def test_generic(self, taskId, startTime, endTime, name, value):
key_file = os.path.join(os.path.dirname(__file__), "public.key")
self.assertTrue(
subject.encryptEnvVar(taskId, startTime, endTime, name, value,
key_file).startswith("wcB"),
"Encrypted string should always start with 'wcB'")
def make_task_graph(public_key,
signing_pvt_key,
product,
root_home_dir,
root_template="release_graph.yml.tmpl",
template_dir=DEFAULT_TEMPLATE_DIR,
**template_kwargs):
# TODO: some validation of template_kwargs + defaults
env = Environment(loader=FileSystemLoader([
path.join(template_dir, root_home_dir),
path.join(template_dir, 'notification')
]),
undefined=StrictUndefined,
extensions=['jinja2.ext.do'])
now = arrow.now()
now_ms = now.timestamp * 1000
# Don't let the signing pvt key leak into the task graph.
with open(signing_pvt_key) as f:
pvt_key = f.read()
template = env.get_template(root_template)
template_vars = {
"product":
product,
"stableSlugId":
stable_slug_id(),
"chunkify":
chunkify,
"sorted":
sorted,
"now":
now,
"now_ms":
now_ms,
# This is used in defining expirations in tasks. There's no way to
# actually tell Taskcluster never to expire them, but 1,000 years
# is as good as never....
"never":
arrow.now().replace(years=1000),
"pushlog_id":
get_json_rev(template_kwargs["repo_path"],
template_kwargs["revision"])["pushid"],
"get_treeherder_platform":
treeherder_platform,
"encrypt_env_var":
lambda *args: encryptEnvVar(*args, keyFile=public_key),
"buildbot2ftp":
buildbot2ftp,
"buildbot2bouncer":
buildbot2bouncer,
"sign_task":
partial(sign_task, pvt_key=pvt_key),
}
template_vars.update(template_kwargs)
return yaml.safe_load(template.render(**template_vars))
def test_decryptMessage(self):
privateKey = os.path.join(os.path.dirname(__file__), "secret.key")
publicKey = os.path.join(os.path.dirname(__file__), "public.key")
expected = {
"messageVersion": "1",
"taskId": "abcd",
"startTime": 1,
"endTime": 2,
"name": "Name",
"value": "Value"
}
encrypted = subject.encryptEnvVar("abcd", 1, 2, "Name", "Value", publicKey)
decrypted = subject.decryptMessage(encrypted, privateKey)
self.assertDictEqual(expected, decrypted)
def test_decryptMessage(self):
privateKey = os.path.join(os.path.dirname(__file__), "secret.key")
publicKey = os.path.join(os.path.dirname(__file__), "public.key")
expected = {
"messageVersion": "1",
"taskId": "abcd",
"startTime": 1,
"endTime": 2,
"name": "Name",
"value": "Value"
}
encrypted = subject.encryptEnvVar("abcd", 1, 2, "Name", "Value", publicKey)
decrypted = subject.decryptMessage(encrypted, privateKey)
self.assertDictEqual(expected, decrypted)
def make_task_graph(public_key, signing_pvt_key, product,
root_template="release_graph.yml.tmpl",
template_dir=DEFAULT_TEMPLATE_DIR,
**template_kwargs):
# TODO: some validation of template_kwargs + defaults
env = Environment(
loader=FileSystemLoader(path.join(template_dir, product)),
undefined=StrictUndefined,
extensions=['jinja2.ext.do'])
th = TreeherderClient()
now = arrow.now()
now_ms = now.timestamp * 1000
# Don't let the signing pvt key leak into the task graph.
with open(signing_pvt_key) as f:
pvt_key = f.read()
template = env.get_template(root_template)
template_vars = {
"product": product,
"stableSlugId": stableSlugId(),
"chunkify": chunkify,
"sorted": sorted,
"now": now,
"now_ms": now_ms,
# This is used in defining expirations in tasks. There's no way to
# actually tell Taskcluster never to expire them, but 1,000 years
# is as good as never....
"never": arrow.now().replace(years=1000),
# Treeherder expects 12 symbols in revision
"revision_hash": th.get_resultsets(
template_kwargs["branch"],
revision=template_kwargs["revision"][:12])[0]["revision_hash"],
"get_treeherder_platform": treeherder_platform,
"encrypt_env_var": lambda *args: encryptEnvVar(*args,
keyFile=public_key),
"buildbot2ftp": buildbot2ftp,
"buildbot2bouncer": buildbot2bouncer,
"sign_task": partial(sign_task, pvt_key=pvt_key),
}
template_vars.update(template_kwargs)
return yaml.safe_load(template.render(**template_vars))
def test_generic(self, taskId, startTime, endTime, name, value):
key_file = os.path.join(os.path.dirname(__file__), "public.key")
self.assertTrue(subject.encryptEnvVar(taskId, startTime, endTime, name,
value, key_file).startswith(b"wcB"),
"Encrypted string should always start with 'wcB'")
"to_build_number": TO["build_number"], "stableSlugId": stableSlugId(), "chunkify": chunkify, "sorted": sorted, "now": now, "now_ms": now_ms, "never": arrow.now().replace(years=1), "encrypt_env_var": lambda *args: encryptEnvVar(*args, keyFile='docker-worker-pub.pem'), "sign_task": partial(sign_task, pvt_key=pvt_key), "balrog_username": cfg["balrog_username"], "balrog_password": cfg["balrog_password"], "beetmover_candidates_bucket": "net-mozaws-prod-delivery-firefox", "beetmover_aws_access_key_id": cfg["beetmover_aws_access_key_id"], "beetmover_aws_secret_access_key": cfg["beetmover_aws_secret_access_key"], "product": "firefox", "repo_path":
