock.connect(sa) E ConnectionRefusedError: [Errno 111] Connection refused /usr/lib/python3.12/site-packages/urllib3/util/connection.py:85: ConnectionRefusedError During handling of the above exception, another exception occurred: self = method = 'PUT', url = '/v1/sys/unseal' body = b'{"migrate": false, "key": "1c659805b95cab7fbae2435b6c8f176d53afc2f66c57502f52c3c53526c43c47e0"}' headers = {'User-Agent': 'python-requests/2.32.3', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'X-Vault-Request': 'true', 'Content-Length': '95', 'Content-Type': 'application/json'} retries = Retry(total=0, connect=0, read=None, redirect=None, status=None) redirect = False, assert_same_host = False timeout = Timeout(connect=30, read=30, total=None), pool_timeout = None release_conn = False, chunked = False, body_pos = None response_kw = {'decode_content': False, 'preload_content': False} parsed_url = Url(scheme=None, auth=None, host=None, port=None, path='/v1/sys/unseal', query=None, fragment=None) destination_scheme = None, conn = None, release_this_conn = True http_tunnel_required = False, err = None, clean_exit = False def urlopen( self, method, url, body=None, headers=None, retries=None, redirect=True, assert_same_host=True, timeout=_Default, pool_timeout=None, release_conn=None, chunked=False, body_pos=None, **response_kw ): """ Get a connection from the pool and perform an HTTP request. This is the lowest level call for making a request, so you'll need to specify all the raw details. .. note:: More commonly, it's appropriate to use a convenience method provided by :class:`.RequestMethods`, such as :meth:`request`. .. note:: `release_conn` will only behave as expected if `preload_content=False` because we want to make `preload_content=False` the default behaviour someday soon without breaking backwards compatibility. :param method: HTTP request method (such as GET, POST, PUT, etc.) :param url: The URL to perform the request on. :param body: Data to send in the request body, either :class:`str`, :class:`bytes`, an iterable of :class:`str`/:class:`bytes`, or a file-like object. :param headers: Dictionary of custom headers to send, such as User-Agent, If-None-Match, etc. If None, pool headers are used. If provided, these headers completely replace any pool-specific headers. :param retries: Configure the number of retries to allow before raising a :class:`~urllib3.exceptions.MaxRetryError` exception. Pass ``None`` to retry until you receive a response. Pass a :class:`~urllib3.util.retry.Retry` object for fine-grained control over different types of retries. Pass an integer number to retry connection errors that many times, but no other types of errors. Pass zero to never retry. If ``False``, then retries are disabled and any exception is raised immediately. Also, instead of raising a MaxRetryError on redirects, the redirect response will be returned. :type retries: :class:`~urllib3.util.retry.Retry`, False, or an int. :param redirect: If True, automatically handle redirects (status codes 301, 302, 303, 307, 308). Each redirect counts as a retry. Disabling retries will disable redirect, too. :param assert_same_host: If ``True``, will make sure that the host of the pool requests is consistent else will raise HostChangedError. When ``False``, you can use the pool on an HTTP proxy and request foreign hosts. :param timeout: If specified, overrides the default timeout for this one request. It may be a float (in seconds) or an instance of :class:`urllib3.util.Timeout`. :param pool_timeout: If set and the pool is set to block=True, then this method will block for ``pool_timeout`` seconds and raise EmptyPoolError if no connection is available within the time period. :param release_conn: If False, then the urlopen call will not release the connection back into the pool once a response is received (but will release if you read the entire contents of the response such as when `preload_content=True`). This is useful if you're not preloading the response's content immediately. You will need to call ``r.release_conn()`` on the response ``r`` to return the connection back into the pool. If None, it takes the value of ``response_kw.get('preload_content', True)``. :param chunked: If True, urllib3 will send the body using chunked transfer encoding. Otherwise, urllib3 will send the body using the standard content-length form. Defaults to False. :param int body_pos: Position to seek to in file-like body in the event of a retry or redirect. Typically this won't need to be set because urllib3 will auto-populate the value when needed. :param \\**response_kw: Additional parameters are passed to :meth:`urllib3.response.HTTPResponse.from_httplib` """ parsed_url = parse_url(url) destination_scheme = parsed_url.scheme if headers is None: headers = self.headers if not isinstance(retries, Retry): retries = Retry.from_int(retries, redirect=redirect, default=self.retries) if release_conn is None: release_conn = response_kw.get("preload_content", True) # Check host if assert_same_host and not self.is_same_host(url): raise HostChangedError(self, url, retries) # Ensure that the URL we're connecting to is properly encoded if url.startswith("/"): url = six.ensure_str(_encode_target(url)) else: url = six.ensure_str(parsed_url.url) conn = None # Track whether `conn` needs to be released before # returning/raising/recursing. Update this variable if necessary, and # leave `release_conn` constant throughout the function. That way, if # the function recurses, the original value of `release_conn` will be # passed down into the recursive call, and its value will be respected. # # See issue #651 [1] for details. # # [1] release_this_conn = release_conn http_tunnel_required = connection_requires_http_tunnel( self.proxy, self.proxy_config, destination_scheme ) # Merge the proxy headers. Only done when not using HTTP CONNECT. We # have to copy the headers dict so we can safely change it without those # changes being reflected in anyone else's copy. if not http_tunnel_required: headers = headers.copy() headers.update(self.proxy_headers) # Must keep the exception bound to a separate variable or else Python 3 # complains about UnboundLocalError. err = None # Keep track of whether we cleanly exited the except block. This # ensures we do proper cleanup in finally. clean_exit = False # Rewind body position, if needed. Record current position # for future rewinds in the event of a redirect/retry. body_pos = set_file_position(body, body_pos) try: # Request a connection from the queue. timeout_obj = self._get_timeout(timeout) conn = self._get_conn(timeout=pool_timeout) conn.timeout = timeout_obj.connect_timeout is_new_proxy_conn = self.proxy is not None and not getattr( conn, "sock", None ) if is_new_proxy_conn and http_tunnel_required: self._prepare_proxy(conn) # Make the request on the httplib connection object. > httplib_response = self._make_request( conn, method, url, timeout=timeout_obj, body=body, headers=headers, chunked=chunked, ) /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:716: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:404: in _make_request self._validate_conn(conn) /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:1061: in _validate_conn conn.connect() /usr/lib/python3.12/site-packages/urllib3/connection.py:363: in connect self.sock = conn = self._new_conn() _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = def _new_conn(self): """Establish a socket connection and set nodelay settings on it. :return: New socket connection. """ extra_kw = {} if self.source_address: extra_kw["source_address"] = self.source_address if self.socket_options: extra_kw["socket_options"] = self.socket_options try: conn = connection.create_connection( (self._dns_host, self.port), self.timeout, **extra_kw ) except SocketTimeout: raise ConnectTimeoutError( self, "Connection to %s timed out. (connect timeout=%s)" % (self.host, self.timeout), ) except SocketError as e: > raise NewConnectionError( self, "Failed to establish a new connection: %s" % e ) E urllib3.exceptions.NewConnectionError: : Failed to establish a new connection: [Errno 111] Connection refused /usr/lib/python3.12/site-packages/urllib3/connection.py:186: NewConnectionError During handling of the above exception, another exception occurred: self = request = , stream = False timeout = Timeout(connect=30, read=30, total=None) verify = '/build/python-hvac/src/hvac-2.3.0/tests/config_files/server-cert.pem' cert = ('/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-cert.pem', '/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-key.pem') proxies = OrderedDict() def send( self, request, stream=False, timeout=None, verify=True, cert=None, proxies=None ): """Sends PreparedRequest object. Returns Response object. :param request: The :class:`PreparedRequest ` being sent. :param stream: (optional) Whether to stream the request content. :param timeout: (optional) How long to wait for the server to send data before giving up, as a float, or a :ref:`(connect timeout, read timeout) ` tuple. :type timeout: float or tuple or urllib3 Timeout object :param verify: (optional) Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use :param cert: (optional) Any user-provided SSL certificate to be trusted. :param proxies: (optional) The proxies dictionary to apply to the request. :rtype: requests.Response """ try: conn = self.get_connection_with_tls_context( request, verify, proxies=proxies, cert=cert ) except LocationValueError as e: raise InvalidURL(e, request=request) self.cert_verify(conn, request.url, verify, cert) url = self.request_url(request, proxies) self.add_headers( request, stream=stream, timeout=timeout, verify=verify, cert=cert, proxies=proxies, ) chunked = not (request.body is None or "Content-Length" in request.headers) if isinstance(timeout, tuple): try: connect, read = timeout timeout = TimeoutSauce(connect=connect, read=read) except ValueError: raise ValueError( f"Invalid timeout {timeout}. Pass a (connect, read) timeout tuple, " f"or a single float to set both timeouts to the same value." ) elif isinstance(timeout, TimeoutSauce): pass else: timeout = TimeoutSauce(connect=timeout, read=timeout) try: > resp = conn.urlopen( method=request.method, url=url, body=request.body, headers=request.headers, redirect=False, assert_same_host=False, preload_content=False, decode_content=False, retries=self.max_retries, timeout=timeout, chunked=chunked, ) /usr/lib/python3.12/site-packages/requests/adapters.py:667: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:802: in urlopen retries = retries.increment( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = Retry(total=0, connect=0, read=None, redirect=None, status=None) method = 'PUT', url = '/v1/sys/unseal', response = None error = NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused') _pool = _stacktrace = def increment( self, method=None, url=None, response=None, error=None, _pool=None, _stacktrace=None, ): """Return a new Retry object with incremented retry counters. :param response: A response object, or None, if the server did not return a response. :type response: :class:`~urllib3.response.HTTPResponse` :param Exception error: An error encountered during the request, or None if the response was received successfully. :return: A new ``Retry`` object. """ if self.total is False and error: # Disabled, indicate to re-raise the error. raise six.reraise(type(error), error, _stacktrace) total = self.total if total is not None: total -= 1 connect = self.connect read = self.read redirect = self.redirect status_count = self.status other = self.other cause = "unknown" status = None redirect_location = None if error and self._is_connection_error(error): # Connect retry? if connect is False: raise six.reraise(type(error), error, _stacktrace) elif connect is not None: connect -= 1 elif error and self._is_read_error(error): # Read retry? if read is False or not self._is_method_retryable(method): raise six.reraise(type(error), error, _stacktrace) elif read is not None: read -= 1 elif error: # Other retry? if other is not None: other -= 1 elif response and response.get_redirect_location(): # Redirect retry? if redirect is not None: redirect -= 1 cause = "too many redirects" redirect_location = response.get_redirect_location() status = response.status else: # Incrementing because of a server error like a 500 in # status_forcelist and the given method is in the allowed_methods cause = ResponseError.GENERIC_ERROR if response and response.status: if status_count is not None: status_count -= 1 cause = ResponseError.SPECIFIC_ERROR.format(status_code=response.status) status = response.status history = self.history + ( RequestHistory(method, url, error, status, redirect_location), ) new_retry = self.new( total=total, connect=connect, read=read, redirect=redirect, status=status_count, other=other, history=history, ) if new_retry.is_exhausted(): > raise MaxRetryError(_pool, url, error or ResponseError(cause)) E urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='127.0.0.1', port=47627): Max retries exceeded with url: /v1/sys/unseal (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) /usr/lib/python3.12/site-packages/urllib3/util/retry.py:594: MaxRetryError During handling of the above exception, another exception occurred: cls = @classmethod def setUpClass(cls): """Use the ServerManager class to launch a vault server process.""" config_paths = [get_config_file_path("vault-tls.hcl")] if shutil.which("consul") is None and cls.enable_vault_ha: logging.warning( "Unable to run Vault in HA mode, consul binary not found in path." ) cls.enable_vault_ha = False if is_enterprise(): # TODO: figure out why this bit isn't working logging.warning( "Unable to run Vault in HA mode, enterprise Vault version not currently supported." ) cls.enable_vault_ha = False if cls.enable_vault_ha: config_paths = [ get_config_file_path("vault-ha-node1.hcl"), get_config_file_path("vault-ha-node2.hcl"), ] cls.manager = ServerManager( config_paths=config_paths, use_consul=cls.enable_vault_ha, ) while True: try: cls.manager.start() cls.manager.initialize() > cls.manager.unseal() tests/utils/hvac_integration_test_case.py:50: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/utils/server_manager.py:393: in unseal client.sys.submit_unseal_keys(self.keys) hvac/api/system_backend/seal.py:97: in submit_unseal_keys result = self.submit_unseal_key( hvac/api/system_backend/seal.py:78: in submit_unseal_key return self._adapter.put( hvac/adapters.py:172: in put return self.request("put", url, **kwargs) hvac/adapters.py:408: in request response = super().request(*args, **kwargs) hvac/adapters.py:367: in request response = self.session.request( /usr/lib/python3.12/site-packages/requests/sessions.py:589: in request resp = self.send(prep, **send_kwargs) /usr/lib/python3.12/site-packages/requests/sessions.py:703: in send r = adapter.send(request, **kwargs) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = request = , stream = False timeout = Timeout(connect=30, read=30, total=None) verify = '/build/python-hvac/src/hvac-2.3.0/tests/config_files/server-cert.pem' cert = ('/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-cert.pem', '/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-key.pem') proxies = OrderedDict() def send( self, request, stream=False, timeout=None, verify=True, cert=None, proxies=None ): """Sends PreparedRequest object. Returns Response object. :param request: The :class:`PreparedRequest ` being sent. :param stream: (optional) Whether to stream the request content. :param timeout: (optional) How long to wait for the server to send data before giving up, as a float, or a :ref:`(connect timeout, read timeout) ` tuple. :type timeout: float or tuple or urllib3 Timeout object :param verify: (optional) Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use :param cert: (optional) Any user-provided SSL certificate to be trusted. :param proxies: (optional) The proxies dictionary to apply to the request. :rtype: requests.Response """ try: conn = self.get_connection_with_tls_context( request, verify, proxies=proxies, cert=cert ) except LocationValueError as e: raise InvalidURL(e, request=request) self.cert_verify(conn, request.url, verify, cert) url = self.request_url(request, proxies) self.add_headers( request, stream=stream, timeout=timeout, verify=verify, cert=cert, proxies=proxies, ) chunked = not (request.body is None or "Content-Length" in request.headers) if isinstance(timeout, tuple): try: connect, read = timeout timeout = TimeoutSauce(connect=connect, read=read) except ValueError: raise ValueError( f"Invalid timeout {timeout}. Pass a (connect, read) timeout tuple, " f"or a single float to set both timeouts to the same value." ) elif isinstance(timeout, TimeoutSauce): pass else: timeout = TimeoutSauce(connect=timeout, read=timeout) try: resp = conn.urlopen( method=request.method, url=url, body=request.body, headers=request.headers, redirect=False, assert_same_host=False, preload_content=False, decode_content=False, retries=self.max_retries, timeout=timeout, chunked=chunked, ) except (ProtocolError, OSError) as err: raise ConnectionError(err, request=request) except MaxRetryError as e: if isinstance(e.reason, ConnectTimeoutError): # TODO: Remove this in 3.0.0: see #2811 if not isinstance(e.reason, NewConnectionError): raise ConnectTimeout(e, request=request) if isinstance(e.reason, ResponseError): raise RetryError(e, request=request) if isinstance(e.reason, _ProxyError): raise ProxyError(e, request=request) if isinstance(e.reason, _SSLError): # This branch is for urllib3 v1.22 and later. raise SSLError(e, request=request) > raise ConnectionError(e, request=request) E requests.exceptions.ConnectionError: HTTPSConnectionPool(host='127.0.0.1', port=47627): Max retries exceeded with url: /v1/sys/unseal (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) /usr/lib/python3.12/site-packages/requests/adapters.py:700: ConnectionError ------------------------------ Captured log setup ------------------------------ WARNING urllib3.connectionpool:connectionpool.py:827 Retrying (Retry(total=2, connect=2, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')': /v1/sys/unseal WARNING urllib3.connectionpool:connectionpool.py:827 Retrying (Retry(total=1, connect=1, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')': /v1/sys/unseal WARNING urllib3.connectionpool:connectionpool.py:827 Retrying (Retry(total=0, connect=0, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')': /v1/sys/unseal WARNING urllib3.connectionpool:connectionpool.py:827 Retrying (Retry(total=2, connect=2, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')': /v1/sys/unseal WARNING