def test_signature_not_found_error():
sig_error = 'VERIFICATION FAILED: Signature not found'
fake_playbook = [{'name': "test playbook", 'vars': {}}]
with raises(PlaybookVerificationError) as error:
verify(fake_playbook, skipVerify=False)
assert sig_error in str(error.value)
def test_vars_not_found_error():
vars_error = 'VERIFICATION FAILED: Vars field not found'
fake_playbook = [{'name': "test playbook"}]
with raises(PlaybookVerificationError) as error:
verify(fake_playbook, skipVerify=False)
assert vars_error in str(error.value)
def test_empty_vars_error():
sig_error = 'VERIFICATION FAILED: Empty vars field'
fake_playbook = [{'name': "test playbook", 'vars': None}]
with raises(PlaybookVerificationError) as error:
verify(fake_playbook, skipVerify=False)
assert sig_error in str(error.value)
def test_signature_not_found_error():
sig_error = 'SIGNATURE NOT FOUND: Verification failed'
fake_playbook = [{'name': "test playbook", 'vars': {}}]
with raises(PlaybookVerificationError) as error:
verify(fake_playbook, skipVerify=False)
assert sig_error in str(error.value)
def test_vars_not_found_error():
vars_error = 'VARS FIELD NOT FOUND: Verification failed'
fake_playbook = [{'name': "test playbook"}]
with raises(PlaybookVerificationError) as error:
verify(fake_playbook, skipVerify=False)
assert vars_error in str(error.value)
def test_egg_validation_error(mock_get):
mock_get.return_value.text = '3.0.0'
egg_error = 'EGG VERSION ERROR: Current running egg is not the most recent version'
fake_playbook = [{'name': "test playbook"}]
with raises(PlaybookVerificationError) as error:
verify(fake_playbook, checkVersion=True)
assert egg_error in str(error.value)
def test_playbook_verification_error(call):
key_error = 'SIGNATURE NOT VALID: Template [name: test playbook] has invalid signature'
fake_playbook = [{
'name': "test playbook",
'vars': {
'insights_signature':
'TFMwdExTMUNSVWRKVGlCUVIxQWdVMGxIVGtGVVZWSkZMUzB0TFMwS0N==',
'insights_signature_exclude': '/vars/insights_signature'
}
}]
with raises(PlaybookVerificationError) as error:
verify(fake_playbook, skipVerify=False)
assert key_error in str(error.value)
def test_key_import_error():
key_error = "PUBLIC KEY IMPORT ERROR: Public key file not found"
fake_playbook = [{
'name': "test playbook",
'vars': {
'insights_signature':
'TFMwdExTMUNSVWRKVGlCUVIxQWdVMGxIVGtGVVZWSkZMUzB0TFMwS0N==',
'insights_signature_exclude': '/vars/insights_signature'
}
}]
with raises(PlaybookVerificationError) as error:
verify(fake_playbook, skipVerify=False)
assert key_error in str(error.value)
def test_revoked_playbook(call_1, call_2):
revoked_error = 'REVOKED PLAYBOOK: Template is on the revoked list [name: banned book]'
fake_playbook = [{
'name': "test playbook",
'vars': {
'insights_signature':
'TFMwdExTMUNSVWRKVGlCUVIxQWdVMGxIVGtGVVZWSkZMUzB0TFMwS0N==',
'insights_signature_exclude': '/vars/insights_signature'
}
}]
with raises(PlaybookVerificationError) as error:
verify(fake_playbook, skipVerify=False)
assert revoked_error in str(error.value)
def test_skip_validation():
result = verify([{
'name': "test playbook",
'vars': {}
}],
skipVerify=True,
checkVersion=False)
assert result == [{'name': "test playbook", 'vars': {}}]
def test_revocation_list_empty(call_1, call_2):
fake_playbook = [{
'name': "test playbook",
'vars': {
'insights_signature':
'TFMwdExTMUNSVWRKVGlCUVIxQWdVMGxIVGtGVVZWSkZMUzB0TFMwS0N==',
'insights_signature_exclude': '/vars/insights_signature'
}
}]
result = verify(fake_playbook, skipVerify=False)
assert result == fake_playbook
def test_playbook_verification_success(mock_method):
mock_method.return_value = True
fake_playbook = [{
'name': "test playbook",
'vars': {
'insights_signature':
'TFMwdExTMUNSVWRKVGlCUVIxQWdVMGxIVGtGVVZWSkZMUzB0TFMwS0N==',
'insights_signature_exclude': '/vars/insights_signature'
}
}]
result = verify(fake_playbook, skipVerify=False)
assert result == fake_playbook
import sys
from insights.client.constants import InsightsConstants as constants
from insights.client.apps.ansible.playbook_verifier import verify, loadPlaybookYaml, PlaybookVerificationError
skipVerify = False
def read_playbook():
"""
Read in the stringified playbook yaml from stdin
"""
unverified_playbook = ''
for line in sys.stdin:
unverified_playbook += line
return unverified_playbook
if (os.environ.get('SKIP_VERIFY')):
skipVerify = True
try:
playbook = read_playbook()
playbook_yaml = loadPlaybookYaml(playbook)
verified_playbook = verify(playbook_yaml, skipVerify)
except PlaybookVerificationError as err:
sys.stderr.write(err.message)
sys.exit(constants.sig_kill_bad)
print(playbook)
def read_playbook():
"""
Read in the stringified playbook yaml from stdin
"""
unverified_playbook = ''
for line in sys.stdin:
unverified_playbook += line
return unverified_playbook
playbook = read_playbook()
playbook_yaml = loadPlaybookYaml(playbook)
skipVerify = True
checkVersion = False
if (os.environ.get('SKIP_VERIFY')):
skipVerify = False
if (os.environ.get('CHECK_VERSION')):
checkVersion = True
try:
verified_playbook = verify(playbook_yaml, checkVersion, skipVerify)
except Exception as e:
sys.stderr.write(e.message)
sys.exit(1)
print(playbook)
import sys
from insights.client.apps.ansible.playbook_verifier import verify
def read_playbook():
"""
Read in the stringified playbook yaml from stdin
"""
unverified_playbook = ''
for line in sys.stdin:
unverified_playbook += line
return unverified_playbook
unverified_playbook = read_playbook()
try:
verified_playbook = verify(unverified_playbook)
except Exception as e:
sys.stderr.write(e.message)
sys.exit(1)
print(verified_playbook)
