def test_source_file_does_not_exist(self):
with self.assertRaisesRegex(
ValueError,
r'Given file path \(/does/not/exist\) to upload does not exist.'
):
upload_file(file_path='/does/not/exist',
destination_uri='/does/not/matter')
def test_https_prefix_http_error(self, opener_open_mock):
opener_open_mock.side_effect = urllib.error.HTTPError(
url='https://ploigos.com/test/foo42',
code=442,
msg='mock error',
hdrs=None,
fp=None
)
sample_file_path = os.path.join(
os.path.dirname(__file__),
'files',
'sample.yaml'
)
with self.assertRaisesRegex(
RuntimeError,
rf'Error uploading file \({sample_file_path}\)'
r' to destination \(https://ploigos.com/test/foo42\) with user name'
r' \(None\) and password \(None\): HTTP Error 442: mock error'
):
upload_file(
file_path=sample_file_path,
destination_uri="https://ploigos.com/test/foo42"
)
def test_invalid_destination_uri(self):
sample_file_path = os.path.join(os.path.dirname(__file__), 'files',
'sample.yaml')
with self.assertRaisesRegex(
ValueError,
r'Unexpected error, should have been caught by step validation.'
r' Destination \(wont-work:///does/not/matter\) must start with known protocol'
r'\(/|file://|http://|https://\).'):
upload_file(file_path=sample_file_path,
destination_uri='wont-work:///does/not/matter')
def _run_step(self):
"""Runs the step implemented by this StepImplementer.
Returns
-------
StepResult
Object containing the dictionary results of this step.
"""
step_result = StepResult.from_step_implementer(self)
results_artifacts_archive = self.__create_archive()
if results_artifacts_archive:
results_artifacts_archive_value = results_artifacts_archive
else:
results_artifacts_archive_value = 'No result artifact values to archive.'
step_result.add_artifact(
name='result-artifacts-archive',
value=results_artifacts_archive_value,
description=
'Archive of all of the step result artifacts marked for archiving.'
)
# if destination URL specified, then upload the results archvie
results_archive_destination_url = self.get_value(
'results-archive-destination-url')
if results_artifacts_archive and results_archive_destination_url:
org = self.get_value('organization')
app = self.get_value('application-name')
service = self.get_value('service-name')
results_artifacts_archive_name = os.path.basename(
results_artifacts_archive)
results_archive_destination_uri = f"{results_archive_destination_url}/" \
f"{org}/{app}/{service}/{results_artifacts_archive_name}"
step_result.add_artifact(
name='results-archive-uri',
description='URI of the uploaded results archive.',
value=results_archive_destination_uri)
try:
upload_result = upload_file(
file_path=results_artifacts_archive_value,
destination_uri=results_archive_destination_uri,
username=self.get_value(
'results-archive-destination-username'),
password=self.get_value(
'results-archive-destination-password'))
step_result.add_artifact(
name='results-archive-upload-results',
description='Results of uploading the results archive ' \
'to the given destination.',
value=upload_result
)
except RuntimeError as error:
step_result.success = False
step_result.message = str(error)
return step_result
def test_https_prefix_no_auth(self, opener_open_mock):
opener_open_mock.side_effect = self.__create_http_response_side_effect(
b'hello world 42')
sample_file_path = os.path.join(os.path.dirname(__file__), 'files',
'sample.yaml')
actual_result = upload_file(
file_path=sample_file_path,
destination_uri="https://ploigos.com/test/foo42")
self.assertEqual('status=201, reason=Created, body=hello world 42',
actual_result)
def test_https_prefix_auth(self, pass_manager_mock, opener_open_mock):
opener_open_mock.side_effect = self.__create_http_response_side_effect(
b'hello world 42')
sample_file_path = os.path.join(os.path.dirname(__file__), 'files',
'sample.yaml')
actual_result = upload_file(
file_path=sample_file_path,
destination_uri="https://ploigos.com/test/foo42",
username='******',
password='******')
self.assertEqual('status=201, reason=Created, body=hello world 42',
actual_result)
pass_manager_mock().add_password.assert_called_once_with(
None, 'ploigos.com', 'test_user', 'pass123')
def test_forward_slash_prefix(self):
sample_file_path = os.path.join(os.path.dirname(__file__), 'files',
'sample.yaml')
with TempDirectory() as test_dir:
destination_dir_path = os.path.join(test_dir.path, 'test_dest')
actual_result = upload_file(
file_path=sample_file_path,
destination_uri=f"{destination_dir_path}")
expected_result = os.path.join(destination_dir_path, 'sample.yaml')
self.assertEqual(expected_result, actual_result)
with \
open(actual_result, 'r') as uploaded_file, \
open(sample_file_path, 'r') as original_file:
self.assertEqual(original_file.read(), uploaded_file.read())
def _run_step(self):
"""Runs the step implemented by this StepImplementer.