urllib3.connectionpool:connectionpool.py:827 Retrying (Retry(total=1, connect=1, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')': /v1/sys/unseal WARNING urllib3.connectionpool:connectionpool.py:827 Retrying (Retry(total=0, connect=0, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')': /v1/sys/unseal WARNING urllib3.connectionpool:connectionpool.py:827 Retrying (Retry(total=2, connect=2, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')': /v1/sys/unseal WARNING urllib3.connectionpool:connectionpool.py:827 Retrying (Retry(total=1, connect=1, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')': /v1/sys/unseal WARNING urllib3.connectionpool:connectionpool.py:827 Retrying (Retry(total=0, connect=0, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')': /v1/sys/unseal _ ERROR at setup of TestHealth.test_read_health_status_1_unsealed_standby_node_HEAD_method _ self = def _new_conn(self): """Establish a socket connection and set nodelay settings on it. :return: New socket connection. """ extra_kw = {} if self.source_address: extra_kw["source_address"] = self.source_address if self.socket_options: extra_kw["socket_options"] = self.socket_options try: > conn = connection.create_connection( (self._dns_host, self.port), self.timeout, **extra_kw ) /usr/lib/python3.12/site-packages/urllib3/connection.py:174: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/util/connection.py:95: in create_connection raise err _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ address = ('127.0.0.1', 47627), timeout = 30, source_address = None socket_options = [(6, 1, 1)] def create_connection( address, timeout=socket._GLOBAL_DEFAULT_TIMEOUT, source_address=None, socket_options=None, ): """Connect to *address* and return the socket object. Convenience function. Connect to *address* (a 2-tuple ``(host, port)``) and return the socket object. Passing the optional *timeout* parameter will set the timeout on the socket instance before attempting to connect. If no *timeout* is supplied, the global default timeout setting returned by :func:`socket.getdefaulttimeout` is used. If *source_address* is set it must be a tuple of (host, port) for the socket to bind as a source address before making the connection. An host of '' or port 0 tells the OS to use the default. """ host, port = address if host.startswith("["): host = host.strip("[]") err = None # Using the value from allowed_gai_family() in the context of getaddrinfo lets # us select whether to work with IPv4 DNS records, IPv6 records, or both. # The original create_connection function always returns all records. family = allowed_gai_family() try: host.encode("idna") except UnicodeError: return six.raise_from( LocationParseError(u"'%s', label empty or too long" % host), None ) for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): af, socktype, proto, canonname, sa = res sock = None try: sock = socket.socket(af, socktype, proto) # If provided, set socket level options before connecting. _set_socket_options(sock, socket_options) if timeout is not socket._GLOBAL_DEFAULT_TIMEOUT: sock.settimeout(timeout) if source_address: sock.bind(source_address) > sock.connect(sa) E ConnectionRefusedError: [Errno 111] Connection refused /usr/lib/python3.12/site-packages/urllib3/util/connection.py:85: ConnectionRefusedError During handling of the above exception, another exception occurred: self = method = 'PUT', url = '/v1/sys/unseal' body = b'{"migrate": false, "key": "1c659805b95cab7fbae2435b6c8f176d53afc2f66c57502f52c3c53526c43c47e0"}' headers = {'User-Agent': 'python-requests/2.32.3', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'X-Vault-Request': 'true', 'Content-Length': '95', 'Content-Type': 'application/json'} retries = Retry(total=0, connect=0, read=None, redirect=None, status=None) redirect = False, assert_same_host = False timeout = Timeout(connect=30, read=30, total=None), pool_timeout = None release_conn = False, chunked = False, body_pos = None response_kw = {'decode_content': False, 'preload_content': False} parsed_url = Url(scheme=None, auth=None, host=None, port=None, path='/v1/sys/unseal', query=None, fragment=None) destination_scheme = None, conn = None, release_this_conn = True http_tunnel_required = False, err = None, clean_exit = False def urlopen( self, method, url, body=None, headers=None, retries=None, redirect=True, assert_same_host=True, timeout=_Default, pool_timeout=None, release_conn=None, chunked=False, body_pos=None, **response_kw ): """ Get a connection from the pool and perform an HTTP request. This is the lowest level call for making a request, so you'll need to specify all the raw details. .. note:: More commonly, it's appropriate to use a convenience method provided by :class:`.RequestMethods`, such as :meth:`request`. .. note:: `release_conn` will only behave as expected if `preload_content=False` because we want to make `preload_content=False` the default behaviour someday soon without breaking backwards compatibility. :param method: HTTP request method (such as GET, POST, PUT, etc.) :param url: The URL to perform the request on. :param body: Data to send in the request body, either :class:`str`, :class:`bytes`, an iterable of :class:`str`/:class:`bytes`, or a file-like object. :param headers: Dictionary of custom headers to send, such as User-Agent, If-None-Match, etc. If None, pool headers are used. If provided, these headers completely replace any pool-specific headers. :param retries: Configure the number of retries to allow before raising a :class:`~urllib3.exceptions.MaxRetryError` exception. Pass ``None`` to retry until you receive a response. Pass a :class:`~urllib3.util.retry.Retry` object for fine-grained control over different types of retries. Pass an integer number to retry connection errors that many times, but no other types of errors. Pass zero to never retry. If ``False``, then retries are disabled and any exception is raised immediately. Also, instead of raising a MaxRetryError on redirects, the redirect response will be returned. :type retries: :class:`~urllib3.util.retry.Retry`, False, or an int. :param redirect: If True, automatically handle redirects (status codes 301, 302, 303, 307, 308). Each redirect counts as a retry. Disabling retries will disable redirect, too. :param assert_same_host: If ``True``, will make sure that the host of the pool requests is consistent else will raise HostChangedError. When ``False``, you can use the pool on an HTTP proxy and request foreign hosts. :param timeout: If specified, overrides the default timeout for this one request. It may be a float (in seconds) or an instance of :class:`urllib3.util.Timeout`. :param pool_timeout: If set and the pool is set to block=True, then this method will block for ``pool_timeout`` seconds and raise EmptyPoolError if no connection is available within the time period. :param release_conn: If False, then the urlopen call will not release the connection back into the pool once a response is received (but will release if you read the entire contents of the response such as when `preload_content=True`). This is useful if you're not preloading the response's content immediately. You will need to call ``r.release_conn()`` on the response ``r`` to return the connection back into the pool. If None, it takes the value of ``response_kw.get('preload_content', True)``. :param chunked: If True, urllib3 will send the body using chunked transfer encoding. Otherwise, urllib3 will send the body using the standard content-length form. Defaults to False. :param int body_pos: Position to seek to in file-like body in the event of a retry or redirect. Typically this won't need to be set because urllib3 will auto-populate the value when needed. :param \\**response_kw: Additional parameters are passed to :meth:`urllib3.response.HTTPResponse.from_httplib` """ parsed_url = parse_url(url) destination_scheme = parsed_url.scheme if headers is None: headers = self.headers if not isinstance(retries, Retry): retries = Retry.from_int(retries, redirect=redirect, default=self.retries) if release_conn is None: release_conn = response_kw.get("preload_content", True) # Check host if assert_same_host and not self.is_same_host(url): raise HostChangedError(self, url, retries) # Ensure that the URL we're connecting to is properly encoded if url.startswith("/"): url = six.ensure_str(_encode_target(url)) else: url = six.ensure_str(parsed_url.url) conn = None # Track whether `conn` needs to be released before # returning/raising/recursing. Update this variable if necessary, and # leave `release_conn` constant throughout the function. That way, if # the function recurses, the original value of `release_conn` will be # passed down into the recursive call, and its value will be respected. # # See issue #651 [1] for details. # # [1] release_this_conn = release_conn http_tunnel_required = connection_requires_http_tunnel( self.proxy, self.proxy_config, destination_scheme ) # Merge the proxy headers. Only done when not using HTTP CONNECT. We # have to copy the headers dict so we can safely change it without those # changes being reflected in anyone else's copy. if not http_tunnel_required: headers = headers.copy() headers.update(self.proxy_headers) # Must keep the exception bound to a separate variable or else Python 3 # complains about UnboundLocalError. err = None # Keep track of whether we cleanly exited the except block. This # ensures we do proper cleanup in finally. clean_exit = False # Rewind body position, if needed. Record current position # for future rewinds in the event of a redirect/retry. body_pos = set_file_position(body, body_pos) try: # Request a connection from the queue. timeout_obj = self._get_timeout(timeout) conn = self._get_conn(timeout=pool_timeout) conn.timeout = timeout_obj.connect_timeout is_new_proxy_conn = self.proxy is not None and not getattr( conn, "sock", None ) if is_new_proxy_conn and http_tunnel_required: self._prepare_proxy(conn) # Make the request on the httplib connection object. > httplib_response = self._make_request( conn, method, url, timeout=timeout_obj, body=body, headers=headers, chunked=chunked, ) /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:716: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:404: in _make_request self._validate_conn(conn) /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:1061: in _validate_conn conn.connect() /usr/lib/python3.12/site-packages/urllib3/connection.py:363: in connect self.sock = conn = self._new_conn() _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = def _new_conn(self): """Establish a socket connection and set nodelay settings on it. :return: New socket connection. """ extra_kw = {} if self.source_address: extra_kw["source_address"] = self.source_address if self.socket_options: extra_kw["socket_options"] = self.socket_options try: conn = connection.create_connection( (self._dns_host, self.port), self.timeout, **extra_kw ) except SocketTimeout: raise ConnectTimeoutError( self, "Connection to %s timed out. (connect timeout=%s)" % (self.host, self.timeout), ) except SocketError as e: > raise NewConnectionError( self, "Failed to establish a new connection: %s" % e ) E urllib3.exceptions.NewConnectionError: : Failed to establish a new connection: [Errno 111] Connection refused /usr/lib/python3.12/site-packages/urllib3/connection.py:186: NewConnectionError During handling of the above exception, another exception occurred: self = request = , stream = False timeout = Timeout(connect=30, read=30, total=None) verify = '/build/python-hvac/src/hvac-2.3.0/tests/config_files/server-cert.pem' cert = ('/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-cert.pem', '/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-key.pem') proxies = OrderedDict() def send( self, request, stream=False, timeout=None, verify=True, cert=None, proxies=None ): """Sends PreparedRequest object. Returns Response object. :param request: The :class:`PreparedRequest ` being sent. :param stream: (optional) Whether to stream the request content. :param timeout: (optional) How long to wait for the server to send data before giving up, as a float, or a :ref:`(connect timeout, read timeout) ` tuple. :type timeout: float or tuple or urllib3 Timeout object :param verify: (optional) Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use :param cert: (optional) Any user-provided SSL certificate to be trusted. :param proxies: (optional) The proxies dictionary to apply to the request. :rtype: requests.Response """ try: conn = self.get_connection_with_tls_context( request, verify, proxies=proxies, cert=cert ) except LocationValueError as e: raise InvalidURL(e, request=request) self.cert_verify(conn, request.url, verify, cert) url = self.request_url(request, proxies) self.add_headers( request, stream=stream, timeout=timeout, verify=verify, cert=cert, proxies=proxies, ) chunked = not (request.body is None or "Content-Length" in request.headers) if isinstance(timeout, tuple): try: connect, read = timeout timeout = TimeoutSauce(connect=connect, read=read) except ValueError: raise ValueError( f"Invalid timeout {timeout}. Pass a (connect, read) timeout tuple, " f"or a single float to set both timeouts to the same value." ) elif isinstance(timeout, TimeoutSauce): pass else: timeout = TimeoutSauce(connect=timeout, read=timeout) try: > resp = conn.urlopen( method=request.method, url=url, body=request.body, headers=request.headers, redirect=False, assert_same_host=False, preload_content=False, decode_content=False, retries=self.max_retries, timeout=timeout, chunked=chunked, ) /usr/lib/python3.12/site-packages/requests/adapters.py:667: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:802: in urlopen retries = retries.increment( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = Retry(total=0, connect=0, read=None, redirect=None, status=None) method = 'PUT', url = '/v1/sys/unseal', response = None error = NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused') _pool = _stacktrace = def increment( self, method=None, url=None, response=None, error=None, _pool=None, _stacktrace=None, ): """Return a new Retry object with incremented retry counters. :param response: A response object, or None, if the server did not return a response. :type response: :class:`~urllib3.response.HTTPResponse` :param Exception error: An error encountered during the request, or None if the response was received successfully. :return: A new ``Retry`` object. """ if self.total is False and error: # Disabled, indicate to re-raise the error. raise six.reraise(type(error), error, _stacktrace) total = self.total if total is not None: total -= 1 connect = self.connect read = self.read redirect = self.redirect status_count = self.status other = self.other cause = "unknown" status = None redirect_location = None if error and self._is_connection_error(error): # Connect retry? if connect is False: raise six.reraise(type(error), error, _stacktrace) elif connect is not None: connect -= 1 elif error and self._is_read_error(error): # Read retry? if read is False or not self._is_method_retryable(method): raise six.reraise(type(error), error, _stacktrace) elif read is not None: read -= 1 elif error: # Other retry? if other is not None: other -= 1 elif response and response.get_redirect_location(): # Redirect retry? if redirect is not None: redirect -= 1 cause = "too many redirects" redirect_location = response.get_redirect_location() status = response.status else: # Incrementing because of a server error like a 500 in # status_forcelist and the given method is in the allowed_methods cause = ResponseError.GENERIC_ERROR if response and response.status: if status_count is not None: status_count -= 1 cause = ResponseError.SPECIFIC_ERROR.format(status_code=response.status) status = response.status history = self.history + ( RequestHistory(method, url, error, status, redirect_location), ) new_retry = self.new( total=total, connect=connect, read=read, redirect=redirect, status=status_count, other=other, history=history, ) if new_retry.is_exhausted(): > raise MaxRetryError(_pool, url, error or ResponseError(cause)) E urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='127.0.0.1', port=47627): Max retries exceeded with url: /v1/sys/unseal (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) /usr/lib/python3.12/site-packages/urllib3/util/retry.py:594: MaxRetryError During handling of the above exception, another exception occurred: cls = @classmethod def setUpClass(cls): """Use the ServerManager class to launch a vault server process.""" config_paths = [get_config_file_path("vault-tls.hcl")] if shutil.which("consul") is None and cls.enable_vault_ha: logging.warning( "Unable to run Vault in HA mode, consul binary not found in path." ) cls.enable_vault_ha = False if is_enterprise(): # TODO: figure out why this bit isn't working logging.warning( "Unable to run Vault in HA mode, enterprise Vault version not currently supported." ) cls.enable_vault_ha = False if cls.enable_vault_ha: config_paths = [ get_config_file_path("vault-ha-node1.hcl"), get_config_file_path("vault-ha-node2.hcl"), ] cls.manager = ServerManager( config_paths=config_paths, use_consul=cls.enable_vault_ha, ) while True: try: cls.manager.start() cls.manager.initialize() > cls.manager.unseal() tests/utils/hvac_integration_test_case.py:50: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/utils/server_manager.py:393: in unseal client.sys.submit_unseal_keys(self.keys) hvac/api/system_backend/seal.py:97: in submit_unseal_keys result = self.submit_unseal_key( hvac/api/system_backend/seal.py:78: in submit_unseal_key return self._adapter.put( hvac/adapters.py:172: in put return self.request("put", url, **kwargs) hvac/adapters.py:408: in request response = super().request(*args, **kwargs) hvac/adapters.py:367: in request response = self.session.request( /usr/lib/python3.12/site-packages/requests/sessions.py:589: in request resp = self.send(prep, **send_kwargs) /usr/lib/python3.12/site-packages/requests/sessions.py:703: in send r = adapter.send(request, **kwargs) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = request = , stream = False timeout = Timeout(connect=30, read=30, total=None) verify = '/build/python-hvac/src/hvac-2.3.0/tests/config_files/server-cert.pem' cert = ('/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-cert.pem', '/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-key.pem') proxies = OrderedDict() def send( self, request, stream=False, timeout=None, verify=True, cert=None, proxies=None ): """Sends PreparedRequest object. Returns Response object. :param request: The :class:`PreparedRequest ` being sent. :param stream: (optional) Whether to stream the