def test___sign_image_podman_image_sign_fail(self, podman_mock): with TempDirectory() as temp_dir: pgp_private_key_fingerprint = 'abc123' image_signatures_directory = os.path.join(temp_dir.path, 'signatures') container_image_tag = 'does/not/matter:v0.42.0' podman_mock.image.side_effect = sh.ErrorReturnCode('podman', b'mock stdout', b'mock error signing image') with self.assertRaisesRegex( StepRunnerException, re.compile( rf"Error signing image \({container_image_tag}\):" r".*RAN: podman" r".*STDOUT:" r".*mock stdout" r".*STDERR:" r".*mock error signing image", re.DOTALL ) ): PodmanSign._PodmanSign__sign_image( pgp_private_key_fingerprint=pgp_private_key_fingerprint, image_signatures_directory=image_signatures_directory, container_image_tag=container_image_tag ) podman_mock.image.assert_called_once_with( 'sign', f'--sign-by={pgp_private_key_fingerprint}', f'--directory={image_signatures_directory}', f'docker://{container_image_tag}', _out=Any(IOBase), _err_to_out=True, _tee='out' )
def test___sign_image_podman_image_sign_to_many_sigs(self, podman_mock): with TempDirectory() as temp_dir: pgp_private_key_fingerprint = 'abc123' image_signatures_directory = os.path.join(temp_dir.path, 'signatures') container_image_tag = 'does/not/matter:v0.42.0' podman_mock.image.side_effect = TestStepImplementerSignContainerImagePodman.\ create_podman_image_sign_side_effect(num_signatures=2) with self.assertRaisesRegex( StepRunnerException, re.compile( r"Unexpected number of signature files, expected 1: \['.*', '.*'\]", re.DOTALL ) ): PodmanSign._PodmanSign__sign_image( pgp_private_key_fingerprint=pgp_private_key_fingerprint, image_signatures_directory=image_signatures_directory, container_image_tag=container_image_tag ) podman_mock.image.assert_called_once_with( 'sign', f'--sign-by={pgp_private_key_fingerprint}', f'--directory={image_signatures_directory}', f'docker://{container_image_tag}', _out=Any(IOBase), _err_to_out=True, _tee='out' )
def test___import_pgp_key_gpg_import_fail(self, gpg_mock): gpg_mock.side_effect = sh.ErrorReturnCode('gpg', b'mock stdout', b'mock error') pgp_private_key = TestStepImplementerSignContainerImagePodman.TEST_FAKE_PRIVATE_KEY with self.assertRaisesRegex( StepRunnerException, re.compile( r"Error importing pgp private key:" r".*RAN: gpg" r".*STDOUT:" r".*mock stdout" r".*STDERR:" r".*mock error", re.DOTALL)): PodmanSign._PodmanSign__import_pgp_key( pgp_private_key=pgp_private_key) gpg_mock.assert_called_once_with('--import', '--fingerprint', '--with-colons', '--import-options=import-show', _in=pgp_private_key, _out=Any(IOBase), _err_to_out=True, _tee='out')
def test___import_pgp_key_fail_get_fingerprint(self, gpg_mock): pgp_private_key=TestStepImplementerSignContainerImagePodman.TEST_FAKE_PRIVATE_KEY with self.assertRaisesRegex( StepRunnerException, re.compile( r"Error getting PGP fingerprint for PGP key" r" to sign container image\(s\) with. See stdout and stderr for more info.", re.DOTALL ) ): PodmanSign._PodmanSign__import_pgp_key( pgp_private_key=pgp_private_key ) gpg_mock.assert_called_once_with( '--import', '--fingerprint', '--with-colons', '--import-options=import-show', _in=pgp_private_key, _out=Any(IOBase), _err_to_out=True, _tee='out' )
def test___import_pgp_key_success(self, gpg_mock): gpg_mock.side_effect = TestStepImplementerSignContainerImagePodman.gpg_side_effect pgp_private_key = TestStepImplementerSignContainerImagePodman.TEST_FAKE_PRIVATE_KEY PodmanSign._PodmanSign__import_pgp_key(pgp_private_key=pgp_private_key) gpg_mock.assert_called_once_with('--import', '--fingerprint', '--with-colons', '--import-options=import-show', _in=pgp_private_key, _out=Any(IOBase), _err_to_out=True, _tee='out')
def test__required_config_or_result_keys(self): required_keys = PodmanSign._required_config_or_result_keys() expected_required_keys = [ ['signer-pgp-private-key', 'container-image-signer-pgp-private-key'], 'container-image-tag' ] self.assertEqual(required_keys, expected_required_keys)
def test_results(self, mock_super_required_keys): required_keys = PodmanSign._required_config_or_result_keys() expected_required_keys = [[ 'signer-pgp-private-key', 'container-image-signer-pgp-private-key' ]] self.assertEqual(required_keys, expected_required_keys) mock_super_required_keys.assert_called_once()
def test___sign_image_success(self, podman_mock): with TempDirectory() as temp_dir: pgp_private_key_fingerprint = 'abc123' image_signatures_directory = os.path.join(temp_dir.path, 'signatures') container_image_tag = 'does/not/matter:v0.42.0' podman_mock.image.side_effect = TestStepImplementerSignContainerImagePodman.\ create_podman_image_sign_side_effect() PodmanSign._PodmanSign__sign_image( pgp_private_key_fingerprint=pgp_private_key_fingerprint, image_signatures_directory=image_signatures_directory, container_image_tag=container_image_tag) podman_mock.image.assert_called_once_with( 'sign', f'--sign-by={pgp_private_key_fingerprint}', f'--directory={image_signatures_directory}', f'docker://{container_image_tag}', _out=Any(IOBase), _err_to_out=True, _tee='out')
def test_step_implementer_config_defaults(self): defaults = PodmanSign.step_implementer_config_defaults() expected_defaults = { 'src-tls-verify': 'true' } self.assertEqual(defaults, expected_defaults)
def test_step_implementer_config_defaults(self): defaults = PodmanSign.step_implementer_config_defaults() expected_defaults = {} self.assertEqual(defaults, expected_defaults)
def test_results(self, mock_super_config_defaults): defaults = PodmanSign.step_implementer_config_defaults() expected_defaults = {'src-tls-verify': 'true'} self.assertEqual(defaults, expected_defaults) mock_super_config_defaults.assert_called_once()