Returns
-------
StepResult
Object containing the dictionary results of this step.
"""
step_result = StepResult.from_step_implementer(self)
#Gather all evidence from steps/sub steps
evidence = self.__gather_evidence()
#If no evidence is found then return a step result reflecting that status.
if not evidence:
step_result.add_artifact(
name='result-generate-evidence',
value='No evidence to generate.',
description='Evidence from all previously run steps.')
step_result.message = "No evidence generated from previously run steps"
return step_result
org = self.get_value('organization')
app = self.get_value('application-name')
service = self.get_value('service-name')
version = self.get_value('version')
result_evidence_name = f"{org}-{app}-{service}-{version}-evidence.json"
work_dir = self.work_dir_path
evidence_path = os.path.join(work_dir, result_evidence_name)
#Format into json and write out to file in working directory
with open(evidence_path, "w", encoding='utf-8') as evidence_file:
json.dump(evidence, evidence_file, indent=4)
evidence_destination_url = self.get_value('evidence-destination-url')
evidence_destination_uri = f"{evidence_destination_url}/" \
f"{org}/{app}/{service}/{result_evidence_name}"
#Upload file to datastore
if evidence_file and evidence_destination_url:
try:
upload_result = upload_file(
file_path=evidence_path,
destination_uri=evidence_destination_uri,
username=self.get_value('evidence-destination-username'),
password=self.get_value('evidence-destination-password'))
step_result.add_artifact(
name='evidence-upload-results',
description='Results of uploading the evidence JSON file ' \
'to the given destination.',
value=upload_result
)
step_result.add_artifact(
name='evidence-uri',
description='URI of the uploaded results archive.',
value=evidence_destination_uri)
step_result.success = True
step_result.message = 'Evidence successfully packaged ' \
'in JSON file and uploaded to data store.'
except RuntimeError as error:
step_result.success = False
step_result.message = str(error)
return step_result
else:
step_result.success = True
step_result.message = 'Evidence successfully packaged ' \
'in JSON file but was not uploaded to data store (no '\
'destination URI specified).'
step_result.add_artifact(name='evidence-path',
value=evidence_path,
description='File path of evidence.')
return step_result
def _run_step(self):
"""Runs the step implemented by this StepImplementer.
Returns
-------
StepResult
Object containing the dictionary results of this step.
"""
step_result = StepResult.from_step_implementer(self)
# get the pgp private key to sign the image with
signer_pgp_private_key = self.get_value([
'signer-pgp-private-key', 'container-image-signer-pgp-private-key'
])
# get the uri to the image to sign
container_image_address = self._get_deploy_time_container_image_address(
)
image_signatures_directory = self.create_working_dir_sub_dir(
sub_dir_relative_path='image-signature')
try:
# import the PGP key and get the finger print
signer_pgp_private_key_fingerprint = import_pgp_key(
pgp_private_key=signer_pgp_private_key)
step_result.add_artifact(
name='container-image-signature-signer-private-key-fingerprint',
value=signer_pgp_private_key_fingerprint)