request content. :param timeout: (optional) How long to wait for the server to send data before giving up, as a float, or a :ref:`(connect timeout, read timeout) ` tuple. :type timeout: float or tuple or urllib3 Timeout object :param verify: (optional) Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use :param cert: (optional) Any user-provided SSL certificate to be trusted. :param proxies: (optional) The proxies dictionary to apply to the request. :rtype: requests.Response """ try: conn = self.get_connection_with_tls_context( request, verify, proxies=proxies, cert=cert ) except LocationValueError as e: raise InvalidURL(e, request=request) self.cert_verify(conn, request.url, verify, cert) url = self.request_url(request, proxies) self.add_headers( request, stream=stream, timeout=timeout, verify=verify, cert=cert, proxies=proxies, ) chunked = not (request.body is None or "Content-Length" in request.headers) if isinstance(timeout, tuple): try: connect, read = timeout timeout = TimeoutSauce(connect=connect, read=read) except ValueError: raise ValueError( f"Invalid timeout {timeout}. Pass a (connect, read) timeout tuple, " f"or a single float to set both timeouts to the same value." ) elif isinstance(timeout, TimeoutSauce): pass else: timeout = TimeoutSauce(connect=timeout, read=timeout) try: resp = conn.urlopen( method=request.method, url=url, body=request.body, headers=request.headers, redirect=False, assert_same_host=False, preload_content=False, decode_content=False, retries=self.max_retries, timeout=timeout, chunked=chunked, ) except (ProtocolError, OSError) as err: raise ConnectionError(err, request=request) except MaxRetryError as e: if isinstance(e.reason, ConnectTimeoutError): # TODO: Remove this in 3.0.0: see #2811 if not isinstance(e.reason, NewConnectionError): raise ConnectTimeout(e, request=request) if isinstance(e.reason, ResponseError): raise RetryError(e, request=request) if isinstance(e.reason, _ProxyError): raise ProxyError(e, request=request) if isinstance(e.reason, _SSLError): # This branch is for urllib3 v1.22 and later. raise SSLError(e, request=request) > raise ConnectionError(e, request=request) E requests.exceptions.ConnectionError: HTTPSConnectionPool(host='127.0.0.1', port=47627): Max retries exceeded with url: /v1/sys/unseal (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) /usr/lib/python3.12/site-packages/requests/adapters.py:700: ConnectionError _ ERROR at setup of TestHealth.test_read_health_status_2_unsealed_standby_node_GET_method _ self = def _new_conn(self): """Establish a socket connection and set nodelay settings on it. :return: New socket connection. """ extra_kw = {} if self.source_address: extra_kw["source_address"] = self.source_address if self.socket_options: extra_kw["socket_options"] = self.socket_options try: > conn = connection.create_connection( (self._dns_host, self.port), self.timeout, **extra_kw ) /usr/lib/python3.12/site-packages/urllib3/connection.py:174: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/util/connection.py:95: in create_connection raise err _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ address = ('127.0.0.1', 47627), timeout = 30, source_address = None socket_options = [(6, 1, 1)] def create_connection( address, timeout=socket._GLOBAL_DEFAULT_TIMEOUT, source_address=None, socket_options=None, ): """Connect to *address* and return the socket object. Convenience function. Connect to *address* (a 2-tuple ``(host, port)``) and return the socket object. Passing the optional *timeout* parameter will set the timeout on the socket instance before attempting to connect. If no *timeout* is supplied, the global default timeout setting returned by :func:`socket.getdefaulttimeout` is used. If *source_address* is set it must be a tuple of (host, port) for the socket to bind as a source address before making the connection. An host of '' or port 0 tells the OS to use the default. """ host, port = address if host.startswith("["): host = host.strip("[]") err = None # Using the value from allowed_gai_family() in the context of getaddrinfo lets # us select whether to work with IPv4 DNS records, IPv6 records, or both. # The original create_connection function always returns all records. family = allowed_gai_family() try: host.encode("idna") except UnicodeError: return six.raise_from( LocationParseError(u"'%s', label empty or too long" % host), None ) for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): af, socktype, proto, canonname, sa = res sock = None try: sock = socket.socket(af, socktype, proto) # If provided, set socket level options before connecting. _set_socket_options(sock, socket_options) if timeout is not socket._GLOBAL_DEFAULT_TIMEOUT: sock.settimeout(timeout) if source_address: sock.bind(source_address) > sock.connect(sa) E ConnectionRefusedError: [Errno 111] Connection refused /usr/lib/python3.12/site-packages/urllib3/util/connection.py:85: ConnectionRefusedError During handling of the above exception, another exception occurred: self = method = 'PUT', url = '/v1/sys/unseal' body = b'{"migrate": false, "key": "1c659805b95cab7fbae2435b6c8f176d53afc2f66c57502f52c3c53526c43c47e0"}' headers = {'User-Agent': 'python-requests/2.32.3', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'X-Vault-Request': 'true', 'Content-Length': '95', 'Content-Type': 'application/json'} retries = Retry(total=0, connect=0, read=None, redirect=None, status=None) redirect = False, assert_same_host = False timeout = Timeout(connect=30, read=30, total=None), pool_timeout = None release_conn = False, chunked = False, body_pos = None response_kw = {'decode_content': False, 'preload_content': False} parsed_url = Url(scheme=None, auth=None, host=None, port=None, path='/v1/sys/unseal', query=None, fragment=None) destination_scheme = None, conn = None, release_this_conn = True http_tunnel_required = False, err = None, clean_exit = False def urlopen( self, method, url, body=None, headers=None, retries=None, redirect=True, assert_same_host=True, timeout=_Default, pool_timeout=None, release_conn=None, chunked=False, body_pos=None, **response_kw ): """ Get a connection from the pool and perform an HTTP request. This is the lowest level call for making a request, so you'll need to specify all the raw details. .. note:: More commonly, it's appropriate to use a convenience method provided by :class:`.RequestMethods`, such as :meth:`request`. .. note:: `release_conn` will only behave as expected if `preload_content=False` because we want to make `preload_content=False` the default behaviour someday soon without breaking backwards compatibility. :param method: HTTP request method (such as GET, POST, PUT, etc.) :param url: The URL to perform the request on. :param body: Data to send in the request body, either :class:`str`, :class:`bytes`, an iterable of :class:`str`/:class:`bytes`, or a file-like object. :param headers: Dictionary of custom headers to send, such as User-Agent, If-None-Match, etc. If None, pool headers are used. If provided, these headers completely replace any pool-specific headers. :param retries: Configure the number of retries to allow before raising a :class:`~urllib3.exceptions.MaxRetryError` exception. Pass ``None`` to retry until you receive a response. Pass a :class:`~urllib3.util.retry.Retry` object for fine-grained control over different types of retries. Pass an integer number to retry connection errors that many times, but no other types of errors. Pass zero to never retry. If ``False``, then retries are disabled and any exception is raised immediately. Also, instead of raising a MaxRetryError on redirects, the redirect response will be returned. :type retries: :class:`~urllib3.util.retry.Retry`, False, or an int. :param redirect: If True, automatically handle redirects (status codes 301, 302, 303, 307, 308). Each redirect counts as a retry. Disabling retries will disable redirect, too. :param assert_same_host: If ``True``, will make sure that the host of the pool requests is consistent else will raise HostChangedError. When ``False``, you can use the pool on an HTTP proxy and request foreign hosts. :param timeout: If specified, overrides the default timeout for this one request. It may be a float (in seconds) or an instance of :class:`urllib3.util.Timeout`. :param pool_timeout: If set and the pool is set to block=True, then this method will block for ``pool_timeout`` seconds and raise EmptyPoolError if no connection is available within the time period. :param release_conn: If False, then the urlopen call will not release the connection back into the pool once a response is received (but will release if you read the entire contents of the response such as when `preload_content=True`). This is useful if you're not preloading the response's content immediately. You will need to call ``r.release_conn()`` on the response ``r`` to return the connection back into the pool. If None, it takes the value of ``response_kw.get('preload_content', True)``. :param chunked: If True, urllib3 will send the body using chunked transfer encoding. Otherwise, urllib3 will send the body using the standard content-length form. Defaults to False. :param int body_pos: Position to seek to in file-like body in the event of a retry or redirect. Typically this won't need to be set because urllib3 will auto-populate the value when needed. :param \\**response_kw: Additional parameters are passed to :meth:`urllib3.response.HTTPResponse.from_httplib` """ parsed_url = parse_url(url) destination_scheme = parsed_url.scheme if headers is None: headers = self.headers if not isinstance(retries, Retry): retries = Retry.from_int(retries, redirect=redirect, default=self.retries) if release_conn is None: release_conn = response_kw.get("preload_content", True) # Check host if assert_same_host and not self.is_same_host(url): raise HostChangedError(self, url, retries) # Ensure that the URL we're connecting to is properly encoded if url.startswith("/"): url = six.ensure_str(_encode_target(url)) else: url = six.ensure_str(parsed_url.url) conn = None # Track whether `conn` needs to be released before # returning/raising/recursing. Update this variable if necessary, and # leave `release_conn` constant throughout the function. That way, if # the function recurses, the original value of `release_conn` will be # passed down into the recursive call, and its value will be respected. # # See issue #651 [1] for details. # # [1] release_this_conn = release_conn http_tunnel_required = connection_requires_http_tunnel( self.proxy, self.proxy_config, destination_scheme ) # Merge the proxy headers. Only done when not using HTTP CONNECT. We # have to copy the headers dict so we can safely change it without those # changes being reflected in anyone else's copy. if not http_tunnel_required: headers = headers.copy() headers.update(self.proxy_headers) # Must keep the exception bound to a separate variable or else Python 3 # complains about UnboundLocalError. err = None # Keep track of whether we cleanly exited the except block. This # ensures we do proper cleanup in finally. clean_exit = False # Rewind body position, if needed. Record current position # for future rewinds in the event of a redirect/retry. body_pos = set_file_position(body, body_pos) try: # Request a connection from the queue. timeout_obj = self._get_timeout(timeout) conn = self._get_conn(timeout=pool_timeout) conn.timeout = timeout_obj.connect_timeout is_new_proxy_conn = self.proxy is not None and not getattr( conn, "sock", None ) if is_new_proxy_conn and http_tunnel_required: self._prepare_proxy(conn) # Make the request on the httplib connection object. > httplib_response = self._make_request( conn, method, url, timeout=timeout_obj, body=body, headers=headers, chunked=chunked, ) /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:716: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:404: in _make_request self._validate_conn(conn) /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:1061: in _validate_conn conn.connect() /usr/lib/python3.12/site-packages/urllib3/connection.py:363: in connect self.sock = conn = self._new_conn() _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = def _new_conn(self): """Establish a socket connection and set nodelay settings on it. :return: New socket connection. """ extra_kw = {} if self.source_address: extra_kw["source_address"] = self.source_address if self.socket_options: extra_kw["socket_options"] = self.socket_options try: conn = connection.create_connection( (self._dns_host, self.port), self.timeout, **extra_kw ) except SocketTimeout: raise ConnectTimeoutError( self, "Connection to %s timed out. (connect timeout=%s)" % (self.host, self.timeout), ) except SocketError as e: > raise NewConnectionError( self, "Failed to establish a new connection: %s" % e ) E urllib3.exceptions.NewConnectionError: : Failed to establish a new connection: [Errno 111] Connection refused /usr/lib/python3.12/site-packages/urllib3/connection.py:186: NewConnectionError During handling of the above exception, another exception occurred: self = request = , stream = False timeout = Timeout(connect=30, read=30, total=None) verify = '/build/python-hvac/src/hvac-2.3.0/tests/config_files/server-cert.pem' cert = ('/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-cert.pem', '/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-key.pem') proxies = OrderedDict() def send( self, request, stream=False, timeout=None, verify=True, cert=None, proxies=None ): """Sends PreparedRequest object. Returns Response object. :param request: The :class:`PreparedRequest ` being sent. :param stream: (optional) Whether to stream the request content. :param timeout: (optional) How long to wait for the server to send data before giving up, as a float, or a :ref:`(connect timeout, read timeout) ` tuple. :type timeout: float or tuple or urllib3 Timeout object :param verify: (optional) Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use :param cert: (optional) Any user-provided SSL certificate to be trusted. :param proxies: (optional) The proxies dictionary to apply to the request. :rtype: requests.Response """ try: conn = self.get_connection_with_tls_context( request, verify, proxies=proxies, cert=cert ) except LocationValueError as e: raise InvalidURL(e, request=request) self.cert_verify(conn, request.url, verify, cert) url = self.request_url(request, proxies) self.add_headers( request, stream=stream, timeout=timeout, verify=verify, cert=cert, proxies=proxies, ) chunked = not (request.body is None or "Content-Length" in request.headers) if isinstance(timeout, tuple): try: connect, read = timeout timeout = TimeoutSauce(connect=connect, read=read) except ValueError: raise ValueError( f"Invalid timeout {timeout}. Pass a (connect, read) timeout tuple, " f"or a single float to set both timeouts to the same value." ) elif isinstance(timeout, TimeoutSauce): pass else: timeout = TimeoutSauce(connect=timeout, read=timeout) try: > resp = conn.urlopen( method=request.method, url=url, body=request.body, headers=request.headers, redirect=False, assert_same_host=False, preload_content=False, decode_content=False, retries=self.max_retries, timeout=timeout, chunked=chunked, ) /usr/lib/python3.12/site-packages/requests/adapters.py:667: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:802: in urlopen retries = retries.increment( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = Retry(total=0, connect=0, read=None, redirect=None, status=None) method = 'PUT', url = '/v1/sys/unseal', response = None error = NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused') _pool = _stacktrace = def increment( self, method=None, url=None, response=None, error=None, _pool=None, _stacktrace=None, ): """Return a new Retry object with incremented retry counters. :param response: A response object, or None, if the server did not return a response. :type response: :class:`~urllib3.response.HTTPResponse` :param Exception error: An error encountered during the request, or None if the response was received successfully. :return: A new ``Retry`` object. """ if self.total is False and error: # Disabled, indicate to re-raise the error. raise six.reraise(type(error), error, _stacktrace) total = self.total if total is not None: total -= 1 connect = self.connect read = self.read redirect = self.redirect status_count = self.status other = self.other cause = "unknown" status = None redirect_location = None if error and self._is_connection_error(error): # Connect retry? if connect is False: raise six.reraise(type(error), error, _stacktrace) elif connect is not None: connect -= 1 elif error and self._is_read_error(error): # Read retry? if read is False or not self._is_method_retryable(method): raise six.reraise(type(error), error, _stacktrace) elif read is not None: read -= 1 elif error: # Other retry? if other is not None: other -= 1 elif response and response.get_redirect_location(): # Redirect retry? if redirect is not None: redirect -= 1 cause = "too many redirects" redirect_location = response.get_redirect_location() status = response.status else: # Incrementing because of a server error like a 500 in # status_forcelist and the given method is in the allowed_methods cause = ResponseError.GENERIC_ERROR if response and response.status: if status_count is not None: status_count -= 1 cause = ResponseError.SPECIFIC_ERROR.format(status_code=response.status) status = response.status history = self.history + ( RequestHistory(method, url, error, status, redirect_location), ) new_retry = self.new( total=total, connect=connect, read=read, redirect=redirect, status=status_count, other=other, history=history, ) if new_retry.is_exhausted(): > raise MaxRetryError(_pool, url, error or ResponseError(cause)) E urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='127.0.0.1', port=47627): Max retries exceeded with url: /v1/sys/unseal (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) /usr/lib/python3.12/site-packages/urllib3/util/retry.py:594: MaxRetryError During handling of the above exception, another exception occurred: cls = @classmethod def setUpClass(cls): """Use the ServerManager class to launch a vault server process.""" config_paths = [get_config_file_path("vault-tls.hcl")] if shutil.which("consul") is None and cls.enable_vault_ha: logging.warning( "Unable to run Vault in HA mode, consul binary not found in path." ) cls.enable_vault_ha = False if is_enterprise(): # TODO: figure out why this bit isn't working logging.warning( "Unable to run Vault in HA mode, enterprise Vault version not currently supported." ) cls.enable_vault_ha = False if cls.enable_vault_ha: config_paths = [ get_config_file_path("vault-ha-node1.hcl"), get_config_file_path("vault-ha-node2.hcl"), ] cls.manager = ServerManager( config_paths=config_paths, use_consul=cls.enable_vault_ha, ) while True: try: cls.manager.start() cls.manager.initialize() > cls.manager.unseal() tests/utils/hvac_integration_test_case.py:50: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/utils/server_manager.py:393: in unseal client.sys.submit_unseal_keys(self.keys) hvac/api/system_backend/seal.py:97: in submit_unseal_keys result = self.submit_unseal_key( hvac/api/system_backend/seal.py:78: in submit_unseal_key return self._adapter.put( hvac/adapters.py:172: in put return self.request("put", url, **kwargs) hvac/adapters.py:408: in request response = super().request(*args, **kwargs) hvac/adapters.py:367: in request response = self.session.request( /usr/lib/python3.12/site-packages/requests/sessions.py:589: in request resp = self.send(prep, **send_kwargs) /usr/lib/python3.12/site-packages/requests/sessions.py:703: in send r = adapter.send(request, **kwargs) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = request = , stream = False timeout = Timeout(connect=30, read=30, total=None) verify = '/build/python-hvac/src/hvac-2.3.0/tests/config_files/server-cert.pem' cert = ('/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-cert.pem', '/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-key.pem') proxies = OrderedDict() def send( self, request, stream=False, timeout=None, verify=True, cert=None, proxies=None ): """Sends PreparedRequest object. Returns Response object. :param request: The :class:`PreparedRequest ` being sent. :param stream: (optional) Whether to stream the request content. :param timeout: (optional) How long to wait for the server to send data before giving up, as a float, or a :ref:`(connect timeout, read timeout) ` tuple. :type timeout: float or tuple or urllib3 Timeout object :param verify: (optional) Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use :param cert: (optional) Any user-provided SSL certificate to be trusted. :param proxies: (optional) The proxies dictionary to apply to the request. :rtype: requests.Response """ try: conn = self.get_connection_with_tls_context( request, verify, proxies=proxies, cert=cert ) except LocationValueError as e: raise InvalidURL(e, request=request) self.cert_verify(conn, request.url, verify, cert) url = self.request_url(request, proxies) self.add_headers( request, stream=stream, timeout=timeout, verify=verify, cert=cert, proxies=proxies, ) chunked = not (request.body is None or "Content-Length" in request.headers) if isinstance(timeout, tuple): try: connect, read = timeout timeout = TimeoutSauce(connect=connect, read=read) except ValueError: raise ValueError( f"Invalid timeout {timeout}. Pass a (connect, read) timeout tuple, " f"or a single float to set both timeouts to the same value." ) elif isinstance(timeout, TimeoutSauce): pass else: timeout = TimeoutSauce(connect=timeout, read=timeout) try: resp = conn.urlopen( method=request.method, url=url, body=request.body, headers=request.headers, redirect=False, assert_same_host=False, preload_content=False, decode_content=False, retries=self.max_retries, timeout=timeout, chunked=chunked, ) except (ProtocolError, OSError) as err: raise ConnectionError(err, request=request) except MaxRetryError as e: if isinstance(e.reason, ConnectTimeoutError): # TODO: Remove this in 3.0.0: see #2811 if not isinstance(e.reason, NewConnectionError): raise ConnectTimeout(e, request=request) if isinstance(e.reason, ResponseError): raise RetryError(e, request=request) if isinstance(e.reason, _ProxyError): raise ProxyError(e, request=request) if isinstance(e.reason, _SSLError): # This branch is for urllib3 v1.22 and later. raise SSLError(e, request=request) > raise ConnectionError(e, request=request) E requests.exceptions.ConnectionError: HTTPSConnectionPool(host='127.0.0.1', port=47627): Max retries exceeded with url: /v1/sys/unseal (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) /usr/lib/python3.12/site-packages/requests/adapters.py:700: ConnectionError _ ERROR at setup of TestHealth.test_read_health_status_3_sealed_standby_node_HEAD_method _ self = def _new_conn(self): """Establish a socket connection and set nodelay settings on it. :return: New socket connection. """ extra_kw = {} if self.source_address: extra_kw["source_address"] = self.source_address if self.socket_options: extra_kw["socket_options"] = self.socket_options try: > conn = connection.create_connection( (self._dns_host, self.port), self.timeout, **extra_kw ) /usr/lib/python3.12/site-packages/urllib3/connection.py:174: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/util/connection.py:95: in create_connection raise err _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ address = ('127.0.0.1', 47627), timeout = 30, source_address = None socket_options = [(6, 1, 1)] def create_connection( address, timeout=socket._GLOBAL_DEFAULT_TIMEOUT, source_address=None, socket_options=None, ): """Connect to *address* and return the socket object. Convenience function. Connect to *address* (a 2-tuple ``(host, port)``) and return the socket object. Passing the optional *timeout* parameter will set the timeout on the socket instance before attempting to connect. If no *timeout* is supplied, the global default timeout setting returned by :func:`socket.getdefaulttimeout` is used. If *source_address* is set it must be a tuple of (host, port) for the socket to bind as a source address before making the connection. An host of '' or port 0 tells the OS to use the default. """ host, port = address if host.startswith("["): host = host.strip("[]") err = None # Using the value from allowed_gai_family() in the context of getaddrinfo lets # us select whether to work with IPv4 DNS records, IPv6 records, or both. # The original create_connection function always returns all records. family = allowed_gai_family() try: host.encode("idna") except UnicodeError: return six.raise_from( LocationParseError(u"'%s', label empty or too long" % host), None ) for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): af, socktype, proto, canonname, sa = res sock = None try: sock = socket.socket(af, socktype, proto) # If provided, set socket level options before connecting. _set_socket_options(sock, socket_options) if timeout is not socket._GLOBAL_DEFAULT_TIMEOUT: sock.settimeout(timeout) if source_address: sock.bind(source_address) > sock.connect(sa) E ConnectionRefusedError: [Errno 111] Connection refused /usr/lib/python3.12/site-packages/urllib3/util/connection.py:85: ConnectionRefusedError During handling of the above exception, another exception occurred: self = method = 'PUT', url = '/v1/sys/unseal' body = b'{"migrate": false, "key": "1c659805b95cab7fbae2435b6c8f176d53afc2f66c57502f52c3c53526c43c47e0"}' headers = {'User-Agent': 'python-requests/2.32.3', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'X-Vault-Request': 'true', 'Content-Length': '95', 'Content-Type': 'application/json'} retries = Retry(total=0, connect=0, read=None, redirect=None, status=None) redirect = False, assert_same_host = False timeout = Timeout(connect=30, read=30, total=None), pool_timeout = None release_conn = False, chunked = False, body_pos = None response_kw = {'decode_content': False, 'preload_content': False} parsed_url = Url(scheme=None, auth=None, host=None, port=None, path='/v1/sys/unseal', query=None, fragment=None) destination_scheme = None, conn = None, release_this_conn = True http_tunnel_required = False, err = None, clean_exit = False def urlopen( self, method, url, body=None, headers=None, retries=None, redirect=True, assert_same_host=True, timeout=_Default, pool_timeout=None, release_conn=None, chunked=False, body_pos=None, **response_kw ): """ Get a connection from the pool and perform an HTTP request. This is the lowest level call for making a request, so you'll need to specify all the raw details. .. note:: More commonly, it's appropriate to use a convenience method provided by :class:`.RequestMethods`, such as :meth:`request`. .. note:: `release_conn` will only behave as expected if `preload_content=False` because we want to make `preload_content=False` the default behaviour someday soon without breaking backwards compatibility. :param method: HTTP request method (such as GET, POST, PUT, etc.) :param url: The URL to perform the request on. :param body: Data to send in the request body, either :class:`str`, :class:`bytes`, an iterable of :class:`str`/:class:`bytes`, or a file-like object. :param headers: Dictionary of custom headers to send, such as User-Agent, If-None-Match, etc. If None, pool headers are used. If provided, these headers completely replace any pool-specific headers. :param retries: Configure the number of retries to allow before raising a :class:`~urllib3.exceptions.MaxRetryError` exception. Pass ``None`` to retry until you receive a response. Pass a :class:`~urllib3.util.retry.Retry` object for fine-grained control over different types of retries. Pass an integer number to retry connection errors that many times, but no other types of errors. Pass zero to never retry. If ``False``, then retries are disabled and any exception is raised immediately. Also, instead of raising a MaxRetryError on redirects, the redirect response will be returned. :type retries: :class:`~urllib3.util.retry.Retry`, False, or an int. :param redirect: If True, automatically handle redirects (status codes 301, 302, 303, 307, 308). Each redirect counts as a retry. Disabling retries will disable redirect, too. :param assert_same_host: If ``True``, will make sure that the host of the pool requests is consistent else will raise HostChangedError. When ``False``, you can use the pool on an HTTP proxy and request foreign hosts. :param timeout: If specified, overrides the default timeout for this one request. It may be a float (in seconds) or an instance of :class:`urllib3.util.Timeout`. :param pool_timeout: If set and the pool is set to block=True, then this method will block for ``pool_timeout`` seconds and raise EmptyPoolError if no connection is available within the time period. :param release_conn: If False, then the urlopen call will not release the connection back into the pool once a response is received (but will release if you read the entire contents of the response such as when `preload_content=True`). This is useful if you're not preloading the response's content immediately. You will need to call ``r.release_conn()`` on the response ``r`` to return the connection back into the pool. If None, it takes the value of ``response_kw.get('preload_content', True)``. :param chunked: If True, urllib3 will send the body using chunked transfer encoding. Otherwise, urllib3 will send the body using the standard content-length form. Defaults to False. :param int body_pos: Position to seek to in file-like body in the event of a retry or redirect. Typically this won't need to be set because urllib3 will auto-populate the value when needed. :param \\**response_kw: Additional parameters are passed to :meth:`urllib3.response.HTTPResponse.from_httplib` """ parsed_url = parse_url(url) destination_scheme = parsed_url.scheme if headers is None: headers = self.headers if not isinstance(retries, Retry): retries = Retry.from_int(retries, redirect=redirect, default=self.retries) if release_conn is None: release_conn = response_kw.get("preload_content", True) # Check host if assert_same_host and not self.is_same_host(url): raise HostChangedError(self, url, retries) # Ensure that the URL we're connecting to is properly encoded if url.startswith("/"): url = six.ensure_str(_encode_target(url)) else: url = six.ensure_str(parsed_url.url) conn = None # Track whether `conn` needs to be released before # returning/raising/recursing. Update this variable if necessary, and # leave `release_conn` constant throughout the function. That way, if # the function recurses, the original value of `release_conn` will be # passed down into the recursive call, and its value will be respected. # # See issue #651 [1] for details. # # [1] release_this_conn = release_conn http_tunnel_required = connection_requires_http_tunnel( self.proxy, self.proxy_config, destination_scheme ) # Merge the proxy headers. Only done when not using HTTP CONNECT. We # have to copy the headers dict so we can safely change it without those # changes being reflected in anyone else's copy. if not http_tunnel_required: headers = headers.copy() headers.update(self.proxy_headers) # Must keep the exception bound to a separate variable or else Python 3 # complains about UnboundLocalError. err = None # Keep track of whether we cleanly exited the except block. This # ensures we do proper cleanup in finally. clean_exit = False # Rewind body position, if needed. Record current position # for future rewinds in the event of a redirect/retry. body_pos = set_file_position(body, body_pos) try: # Request a connection from the queue. timeout_obj = self._get_timeout(timeout) conn = self._get_conn(timeout=pool_timeout) conn.timeout = timeout_obj.connect_timeout is_new_proxy_conn = self.proxy is not None and not getattr( conn, "sock", None ) if is_new_proxy_conn and http_tunnel_required: self._prepare_proxy(conn) # Make the request on the httplib connection object. > httplib_response = self._make_request( conn, method, url, timeout=timeout_obj, body=body, headers=headers, chunked=chunked, ) /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:716: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:404: in _make_request self._validate_conn(conn) /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:1061: in _validate_conn conn.connect() /usr/lib/python3.12/site-packages/urllib3/connection.py:363: in connect self.sock = conn = self._new_conn() _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = def _new_conn(self): """Establish a socket connection and set nodelay settings on it. :return: New socket connection. """ extra_kw = {} if self.source_address: extra_kw["source_address"] = self.source_address if self.socket_options: extra_kw["socket_options"] = self.socket_options try: conn = connection.create_connection( (self._dns_host, self.port), self.timeout, **extra_kw ) except SocketTimeout: raise ConnectTimeoutError( self, "Connection to %s timed out. (connect timeout=%s)" % (self.host, self.timeout), ) except SocketError as e: > raise NewConnectionError( self, "Failed to establish a new connection: %s" % e ) E urllib3.exceptions.NewConnectionError: : Failed to establish a new connection: [Errno 111] Connection refused /usr/lib/python3.12/site-packages/urllib3/connection.py:186: NewConnectionError During handling of the above exception, another exception occurred: self = request = , stream = False timeout = Timeout(connect=30, read=30, total=None) verify = '/build/python-hvac/src/hvac-2.3.0/tests/config_files/server-cert.pem' cert = ('/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-cert.pem', '/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-key.pem') proxies = OrderedDict() def send( self, request, stream=False, timeout=None, verify=True, cert=None, proxies=None ): """Sends PreparedRequest object. Returns Response object. :param request: The :class:`PreparedRequest ` being sent. :param stream: (optional) Whether to stream the request content. :param timeout: (optional) How long to wait for the server to send data before giving up, as a float, or a :ref:`(connect timeout, read timeout) ` tuple. :type timeout: float or tuple or urllib3 Timeout object :param verify: (optional) Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use :param cert: (optional) Any user-provided SSL certificate to be trusted. :param proxies: (optional) The proxies dictionary to apply to the request. :rtype: requests.Response """ try: conn = self.get_connection_with_tls_context( request, verify, proxies=proxies, cert=cert ) except LocationValueError as e: raise InvalidURL(e, request=request) self.cert_verify(conn, request.url, verify, cert) url = self.request_url(request, proxies) self.add_headers( request, stream=stream, timeout=timeout, verify=verify, cert=cert, proxies=proxies, ) chunked = not (request.body is None or "Content-Length" in request.headers) if isinstance(timeout, tuple): try: connect, read = timeout timeout = TimeoutSauce(connect=connect, read=read) except ValueError: raise ValueError( f"Invalid timeout {timeout}. Pass a (connect, read) timeout tuple, " f"or a single float to set both timeouts to the same value." ) elif isinstance(timeout, TimeoutSauce): pass else: timeout = TimeoutSauce(connect=timeout, read=timeout) try: > resp = conn.urlopen( method=request.method, url=url, body=request.body, headers=request.headers, redirect=False, assert_same_host=False, preload_content=False, decode_content=False, retries=self.max_retries, timeout=timeout, chunked=chunked, ) /usr/lib/python3.12/site-packages/requests/adapters.py:667: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:802: in urlopen retries = retries.increment( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = Retry(total=0, connect=0, read=None, redirect=None, status=None) method = 'PUT', url = '/v1/sys/unseal', response = None error = NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused') _pool = _stacktrace = def increment( self, method=None, url=None, response=None, error=None, _pool=None, _stacktrace=None, ): """Return a new Retry object with incremented retry counters. :param response: A response object, or None, if the server did not return a response. :type response: :class:`~urllib3.response.HTTPResponse` :param Exception error: An error encountered during the request, or None if the response was received successfully. :return: A new ``Retry`` object. """ if self.total is False and error: # Disabled, indicate to re-raise the error. raise six.reraise(type(error), error, _stacktrace) total = self.total if total is not None: total -= 1 connect = self.connect read = self.read redirect = self.redirect status_count = self.status other = self.other cause = "unknown" status = None redirect_location = None if error and self._is_connection_error(error): # Connect retry? if connect is False: raise six.reraise(type(error), error, _stacktrace) elif connect is not None: connect -= 1 elif error and self._is_read_error(error): # Read retry? if read is False or not self._is_method_retryable(method): raise six.reraise(type(error), error, _stacktrace) elif read is not None: read -= 1 elif error: # Other retry? if other is not None: other -= 1 elif response and response.get_redirect_location(): # Redirect retry? if redirect is not None: redirect -= 1 cause = "too many redirects" redirect_location = response.get_redirect_location() status = response.status