client: Close http connection after each request.

Make python3 resource leak detector happy.

client: Close http connection after each request.
Make python3 resource leak detector happy.
f7d8281d · Vincent Pelletier · bd633a1e · f7d8281d · f7d8281d · f7d8281d
Commit f7d8281d authored Apr 07, 2021 by Vincent Pelletier
Show whitespace changes
Inline Side-by-side

Showing with 85 additions and 50 deletions

CHANGES.txt CHANGES.txt +4 -0

caucase/cli.py caucase/cli.py +59 -43

caucase/client.py caucase/client.py +22 -7

No files found.
--- a/CHANGES.txt
+++ b/CHANGES.txt
+0.9.10 (not released yet)
+===================
+* Add caucase.client.CaucaseClient.close method.
 0.9.9 (2021-03-02)
 ==================
 * Add AuthorityKeyIdentifier extension in CRLs.

--- a/caucase/cli.py
+++ b/caucase/cli.py
@@ -113,6 +113,18 @@ class CLICaucaseClient(object):
    kw.setdefault('file', self._stdout)
    print(*args, **kw)
+  def __enter__(self):
+    return self
+  def __exit__(self, exc_type, exc_value, traceback):
+    self.close()
+  def close(self):
+    """
+    Tell client to close any open connection.
+    """
+    self._client.close()
  def putCSR(self, csr_path_list):
    """
    --send-csr
@@ -610,7 +622,7 @@ def main(argv=None, stdout=sys.stdout, stderr=sys.stderr):
    if args.update_user or args.mode == MODE_USER:
      updated |= CaucaseClient.updateCAFile(cau_url, args.user_ca_crt)
-    client = CLICaucaseClient(
+    with CLICaucaseClient(
      client=CaucaseClient(
        ca_url={
          MODE_SERVICE: cas_url,
@@ -621,7 +633,7 @@ def main(argv=None, stdout=sys.stdout, stderr=sys.stderr):
      ),
      stdout=stdout,
      stderr=stderr,
-    )
+    ) as client:
      ca_list = [
        utils.load_ca_certificate(x)
        for x in utils.getCertList({
@@ -695,14 +707,13 @@ def probe(argv=None):
  )
  ca_url, = parser.parse_args(argv).ca_url
  cas_url = ca_url + '/cas'
-  http_client = CaucaseClient(
+  with CaucaseClient(ca_url=cas_url) as http_client:
-    ca_url=cas_url,
-  )
    http_ca_pem = http_client.getCACertificate()
-  https_ca_pem = HTTPSOnlyCaucaseClient(
+    with HTTPSOnlyCaucaseClient(
      ca_url=cas_url,
      ca_crt_pem_list=[http_ca_pem],
-  ).getCACertificate()
+    ) as https_client:
+      https_ca_pem = https_client.getCACertificate()
    # Retrieve again in case there was a renewal between both calls - we do
    # not expect 2 renewals in very short succession.
    http2_ca_pem = http_client.getCACertificate()
@@ -837,6 +848,7 @@ def updater(argv=None, until=utils.until):
    'Will be maintained up-to-date.'
  )
  args = parser.parse_args(argv)
+  client = None
  try:
    cas_url = args.ca_url + '/cas'
    ca_url = {
@@ -892,6 +904,7 @@ def updater(argv=None, until=utils.until):
        cas_url,
        args.cas_ca,
      ):
+        client.close()
        client = RetryingCaucaseClient(
          ca_url=ca_url,
          ca_crt_pem_list=utils.getCertList(args.cas_ca)
@@ -962,6 +975,9 @@ def updater(argv=None, until=utils.until):
    # Not intercepting KeyboardInterrupt so interrupting outside of
    # interruptibleSleep shows where the script got interrupted.
    pass
+  finally:
+    if client is not None:
+      client.close()
 def rerequest(argv=None):
  """

--- a/caucase/client.py
+++ b/caucase/client.py
@@ -88,8 +88,8 @@ class CaucaseClient(object):
    """
    loaded_ca_pem_list = utils.getCertList(ca_crt_path)
    if not loaded_ca_pem_list:
-      ca_pem = cls(ca_url=url).getCACertificate()
+      with cls(ca_url=url) as client:
-      utils.saveCertList(ca_crt_path, [ca_pem])
+        utils.saveCertList(ca_crt_path, [client.getCACertificate()])
      updated = True
      # Note: reloading from file instead of using ca_pem, to exercise the
      # same code path as future executions, to apply the same checks.
@@ -102,9 +102,8 @@ class CaucaseClient(object):
      for x in loaded_ca_pem_list
      if utils.load_ca_certificate(x).not_valid_after > now
    ]
-    ca_pem_list.extend(
+    with cls(ca_url=url, ca_crt_pem_list=ca_pem_list) as client:
-      cls(ca_url=url, ca_crt_pem_list=ca_pem_list).getCACertificateChain(),
+      ca_pem_list.extend(client.getCACertificateChain())
-    )
    if ca_pem_list != loaded_ca_pem_list:
      utils.saveCertList(ca_crt_path, ca_pem_list)
      updated = True
@@ -143,8 +142,11 @@ class CaucaseClient(object):
      updated = True
    else:
      updated = len(local_crl_list) != len(local_crl_dict)
-    server_crl_list = cls(ca_url=url).getCertificateRevocationListList()
+    with cls(ca_url=url) as client:
-    for ca_key_id, crl_pem in _asCRLDict(crl_list=server_crl_list).iteritems():
+      server_crl_list = client.getCertificateRevocationListList()
+    for ca_key_id, crl_pem in _asCRLDict(
+      crl_pem_list=server_crl_list,
+    ).iteritems():
      updated |= local_crl_dict.pop(ca_key_id, None) != crl_pem
    updated |= bool(local_crl_dict)
    if updated:
@@ -221,6 +223,19 @@ class CaucaseClient(object):
  def _https(self, method, url, body=None, headers=None):
    return self._request(self._https_connection, method, url, body, headers)
+  def __enter__(self):
+    return self
+  def __exit__(self, exc_type, exc_value, traceback):
+    self.close()
+  def close(self):
+    """
+    Close any open connection.
+    """
+    self._http_connection.close()
+    self._https_connection.close()
  def getCertificateRevocationList(self, authority_key_identifier):
    """
    [ANONYMOUS] Retrieve latest CRL for given integer authority key