# login to any provider container registries
# NOTE 1: can not use auth file, even though we want to, because podman image sign
# does not accept authfile.
# https://github.com/containers/podman/issues/10866
# NOTE 2: have to force login to use podman because even though logging in with
# any of the tools should work, in testing the podman sign only worked
# from within the python virtual environment if the login happened with podman.
container_registries_login(
registries=self.get_value('container-registries'),
containers_config_tls_verify=util.strtobool(
self.get_value('src-tls-verify')),
container_command_short_name='podman')
# sign the image
signature_file_path = PodmanSign.__sign_image(
pgp_private_key_fingerprint=signer_pgp_private_key_fingerprint,
image_signatures_directory=image_signatures_directory,
container_image_address=container_image_address)
step_result.add_artifact(
name='container-image-signed-address',
value=container_image_address,
)
step_result.add_artifact(
name='container-image-signature-file-path',
value=signature_file_path,
)
signature_name = os.path.relpath(signature_file_path,
image_signatures_directory)
step_result.add_artifact(name='container-image-signature-name',
value=signature_name)
# upload the image signature
container_image_signature_destination_url = self.get_value(
'container-image-signature-destination-url')
if container_image_signature_destination_url:
container_image_signature_destination_uri = \
f"{container_image_signature_destination_url}/{signature_name}"
step_result.add_artifact(
name='container-image-signature-uri',
description='URI of the uploaded container image signature',
value=container_image_signature_destination_uri)
upload_result = upload_file(
file_path=signature_file_path,
destination_uri=container_image_signature_destination_uri,
username=self.get_value(
'container-image-signature-destination-username'),
password=self.get_value(
'container-image-signature-destination-password'))
step_result.add_artifact(
name='container-image-signature-upload-results',
description='Results of uploading the container image signature' \
' to the given destination.',
value=upload_result
)
except (RuntimeError, StepRunnerException) as error:
step_result.success = False
step_result.message = str(error)
return step_result
def _run_step(self):
"""Runs the step implemented by this StepImplementer.
Returns
-------
StepResult
Object containing the dictionary results of this step.
"""
step_result = StepResult.from_step_implementer(self)
# get the pgp private key to sign the image with
signer_pgp_private_key = self.get_value(
['signer-pgp-private-key', 'container-image-signer-pgp-private-key']
)
# get the uri to the image to sign
container_image_tag = self.get_value('container-image-tag')
image_signatures_directory = self.create_working_dir_sub_dir(
sub_dir_relative_path='image-signature'
)
try:
# import the PGP key and get the finger print
signer_pgp_private_key_fingerprint = import_pgp_key(
pgp_private_key=signer_pgp_private_key
)
step_result.add_artifact(
name='container-image-signature-signer-private-key-fingerprint',
value=signer_pgp_private_key_fingerprint
)
# sign the image
signature_file_path = PodmanSign.__sign_image(
pgp_private_key_fingerprint=signer_pgp_private_key_fingerprint,
image_signatures_directory=image_signatures_directory,
container_image_tag=container_image_tag
)
step_result.add_artifact(
name='container-image-signature-file-path',
value=signature_file_path,
)
signature_name = os.path.relpath(signature_file_path, image_signatures_directory)
step_result.add_artifact(
name='container-image-signature-name',
value=signature_name
)
except (RuntimeError, StepRunnerException) as error:
step_result.success = False
step_result.message = str(error)
# upload the image signature
container_image_signature_destination_url = self.get_value(
'container-image-signature-destination-url'
)
if container_image_signature_destination_url:
container_image_signature_destination_uri = \
f"{container_image_signature_destination_url}/{signature_name}"
step_result.add_artifact(
name='container-image-signature-uri',
description='URI of the uploaded container image signature',
value=container_image_signature_destination_uri
)
try:
upload_result = upload_file(
file_path=signature_file_path,
destination_uri=container_image_signature_destination_uri,
username=self.get_value('container-image-signature-destination-username'),
password=self.get_value('container-image-signature-destination-password')
)
step_result.add_artifact(
name='container-image-signature-upload-results',
description='Results of uploading the container image signature' \
' to the given destination.',
value=upload_result
)
except RuntimeError as error:
step_result.success = False
step_result.message = str(error)
return step_result