else: # Incrementing because of a server error like a 500 in # status_forcelist and the given method is in the allowed_methods cause = ResponseError.GENERIC_ERROR if response and response.status: if status_count is not None: status_count -= 1 cause = ResponseError.SPECIFIC_ERROR.format(status_code=response.status) status = response.status history = self.history + ( RequestHistory(method, url, error, status, redirect_location), ) new_retry = self.new( total=total, connect=connect, read=read, redirect=redirect, status=status_count, other=other, history=history, ) if new_retry.is_exhausted(): > raise MaxRetryError(_pool, url, error or ResponseError(cause)) E urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='127.0.0.1', port=47627): Max retries exceeded with url: /v1/sys/unseal (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) /usr/lib/python3.12/site-packages/urllib3/util/retry.py:594: MaxRetryError During handling of the above exception, another exception occurred: cls = @classmethod def setUpClass(cls): """Use the ServerManager class to launch a vault server process.""" config_paths = [get_config_file_path("vault-tls.hcl")] if shutil.which("consul") is None and cls.enable_vault_ha: logging.warning( "Unable to run Vault in HA mode, consul binary not found in path." ) cls.enable_vault_ha = False if is_enterprise(): # TODO: figure out why this bit isn't working logging.warning( "Unable to run Vault in HA mode, enterprise Vault version not currently supported." ) cls.enable_vault_ha = False if cls.enable_vault_ha: config_paths = [ get_config_file_path("vault-ha-node1.hcl"), get_config_file_path("vault-ha-node2.hcl"), ] cls.manager = ServerManager( config_paths=config_paths, use_consul=cls.enable_vault_ha, ) while True: try: cls.manager.start() cls.manager.initialize() > cls.manager.unseal() tests/utils/hvac_integration_test_case.py:50: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/utils/server_manager.py:393: in unseal client.sys.submit_unseal_keys(self.keys) hvac/api/system_backend/seal.py:97: in submit_unseal_keys result = self.submit_unseal_key( hvac/api/system_backend/seal.py:78: in submit_unseal_key return self._adapter.put( hvac/adapters.py:172: in put return self.request("put", url, **kwargs) hvac/adapters.py:408: in request response = super().request(*args, **kwargs) hvac/adapters.py:367: in request response = self.session.request( /usr/lib/python3.12/site-packages/requests/sessions.py:589: in request resp = self.send(prep, **send_kwargs) /usr/lib/python3.12/site-packages/requests/sessions.py:703: in send r = adapter.send(request, **kwargs) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = request = , stream = False timeout = Timeout(connect=30, read=30, total=None) verify = '/build/python-hvac/src/hvac-2.3.0/tests/config_files/server-cert.pem' cert = ('/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-cert.pem', '/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-key.pem') proxies = OrderedDict() def send( self, request, stream=False, timeout=None, verify=True, cert=None, proxies=None ): """Sends PreparedRequest object. Returns Response object. :param request: The :class:`PreparedRequest ` being sent. :param stream: (optional) Whether to stream the request content. :param timeout: (optional) How long to wait for the server to send data before giving up, as a float, or a :ref:`(connect timeout, read timeout) ` tuple. :type timeout: float or tuple or urllib3 Timeout object :param verify: (optional) Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use :param cert: (optional) Any user-provided SSL certificate to be trusted. :param proxies: (optional) The proxies dictionary to apply to the request. :rtype: requests.Response """ try: conn = self.get_connection_with_tls_context( request, verify, proxies=proxies, cert=cert ) except LocationValueError as e: raise InvalidURL(e, request=request) self.cert_verify(conn, request.url, verify, cert) url = self.request_url(request, proxies) self.add_headers( request, stream=stream, timeout=timeout, verify=verify, cert=cert, proxies=proxies, ) chunked = not (request.body is None or "Content-Length" in request.headers) if isinstance(timeout, tuple): try: connect, read = timeout timeout = TimeoutSauce(connect=connect, read=read) except ValueError: raise ValueError( f"Invalid timeout {timeout}. Pass a (connect, read) timeout tuple, " f"or a single float to set both timeouts to the same value." ) elif isinstance(timeout, TimeoutSauce): pass else: timeout = TimeoutSauce(connect=timeout, read=timeout) try: resp = conn.urlopen( method=request.method, url=url, body=request.body, headers=request.headers, redirect=False, assert_same_host=False, preload_content=False, decode_content=False, retries=self.max_retries, timeout=timeout, chunked=chunked, ) except (ProtocolError, OSError) as err: raise ConnectionError(err, request=request) except MaxRetryError as e: if isinstance(e.reason, ConnectTimeoutError): # TODO: Remove this in 3.0.0: see #2811 if not isinstance(e.reason, NewConnectionError): raise ConnectTimeout(e, request=request) if isinstance(e.reason, ResponseError): raise RetryError(e, request=request) if isinstance(e.reason, _ProxyError): raise ProxyError(e, request=request) if isinstance(e.reason, _SSLError): # This branch is for urllib3 v1.22 and later. raise SSLError(e, request=request) > raise ConnectionError(e, request=request) E requests.exceptions.ConnectionError: HTTPSConnectionPool(host='127.0.0.1', port=47627): Max retries exceeded with url: /v1/sys/unseal (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) /usr/lib/python3.12/site-packages/requests/adapters.py:700: ConnectionError _ ERROR at setup of TestHealth.test_read_health_status_4_sealed_standby_node_GET_method _ self = def _new_conn(self): """Establish a socket connection and set nodelay settings on it. :return: New socket connection. """ extra_kw = {} if self.source_address: extra_kw["source_address"] = self.source_address if self.socket_options: extra_kw["socket_options"] = self.socket_options try: > conn = connection.create_connection( (self._dns_host, self.port), self.timeout, **extra_kw ) /usr/lib/python3.12/site-packages/urllib3/connection.py:174: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/util/connection.py:95: in create_connection raise err _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ address = ('127.0.0.1', 47627), timeout = 30, source_address = None socket_options = [(6, 1, 1)] def create_connection( address, timeout=socket._GLOBAL_DEFAULT_TIMEOUT, source_address=None, socket_options=None, ): """Connect to *address* and return the socket object. Convenience function. Connect to *address* (a 2-tuple ``(host, port)``) and return the socket object. Passing the optional *timeout* parameter will set the timeout on the socket instance before attempting to connect. If no *timeout* is supplied, the global default timeout setting returned by :func:`socket.getdefaulttimeout` is used. If *source_address* is set it must be a tuple of (host, port) for the socket to bind as a source address before making the connection. An host of '' or port 0 tells the OS to use the default. """ host, port = address if host.startswith("["): host = host.strip("[]") err = None # Using the value from allowed_gai_family() in the context of getaddrinfo lets # us select whether to work with IPv4 DNS records, IPv6 records, or both. # The original create_connection function always returns all records. family = allowed_gai_family() try: host.encode("idna") except UnicodeError: return six.raise_from( LocationParseError(u"'%s', label empty or too long" % host), None ) for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): af, socktype, proto, canonname, sa = res sock = None try: sock = socket.socket(af, socktype, proto) # If provided, set socket level options before connecting. _set_socket_options(sock, socket_options) if timeout is not socket._GLOBAL_DEFAULT_TIMEOUT: sock.settimeout(timeout) if source_address: sock.bind(source_address) > sock.connect(sa) E ConnectionRefusedError: [Errno 111] Connection refused /usr/lib/python3.12/site-packages/urllib3/util/connection.py:85: ConnectionRefusedError During handling of the above exception, another exception occurred: self = method = 'PUT', url = '/v1/sys/unseal' body = b'{"migrate": false, "key": "1c659805b95cab7fbae2435b6c8f176d53afc2f66c57502f52c3c53526c43c47e0"}' headers = {'User-Agent': 'python-requests/2.32.3', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'X-Vault-Request': 'true', 'Content-Length': '95', 'Content-Type': 'application/json'} retries = Retry(total=0, connect=0, read=None, redirect=None, status=None) redirect = False, assert_same_host = False timeout = Timeout(connect=30, read=30, total=None), pool_timeout = None release_conn = False, chunked = False, body_pos = None response_kw = {'decode_content': False, 'preload_content': False} parsed_url = Url(scheme=None, auth=None, host=None, port=None, path='/v1/sys/unseal', query=None, fragment=None) destination_scheme = None, conn = None, release_this_conn = True http_tunnel_required = False, err = None, clean_exit = False def urlopen( self, method, url, body=None, headers=None, retries=None, redirect=True, assert_same_host=True, timeout=_Default, pool_timeout=None, release_conn=None, chunked=False, body_pos=None, **response_kw ): """ Get a connection from the pool and perform an HTTP request. This is the lowest level call for making a request, so you'll need to specify all the raw details. .. note:: More commonly, it's appropriate to use a convenience method provided by :class:`.RequestMethods`, such as :meth:`request`. .. note:: `release_conn` will only behave as expected if `preload_content=False` because we want to make `preload_content=False` the default behaviour someday soon without breaking backwards compatibility. :param method: HTTP request method (such as GET, POST, PUT, etc.) :param url: The URL to perform the request on. :param body: Data to send in the request body, either :class:`str`, :class:`bytes`, an iterable of :class:`str`/:class:`bytes`, or a file-like object. :param headers: Dictionary of custom headers to send, such as User-Agent, If-None-Match, etc. If None, pool headers are used. If provided, these headers completely replace any pool-specific headers. :param retries: Configure the number of retries to allow before raising a :class:`~urllib3.exceptions.MaxRetryError` exception. Pass ``None`` to retry until you receive a response. Pass a :class:`~urllib3.util.retry.Retry` object for fine-grained control over different types of retries. Pass an integer number to retry connection errors that many times, but no other types of errors. Pass zero to never retry. If ``False``, then retries are disabled and any exception is raised immediately. Also, instead of raising a MaxRetryError on redirects, the redirect response will be returned. :type retries: :class:`~urllib3.util.retry.Retry`, False, or an int. :param redirect: If True, automatically handle redirects (status codes 301, 302, 303, 307, 308). Each redirect counts as a retry. Disabling retries will disable redirect, too. :param assert_same_host: If ``True``, will make sure that the host of the pool requests is consistent else will raise HostChangedError. When ``False``, you can use the pool on an HTTP proxy and request foreign hosts. :param timeout: If specified, overrides the default timeout for this one request. It may be a float (in seconds) or an instance of :class:`urllib3.util.Timeout`. :param pool_timeout: If set and the pool is set to block=True, then this method will block for ``pool_timeout`` seconds and raise EmptyPoolError if no connection is available within the time period. :param release_conn: If False, then the urlopen call will not release the connection back into the pool once a response is received (but will release if you read the entire contents of the response such as when `preload_content=True`). This is useful if you're not preloading the response's content immediately. You will need to call ``r.release_conn()`` on the response ``r`` to return the connection back into the pool. If None, it takes the value of ``response_kw.get('preload_content', True)``. :param chunked: If True, urllib3 will send the body using chunked transfer encoding. Otherwise, urllib3 will send the body using the standard content-length form. Defaults to False. :param int body_pos: Position to seek to in file-like body in the event of a retry or redirect. Typically this won't need to be set because urllib3 will auto-populate the value when needed. :param \\**response_kw: Additional parameters are passed to :meth:`urllib3.response.HTTPResponse.from_httplib` """ parsed_url = parse_url(url) destination_scheme = parsed_url.scheme if headers is None: headers = self.headers if not isinstance(retries, Retry): retries = Retry.from_int(retries, redirect=redirect, default=self.retries) if release_conn is None: release_conn = response_kw.get("preload_content", True) # Check host if assert_same_host and not self.is_same_host(url): raise HostChangedError(self, url, retries) # Ensure that the URL we're connecting to is properly encoded if url.startswith("/"): url = six.ensure_str(_encode_target(url)) else: url = six.ensure_str(parsed_url.url) conn = None # Track whether `conn` needs to be released before # returning/raising/recursing. Update this variable if necessary, and # leave `release_conn` constant throughout the function. That way, if # the function recurses, the original value of `release_conn` will be # passed down into the recursive call, and its value will be respected. # # See issue #651 [1] for details. # # [1] release_this_conn = release_conn http_tunnel_required = connection_requires_http_tunnel( self.proxy, self.proxy_config, destination_scheme ) # Merge the proxy headers. Only done when not using HTTP CONNECT. We # have to copy the headers dict so we can safely change it without those # changes being reflected in anyone else's copy. if not http_tunnel_required: headers = headers.copy() headers.update(self.proxy_headers) # Must keep the exception bound to a separate variable or else Python 3 # complains about UnboundLocalError. err = None # Keep track of whether we cleanly exited the except block. This # ensures we do proper cleanup in finally. clean_exit = False # Rewind body position, if needed. Record current position # for future rewinds in the event of a redirect/retry. body_pos = set_file_position(body, body_pos) try: # Request a connection from the queue. timeout_obj = self._get_timeout(timeout) conn = self._get_conn(timeout=pool_timeout) conn.timeout = timeout_obj.connect_timeout is_new_proxy_conn = self.proxy is not None and not getattr( conn, "sock", None ) if is_new_proxy_conn and http_tunnel_required: self._prepare_proxy(conn) # Make the request on the httplib connection object. > httplib_response = self._make_request( conn, method, url, timeout=timeout_obj, body=body, headers=headers, chunked=chunked, ) /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:716: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:404: in _make_request self._validate_conn(conn) /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:1061: in _validate_conn conn.connect() /usr/lib/python3.12/site-packages/urllib3/connection.py:363: in connect self.sock = conn = self._new_conn() _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = def _new_conn(self): """Establish a socket connection and set nodelay settings on it. :return: New socket connection. """ extra_kw = {} if self.source_address: extra_kw["source_address"] = self.source_address if self.socket_options: extra_kw["socket_options"] = self.socket_options try: conn = connection.create_connection( (self._dns_host, self.port), self.timeout, **extra_kw ) except SocketTimeout: raise ConnectTimeoutError( self, "Connection to %s timed out. (connect timeout=%s)" % (self.host, self.timeout), ) except SocketError as e: > raise NewConnectionError( self, "Failed to establish a new connection: %s" % e ) E urllib3.exceptions.NewConnectionError: : Failed to establish a new connection: [Errno 111] Connection refused /usr/lib/python3.12/site-packages/urllib3/connection.py:186: NewConnectionError During handling of the above exception, another exception occurred: self = request = , stream = False timeout = Timeout(connect=30, read=30, total=None) verify = '/build/python-hvac/src/hvac-2.3.0/tests/config_files/server-cert.pem' cert = ('/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-cert.pem', '/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-key.pem') proxies = OrderedDict() def send( self, request, stream=False, timeout=None, verify=True, cert=None, proxies=None ): """Sends PreparedRequest object. Returns Response object. :param request: The :class:`PreparedRequest ` being sent. :param stream: (optional) Whether to stream the request content. :param timeout: (optional) How long to wait for the server to send data before giving up, as a float, or a :ref:`(connect timeout, read timeout) ` tuple. :type timeout: float or tuple or urllib3 Timeout object :param verify: (optional) Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use :param cert: (optional) Any user-provided SSL certificate to be trusted. :param proxies: (optional) The proxies dictionary to apply to the request. :rtype: requests.Response """ try: conn = self.get_connection_with_tls_context( request, verify, proxies=proxies, cert=cert ) except LocationValueError as e: raise InvalidURL(e, request=request) self.cert_verify(conn, request.url, verify, cert) url = self.request_url(request, proxies) self.add_headers( request, stream=stream, timeout=timeout, verify=verify, cert=cert, proxies=proxies, ) chunked = not (request.body is None or "Content-Length" in request.headers) if isinstance(timeout, tuple): try: connect, read = timeout timeout = TimeoutSauce(connect=connect, read=read) except ValueError: raise ValueError( f"Invalid timeout {timeout}. Pass a (connect, read) timeout tuple, " f"or a single float to set both timeouts to the same value." ) elif isinstance(timeout, TimeoutSauce): pass else: timeout = TimeoutSauce(connect=timeout, read=timeout) try: > resp = conn.urlopen( method=request.method, url=url, body=request.body, headers=request.headers, redirect=False, assert_same_host=False, preload_content=False, decode_content=False, retries=self.max_retries, timeout=timeout, chunked=chunked, ) /usr/lib/python3.12/site-packages/requests/adapters.py:667: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:802: in urlopen retries = retries.increment( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = Retry(total=0, connect=0, read=None, redirect=None, status=None) method = 'PUT', url = '/v1/sys/unseal', response = None error = NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused') _pool = _stacktrace = def increment( self, method=None, url=None, response=None, error=None, _pool=None, _stacktrace=None, ): """Return a new Retry object with incremented retry counters. :param response: A response object, or None, if the server did not return a response. :type response: :class:`~urllib3.response.HTTPResponse` :param Exception error: An error encountered during the request, or None if the response was received successfully. :return: A new ``Retry`` object. """ if self.total is False and error: # Disabled, indicate to re-raise the error. raise six.reraise(type(error), error, _stacktrace) total = self.total if total is not None: total -= 1 connect = self.connect read = self.read redirect = self.redirect status_count = self.status other = self.other cause = "unknown" status = None redirect_location = None if error and self._is_connection_error(error): # Connect retry? if connect is False: raise six.reraise(type(error), error, _stacktrace) elif connect is not None: connect -= 1 elif error and self._is_read_error(error): # Read retry? if read is False or not self._is_method_retryable(method): raise six.reraise(type(error), error, _stacktrace) elif read is not None: read -= 1 elif error: # Other retry? if other is not None: other -= 1 elif response and response.get_redirect_location(): # Redirect retry? if redirect is not None: redirect -= 1 cause = "too many redirects" redirect_location = response.get_redirect_location() status = response.status else: # Incrementing because of a server error like a 500 in # status_forcelist and the given method is in the allowed_methods cause = ResponseError.GENERIC_ERROR if response and response.status: if status_count is not None: status_count -= 1 cause = ResponseError.SPECIFIC_ERROR.format(status_code=response.status) status = response.status history = self.history + ( RequestHistory(method, url, error, status, redirect_location), ) new_retry = self.new( total=total, connect=connect, read=read, redirect=redirect, status=status_count, other=other, history=history, ) if new_retry.is_exhausted(): > raise MaxRetryError(_pool, url, error or ResponseError(cause)) E urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='127.0.0.1', port=47627): Max retries exceeded with url: /v1/sys/unseal (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) /usr/lib/python3.12/site-packages/urllib3/util/retry.py:594: MaxRetryError During handling of the above exception, another exception occurred: cls = @classmethod def setUpClass(cls): """Use the ServerManager class to launch a vault server process.""" config_paths = [get_config_file_path("vault-tls.hcl")] if shutil.which("consul") is None and cls.enable_vault_ha: logging.warning( "Unable to run Vault in HA mode, consul binary not found in path." ) cls.enable_vault_ha = False if is_enterprise(): # TODO: figure out why this bit isn't working logging.warning( "Unable to run Vault in HA mode, enterprise Vault version not currently supported." ) cls.enable_vault_ha = False if cls.enable_vault_ha: config_paths = [ get_config_file_path("vault-ha-node1.hcl"), get_config_file_path("vault-ha-node2.hcl"), ] cls.manager = ServerManager( config_paths=config_paths, use_consul=cls.enable_vault_ha, ) while True: try: cls.manager.start() cls.manager.initialize() > cls.manager.unseal() tests/utils/hvac_integration_test_case.py:50: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/utils/server_manager.py:393: in unseal client.sys.submit_unseal_keys(self.keys) hvac/api/system_backend/seal.py:97: in submit_unseal_keys result = self.submit_unseal_key( hvac/api/system_backend/seal.py:78: in submit_unseal_key return self._adapter.put( hvac/adapters.py:172: in put return self.request("put", url, **kwargs) hvac/adapters.py:408: in request response = super().request(*args, **kwargs) hvac/adapters.py:367: in request response = self.session.request( /usr/lib/python3.12/site-packages/requests/sessions.py:589: in request resp = self.send(prep, **send_kwargs) /usr/lib/python3.12/site-packages/requests/sessions.py:703: in send r = adapter.send(request, **kwargs) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = request = , stream = False timeout = Timeout(connect=30, read=30, total=None) verify = '/build/python-hvac/src/hvac-2.3.0/tests/config_files/server-cert.pem' cert = ('/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-cert.pem', '/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-key.pem') proxies = OrderedDict() def send( self, request, stream=False, timeout=None, verify=True, cert=None, proxies=None ): """Sends PreparedRequest object. Returns Response object. :param request: The :class:`PreparedRequest ` being sent. :param stream: (optional) Whether to stream the request content. :param timeout: (optional) How long to wait for the server to send data before giving up, as a float, or a :ref:`(connect timeout, read timeout) ` tuple. :type timeout: float or tuple or urllib3 Timeout object :param verify: (optional) Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use :param cert: (optional) Any user-provided SSL certificate to be trusted. :param proxies: (optional) The proxies dictionary to apply to the request. :rtype: requests.Response """ try: conn = self.get_connection_with_tls_context( request, verify, proxies=proxies, cert=cert ) except LocationValueError as e: raise InvalidURL(e, request=request) self.cert_verify(conn, request.url, verify, cert) url = self.request_url(request, proxies) self.add_headers( request, stream=stream, timeout=timeout, verify=verify, cert=cert, proxies=proxies, ) chunked = not (request.body is None or "Content-Length" in request.headers) if isinstance(timeout, tuple): try: connect, read = timeout timeout = TimeoutSauce(connect=connect, read=read) except ValueError: raise ValueError( f"Invalid timeout {timeout}. Pass a (connect, read) timeout tuple, " f"or a single float to set both timeouts to the same value." ) elif isinstance(timeout, TimeoutSauce): pass else: timeout = TimeoutSauce(connect=timeout, read=timeout) try: resp = conn.urlopen( method=request.method, url=url, body=request.body, headers=request.headers, redirect=False, assert_same_host=False, preload_content=False, decode_content=False, retries=self.max_retries, timeout=timeout, chunked=chunked, ) except (ProtocolError, OSError) as err: raise ConnectionError(err, request=request) except MaxRetryError as e: if isinstance(e.reason, ConnectTimeoutError): # TODO: Remove this in 3.0.0: see #2811 if not isinstance(e.reason, NewConnectionError): raise ConnectTimeout(e, request=request) if isinstance(e.reason, ResponseError): raise RetryError(e, request=request) if isinstance(e.reason, _ProxyError): raise ProxyError(e, request=request) if isinstance(e.reason, _SSLError): # This branch is for urllib3 v1.22 and later. raise SSLError(e, request=request) > raise ConnectionError(e, request=request) E requests.exceptions.ConnectionError: HTTPSConnectionPool(host='127.0.0.1', port=47627): Max retries exceeded with url: /v1/sys/unseal (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) /usr/lib/python3.12/site-packages/requests/adapters.py:700: ConnectionError ______ ERROR at setup of TestHealth.test_read_health_status_5_GET_method _______ self = def _new_conn(self): """Establish a socket connection and set nodelay settings on it. :return: New socket connection. """ extra_kw = {} if self.source_address: extra_kw["source_address"] = self.source_address if self.socket_options: extra_kw["socket_options"] = self.socket_options try: > conn = connection.create_connection( (self._dns_host, self.port), self.timeout, **extra_kw ) /usr/lib/python3.12/site-packages/urllib3/connection.py:174: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/util/connection.py:95: in create_connection raise err _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ address = ('127.0.0.1', 47627), timeout = 30, source_address = None socket_options = [(6, 1, 1)] def create_connection( address, timeout=socket._GLOBAL_DEFAULT_TIMEOUT, source_address=None, socket_options=None, ): """Connect to *address* and return the socket object. Convenience function. Connect to *address* (a 2-tuple ``(host, port)``) and return the socket object. Passing the optional *timeout* parameter will set the timeout on the socket instance before attempting to connect. If no *timeout* is supplied, the global default timeout setting returned by :func:`socket.getdefaulttimeout` is used. If *source_address* is set it must be a tuple of (host, port) for the socket to bind as a source address before making the connection. An host of '' or port 0 tells the OS to use the default. """ host, port = address if host.startswith("["): host = host.strip("[]") err = None # Using the value from allowed_gai_family() in the context of getaddrinfo lets # us select whether to work with IPv4 DNS records, IPv6 records, or both. # The original create_connection function always returns all records. family = allowed_gai_family() try: host.encode("idna") except UnicodeError: return six.raise_from( LocationParseError(u"'%s', label empty or too long" % host), None ) for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): af, socktype, proto, canonname, sa = res sock = None try: sock = socket.socket(af, socktype, proto) # If provided, set socket level options before connecting. _set_socket_options(sock, socket_options) if timeout is not socket._GLOBAL_DEFAULT_TIMEOUT: sock.settimeout(timeout) if source_address: sock.bind(source_address) > sock.connect(sa) E ConnectionRefusedError: [Errno 111] Connection refused /usr/lib/python3.12/site-packages/urllib3/util/connection.py:85: ConnectionRefusedError During handling of the above exception, another exception occurred: self = method = 'PUT', url = '/v1/sys/unseal' body = b'{"migrate": false, "key": "1c659805b95cab7fbae2435b6c8f176d53afc2f66c57502f52c3c53526c43c47e0"}' headers = {'User-Agent': 'python-requests/2.32.3', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'X-Vault-Request': 'true', 'Content-Length': '95', 'Content-Type': 'application/json'} retries = Retry(total=0, connect=0, read=None, redirect=None, status=None) redirect = False, assert_same_host = False timeout = Timeout(connect=30, read=30, total=None), pool_timeout = None release_conn = False, chunked = False, body_pos = None response_kw = {'decode_content': False, 'preload_content': False} parsed_url = Url(scheme=None, auth=None, host=None, port=None, path='/v1/sys/unseal', query=None, fragment=None) destination_scheme = None, conn = None, release_this_conn = True http_tunnel_required = False, err = None, clean_exit = False def urlopen( self, method, url, body=None, headers=None, retries=None, redirect=True, assert_same_host=True, timeout=_Default, pool_timeout=None, release_conn=None, chunked=False, body_pos=None, **response_kw ): """ Get a connection from the pool and perform an HTTP request. This is the lowest level call for making a request, so you'll need to specify all the raw details. .. note:: More commonly, it's appropriate to use a convenience method provided by :class:`.RequestMethods`, such as :meth:`request`. .. note:: `release_conn` will only behave as expected if `preload_content=False` because we want to make `preload_content=False` the default behaviour someday soon without breaking backwards compatibility. :param method: HTTP request method (such as GET, POST, PUT, etc.) :param url: The URL to perform the request on. :param body: Data to send in the request body, either :class:`str`, :class:`bytes`, an iterable of :class:`str`/:class:`bytes`, or a file-like object. :param headers: Dictionary of custom headers to send, such as User-Agent, If-None-Match, etc. If None, pool headers are used. If provided, these headers completely replace any pool-specific headers. :param retries: Configure the number of retries to allow before raising a :class:`~urllib3.exceptions.MaxRetryError` exception. Pass ``None`` to retry until you receive a response. Pass a :class:`~urllib3.util.retry.Retry` object for fine-grained control over different types of retries. Pass an integer number to retry connection errors that many times, but no other types of errors. Pass zero to never retry. If ``False``, then retries are disabled and any exception is raised immediately. Also, instead of raising a MaxRetryError on redirects, the redirect response will be returned. :type retries: :class:`~urllib3.util.retry.Retry`, False, or an int. :param redirect: If True, automatically handle redirects (status codes 301, 302, 303, 307, 308). Each redirect counts as a retry. Disabling retries will disable redirect, too. :param assert_same_host: If ``True``, will make sure that the host of the pool requests is consistent else will raise HostChangedError. When ``False``, you can use the pool on an HTTP proxy and request foreign hosts. :param timeout: If specified, overrides the default timeout for this one request. It may be a float (in seconds) or an instance of :class:`urllib3.util.Timeout`. :param pool_timeout: If set and the pool is set to block=True, then this method will block for ``pool_timeout`` seconds and raise EmptyPoolError if no connection is available within the time period. :param release_conn: If False, then the urlopen call will not release the connection back into the pool once a response is received (but will release if you read the entire contents of the response such as when `preload_content=True`). This is useful if you're not preloading the response's content immediately. You will need to call ``r.release_conn()`` on the response ``r`` to return the connection back into the pool. If None, it takes the value of ``response_kw.get('preload_content', True)``. :param chunked: If True, urllib3 will send the body using chunked transfer encoding. Otherwise, urllib3 will send the body using the standard content-length form. Defaults to False. :param int body_pos: Position to seek to in file-like body in the event of a retry or redirect. Typically this won't need to be set because urllib3 will auto-populate the value when needed. :param \\**response_kw: Additional parameters are passed to :meth:`urllib3.response.HTTPResponse.from_httplib` """ parsed_url = parse_url(url) destination_scheme = parsed_url.scheme if headers is None: headers = self.headers if not isinstance(retries, Retry): retries = Retry.from_int(retries, redirect=redirect, default=self.retries) if release_conn is None: release_conn = response_kw.get("preload_content", True) # Check host if assert_same_host and not self.is_same_host(url): raise HostChangedError(self, url, retries) # Ensure that the URL we're connecting to is properly encoded if url.startswith("/"): url = six.ensure_str(_encode_target(url)) else: url = six.ensure_str(parsed_url.url) conn = None # Track whether `conn` needs to be released before # returning/raising/recursing. Update this variable if necessary, and # leave `release_conn` constant throughout the function. That way, if # the function recurses, the original value of `release_conn` will be # passed down into the recursive call, and its value will be respected. # # See issue #651 [1] for details. # # [1] release_this_conn = release_conn http_tunnel_required = connection_requires_http_tunnel( self.proxy, self.proxy_config, destination_scheme ) # Merge the proxy headers. Only done when not using HTTP CONNECT. We # have to copy the headers dict so we can safely change it without those # changes being reflected in anyone else's copy. if not http_tunnel_required: headers = headers.copy() headers.update(self.proxy_headers) # Must keep the exception bound to a separate variable or else Python 3 # complains about UnboundLocalError. err = None # Keep track of whether we cleanly exited the except block. This # ensures we do proper cleanup in finally. clean_exit = False # Rewind body position, if needed. Record current position # for future rewinds in the event of a redirect/retry. body_pos = set_file_position(body, body_pos) try: # Request a connection from the queue. timeout_obj = self._get_timeout(timeout) conn = self._get_conn(timeout=pool_timeout) conn.timeout = timeout_obj.connect_timeout is_new_proxy_conn = self.proxy is not None and not getattr( conn, "sock", None ) if is_new_proxy_conn and http_tunnel_required: self._prepare_proxy(conn) # Make the request on the httplib connection object. > httplib_response = self._make_request( conn, method, url, timeout=timeout_obj, body=body, headers=headers, chunked=chunked, ) /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:716: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:404: in _make_request self._validate_conn(conn) /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:1061: in _validate_conn conn.connect() /usr/lib/python3.12/site-packages/urllib3/connection.py:363: in connect self.sock = conn = self._new_conn() _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = def _new_conn(self): """Establish a socket connection and set nodelay settings on it. :return: New socket connection. """ extra_kw = {} if self.source_address: extra_kw["source_address"] = self.source_address if self.socket_options: extra_kw["socket_options"] = self.socket_options try: conn = connection.create_connection( (self._dns_host, self.port), self.timeout, **extra_kw ) except SocketTimeout: raise ConnectTimeoutError( self, "Connection to %s timed out. (connect timeout=%s)" % (self.host, self.timeout), ) except SocketError as e: > raise NewConnectionError( self, "Failed to establish a new connection: %s" % e ) E urllib3.exceptions.NewConnectionError: : Failed to establish a new connection: [Errno 111] Connection refused /usr/lib/python3.12/site-packages/urllib3/connection.py:186: NewConnectionError During handling of the above exception, another exception occurred: self = request = , stream = False timeout = Timeout(connect=30, read=30, total=None) verify = '/build/python-hvac/src/hvac-2.3.0/tests/config_files/server-cert.pem' cert = ('/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-cert.pem', '/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-key.pem') proxies = OrderedDict() def send( self, request, stream=False, timeout=None, verify=True, cert=None, proxies=None ): """Sends PreparedRequest object. Returns Response object. :param request: The :class:`PreparedRequest ` being sent. :param stream: (optional) Whether to stream the request content. :param timeout: (optional) How long to wait for the server to send data before giving up, as a float, or a :ref:`(connect timeout, read timeout) ` tuple. :type timeout: float or tuple or