From 012314d946b4e2bd9b60053166f42ff9617ffba6 Mon Sep 17 00:00:00 2001
From: Brad Warren <bmw@users.noreply.github.com>
Date: Mon, 29 Aug 2022 17:28:47 -0700
Subject: [PATCH] Deprecate source address (#9389)

* deprecate source_address

* filter warnings

* fix route53 tests

* test warning

* update docstring
---
 acme/acme/client.py       | 13 +++++++++++--
 acme/tests/client_test.py |  5 ++++-
 certbot/CHANGELOG.md      |  2 ++
 pytest.ini                | 10 +++-------
 4 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/acme/acme/client.py b/acme/acme/client.py
index e1dc9040f..dbb2a23f1 100644
--- a/acme/acme/client.py
+++ b/acme/acme/client.py
@@ -32,7 +32,13 @@ import OpenSSL
 import requests
 from requests.adapters import HTTPAdapter
 from requests.utils import parse_header_links
-from requests_toolbelt.adapters.source import SourceAddressAdapter
+# We're capturing the warnings described at
+# https://github.com/requests/toolbelt/issues/331 until we can remove this
+# dependency in Certbot 2.0.
+with warnings.catch_warnings():
+    warnings.filterwarnings("ignore", "'urllib3.contrib.pyopenssl",
+                            DeprecationWarning)
+    from requests_toolbelt.adapters.source import SourceAddressAdapter
 
 from acme import challenges
 from acme import crypto_util
@@ -1031,7 +1037,8 @@ class ClientNetwork:
     :param bool verify_ssl: Whether to verify certificates on SSL connections.
     :param str user_agent: String to send as User-Agent header.
     :param float timeout: Timeout for requests.
-    :param source_address: Optional source address to bind to when making requests.
+    :param source_address: Optional source address to bind to when making
+        requests. (deprecated since 1.30.0)
     :type source_address: str or tuple(str, int)
     """
     def __init__(self, key: jose.JWK, account: Optional[messages.RegistrationResource] = None,
@@ -1049,6 +1056,8 @@ class ClientNetwork:
         adapter = HTTPAdapter()
 
         if source_address is not None:
+            warnings.warn("Support for source_address is deprecated and will be "
+                          "removed soon.", DeprecationWarning, stacklevel=2)
             adapter = SourceAddressAdapter(source_address)
 
         self.session.mount("http://", adapter)
diff --git a/acme/tests/client_test.py b/acme/tests/client_test.py
index 7ce28b4fe..1d9aa27fe 100644
--- a/acme/tests/client_test.py
+++ b/acme/tests/client_test.py
@@ -1343,7 +1343,10 @@ class ClientNetworkSourceAddressBindingTest(unittest.TestCase):
 
     def test_source_address_set(self):
         from acme.client import ClientNetwork
-        net = ClientNetwork(key=None, alg=None, source_address=self.source_address)
+        with mock.patch('warnings.warn') as mock_warn:
+            net = ClientNetwork(key=None, alg=None, source_address=self.source_address)
+            mock_warn.assert_called_once()
+            self.assertIn('source_address', mock_warn.call_args[0][0])
         for adapter in net.session.adapters.values():
             self.assertIn(self.source_address, adapter.source_address)
 
diff --git a/certbot/CHANGELOG.md b/certbot/CHANGELOG.md
index 8a46f71ba..90df55e53 100644
--- a/certbot/CHANGELOG.md
+++ b/certbot/CHANGELOG.md
@@ -12,6 +12,8 @@ Certbot adheres to [Semantic Versioning](https://semver.org/).
 
 * The `certbot-dns-cloudxns` plugin is now deprecated and will be removed in the
   next major release of Certbot.
+* The `source_address` argument for `acme.client.ClientNetwork` is deprecated
+  and support for it will be removed in the next major release.
 
 ### Fixed
 
diff --git a/pytest.ini b/pytest.ini
index 92a403451..9e8fb5c7b 100644
--- a/pytest.ini
+++ b/pytest.ini
@@ -22,11 +22,8 @@
 #    the certbot.display.util module.
 # 5) A deprecation warning is raised in dnspython==1.15.0 in the oldest tests for
 #    certbot-dns-rfc2136.
-# 6) The vendored version of six in botocore causes ImportWarnings in Python
-#    3.10+. See https://github.com/boto/botocore/issues/2548.
-# 7) botocore's default TLS settings raise deprecation warnings in Python
-#    3.10+, but their values are sane from a security perspective. See
-#    https://github.com/boto/botocore/issues/2550.
+# 6) botocore is currently using deprecated urllib3 functionality. See
+#    https://github.com/boto/botocore/issues/2744.
 filterwarnings =
     error
     ignore:The external mock module:PendingDeprecationWarning
@@ -34,5 +31,4 @@ filterwarnings =
     ignore:.*attribute in certbot.interfaces module is deprecated:DeprecationWarning
     ignore:.*attribute in certbot.display.util module is deprecated:DeprecationWarning
     ignore:decodestring\(\) is a deprecated alias:DeprecationWarning:dns
-    ignore:_SixMetaPathImporter.:ImportWarning
-    ignore:ssl.PROTOCOL_TLS:DeprecationWarning:botocore
+    ignore:'urllib3.contrib.pyopenssl:DeprecationWarning:botocore