def test_generic(self, taskId, startTime, endTime, name, value): key_file = os.path.join(os.path.dirname(__file__), "public.key") self.assertTrue( subject.encryptEnvVar(taskId, startTime, endTime, name, value, key_file).startswith("wcB"), "Encrypted string should always start with 'wcB'")
def make_task_graph(public_key, signing_pvt_key, product, root_home_dir, root_template="release_graph.yml.tmpl", template_dir=DEFAULT_TEMPLATE_DIR, **template_kwargs): # TODO: some validation of template_kwargs + defaults env = Environment(loader=FileSystemLoader([ path.join(template_dir, root_home_dir), path.join(template_dir, 'notification') ]), undefined=StrictUndefined, extensions=['jinja2.ext.do']) now = arrow.now() now_ms = now.timestamp * 1000 # Don't let the signing pvt key leak into the task graph. with open(signing_pvt_key) as f: pvt_key = f.read() template = env.get_template(root_template) template_vars = { "product": product, "stableSlugId": stable_slug_id(), "chunkify": chunkify, "sorted": sorted, "now": now, "now_ms": now_ms, # This is used in defining expirations in tasks. There's no way to # actually tell Taskcluster never to expire them, but 1,000 years # is as good as never.... "never": arrow.now().replace(years=1000), "pushlog_id": get_json_rev(template_kwargs["repo_path"], template_kwargs["revision"])["pushid"], "get_treeherder_platform": treeherder_platform, "encrypt_env_var": lambda *args: encryptEnvVar(*args, keyFile=public_key), "buildbot2ftp": buildbot2ftp, "buildbot2bouncer": buildbot2bouncer, "sign_task": partial(sign_task, pvt_key=pvt_key), } template_vars.update(template_kwargs) return yaml.safe_load(template.render(**template_vars))
def test_decryptMessage(self): privateKey = os.path.join(os.path.dirname(__file__), "secret.key") publicKey = os.path.join(os.path.dirname(__file__), "public.key") expected = { "messageVersion": "1", "taskId": "abcd", "startTime": 1, "endTime": 2, "name": "Name", "value": "Value" } encrypted = subject.encryptEnvVar("abcd", 1, 2, "Name", "Value", publicKey) decrypted = subject.decryptMessage(encrypted, privateKey) self.assertDictEqual(expected, decrypted)
def make_task_graph(public_key, signing_pvt_key, product, root_template="release_graph.yml.tmpl", template_dir=DEFAULT_TEMPLATE_DIR, **template_kwargs): # TODO: some validation of template_kwargs + defaults env = Environment( loader=FileSystemLoader(path.join(template_dir, product)), undefined=StrictUndefined, extensions=['jinja2.ext.do']) th = TreeherderClient() now = arrow.now() now_ms = now.timestamp * 1000 # Don't let the signing pvt key leak into the task graph. with open(signing_pvt_key) as f: pvt_key = f.read() template = env.get_template(root_template) template_vars = { "product": product, "stableSlugId": stableSlugId(), "chunkify": chunkify, "sorted": sorted, "now": now, "now_ms": now_ms, # This is used in defining expirations in tasks. There's no way to # actually tell Taskcluster never to expire them, but 1,000 years # is as good as never.... "never": arrow.now().replace(years=1000), # Treeherder expects 12 symbols in revision "revision_hash": th.get_resultsets( template_kwargs["branch"], revision=template_kwargs["revision"][:12])[0]["revision_hash"], "get_treeherder_platform": treeherder_platform, "encrypt_env_var": lambda *args: encryptEnvVar(*args, keyFile=public_key), "buildbot2ftp": buildbot2ftp, "buildbot2bouncer": buildbot2bouncer, "sign_task": partial(sign_task, pvt_key=pvt_key), } template_vars.update(template_kwargs) return yaml.safe_load(template.render(**template_vars))
def test_generic(self, taskId, startTime, endTime, name, value): key_file = os.path.join(os.path.dirname(__file__), "public.key") self.assertTrue(subject.encryptEnvVar(taskId, startTime, endTime, name, value, key_file).startswith(b"wcB"), "Encrypted string should always start with 'wcB'")
"to_build_number": TO["build_number"], "stableSlugId": stableSlugId(), "chunkify": chunkify, "sorted": sorted, "now": now, "now_ms": now_ms, "never": arrow.now().replace(years=1), "encrypt_env_var": lambda *args: encryptEnvVar(*args, keyFile='docker-worker-pub.pem'), "sign_task": partial(sign_task, pvt_key=pvt_key), "balrog_username": cfg["balrog_username"], "balrog_password": cfg["balrog_password"], "beetmover_candidates_bucket": "net-mozaws-prod-delivery-firefox", "beetmover_aws_access_key_id": cfg["beetmover_aws_access_key_id"], "beetmover_aws_secret_access_key": cfg["beetmover_aws_secret_access_key"], "product": "firefox", "repo_path":