urllib3 Timeout object :param verify: (optional) Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use :param cert: (optional) Any user-provided SSL certificate to be trusted. :param proxies: (optional) The proxies dictionary to apply to the request. :rtype: requests.Response """ try: conn = self.get_connection_with_tls_context( request, verify, proxies=proxies, cert=cert ) except LocationValueError as e: raise InvalidURL(e, request=request) self.cert_verify(conn, request.url, verify, cert) url = self.request_url(request, proxies) self.add_headers( request, stream=stream, timeout=timeout, verify=verify, cert=cert, proxies=proxies, ) chunked = not (request.body is None or "Content-Length" in request.headers) if isinstance(timeout, tuple): try: connect, read = timeout timeout = TimeoutSauce(connect=connect, read=read) except ValueError: raise ValueError( f"Invalid timeout {timeout}. Pass a (connect, read) timeout tuple, " f"or a single float to set both timeouts to the same value." ) elif isinstance(timeout, TimeoutSauce): pass else: timeout = TimeoutSauce(connect=timeout, read=timeout) try: > resp = conn.urlopen( method=request.method, url=url, body=request.body, headers=request.headers, redirect=False, assert_same_host=False, preload_content=False, decode_content=False, retries=self.max_retries, timeout=timeout, chunked=chunked, ) /usr/lib/python3.12/site-packages/requests/adapters.py:667: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:830: in urlopen return self.urlopen( /usr/lib/python3.12/site-packages/urllib3/connectionpool.py:802: in urlopen retries = retries.increment( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = Retry(total=0, connect=0, read=None, redirect=None, status=None) method = 'PUT', url = '/v1/sys/unseal', response = None error = NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused') _pool = _stacktrace = def increment( self, method=None, url=None, response=None, error=None, _pool=None, _stacktrace=None, ): """Return a new Retry object with incremented retry counters. :param response: A response object, or None, if the server did not return a response. :type response: :class:`~urllib3.response.HTTPResponse` :param Exception error: An error encountered during the request, or None if the response was received successfully. :return: A new ``Retry`` object. """ if self.total is False and error: # Disabled, indicate to re-raise the error. raise six.reraise(type(error), error, _stacktrace) total = self.total if total is not None: total -= 1 connect = self.connect read = self.read redirect = self.redirect status_count = self.status other = self.other cause = "unknown" status = None redirect_location = None if error and self._is_connection_error(error): # Connect retry? if connect is False: raise six.reraise(type(error), error, _stacktrace) elif connect is not None: connect -= 1 elif error and self._is_read_error(error): # Read retry? if read is False or not self._is_method_retryable(method): raise six.reraise(type(error), error, _stacktrace) elif read is not None: read -= 1 elif error: # Other retry? if other is not None: other -= 1 elif response and response.get_redirect_location(): # Redirect retry? if redirect is not None: redirect -= 1 cause = "too many redirects" redirect_location = response.get_redirect_location() status = response.status else: # Incrementing because of a server error like a 500 in # status_forcelist and the given method is in the allowed_methods cause = ResponseError.GENERIC_ERROR if response and response.status: if status_count is not None: status_count -= 1 cause = ResponseError.SPECIFIC_ERROR.format(status_code=response.status) status = response.status history = self.history + ( RequestHistory(method, url, error, status, redirect_location), ) new_retry = self.new( total=total, connect=connect, read=read, redirect=redirect, status=status_count, other=other, history=history, ) if new_retry.is_exhausted(): > raise MaxRetryError(_pool, url, error or ResponseError(cause)) E urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='127.0.0.1', port=47627): Max retries exceeded with url: /v1/sys/unseal (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) /usr/lib/python3.12/site-packages/urllib3/util/retry.py:594: MaxRetryError During handling of the above exception, another exception occurred: cls = @classmethod def setUpClass(cls): """Use the ServerManager class to launch a vault server process.""" config_paths = [get_config_file_path("vault-tls.hcl")] if shutil.which("consul") is None and cls.enable_vault_ha: logging.warning( "Unable to run Vault in HA mode, consul binary not found in path." ) cls.enable_vault_ha = False if is_enterprise(): # TODO: figure out why this bit isn't working logging.warning( "Unable to run Vault in HA mode, enterprise Vault version not currently supported." ) cls.enable_vault_ha = False if cls.enable_vault_ha: config_paths = [ get_config_file_path("vault-ha-node1.hcl"), get_config_file_path("vault-ha-node2.hcl"), ] cls.manager = ServerManager( config_paths=config_paths, use_consul=cls.enable_vault_ha, ) while True: try: cls.manager.start() cls.manager.initialize() > cls.manager.unseal() tests/utils/hvac_integration_test_case.py:50: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/utils/server_manager.py:393: in unseal client.sys.submit_unseal_keys(self.keys) hvac/api/system_backend/seal.py:97: in submit_unseal_keys result = self.submit_unseal_key( hvac/api/system_backend/seal.py:78: in submit_unseal_key return self._adapter.put( hvac/adapters.py:172: in put return self.request("put", url, **kwargs) hvac/adapters.py:408: in request response = super().request(*args, **kwargs) hvac/adapters.py:367: in request response = self.session.request( /usr/lib/python3.12/site-packages/requests/sessions.py:589: in request resp = self.send(prep, **send_kwargs) /usr/lib/python3.12/site-packages/requests/sessions.py:703: in send r = adapter.send(request, **kwargs) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = request = , stream = False timeout = Timeout(connect=30, read=30, total=None) verify = '/build/python-hvac/src/hvac-2.3.0/tests/config_files/server-cert.pem' cert = ('/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-cert.pem', '/build/python-hvac/src/hvac-2.3.0/tests/config_files/client-key.pem') proxies = OrderedDict() def send( self, request, stream=False, timeout=None, verify=True, cert=None, proxies=None ): """Sends PreparedRequest object. Returns Response object. :param request: The :class:`PreparedRequest ` being sent. :param stream: (optional) Whether to stream the request content. :param timeout: (optional) How long to wait for the server to send data before giving up, as a float, or a :ref:`(connect timeout, read timeout) ` tuple. :type timeout: float or tuple or urllib3 Timeout object :param verify: (optional) Either a boolean, in which case it controls whether we verify the server's TLS certificate, or a string, in which case it must be a path to a CA bundle to use :param cert: (optional) Any user-provided SSL certificate to be trusted. :param proxies: (optional) The proxies dictionary to apply to the request. :rtype: requests.Response """ try: conn = self.get_connection_with_tls_context( request, verify, proxies=proxies, cert=cert ) except LocationValueError as e: raise InvalidURL(e, request=request) self.cert_verify(conn, request.url, verify, cert) url = self.request_url(request, proxies) self.add_headers( request, stream=stream, timeout=timeout, verify=verify, cert=cert, proxies=proxies, ) chunked = not (request.body is None or "Content-Length" in request.headers) if isinstance(timeout, tuple): try: connect, read = timeout timeout = TimeoutSauce(connect=connect, read=read) except ValueError: raise ValueError( f"Invalid timeout {timeout}. Pass a (connect, read) timeout tuple, " f"or a single float to set both timeouts to the same value." ) elif isinstance(timeout, TimeoutSauce): pass else: timeout = TimeoutSauce(connect=timeout, read=timeout) try: resp = conn.urlopen( method=request.method, url=url, body=request.body, headers=request.headers, redirect=False, assert_same_host=False, preload_content=False, decode_content=False, retries=self.max_retries, timeout=timeout, chunked=chunked, ) except (ProtocolError, OSError) as err: raise ConnectionError(err, request=request) except MaxRetryError as e: if isinstance(e.reason, ConnectTimeoutError): # TODO: Remove this in 3.0.0: see #2811 if not isinstance(e.reason, NewConnectionError): raise ConnectTimeout(e, request=request) if isinstance(e.reason, ResponseError): raise RetryError(e, request=request) if isinstance(e.reason, _ProxyError): raise ProxyError(e, request=request) if isinstance(e.reason, _SSLError): # This branch is for urllib3 v1.22 and later. raise SSLError(e, request=request) > raise ConnectionError(e, request=request) E requests.exceptions.ConnectionError: HTTPSConnectionPool(host='127.0.0.1', port=47627): Max retries exceeded with url: /v1/sys/unseal (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) /usr/lib/python3.12/site-packages/requests/adapters.py:700: ConnectionError =================================== FAILURES =================================== ___________________ TestKubernetes.test_configure_0_success ____________________ a = (,) kw = {} @wraps(func) def standalone_func(*a, **kw): > return func(*(a + p.args), **p.kwargs, **kw) /usr/lib/python3.12/site-packages/parameterized/parameterized.py:620: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/integration_tests/api/auth_methods/test_kubernetes.py:102: in test_configure configure_response = self.client.auth.kubernetes.configure( hvac/api/auth_methods/kubernetes.py:87: in configure return self._adapter.post( hvac/adapters.py:159: in post return self.request("post", url, **kwargs) hvac/adapters.py:408: in request response = super().request(*args, **kwargs) hvac/adapters.py:376: in request self._raise_for_error(method, url, response) hvac/adapters.py:294: in _raise_for_error utils.raise_for_error( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ method = 'post', url = 'https://127.0.0.1:35807/v1/auth/kubernetes-test/config' status_code = 400, message = None errors = ['The provided CA PEM data contains no valid certificates'] text = '{"errors":["The provided CA PEM data contains no valid certificates"]}\n' json = {'errors': ['The provided CA PEM data contains no valid certificates']} def raise_for_error( method, url, status_code, message=None, errors=None, text=None, json=None ): """Helper method to raise exceptions based on the status code of a response received back from Vault. :param method: HTTP method of a request to Vault. :type method: str :param url: URL of the endpoint requested in Vault. :type url: str :param status_code: Status code received in a response from Vault. :type status_code: int :param message: Optional message to include in a resulting exception. :type message: str :param errors: Optional errors to include in a resulting exception. :type errors: list | str :param text: Optional text of the response. :type text: str :param json: Optional deserialized version of a JSON response (object) :type json: object :raises: hvac.exceptions.InvalidRequest | hvac.exceptions.Unauthorized | hvac.exceptions.Forbidden | hvac.exceptions.InvalidPath | hvac.exceptions.RateLimitExceeded | hvac.exceptions.InternalServerError | hvac.exceptions.VaultNotInitialized | hvac.exceptions.BadGateway | hvac.exceptions.VaultDown | hvac.exceptions.UnexpectedError """ > raise exceptions.VaultError.from_status( status_code, message, errors=errors, method=method, url=url, text=text, json=json, ) E hvac.exceptions.InvalidRequest: The provided CA PEM data contains no valid certificates, on post https://127.0.0.1:35807/v1/auth/kubernetes-test/config hvac/utils.py:41: InvalidRequest _________________ TestKubernetes.test_configure_1_issuer_test __________________ a = (,) kw = {} @wraps(func) def standalone_func(*a, **kw): > return func(*(a + p.args), **p.kwargs, **kw) /usr/lib/python3.12/site-packages/parameterized/parameterized.py:620: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/integration_tests/api/auth_methods/test_kubernetes.py:102: in test_configure configure_response = self.client.auth.kubernetes.configure( hvac/api/auth_methods/kubernetes.py:87: in configure return self._adapter.post( hvac/adapters.py:159: in post return self.request("post", url, **kwargs) hvac/adapters.py:408: in request response = super().request(*args, **kwargs) hvac/adapters.py:376: in request self._raise_for_error(method, url, response) hvac/adapters.py:294: in _raise_for_error utils.raise_for_error( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ method = 'post', url = 'https://127.0.0.1:35807/v1/auth/kubernetes-test/config' status_code = 400, message = None errors = ['The provided CA PEM data contains no valid certificates'] text = '{"errors":["The provided CA PEM data contains no valid certificates"]}\n' json = {'errors': ['The provided CA PEM data contains no valid certificates']} def raise_for_error( method, url, status_code, message=None, errors=None, text=None, json=None ): """Helper method to raise exceptions based on the status code of a response received back from Vault. :param method: HTTP method of a request to Vault. :type method: str :param url: URL of the endpoint requested in Vault. :type url: str :param status_code: Status code received in a response from Vault. :type status_code: int :param message: Optional message to include in a resulting exception. :type message: str :param errors: Optional errors to include in a resulting exception. :type errors: list | str :param text: Optional text of the response. :type text: str :param json: Optional deserialized version of a JSON response (object) :type json: object :raises: hvac.exceptions.InvalidRequest | hvac.exceptions.Unauthorized | hvac.exceptions.Forbidden | hvac.exceptions.InvalidPath | hvac.exceptions.RateLimitExceeded | hvac.exceptions.InternalServerError | hvac.exceptions.VaultNotInitialized | hvac.exceptions.BadGateway | hvac.exceptions.VaultDown | hvac.exceptions.UnexpectedError """ > raise exceptions.VaultError.from_status( status_code, message, errors=errors, method=method, url=url, text=text, json=json, ) E hvac.exceptions.InvalidRequest: The provided CA PEM data contains no valid certificates, on post https://127.0.0.1:35807/v1/auth/kubernetes-test/config hvac/utils.py:41: InvalidRequest __________ TestKubernetes.test_configure_5_missing_kubernetes_ca_cert __________ a = (,) kw = {} @wraps(func) def standalone_func(*a, **kw): > return func(*(a + p.args), **p.kwargs, **kw) /usr/lib/python3.12/site-packages/parameterized/parameterized.py:620: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/integration_tests/api/auth_methods/test_kubernetes.py:91: in test_configure with self.assertRaises(raises) as cm: E AssertionError: InvalidRequest not raised ___________________ TestKubernetes.test_list_roles_0_success ___________________ a = (,) kw = {} @wraps(func) def standalone_func(*a, **kw): > return func(*(a + p.args), **p.kwargs, **kw) /usr/lib/python3.12/site-packages/parameterized/parameterized.py:620: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/integration_tests/api/auth_methods/test_kubernetes.py:291: in test_list_roles self.client.auth.kubernetes.configure( hvac/api/auth_methods/kubernetes.py:87: in configure return self._adapter.post( hvac/adapters.py:159: in post return self.request("post", url, **kwargs) hvac/adapters.py:408: in request response = super().request(*args, **kwargs) hvac/adapters.py:376: in request self._raise_for_error(method, url, response) hvac/adapters.py:294: in _raise_for_error utils.raise_for_error( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ method = 'post', url = 'https://127.0.0.1:35807/v1/auth/kubernetes-test/config' status_code = 400, message = None errors = ['The provided CA PEM data contains no valid certificates'] text = '{"errors":["The provided CA PEM data contains no valid certificates"]}\n' json = {'errors': ['The provided CA PEM data contains no valid certificates']} def raise_for_error( method, url, status_code, message=None, errors=None, text=None, json=None ): """Helper method to raise exceptions based on the status code of a response received back from Vault. :param method: HTTP method of a request to Vault. :type method: str :param url: URL of the endpoint requested in Vault. :type url: str :param status_code: Status code received in a response from Vault. :type status_code: int :param message: Optional message to include in a resulting exception. :type message: str :param errors: Optional errors to include in a resulting exception. :type errors: list | str :param text: Optional text of the response. :type text: str :param json: Optional deserialized version of a JSON response (object) :type json: object :raises: hvac.exceptions.InvalidRequest | hvac.exceptions.Unauthorized | hvac.exceptions.Forbidden | hvac.exceptions.InvalidPath | hvac.exceptions.RateLimitExceeded | hvac.exceptions.InternalServerError | hvac.exceptions.VaultNotInitialized | hvac.exceptions.BadGateway | hvac.exceptions.VaultDown | hvac.exceptions.UnexpectedError """ > raise exceptions.VaultError.from_status( status_code, message, errors=errors, method=method, url=url, text=text, json=json, ) E hvac.exceptions.InvalidRequest: The provided CA PEM data contains no valid certificates, on post https://127.0.0.1:35807/v1/auth/kubernetes-test/config hvac/utils.py:41: InvalidRequest __________________ TestKubernetes.test_list_roles_1_no_roles ___________________ a = (,) kw = {} @wraps(func) def standalone_func(*a, **kw): > return func(*(a + p.args), **p.kwargs, **kw) /usr/lib/python3.12/site-packages/parameterized/parameterized.py:620: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/integration_tests/api/auth_methods/test_kubernetes.py:291: in test_list_roles self.client.auth.kubernetes.configure( hvac/api/auth_methods/kubernetes.py:87: in configure return self._adapter.post( hvac/adapters.py:159: in post return self.request("post", url, **kwargs) hvac/adapters.py:408: in request response = super().request(*args, **kwargs) hvac/adapters.py:376: in request self._raise_for_error(method, url, response) hvac/adapters.py:294: in _raise_for_error utils.raise_for_error( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ method = 'post', url = 'https://127.0.0.1:35807/v1/auth/kubernetes-test/config' status_code = 400, message = None errors = ['The provided CA PEM data contains no valid certificates'] text = '{"errors":["The provided CA PEM data contains no valid certificates"]}\n' json = {'errors': ['The provided CA PEM data contains no valid certificates']} def