def test_link_cot(chain):
link = cotverify.LinkOfTrust(chain.context, 'build', "task_id")
cot = get_cot(chain.task, task_id=link.task_id)
link.cot = cot
assert link.cot == cot
with pytest.raises(CoTError):
link.cot = {}
# mismatched taskId should raise
link2 = cotverify.LinkOfTrust(chain.context, 'build', "different_task_id")
with pytest.raises(CoTError):
link2.cot = cot
def test_link_task(chain):
link = cotverify.LinkOfTrust(chain.context, 'build', "one")
link.task = chain.task
assert not link.is_try
assert link.worker_impl == 'scriptworker'
with pytest.raises(CoTError):
link.task = {}
def docker_image_link(chain):
link = cotverify.LinkOfTrust(chain.context, 'docker-image',
'docker_image_task_id')
link.cot = {
'taskId': 'docker_image_task_id',
'artifacts': {
'path/image': {
'sha256': 'built_docker_image_sha',
},
},
'environment': {
'imageHash': "sha256:docker_image_sha",
},
}
link.task = {
'taskGroupId': 'decision_task_id',
'schedulerId': 'scheduler_id',
'provisionerId': 'provisioner_id',
'workerType': 'workerType',
'scopes': [],
'metadata': {
'source': 'https://hg.mozilla.org/mozilla-central',
},
'payload': {
'image': "blah",
'env': {
"HEAD_REF": "x",
},
'command': ["/bin/bash", "-c", "/home/worker/bin/build_image.sh"],
},
'extra': {},
}
yield link
def release_action_link(chain):
# Release action tasks look like decision tasks (self-contained graph) but
# are action tasks.
link = cotverify.LinkOfTrust(chain.context, 'decision',
'relaction_task_id')
link.cot = {
'taskId': 'relaction_task_id',
'environment': {
'imageHash': "sha256:decision_image_sha",
},
}
link.task = {
'taskGroupId': 'relaction_task_id',
'schedulerId': 'scheduler_id',
'provisionerId': 'provisioner_id',
'workerType': 'workerType',
'scopes': [],
'metadata': {
'source': 'https://hg.mozilla.org/mozilla-central',
},
'payload': {
'image': "blah",
},
'extra': {
'action': {},
'parent': 'decision_task_id',
},
}
yield link
def test_get_link(chain, ids, req, raises):
for i in ids:
l = cotverify.LinkOfTrust(chain.context, 'build', i)
chain.links.append(l)
if raises:
with pytest.raises(CoTError):
chain.get_link(req)
else:
chain.get_link(req)
def build_link(chain):
link = cotverify.LinkOfTrust(chain.context, 'build', 'build_task_id')
link.cot = {
'taskId': 'build_task_id',
'environment': {
'imageArtifactHash': "sha256:built_docker_image_sha",
},
}
link.task = {
'taskGroupId': 'decision_task_id',
'schedulerId': 'scheduler_id',
'provisionerId': 'provisioner',
'workerType': 'workerType',
'scopes': [],
'dependencies': ['some_task_id'],
'metadata': {
'source': 'https://hg.mozilla.org/mozilla-central',
},
'payload': {
'artifacts': {
'foo': {
'sha256': "foo_sha",
'expires': "blah",
},
'bar': {
'sha256': "bar_sha",
},
},
'image': {
'taskId': 'docker_image_task_id',
'path': 'path/image',
},
'env': {
'HG_STORE_PATH': 'foo',
},
},
'extra': {
'chainOfTrust': {
'inputs': {
'docker-image': 'docker_image_task_id',
},
},
'parent': 'decision_task_id',
},
}
yield link
def decision_link(chain):
link = cotverify.LinkOfTrust(chain.context, 'decision', 'decision_task_id')
link.cot = {
'environment': {
'imageHash': "sha256:decision_image_sha",
},
}
link.task = {
'taskGroupId': 'decision_task_id',
'schedulerId': 'scheduler_id',
'provisionerId': 'provisioner_id',
'workerType': 'workerType',
'scopes': [],
'metadata': {
'source': 'https://hg.mozilla.org/mozilla-central',
},
'payload': {
'image': "blah",
},
'extra': {},
}
yield link
def test_dependent_task_ids(chain):
ids = ["one", "TWO", "thr33", "vier"]
for i in ids:
l = cotverify.LinkOfTrust(chain.context, 'build', i)
chain.links.append(l)
assert sorted(chain.dependent_task_ids()) == sorted(ids)
def test_link_cot(chain):
link = cotverify.LinkOfTrust(chain.context, 'build', "one")
link.cot = chain.task
assert link.cot == chain.task
with pytest.raises(CoTError):
link.cot = {}
