def test___sign_image_podman_image_sign_fail(self, podman_mock):
with TempDirectory() as temp_dir:
pgp_private_key_fingerprint = 'abc123'
image_signatures_directory = os.path.join(temp_dir.path, 'signatures')
container_image_tag = 'does/not/matter:v0.42.0'
podman_mock.image.side_effect = sh.ErrorReturnCode('podman', b'mock stdout', b'mock error signing image')
with self.assertRaisesRegex(
StepRunnerException,
re.compile(
rf"Error signing image \({container_image_tag}\):"
r".*RAN: podman"
r".*STDOUT:"
r".*mock stdout"
r".*STDERR:"
r".*mock error signing image",
re.DOTALL
)
):
PodmanSign._PodmanSign__sign_image(
pgp_private_key_fingerprint=pgp_private_key_fingerprint,
image_signatures_directory=image_signatures_directory,
container_image_tag=container_image_tag
)
podman_mock.image.assert_called_once_with(
'sign',
f'--sign-by={pgp_private_key_fingerprint}',
f'--directory={image_signatures_directory}',
f'docker://{container_image_tag}',
_out=Any(IOBase),
_err_to_out=True,
_tee='out'
)
def test___sign_image_podman_image_sign_to_many_sigs(self, podman_mock):
with TempDirectory() as temp_dir:
pgp_private_key_fingerprint = 'abc123'
image_signatures_directory = os.path.join(temp_dir.path, 'signatures')
container_image_tag = 'does/not/matter:v0.42.0'
podman_mock.image.side_effect = TestStepImplementerSignContainerImagePodman.\
create_podman_image_sign_side_effect(num_signatures=2)
with self.assertRaisesRegex(
StepRunnerException,
re.compile(
r"Unexpected number of signature files, expected 1: \['.*', '.*'\]",
re.DOTALL
)
):
PodmanSign._PodmanSign__sign_image(
pgp_private_key_fingerprint=pgp_private_key_fingerprint,
image_signatures_directory=image_signatures_directory,
container_image_tag=container_image_tag
)
podman_mock.image.assert_called_once_with(
'sign',
f'--sign-by={pgp_private_key_fingerprint}',
f'--directory={image_signatures_directory}',
f'docker://{container_image_tag}',
_out=Any(IOBase),
_err_to_out=True,
_tee='out'
)
def test___import_pgp_key_gpg_import_fail(self, gpg_mock):
gpg_mock.side_effect = sh.ErrorReturnCode('gpg', b'mock stdout',
b'mock error')
pgp_private_key = TestStepImplementerSignContainerImagePodman.TEST_FAKE_PRIVATE_KEY
with self.assertRaisesRegex(
StepRunnerException,
re.compile(
r"Error importing pgp private key:"
r".*RAN: gpg"
r".*STDOUT:"
r".*mock stdout"
r".*STDERR:"
r".*mock error", re.DOTALL)):
PodmanSign._PodmanSign__import_pgp_key(
pgp_private_key=pgp_private_key)
gpg_mock.assert_called_once_with('--import',
'--fingerprint',
'--with-colons',
'--import-options=import-show',
_in=pgp_private_key,
_out=Any(IOBase),
_err_to_out=True,
_tee='out')
def test___import_pgp_key_fail_get_fingerprint(self, gpg_mock):
pgp_private_key=TestStepImplementerSignContainerImagePodman.TEST_FAKE_PRIVATE_KEY
with self.assertRaisesRegex(
StepRunnerException,
re.compile(
r"Error getting PGP fingerprint for PGP key"
r" to sign container image\(s\) with. See stdout and stderr for more info.",
re.DOTALL
)
):
PodmanSign._PodmanSign__import_pgp_key(
pgp_private_key=pgp_private_key
)
gpg_mock.assert_called_once_with(
'--import',
'--fingerprint',
'--with-colons',
'--import-options=import-show',
_in=pgp_private_key,
_out=Any(IOBase),
_err_to_out=True,
_tee='out'
)
def test___import_pgp_key_success(self, gpg_mock):
gpg_mock.side_effect = TestStepImplementerSignContainerImagePodman.gpg_side_effect
pgp_private_key = TestStepImplementerSignContainerImagePodman.TEST_FAKE_PRIVATE_KEY
PodmanSign._PodmanSign__import_pgp_key(pgp_private_key=pgp_private_key)
gpg_mock.assert_called_once_with('--import',
'--fingerprint',
'--with-colons',
'--import-options=import-show',
_in=pgp_private_key,
_out=Any(IOBase),
_err_to_out=True,
_tee='out')
def test__required_config_or_result_keys(self):
required_keys = PodmanSign._required_config_or_result_keys()
expected_required_keys = [
['signer-pgp-private-key', 'container-image-signer-pgp-private-key'],
'container-image-tag'
]
self.assertEqual(required_keys, expected_required_keys)
def test_results(self, mock_super_required_keys):
required_keys = PodmanSign._required_config_or_result_keys()
expected_required_keys = [[
'signer-pgp-private-key', 'container-image-signer-pgp-private-key'
]]
self.assertEqual(required_keys, expected_required_keys)
mock_super_required_keys.assert_called_once()
def test___sign_image_success(self, podman_mock):
with TempDirectory() as temp_dir:
pgp_private_key_fingerprint = 'abc123'
image_signatures_directory = os.path.join(temp_dir.path,
'signatures')
container_image_tag = 'does/not/matter:v0.42.0'
podman_mock.image.side_effect = TestStepImplementerSignContainerImagePodman.\
create_podman_image_sign_side_effect()
PodmanSign._PodmanSign__sign_image(
pgp_private_key_fingerprint=pgp_private_key_fingerprint,
image_signatures_directory=image_signatures_directory,
container_image_tag=container_image_tag)
podman_mock.image.assert_called_once_with(
'sign',
f'--sign-by={pgp_private_key_fingerprint}',
f'--directory={image_signatures_directory}',
f'docker://{container_image_tag}',
_out=Any(IOBase),
_err_to_out=True,
_tee='out')
def test_step_implementer_config_defaults(self):
defaults = PodmanSign.step_implementer_config_defaults()
expected_defaults = {
'src-tls-verify': 'true'
}
self.assertEqual(defaults, expected_defaults)
def test_step_implementer_config_defaults(self):
defaults = PodmanSign.step_implementer_config_defaults()
expected_defaults = {}
self.assertEqual(defaults, expected_defaults)
def test_results(self, mock_super_config_defaults):
defaults = PodmanSign.step_implementer_config_defaults()
expected_defaults = {'src-tls-verify': 'true'}
self.assertEqual(defaults, expected_defaults)
mock_super_config_defaults.assert_called_once()