raise_for_error( method, url, status_code, message=None, errors=None, text=None, json=None ): """Helper method to raise exceptions based on the status code of a response received back from Vault. :param method: HTTP method of a request to Vault. :type method: str :param url: URL of the endpoint requested in Vault. :type url: str :param status_code: Status code received in a response from Vault. :type status_code: int :param message: Optional message to include in a resulting exception. :type message: str :param errors: Optional errors to include in a resulting exception. :type errors: list | str :param text: Optional text of the response. :type text: str :param json: Optional deserialized version of a JSON response (object) :type json: object :raises: hvac.exceptions.InvalidRequest | hvac.exceptions.Unauthorized | hvac.exceptions.Forbidden | hvac.exceptions.InvalidPath | hvac.exceptions.RateLimitExceeded | hvac.exceptions.InternalServerError | hvac.exceptions.VaultNotInitialized | hvac.exceptions.BadGateway | hvac.exceptions.VaultDown | hvac.exceptions.UnexpectedError """ > raise exceptions.VaultError.from_status( status_code, message, errors=errors, method=method, url=url, text=text, json=json, ) E hvac.exceptions.InvalidRequest: The provided CA PEM data contains no valid certificates, on post https://127.0.0.1:35807/v1/auth/kubernetes-test/config hvac/utils.py:41: InvalidRequest __________________ TestKubernetes.test_read_config_0_success ___________________ a = (,) kw = {} @wraps(func) def standalone_func(*a, **kw): > return func(*(a + p.args), **p.kwargs, **kw) /usr/lib/python3.12/site-packages/parameterized/parameterized.py:620: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/integration_tests/api/auth_methods/test_kubernetes.py:133: in test_read_config self.client.auth.kubernetes.configure( hvac/api/auth_methods/kubernetes.py:87: in configure return self._adapter.post( hvac/adapters.py:159: in post return self.request("post", url, **kwargs) hvac/adapters.py:408: in request response = super().request(*args, **kwargs) hvac/adapters.py:376: in request self._raise_for_error(method, url, response) hvac/adapters.py:294: in _raise_for_error utils.raise_for_error( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ method = 'post', url = 'https://127.0.0.1:35807/v1/auth/kubernetes-test/config' status_code = 400, message = None errors = ['The provided CA PEM data contains no valid certificates'] text = '{"errors":["The provided CA PEM data contains no valid certificates"]}\n' json = {'errors': ['The provided CA PEM data contains no valid certificates']} def raise_for_error( method, url, status_code, message=None, errors=None, text=None, json=None ): """Helper method to raise exceptions based on the status code of a response received back from Vault. :param method: HTTP method of a request to Vault. :type method: str :param url: URL of the endpoint requested in Vault. :type url: str :param status_code: Status code received in a response from Vault. :type status_code: int :param message: Optional message to include in a resulting exception. :type message: str :param errors: Optional errors to include in a resulting exception. :type errors: list | str :param text: Optional text of the response. :type text: str :param json: Optional deserialized version of a JSON response (object) :type json: object :raises: hvac.exceptions.InvalidRequest | hvac.exceptions.Unauthorized | hvac.exceptions.Forbidden | hvac.exceptions.InvalidPath | hvac.exceptions.RateLimitExceeded | hvac.exceptions.InternalServerError | hvac.exceptions.VaultNotInitialized | hvac.exceptions.BadGateway | hvac.exceptions.VaultDown | hvac.exceptions.UnexpectedError """ > raise exceptions.VaultError.from_status( status_code, message, errors=errors, method=method, url=url, text=text, json=json, ) E hvac.exceptions.InvalidRequest: The provided CA PEM data contains no valid certificates, on post https://127.0.0.1:35807/v1/auth/kubernetes-test/config hvac/utils.py:41: InvalidRequest _________ TestAzure.test_delete_config_0_create_and_then_delete_config _________ a = (,) kw = {} @wraps(func) def standalone_func(*a, **kw): > return func(*(a + p.args), **p.kwargs, **kw) /usr/lib/python3.12/site-packages/parameterized/parameterized.py:620: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/integration_tests/api/secrets_engines/test_azure.py:116: in test_delete_config self.assertEqual( E AssertionError: {'cli[28 chars]'', 'subscription_id': '', 'tenant_id': '', 'r[16 chars]': 0} != {'cli[28 chars]'', 'identity_token_audience': '', 'identity_t[72 chars]: ''} E {'client_id': '', E 'environment': '', E + 'identity_token_audience': '', E + 'identity_token_ttl': 0, E 'root_password_ttl': 0, E 'subscription_id': '', E 'tenant_id': ''} _____________________ TestPki.test_sign_ssh_key_0_success ______________________ a = (,) kw = {} @wraps(func) def standalone_func(*a, **kw): > return func(*(a + p.args), **p.kwargs, **kw) /usr/lib/python3.12/site-packages/parameterized/parameterized.py:620: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ tests/integration_tests/api/secrets_engines/test_ssh.py:507: in test_sign_ssh_key read_public_key_response = self.client.secrets.ssh.sign_ssh_key( hvac/api/secrets_engines/ssh.py:554: in sign_ssh_key return self._adapter.post( hvac/adapters.py:159: in post return self.request("post", url, **kwargs) hvac/adapters.py:408: in request response = super().request(*args, **kwargs) hvac/adapters.py:376: in request self._raise_for_error(method, url, response) hvac/adapters.py:294: in _raise_for_error utils.raise_for_error( _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ method = 'post' url = 'https://127.0.0.1:35319/v1/ssh-integration-test/sign/test_role' status_code = 400, message = None errors = ['role is not configured to allow any principals'] text = '{"errors":["role is not configured to allow any principals"]}\n' json = {'errors': ['role is not configured to allow any principals']} def raise_for_error( method, url, status_code, message=None, errors=None, text=None, json=None ): """Helper method to raise exceptions based on the status code of a response received back from Vault. :param method: HTTP method of a request to Vault. :type method: str :param url: URL of the endpoint requested in Vault. :type url: str :param status_code: Status code received in a response from Vault. :type status_code: int :param message: Optional message to include in a resulting exception. :type message: str :param errors: Optional errors to include in a resulting exception. :type errors: list | str :param text: Optional text of the response. :type text: str :param json: Optional deserialized version of a JSON response (object) :type json: object :raises: hvac.exceptions.InvalidRequest | hvac.exceptions.Unauthorized | hvac.exceptions.Forbidden | hvac.exceptions.InvalidPath | hvac.exceptions.RateLimitExceeded | hvac.exceptions.InternalServerError | hvac.exceptions.VaultNotInitialized | hvac.exceptions.BadGateway | hvac.exceptions.VaultDown | hvac.exceptions.UnexpectedError """ > raise exceptions.VaultError.from_status( status_code, message, errors=errors, method=method, url=url, text=text, json=json, ) E hvac.exceptions.InvalidRequest: role is not configured to allow any principals, on post https://127.0.0.1:35319/v1/ssh-integration-test/sign/test_role hvac/utils.py:41: InvalidRequest =============================== warnings summary =============================== tests/integration_tests/api/auth_methods/test_oidc.py::TestOIDC::test_oidc_callback_0_success tests/integration_tests/api/auth_methods/test_oidc.py::TestOIDC::test_oidc_callback_0_success tests/integration_tests/api/auth_methods/test_oidc.py::TestOIDC::test_oidc_callback_0_success /build/python-hvac/src/hvac-2.3.0/tests/utils/mock_oauth_provider/routes.py:21: LegacyAPIWarning: The Query.get() method is considered legacy as of the 1.x series of SQLAlchemy and becomes a legacy construct in 2.0. The method is now available as Session.get() (deprecated since: 2.0) (Background on SQLAlchemy 2.0 at: https://sqlalche.me/e/b8d9) return User.query.get(uid) tests/integration_tests/api/auth_methods/test_oidc.py::TestOIDC::test_oidc_callback_0_success /build/python-hvac/src/hvac-2.3.0/tests/utils/mock_oauth_provider/oauth2.py:89: LegacyAPIWarning: The Query.get() method is considered legacy as of the 1.x series of SQLAlchemy and becomes a legacy construct in 2.0. The method is now available as Session.get() (deprecated since: 2.0) (Background on SQLAlchemy 2.0 at: https://sqlalche.me/e/b8d9) return User.query.get(authorization_code.user_id) tests/integration_tests/api/auth_methods/test_token.py::TestToken::test_policy /usr/lib/python3.12/unittest/case.py:690: DeprecationWarning: It is deprecated to return a value that is not None from a test case (>) return self.run(*args, **kwds) tests/integration_tests/api/auth_methods/test_token.py::TestToken::test_role /usr/lib/python3.12/unittest/case.py:690: DeprecationWarning: It is deprecated to return a value that is not None from a test case (>) return self.run(*args, **kwds) tests/integration_tests/api/secrets_engines/test_kv_v2.py::TestKvV2::test_patch_0_add_new_key_to_existing_secret tests/integration_tests/api/secrets_engines/test_kv_v2.py::TestKvV2::test_patch_1_add_new_key_to_nonexistent_secret tests/integration_tests/api/secrets_engines/test_kv_v2.py::TestKvV2::test_patch_2_update_existing_key_on_existing_secret /build/python-hvac/src/hvac-2.3.0/hvac/api/secrets_engines/kv_v2.py:224: DeprecationWarning: The raise_on_deleted_version parameter will change its default value to False in hvac v3.0.0. The current default of True will presere previous behavior. To use the old behavior with no warning, explicitly set this value to True. See https://github.com/hvac/hvac/pull/907 current_secret_version = self.read_secret_version( tests/integration_tests/api/secrets_engines/test_kv_v2.py::TestKvV2::test_patch_0_add_new_key_to_existing_secret tests/integration_tests/api/secrets_engines/test_kv_v2.py::TestKvV2::test_patch_2_update_existing_key_on_existing_secret /build/python-hvac/src/hvac-2.3.0/tests/integration_tests/api/secrets_engines/test_kv_v2.py:269: DeprecationWarning: The raise_on_deleted_version parameter will change its default value to False in hvac v3.0.0. The current default of True will presere previous behavior. To use the old behavior with no warning, explicitly set this value to True. See https://github.com/hvac/hvac/pull/907 read_secret_result = self.client.secrets.kv.v2.read_secret_version( tests/integration_tests/api/secrets_engines/test_kv_v2.py::TestKvV2::test_read_secret_version_0_nonexistent_secret /build/python-hvac/src/hvac-2.3.0/tests/integration_tests/api/secrets_engines/test_kv_v2.py:115: DeprecationWarning: The raise_on_deleted_version parameter will change its default value to False in hvac v3.0.0. The current default of True will presere previous behavior. To use the old behavior with no warning, explicitly set this value to True. See https://github.com/hvac/hvac/pull/907 self.client.secrets.kv.v2.read_secret_version( tests/integration_tests/api/secrets_engines/test_kv_v2.py::TestKvV2::test_read_secret_version_1_read_secret_version_2_back tests/integration_tests/api/secrets_engines/test_kv_v2.py::TestKvV2::test_read_secret_version_2_read_secret_version_1_back tests/integration_tests/api/secrets_engines/test_kv_v2.py::TestKvV2::test_read_secret_version_3_read_current_secret_version tests/integration_tests/api/secrets_engines/test_kv_v2.py::TestKvV2::test_read_secret_version_4_read_current_secret_version /build/python-hvac/src/hvac-2.3.0/tests/integration_tests/api/secrets_engines/test_kv_v2.py:121: DeprecationWarning: The raise_on_deleted_version parameter will change its default value to False in hvac v3.0.0. The current default of True will presere previous behavior. To use the old behavior with no warning, explicitly set this value to True. See https://github.com/hvac/hvac/pull/907 read_secret_result = self.client.secrets.kv.v2.read_secret_version( tests/integration_tests/api/system_backend/test_lease.py::TestLease::test_list_leases /build/python-hvac/src/hvac-2.3.0/tests/integration_tests/api/system_backend/test_lease.py:39: DeprecationWarning: write() argument 'path' was supplied as a keyword argument and will not be written as data. To write this data with a 'path' key, use the write_data() method. To continue using write() and suppress this warning, supply this argument positionally. For more information see: https://github.com/hvac/hvac/issues/1034 self.client.write( tests/integration_tests/api/system_backend/test_lease.py::TestLease::test_read_lease /build/python-hvac/src/hvac-2.3.0/tests/integration_tests/api/system_backend/test_lease.py:21: DeprecationWarning: write() argument 'path' was supplied as a keyword argument and will not be written as data. To write this data with a 'path' key, use the write_data() method. To continue using write() and suppress this warning, supply this argument positionally. For more information see: https://github.com/hvac/hvac/issues/1034 pki_issue_response = self.client.write( tests/integration_tests/api/system_backend/test_lease.py::TestLease::test_revoke_force /build/python-hvac/src/hvac-2.3.0/tests/integration_tests/api/system_backend/test_lease.py:93: DeprecationWarning: write() argument 'path' was supplied as a keyword argument and will not be written as data. To write this data with a 'path' key, use the write_data() method. To continue using write() and suppress this warning, supply this argument positionally. For more information see: https://github.com/hvac/hvac/issues/1034 pki_issue_response = self.client.write( tests/integration_tests/api/system_backend/test_lease.py::TestLease::test_revoke_lease /build/python-hvac/src/hvac-2.3.0/tests/integration_tests/api/system_backend/test_lease.py:55: DeprecationWarning: write() argument 'path' was supplied as a keyword argument and will not be written as data. To write this data with a 'path' key, use the write_data() method. To continue using write() and suppress this warning, supply this argument positionally. For more information see: https://github.com/hvac/hvac/issues/1034 pki_issue_response = self.client.write( tests/integration_tests/api/system_backend/test_lease.py::TestLease::test_revoke_prefix /build/python-hvac/src/hvac-2.3.0/tests/integration_tests/api/system_backend/test_lease.py:76: DeprecationWarning: write() argument 'path' was supplied as a keyword argument and will not be written as data. To write this data with a 'path' key, use the write_data() method. To continue using write() and suppress this warning, supply this argument positionally. For more information see: https://github.com/hvac/hvac/issues/1034 pki_issue_response = self.client.write( tests/integration_tests/api/system_backend/test_wrapping.py::TestWrapping::test_unwrap /build/python-hvac/src/hvac-2.3.0/tests/integration_tests/api/system_backend/test_wrapping.py:17: DeprecationWarning: write() argument 'path' was supplied as a keyword argument and will not be written as data. To write this data with a 'path' key, use the write_data() method. To continue using write() and suppress this warning, supply this argument positionally. For more information see: https://github.com/hvac/hvac/issues/1034 self.client.write( tests/integration_tests/api/system_backend/test_wrapping.py::TestWrapping::test_unwrap /build/python-hvac/src/hvac-2.3.0/tests/integration_tests/api/system_backend/test_wrapping.py:20: DeprecationWarning: write() argument 'path' was supplied as a keyword argument and will not be written as data. To write this data with a 'path' key, use the write_data() method. To continue using write() and suppress this warning, supply this argument positionally. For more information see: https://github.com/hvac/hvac/issues/1034 result = self.client.write( tests/integration_tests/api/system_backend/test_wrapping.py::TestWrapping::test_unwrap /build/python-hvac/src/hvac-2.3.0/tests/integration_tests/api/system_backend/test_wrapping.py:20: DeprecationWarning: write() argument 'wrap_ttl' was supplied as a keyword argument and will not be written as data. To write this data with a 'wrap_ttl' key, use the write_data() method. To continue using write() and suppress this warning, supply this argument positionally. For more information see: https://github.com/hvac/hvac/issues/1034 result = self.client.write( -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html =========================== short test summary info ============================ FAILED tests/integration_tests/api/auth_methods/test_kubernetes.py::TestKubernetes::test_configure_0_success FAILED tests/integration_tests/api/auth_methods/test_kubernetes.py::TestKubernetes::test_configure_1_issuer_test FAILED tests/integration_tests/api/auth_methods/test_kubernetes.py::TestKubernetes::test_configure_5_missing_kubernetes_ca_cert FAILED tests/integration_tests/api/auth_methods/test_kubernetes.py::TestKubernetes::test_list_roles_0_success FAILED tests/integration_tests/api/auth_methods/test_kubernetes.py::TestKubernetes::test_list_roles_1_no_roles FAILED tests/integration_tests/api/auth_methods/test_kubernetes.py::TestKubernetes::test_read_config_0_success FAILED tests/integration_tests/api/secrets_engines/test_azure.py::TestAzure::test_delete_config_0_create_and_then_delete_config FAILED tests/integration_tests/api/secrets_engines/test_ssh.py::TestPki::test_sign_ssh_key_0_success ERROR tests/integration_tests/api/system_backend/test_health.py::TestHealth::test_read_health_status_0_default_params ERROR tests/integration_tests/api/system_backend/test_health.py::TestHealth::test_read_health_status_1_unsealed_standby_node_HEAD_method ERROR tests/integration_tests/api/system_backend/test_health.py::TestHealth::test_read_health_status_2_unsealed_standby_node_GET_method ERROR tests/integration_tests/api/system_backend/test_health.py::TestHealth::test_read_health_status_3_sealed_standby_node_HEAD_method ERROR tests/integration_tests/api/system_backend/test_health.py::TestHealth::test_read_health_status_4_sealed_standby_node_GET_method ERROR tests/integration_tests/api/system_backend/test_health.py::TestHealth::test_read_health_status_5_GET_method = 8 failed, 1437 passed, 59 skipped, 24 warnings, 6 errors in 447.62s (0:07:27) = ==> ERROR: A failure occurred in check().  Aborting... ==> ERROR: Build failed, check /var/lib/archbuild/extra-riscv64/root1/build [?25h[?25hreceiving incremental file list python-hvac-2.3.0-1-riscv64-build.log python-hvac-2.3.0-1-riscv64-check.log python-hvac-2.3.0-1-riscv64-prepare.log sent 81 bytes received 13,486 bytes 5,426.80 bytes/sec total size is 211,009 speedup is 15.55