tests: make integV2 locally runnable

[jmayclin]

Resolved issues:

Closes #4342
Part of #5027

Motivation

When tests can't be easily run locally, development becomes incredibly painful. Iteration is slow, and debugging is difficult.

IntegV2 is hard to run locally for two and a half reasons.

Reason 1: Python - "𝒿𝓊𝓈𝓉 𝓅𝓎𝓉𝒽𝑜𝓃 𝓉𝒽𝒾𝓃𝑔𝓈" It is relatively tricky to pull in the correct dependencies for a python project. Pip environment management, versioning, etc. tox also confuses me, but perhaps this is just me being smooth brained.

Reason 2: Executable - We require that all executables are available (on the path!) to run the IntegV2 tests. This means that an engineer has to install apache, gnutls, java, openssl, etc. Which is a lot.

Reason 2.5: We hard code specific CI assumptions. This includes things like paths, environment variables, etc.

Description of changes:

To solve the python things, we use uv. uv provides a cargo-like python experience. Dependency versions are defined in pyproject.toml. uv automatically pulls in these dependencies and sets up the correct virtual environment. No pip install shenanigans required. uv also makes it incredibly easy to run linters/formatters (not added in this PR)

To solve the executable issues, we add a new path configuration fixture. It currently only supports s2nd/s2nc and the JavaSSL socket client. It will gracefully skip a test if the executable is not available. Additionally, it does not requires s2nd/s2nc to be installed to the PATH.

Call-outs:

For a full description of the proposed work, see this.

Testing:

When running

uv run pytest --provider-version openssl_3_0 --best-effort -x -rpfs -n auto -k happy_path

without the java client compiled, I see the following report.

SKIPPED [2640] fixtures.py:65: <class 'providers.OpenSSL'> is not available
SKIPPED [2524] fixtures.py:65: <class 'providers.GnuTLS'> is not available
SKIPPED [740] fixtures.py:65: <class 'providers.JavaSSL'> is not available
SKIPPED [148] fixtures.py:65: <class 'providers.SSLv3Provider'> is not available
================ 2788 passed, 6052 skipped in 86.19s (0:01:26) =================

With the java client compiled, I see the following report.

SKIPPED [2640] fixtures.py:65: <class 'providers.OpenSSL'> is not available
SKIPPED [2524] fixtures.py:65: <class 'providers.GnuTLS'> is not available
SKIPPED [148] fixtures.py:65: <class 'providers.SSLv3Provider'> is not available
================ 3528 passed, 5312 skipped in 106.05s (0:01:46) ================

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[jmayclin]

In newer versions of python, set initialization is not stable. So each pytest worker process was iterating through SSLYZE_SCANS_TO_TEST in a different order, which means that the "test collection" list was not the same across processes. This causes a fatal error.

Converting the set to a list makes a stable iteration order.

[dougch]

uv is a neat little utility- agree that it's an improvement over tox/pyenv/virtenv. This PR does a few other useful things that are neat: OpenSSL 3 provider and a sslyze update. FWIW, uv and nix aren't mutually exclusive, it works fine inside of a nix devshell, and it might make sense to think more about where the python package management lives

[dougch]

This isn't really optional though? Even if it's invalid, it's a required field - (Or the if "fips" check needs to be proper python)

[jmayclin]

Not actually changing any of the provider version, it was just picked up by the formatter. surgically reverted.